You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2022/01/28 09:26:00 UTC

[jira] [Resolved] (CXF-8645) Fix default authentication scheme for JWT authentication filter

     [ https://issues.apache.org/jira/browse/CXF-8645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-8645.
--------------------------------------
    Resolution: Fixed

> Fix default authentication scheme for JWT authentication filter
> ---------------------------------------------------------------
>
>                 Key: CXF-8645
>                 URL: https://issues.apache.org/jira/browse/CXF-8645
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.4.5, 3.5.1, 4.0.0
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 4.0.0
>
>
> The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]
>  
> For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
> In the next major version the default should be updated and mentioned in the migration guide.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)