From eb4ffbca2970edc775bbc1afc7460e23bedd4c5c Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Fri, 21 Aug 2015 11:02:56 -0400
Subject: [PATCH] co-existence of bearer and basic auth

---
 .../theme/base/login/validate-reset-email.ftl | 31 -------------------
 .../adapters/RequestAuthenticator.java        | 10 +++---
 .../adapter-test/customer-db-keycloak.json    |  1 +
 .../jaxrs-test/jaxrs-keycloak-basicauth.json  |  1 +
 4 files changed, 8 insertions(+), 35 deletions(-)
 delete mode 100755 forms/common-themes/src/main/resources/theme/base/login/validate-reset-email.ftl
 mode change 100644 => 100755 testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json

diff --git a/forms/common-themes/src/main/resources/theme/base/login/validate-reset-email.ftl b/forms/common-themes/src/main/resources/theme/base/login/validate-reset-email.ftl
deleted file mode 100755
index eb23517f67..0000000000
--- a/forms/common-themes/src/main/resources/theme/base/login/validate-reset-email.ftl
+++ /dev/null
@@ -1,31 +0,0 @@
-<#import "template.ftl" as layout>
-<@layout.registrationLayout displayInfo=true; section>
-    <#if section = "title">
-        ${msg("emailForgotTitle")}
-    <#elseif section = "header">
-        ${msg("emailForgotTitle")}
-    <#elseif section = "form">
-        <form id="kc-reset-password-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="otp" class="${properties.kcLabelClass!}">${msg("temporaryEmailCode")}</label>
-                </div>
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" id="key" name="key" class="${properties.kcInputClass!}" />
-                </div>
-            </div>
-
-            <div class="${properties.kcFormGroupClass!}">
-                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
-
-                </div>
-                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-submit" type="submit" value="${msg("doSubmit")}"/>
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("backToLogin")}"/>
-                </div>
-            </div>
-        </form>
-    <#elseif section = "info" >
-        ${msg("validateResetEmailInstruction")}
-    </#if>
-</@layout.registrationLayout>
\ No newline at end of file
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
index 624c682168..04cf79e22b 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
@@ -52,10 +52,6 @@ public abstract class RequestAuthenticator {
             completeAuthentication(bearer, "KEYCLOAK");
             log.debug("Bearer AUTHENTICATED");
             return AuthOutcome.AUTHENTICATED;
-        } else if (deployment.isBearerOnly()) {
-            challenge = bearer.getChallenge();
-            log.debug("NOT_ATTEMPTED: bearer only");
-            return AuthOutcome.NOT_ATTEMPTED;
         }
 
         if (deployment.isEnableBasicAuth()) {
@@ -76,6 +72,12 @@ public abstract class RequestAuthenticator {
             }
         }
 
+        if (deployment.isBearerOnly()) {
+            challenge = bearer.getChallenge();
+            log.debug("NOT_ATTEMPTED: bearer only");
+            return AuthOutcome.NOT_ATTEMPTED;
+        }
+
         if (log.isTraceEnabled()) {
             log.trace("try oauth");
         }
diff --git a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json b/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
index 38d1179399..3df2760b48 100755
--- a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
+++ b/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json
@@ -5,6 +5,7 @@
   "auth-server-url": "http://localhost:8081/auth",
   "ssl-required" : "external",
   "bearer-only" : true,
+  "enable-basic-auth": true,
   "enable-cors" : true
 
 }
diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json b/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
old mode 100644
new mode 100755
index 949b720643..c6c72e967f
--- a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
+++ b/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json
@@ -5,6 +5,7 @@
     "auth-server-url": "http://localhost:8081/auth",
     "ssl-required" : "external",
     "enable-basic-auth": true,
+    "bearer-only": true,
     "credentials": {
       "secret": "password"
 	}