[
https://issues.apache.org/jira/browse/CXF-8645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Wulff updated CXF-8645:
------------------------------
Description:
The default authentication scheme is as per spec "Bearer". This is described in
[RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS
spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]
For backwards compatibility you can fix this by setting the property
"expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
In the next major version the default should be updated and mentioned in the
migration guide.
was:
The default authentication scheme is as per spec "Bearer". This is described in
[RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS
spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]
For backwards compatibility you can fix this by setting the property
"expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
In the next major version the default should be updated and mentioned in the
migration guide.
> Fix default authentication scheme for JWT authentication filter
> ---------------------------------------------------------------
>
> Key: CXF-8645
> URL: https://issues.apache.org/jira/browse/CXF-8645
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.4.5, 3.5.1, 4.0.0
> Reporter: Oliver Wulff
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 4.0.0
>
>
> The default authentication scheme is as per spec "Bearer". This is described
> in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS
> spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]
>
> For backwards compatibility you can fix this by setting the property
> "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
> In the next major version the default should be updated and mentioned in the
> migration guide.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
