On 27 November 2014 at 23:50, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> * A user agent pre-emptively sends credentials and the auth module
> that's invoked prior to the resource invocation can opt to process
> these
>
The way that jetty handles pre-emptively sent credentials for resources
that do not have authentication constraints, is that it does not process
them... but if an authentication method such as Request#getAuthType or
Request#getUserIdentity then the pre-emptively provided credentials are
processed at that point.
I had thought this was what was intended and that other containers acted
the same way?
If authenticate is called for such requests, then we only return false if a
response/challenge was sent (as the credentials may be incorrect).
--
Greg Wilkins <gregw_at_intalio.com> @ Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.