You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Oliver Wulff (Jira)" <ji...@apache.org> on 2022/01/26 16:12:00 UTC

[jira] [Created] (CXF-8645) Fix default authentication scheme for JWT authentication filter

Oliver Wulff created CXF-8645:
---------------------------------

             Summary: Fix default authentication scheme for JWT authentication filter
                 Key: CXF-8645
                 URL: https://issues.apache.org/jira/browse/CXF-8645
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.4.5, 3.5.1, 4.0.0
            Reporter: Oliver Wulff
            Assignee: Colm O hEigeartaigh
             Fix For: 4.0.0


The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]

 

For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".

In the next major version the default should be updated and mentioned in the migration guide.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)