Make basic authentication scheme case-insensitive
Fixes: gh-7163
This commit is contained in:
@@ -61,6 +61,18 @@ public class BasicAuthenticationConverterTests {
|
||||
assertThat(authentication.getName()).isEqualTo("rod");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAuthorizationSchemeInMixedCaseThenAuthenticates() {
|
||||
String token = "rod:koala";
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization", "BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
UsernamePasswordAuthenticationToken authentication = converter.convert(request);
|
||||
|
||||
verify(authenticationDetailsSource).buildDetails(any());
|
||||
assertThat(authentication).isNotNull();
|
||||
assertThat(authentication.getName()).isEqualTo("rod");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWhenUnsupportedAuthorizationHeaderThenIgnored() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
@@ -176,6 +176,24 @@ public class BasicAuthenticationFilterTests {
|
||||
.isEqualTo("rod");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenSchemeMixedCaseThenCaseInsensitiveMatchWorks() throws Exception {
|
||||
String token = "rod:koala";
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization",
|
||||
"BaSiC " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
request.setServletPath("/some_file.html");
|
||||
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
|
||||
verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
|
||||
.isEqualTo("rod");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOtherAuthorizationSchemeIsIgnored() throws Exception {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user