From 7571dc07f9dd948bcc3a39ef39c803f2d6b11574 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Wed, 20 Jul 2016 11:04:31 +0200
Subject: [PATCH] KEYCLOAK-1733 added verifySSL checks for 'basic' and 'query'
 authentication

---
 .../main/java/org/keycloak/adapters/RequestAuthenticator.java   | 2 ++
 examples/basic-auth/README.md                                   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
index c59087c966..c04f21c050 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
@@ -85,6 +85,7 @@ public abstract class RequestAuthenticator {
             log.debug("QueryParamAuth auth FAILED");
             return AuthOutcome.FAILED;
         } else if (outcome == AuthOutcome.AUTHENTICATED) {
+            if (verifySSL()) return AuthOutcome.FAILED;
             log.debug("QueryParamAuth AUTHENTICATED");
             completeAuthentication(queryParamAuth, "KEYCLOAK");
             return AuthOutcome.AUTHENTICATED;
@@ -102,6 +103,7 @@ public abstract class RequestAuthenticator {
                 log.debug("BasicAuth FAILED");
                 return AuthOutcome.FAILED;
             } else if (outcome == AuthOutcome.AUTHENTICATED) {
+                if (verifySSL()) return AuthOutcome.FAILED;
                 log.debug("BasicAuth AUTHENTICATED");
                 completeAuthentication(basicAuth, "BASIC");
                 return AuthOutcome.AUTHENTICATED;
diff --git a/examples/basic-auth/README.md b/examples/basic-auth/README.md
index be96c59824..8eb4fc506a 100644
--- a/examples/basic-auth/README.md
+++ b/examples/basic-auth/README.md
@@ -22,7 +22,7 @@ Step 2: Deploy and run the example
 
     curl http://admin:password@localhost:8080/basicauth/service/echo?value=hello
 
-(If we navigate directly to http://localhost:8080/basicauth/service/echo?value=hello, we get "Client is not allowed to initiate browser login with given response_type. Standard flow is disabled for the client.").
+(If we navigate directly to http://localhost:8080/basicauth/service/echo?value=hello, we get an error in the browser because the request is not authenticated).
 
 This should result in the value 'hello' being returned as a response.