2 Replies Latest reply on Aug 10, 2016 10:56 AM by nicolas duminil

    EAP 6.4 basic authentication caching issue

    nicolas duminil Master

      Greetings,

       

      I'm exposing a JAX-RS (RESTeasy) service in a EAP 6.4 web container, with basic HTTP authentication. I'm testing the service using simple HTTP GET with the browser (FireFox). Doing a first GET displays the authentication dialog box letting me enter the credentials. But once the credentials are entered, repeating the operation doesn't ask anymore for authentication. I've set the session-config to one minute but doing GET operations one hour later still doesn't ask for authentication. Undeploying and redeploying the application, stopping and restarting the sserver still don't change anything. Ans suddenly, later on, without that I know why, it asks again for authentication. I'm cleaning the browser cache but this neither don't change anything.

       

      I've found in the documentation the following:

      "By default, cache-type of your security-domain is "default" which uses a ConcurrentHashMap implementation which never expire cached entries. However, when the HTTP session expires the cache entry is removed."

       

      So, when the session expires, the entry is removed from the cache anyway. And the session is supposed to expire after one minute. Why then I get this weird behaviour ?

       

      Many thanks in advance for any help.

       

      Kind regards,

       

      Nicolas DUMINIL