GitHub-Spring
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow empty usernames for BasicAuth 

The RFCs around basic authentication don't explicitly disallow empty
usernames. On the other hand usernames containing colons are, as colons
are used to separate the username from the password.
pull/1584/head
Norman Soetbeer 9 years ago committed by Rob Winch
parent
abe4420006
commit
4dee333a75
2 changed files with 10 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      spring-web/src/main/java/org/springframework/http/client/support/BasicAuthorizationInterceptor.java
  2. 14
      spring-web/src/test/java/org/springframework/http/client/support/BasicAuthorizationInterceptorTests.java

6
spring-web/src/main/java/org/springframework/http/client/support/BasicAuthorizationInterceptor.java
Unescape View File

@ -46,9 +46,9 @@ public class BasicAuthorizationInterceptor implements ClientHttpRequestIntercept @@ -46,9 +46,9 @@ public class BasicAuthorizationInterceptor implements ClientHttpRequestIntercept
* @param username the username to use
* @param password the password to use
*/
public BasicAuthorizationInterceptor(String username, @Nullable String password) {
Assert.hasLength(username, "Username must not be empty");
this.username = username;
public BasicAuthorizationInterceptor(@Nullable String username, @Nullable String password) {
Assert.doesNotContain(username, ":", "Username must not contain a colon");
this.username = (username != null ? username : "");
this.password = (password != null ? password : "");
}

14
spring-web/src/test/java/org/springframework/http/client/support/BasicAuthorizationInterceptorTests.java
Unescape View File

@ -43,17 +43,17 @@ public class BasicAuthorizationInterceptorTests { @@ -43,17 +43,17 @@ public class BasicAuthorizationInterceptorTests {
public ExpectedException thrown = ExpectedException.none();
@Test
public void createWhenUsernameIsNullShouldThrowException() {
public void createWhenUsernameContainsColonShouldThrowException() {
this.thrown.expect(IllegalArgumentException.class);
this.thrown.expectMessage("Username must not be empty");
new BasicAuthorizationInterceptor(null, "password");
this.thrown.expectMessage("Username must not contain a colon");
new BasicAuthorizationInterceptor("username:", "password");
}
@Test
public void createWhenUsernameIsEmptyShouldThrowException() throws Exception {
this.thrown.expect(IllegalArgumentException.class);
this.thrown.expectMessage("Username must not be empty");
new BasicAuthorizationInterceptor("", "password");
public void createWhenUsernameIsNullShouldUseEmptyUsername() throws Exception {
BasicAuthorizationInterceptor interceptor = new BasicAuthorizationInterceptor(
null, "password");
assertEquals("", new DirectFieldAccessor(interceptor).getPropertyValue("username"));
}
@Test

Write Preview
Loading…
Cancel
Save