diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
index b0e49a7bd3..0f4a7b7700 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
@@ -50,6 +50,17 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
 
     @Override
     public boolean canHandle(Request request) {
+        /*
+        This is done to avoid every endpoint being able to use basic auth. Add the following to
+        the required web.xml of the web app.
+        <context-param>
+            <param-name>basicAuth</param-name>
+            <param-value>true</param-value>
+	    </context-param>
+         */
+        if (!isAuthenticationSupported(request)) {
+            return false;
+        }
         if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) {
             return false;
         }
diff --git a/pom.xml b/pom.xml
index 9f1f72d631..a03cd8d346 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1918,7 +1918,7 @@
         <!-- Nimbus Jose-->
         <nimbus.orbit.version>2.26.1.wso2v3</nimbus.orbit.version>
 
-        <commons-json.version>2.0.0.wso2v1</commons-json.version>
+        <commons-json.version>3.0.0.wso2v1</commons-json.version>
         <json.smart.version>1.3</json.smart.version>
         <google.gson.version>2.3.1</google.gson.version>
         <jsr311.version>1.1.1</jsr311.version>