You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Oliver Wulff (Jira)" <ji...@apache.org> on 2022/01/26 16:12:00 UTC
[jira] [Created] (CXF-8645) Fix default authentication scheme for JWT authentication filter
Oliver Wulff created CXF-8645:
---------------------------------
Summary: Fix default authentication scheme for JWT authentication filter
Key: CXF-8645
URL: https://issues.apache.org/jira/browse/CXF-8645
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.4.5, 3.5.1, 4.0.0
Reporter: Oliver Wulff
Assignee: Colm O hEigeartaigh
Fix For: 4.0.0
The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]
For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
In the next major version the default should be updated and mentioned in the migration guide.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)