I see.
Yes, we certainly have to ensure that - I think that it would be difficult
to do that without access to server side config.
Perhaps we could add another check inside anonymous filter to make sure
that the request does indeed match a configured anonymous pattern.
On Mon, Jun 23, 2014 at
All -
As I begin to add the beginnings of the management API to Knox, it occurs
to me that certain resource URLs will require/allow anonymous access.
For instance, admin/api/v1/version shouldn't require authentication - since
it may be used to determine which contract to use or some other
That is exactly what I am describing.
I'll have to dig into the jersey handoff in order to understand though I
think you are saying that the patterns aren't used to route to any
particular filter chain. Not sure I understand that though given the code
in the jersey contributor base class - it
