Details
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
index 4ba3f1d..0a73404 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
@@ -90,8 +90,7 @@ public class AuthenticatedActionsHandler {
if (allowedOrigins == null || (!allowedOrigins.contains("*") && !allowedOrigins.contains(origin))) {
if (allowedOrigins == null) {
log.debugv("allowedOrigins was null in token");
- }
- if (!allowedOrigins.contains("*") && !allowedOrigins.contains(origin)) {
+ } else {
log.debugv("allowedOrigins did not contain origin");
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
index 624c682..04cf79e 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
@@ -52,10 +52,6 @@ public abstract class RequestAuthenticator {
completeAuthentication(bearer, "KEYCLOAK");
log.debug("Bearer AUTHENTICATED");
return AuthOutcome.AUTHENTICATED;
- } else if (deployment.isBearerOnly()) {
- challenge = bearer.getChallenge();
- log.debug("NOT_ATTEMPTED: bearer only");
- return AuthOutcome.NOT_ATTEMPTED;
}
if (deployment.isEnableBasicAuth()) {
@@ -76,6 +72,12 @@ public abstract class RequestAuthenticator {
}
}
+ if (deployment.isBearerOnly()) {
+ challenge = bearer.getChallenge();
+ log.debug("NOT_ATTEMPTED: bearer only");
+ return AuthOutcome.NOT_ATTEMPTED;
+ }
+
if (log.isTraceEnabled()) {
log.trace("try oauth");
}
diff --git a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json b/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
index 38d1179..3df2760 100755
--- a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
+++ b/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
@@ -5,6 +5,7 @@
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"bearer-only" : true,
+ "enable-basic-auth": true,
"enable-cors" : true
}
diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json b/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
old mode 100644
new mode 100755
index 949b720..c6c72e9
--- a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
+++ b/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
@@ -5,6 +5,7 @@
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"enable-basic-auth": true,
+ "bearer-only": true,
"credentials": {
"secret": "password"
}
