Allow empty usernames for BasicAuth
The RFCs around basic authentication don't explicitly disallow empty usernames. On the other hand usernames containing colons are, as colons are used to separate the username from the password.
This commit is contained in:
committed by
Rob Winch
parent
abe4420006
commit
4dee333a75
@@ -43,17 +43,17 @@ public class BasicAuthorizationInterceptorTests {
|
||||
public ExpectedException thrown = ExpectedException.none();
|
||||
|
||||
@Test
|
||||
public void createWhenUsernameIsNullShouldThrowException() {
|
||||
public void createWhenUsernameContainsColonShouldThrowException() {
|
||||
this.thrown.expect(IllegalArgumentException.class);
|
||||
this.thrown.expectMessage("Username must not be empty");
|
||||
new BasicAuthorizationInterceptor(null, "password");
|
||||
this.thrown.expectMessage("Username must not contain a colon");
|
||||
new BasicAuthorizationInterceptor("username:", "password");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createWhenUsernameIsEmptyShouldThrowException() throws Exception {
|
||||
this.thrown.expect(IllegalArgumentException.class);
|
||||
this.thrown.expectMessage("Username must not be empty");
|
||||
new BasicAuthorizationInterceptor("", "password");
|
||||
public void createWhenUsernameIsNullShouldUseEmptyUsername() throws Exception {
|
||||
BasicAuthorizationInterceptor interceptor = new BasicAuthorizationInterceptor(
|
||||
null, "password");
|
||||
assertEquals("", new DirectFieldAccessor(interceptor).getPropertyValue("username"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user