GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge remote-tracking branch 'origin/6.5.x'

pull/17966/merge
Josh Cummings 2 months ago
parent
3a84894bf4 6501e97ece
commit
4daf089e46
2 changed files with 12 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTypeValidator.java
  2. 8
      oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTypeValidatorTests.java

6
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTypeValidator.java
Unescape View File

@ -72,8 +72,10 @@ public final class JwtTypeValidator implements OAuth2TokenValidator<Jwt> {
if (this.allowEmpty && !StringUtils.hasText(typ)) { if (this.allowEmpty && !StringUtils.hasText(typ)) {
return OAuth2TokenValidatorResult.success(); return OAuth2TokenValidatorResult.success();
} }
if (this.validTypes.contains(typ)) { for (String validType : this.validTypes) {
return OAuth2TokenValidatorResult.success(); if (validType.equalsIgnoreCase(typ)) {
return OAuth2TokenValidatorResult.success();
}
} }
return OAuth2TokenValidatorResult.failure(new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, return OAuth2TokenValidatorResult.failure(new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN,
"the given typ value needs to be one of " + this.validTypes, "the given typ value needs to be one of " + this.validTypes,

8
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTypeValidatorTests.java
Unescape View File

@ -44,4 +44,12 @@ class JwtTypeValidatorTests {
assertThat(validator.validate(jwt.build()).hasErrors()).isFalse(); assertThat(validator.validate(jwt.build()).hasErrors()).isFalse();
} }
@Test
void validateWhenTypHeaderHasDifferentCaseThenSuccess() {
Jwt.Builder jwt = TestJwts.jwt();
JwtTypeValidator validator = new JwtTypeValidator("at+jwt");
jwt.header(JoseHeaderNames.TYP, "AT+JWT");
assertThat(validator.validate(jwt.build()).hasErrors()).isFalse();
}
} }

Write Preview
Loading…
Cancel
Save