Allow empty usernames for BasicAuth

The RFCs around basic authentication don't explicitly disallow empty
usernames. On the other hand usernames containing colons are, as colons
are used to separate the username from the password.
This commit is contained in:
Norman Soetbeer
2017-10-25 21:28:07 +02:00
committed by Rob Winch
parent abe4420006
commit 4dee333a75
2 changed files with 10 additions and 10 deletions

View File

@@ -43,17 +43,17 @@ public class BasicAuthorizationInterceptorTests {
public ExpectedException thrown = ExpectedException.none();
@Test
public void createWhenUsernameIsNullShouldThrowException() {
public void createWhenUsernameContainsColonShouldThrowException() {
this.thrown.expect(IllegalArgumentException.class);
this.thrown.expectMessage("Username must not be empty");
new BasicAuthorizationInterceptor(null, "password");
this.thrown.expectMessage("Username must not contain a colon");
new BasicAuthorizationInterceptor("username:", "password");
}
@Test
public void createWhenUsernameIsEmptyShouldThrowException() throws Exception {
this.thrown.expect(IllegalArgumentException.class);
this.thrown.expectMessage("Username must not be empty");
new BasicAuthorizationInterceptor("", "password");
public void createWhenUsernameIsNullShouldUseEmptyUsername() throws Exception {
BasicAuthorizationInterceptor interceptor = new BasicAuthorizationInterceptor(
null, "password");
assertEquals("", new DirectFieldAccessor(interceptor).getPropertyValue("username"));
}
@Test