Announcement Announcement Module
Collapse
No announcement yet.
BasicProcessingFilter doesn't authenticate with no header? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • BasicProcessingFilter doesn't authenticate with no header?

    Hi,

    I have tried using BasicProcessingFilter. But I have found that it passes all requests that don't present ANY Authorization header at all. I'm wondering though, is this secure? Surely then it is easy to compromise that security? Or am I missing something here?

    -Scott

  • #2
    The BasicProcessingFilter's job is to extract Authentication credentials if they are presented. It is the job of the SecurityEnforcementFilter configured in the chain after the BasicProcessing filter that decides who can pass.

    Comment


    • #3
      Originally posted by RayKrueger
      The BasicProcessingFilter's job is to extract Authentication credentials if they are presented. It is the job of the SecurityEnforcementFilter configured in the chain after the BasicProcessing filter that decides who can pass.
      Ahh, I see. And the BasicProcessingFilterEntryPoint handles returning an appropriate challenge to the user if not authenticated. It was a bit hard to see that connection from the manual.

      Thanks for the help.

      regards,
      Scott

      Comment

      Working...
      X