diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
index b0e49a7bd3c..0f4a7b77001 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
@@ -50,6 +50,17 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
@Override
public boolean canHandle(Request request) {
+ /*
+ This is done to avoid every endpoint being able to use basic auth. Add the following to
+ the required web.xml of the web app.
+
+ basicAuth
+ true
+
+ */
+ if (!isAuthenticationSupported(request)) {
+ return false;
+ }
if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) {
return false;
}
diff --git a/pom.xml b/pom.xml
index 9f1f72d631f..a03cd8d346f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1918,7 +1918,7 @@
2.26.1.wso2v3
- 2.0.0.wso2v1
+ 3.0.0.wso2v1
1.3
2.3.1
1.1.1