Red Hat Bugzilla – Bug 975752
A user isn't properly logged out in BASIC auth method
Last modified: 2013-11-07 17:11:01 EST
Description of problem:
When I set BASIC auth method instead of FORM auth method, business central log out doesn't work and behaviors strange for multiple users.
First, I log in as a user1. In the business central I'm not able to log out; it just refresh the home page.
Second, I close the browser and log in as a user2. The business central still shows that I'm logged as a user1.
The important thing is the business central just doing this wrong behavior while BASIC auth method is set.
FYI, this is my web.xml part of login-config:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Not a bug.
It is wrong to configure the whole webapp with basic authentication. Basic authentication is a per-request based authentication mechanism, it should only be used in circumstances like http based API access eg REST etc.
Thus Basic authentication can not be used in web.xml to configure the whole web application. On the other hand, Basic authentication is already supported under the scene without any explicit configuration. If you send a http request with "Authorization" header to the REST server, the server will authentication the request using Basic authentication. If you send a http request without "Authorization" header, the server wont know which authentication schema the client is preferred thus the client will receive a login page as a challenge with 401 response code.
Well this bug is quite out-dated and now it doesn't make sense to change the login config when we have https://bugzilla.redhat.com/show_bug.cgi?id=986208, so I think we can close it.