[jira] [Commented] (CXF-8645) Fix default authentication scheme for JWT authentication filter

Colm O hEigeartaigh (Jira) Wed, 26 Jan 2022 08:15:07 -0800


    [ 
https://issues.apache.org/jira/browse/CXF-8645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482597#comment-17482597
 ]


Colm O hEigeartaigh commented on CXF-8645:
------------------------------------------

Yep agreed, it makes sense for 4.0.0.

> Fix default authentication scheme for JWT authentication filter
> ---------------------------------------------------------------
>
>                 Key: CXF-8645
>                 URL: https://issues.apache.org/jira/browse/CXF-8645
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.4.5, 3.5.1, 4.0.0
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 4.0.0
>
>
> The default authentication scheme is as per spec "Bearer". This is described 
> in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS 
> spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]
>  
> For backwards compatibility you can fix this by setting the property 
> "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
> In the next major version the default should be updated and mentioned in the 
> migration guide.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (CXF-8645) Fix default authentication scheme for JWT authentication filter

Reply via email to