We are moving to JDK 17 and it is now supported by Redhat in EAP 7.4.7. In EAP 7.4.7, Redhat has disabled the legacy security approach to utilize Elytron. I have migrated my configurations to 7.4.7 with the supplied elytron migration scripts and the server starts without problems.
Access to parts of the web application and managed by spring security and http basic authentication. If I disable spring security, the application can be accessed and works as expected. However, when I enable spring security I see the browser dialog for user id and password. The validation of the userid and password appears to be intercepted by elytron because I see this in the logs and my breakpoint in our password validation does not get called.
2022-11-09 09:10:47,202 DEBUG [org.wildfly.security.http.password] (default task-2) Username authentication. Realm: [null], Username: [admin].
2022-11-09 09:10:47,202 DEBUG [org.wildfly.security.http.basic] (default task-2) User admin authentication failed.
The identical war file deploys and works as expected with Wildfly 26.12. I have tried making the configuration as much as possible with no differences. So there must be some differences between EAP 7.4.7 configuration that is causing the problem.
Any suggestions ?
