Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-16367

Prevent token authentication for anonymous user

    XMLWordPrintable

    Details

      Description

      By defaut, unless explicitely set by the allowAnonymous parameter of the TOKEN_AUTH authentication plugin, an anonymous user should not be able to:

      • Acquire a token through the TokenAuthenticationServlet.
      • Get authenticated by the TokenAuthenticator, even if somehow the user managed to obtain a token.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: