networknt · stevehu · Feb 8, 2024 · Feb 7, 2024
diff --git a/api-key/src/main/resources/config/apikey.yml b/api-key/src/main/resources/config/apikey.yml
@@ -1,6 +1,6 @@
 # ApiKey Authentication Security Configuration for light-4j
 # Enable ApiKey Authentication Handler, default is false.
-enabled: ${apikey.enabled:false}
+enabled: ${apikey.enabled:true}
 # If API key hash is enabled. The API key will be hashed with PBKDF2WithHmacSHA1 before it is
 # stored in the config file. It is more secure than put the encrypted key into the config file.
 # The default value is false. If you want to enable it, you need to use the following repo

diff --git a/basic-auth/src/main/resources/config/basic-auth.yml b/basic-auth/src/main/resources/config/basic-auth.yml
@@ -1,7 +1,7 @@
 # Basic Authentication Security Configuration for light-4j
 ---
 # Enable Basic Authentication Handler, default is false.
-enabled: ${basic.enabled:false}
+enabled: ${basic.enabled:true}
 # Enable Ldap Authentication, default is true.
 enableAD: ${basic.enableAD:true}
 # Do we allow the anonymous to pass the authentication and limit it with some paths

diff --git a/security-config/src/main/resources/config/security.yml b/security-config/src/main/resources/config/security.yml
@@ -16,7 +16,7 @@ enableVerifyJwt: ${security.enableVerifyJwt:true}
 # if this flag is false. It should only be set to false on the dev environment for testing
 # purposes. If you have some endpoints that want to skip the SWT verification, you can put the
 # request path prefix in skipPathPrefixes.
-enableVerifySwt: ${security.enableVerifySwt:false}
+enableVerifySwt: ${security.enableVerifySwt:true}
 
 # swt clientId header name. When light-gateway is used and the consumer app does not want to save
 # the client secret in the configuration file, it can be passed in the header.