Undertow attempts authentication and gives 401 response for unsecured pages in EAP 7

Solution Verified - Updated 2018-07-13T22:45:07+00:00 -

Issue

Undertow attempt authentication for unsecured pages when request header has Authorization: Basic "anystring".
Requests including a bad Authorization header are given a 401 response even if the request is not for any content matching the application's security-constraint. If the Authorization header is removed, the request is allowed.

Environment

Red Hat JBoss Enterprise Application Platform
- 7
Application web.xml
- multiple authentication mechanisms, protected (/secure/) and unprotected (/public/)
- auth-method BASIC

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)