<HTTP Basic Authentication - Silent Mode>
Overview
Using HTTP Basic authentication with Undertow it was possible to set silent mode. Basic authentication in silent mode will send a challenge only if the request contained authorization header, otherwise it is assumed another method will send the challenge. This behaviour will allow to combine basic auth with form auth, so human users will use form based auth and programmatic clients can use basic authentication to log in. This RFE is to support the same behaviour in Elytron.
Issue Metadata
Issue
Dev Contacts
QE Contacts
Affected Projects or Components
Wildfly security
Elytron
Other Interested Projects
Undertow Core - Basic authentication in Undertow has the same mode available
Requirements
Hard Requirements
This will involve processing optional property silent set along with basic authentication. If the property is set as true and request does not contain Authorization header, response will not include WWW-Authenticate header and http status code will not be 401.
Nice-to-Have Requirements
Non-Requirements
Test Plan
Currently Elytron has tests for http authentication. Test checking response statuses using silent mode will be added. Also, after not providing basic auth credentials in header, subsequent authentication using other mechanism will be tested for success.