Merge branch '1.3.x'

This commit is contained in:
rstoyanchev
2025-02-17 15:21:17 +00:00
2 changed files with 26 additions and 3 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@ import java.util.regex.Pattern;
import reactor.core.publisher.Mono;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.resource.BearerTokenError;
@@ -68,7 +69,7 @@ public final class BearerTokenAuthenticationExtractor implements AuthenticationE
@Override
public Mono<Authentication> getAuthentication(Map<String, Object> payload) {
String authorizationValue = (String) payload.get(this.authorizationKey);
String authorizationValue = getAuthorizationValue(payload);
if (authorizationValue == null) {
return Mono.empty();
}
@@ -88,4 +89,18 @@ public final class BearerTokenAuthenticationExtractor implements AuthenticationE
return Mono.just(new BearerTokenAuthenticationToken(token));
}
@Nullable
private String getAuthorizationValue(Map<String, Object> payload) {
String value = (String) payload.get(this.authorizationKey);
if (value != null) {
return value;
}
for (String key : payload.keySet()) {
if (key.equalsIgnoreCase(this.authorizationKey)) {
return (String) payload.get(key);
}
}
return null;
}
}

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -46,6 +46,14 @@ public class BearerTokenAuthenticationExtractorTests {
assertThat(auth.getName()).isEqualTo("123456789");
}
@Test // gh-1116
void extractCaseInsensitive() {
Authentication auth = getAuthentication(Map.of("authorization", "Bearer 123456789"));
assertThat(auth).isNotNull();
assertThat(auth.getName()).isEqualTo("123456789");
}
@Test
void noToken() {
Authentication auth = getAuthentication(Collections.emptyMap());