GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Bearer Token Padding 

Closes gh-8502
5.1.x
kothasa 6 years ago committed by Josh Cummings
parent
ce4345b0ed
commit
157498bf44
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 19 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
  2. 18
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java

2
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
Unescape View File

@ -98,7 +98,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver { @@ -98,7 +98,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
throw new OAuth2AuthenticationException(error);
}
return matcher.group("token");
return authorization.substring(7);
}
return null;
}

18
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
Unescape View File

@ -51,6 +51,24 @@ public class DefaultBearerTokenResolverTests { @@ -51,6 +51,24 @@ public class DefaultBearerTokenResolverTests {
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
}
@Test
public void resolveWhenValidHeaderIsPresentWithSingleBytePaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "=";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test
public void resolveWhenValidHeaderIsPresentWithTwoBytesPaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "==";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test
public void resolveWhenNoHeaderIsPresentThenTokenIsNotResolved() {
MockHttpServletRequest request = new MockHttpServletRequest();

Write Preview
Loading…
Cancel
Save