-
Type: Improvement
-
Status: Resolved
-
Priority: Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 5.6.0-HF41, 5.8.0-HF29, 6.0-HF04, 7.2
-
Component/s: Authentication
By defaut, unless explicitely set by the allowAnonymous parameter of the TOKEN_AUTH authentication plugin, an anonymous user should not be able to:
- Acquire a token through the TokenAuthenticationServlet.
- Get authenticated by the TokenAuthenticator, even if somehow the user managed to obtain a token.
- depends on
-
NXP-16338 Nuxeo Drive keeps connected after token revocation if anonymous authentication is activated
- Resolved
- is required by
-
NXDRIVE-211 Web authentication window
- Resolved