Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
/basic/** = authcBasic[POST,PUT,DELETE]
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.