Currently the simultaneous activation of both Basic and OIDC/OAuth2 (Keycloak) authentication mechanism is not working properly, essentially because of the way the Spring security filter chains are registered: as explained here, for a given incoming request, only the first filter chain that applies will be called:
[...] FilterChainProxy decides which SecurityFilterChain should be used. Only the first SecurityFilterChain that matches will be invoked.
Hence depending on the order the authentication mechanisms are registered, one overwrites the other one.
Currently the simultaneous activation of both Basic and OIDC/OAuth2 (Keycloak) authentication mechanism is not working properly, essentially because of the way the Spring security filter chains are registered: as explained here, for a given incoming request, only the first filter chain that applies will be called:
Hence depending on the order the authentication mechanisms are registered, one overwrites the other one.
Interested package:
org.openeo.spring.security