diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index b0e49a7bd3c..0f4a7b77001 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -50,6 +50,17 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public boolean canHandle(Request request) { + /* + This is done to avoid every endpoint being able to use basic auth. Add the following to + the required web.xml of the web app. + + basicAuth + true + + */ + if (!isAuthenticationSupported(request)) { + return false; + } if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) { return false; } diff --git a/pom.xml b/pom.xml index 9f1f72d631f..a03cd8d346f 100644 --- a/pom.xml +++ b/pom.xml @@ -1918,7 +1918,7 @@ 2.26.1.wso2v3 - 2.0.0.wso2v1 + 3.0.0.wso2v1 1.3 2.3.1 1.1.1