You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Oliver Wulff (Jira)" <ji...@apache.org> on 2022/01/26 16:14:00 UTC
[jira] [Commented] (CXF-8645) Fix default authentication scheme for JWT authentication filter
[ https://issues.apache.org/jira/browse/CXF-8645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482595#comment-17482595 ]
Oliver Wulff commented on CXF-8645:
-----------------------------------
If you agree I'll create a PR for it.
> Fix default authentication scheme for JWT authentication filter
> ---------------------------------------------------------------
>
> Key: CXF-8645
> URL: https://issues.apache.org/jira/browse/CXF-8645
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.4.5, 3.5.1, 4.0.0
> Reporter: Oliver Wulff
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 4.0.0
>
>
> The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]
>
> For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
> In the next major version the default should be updated and mentioned in the migration guide.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)