GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-606: Added support for customizable credentials character set.

2.0.x
Luke Taylor 18 years ago
parent
36a192b70f
commit
c031588975
1 changed files with 14 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java

18
core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
Unescape View File

@ -93,6 +93,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -93,6 +93,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
private String credentialsCharset = "UTF-8";
//~ Methods ========================================================================================================
@ -114,8 +115,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -114,8 +115,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
}
if ((header != null) && header.startsWith("Basic ")) {
String base64Token = header.substring(6);
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
byte[] base64Token = header.substring(6).getBytes("UTF-8");
String token = new String(Base64.decodeBase64(base64Token), getCredentialsCharset(httpRequest));
String username = "";
String password = "";
@ -172,7 +173,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -172,7 +173,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
chain.doFilter(httpRequest, httpResponse);
}
private boolean authenticationIsRequired(String username) {
private boolean authenticationIsRequired(String username) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
// (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
@ -235,7 +236,16 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -235,7 +236,16 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
this.rememberMeServices = rememberMeServices;
}
public int getOrder() {
public void setCredentialsCharset(String credentialsCharset) {
Assert.hasText(credentialsCharset, "credentialsCharset cannot be null or empty");
this.credentialsCharset = credentialsCharset;
}
protected String getCredentialsCharset(HttpServletRequest httpRequest) {
return credentialsCharset;
}
public int getOrder() {
return FilterChainOrder.BASIC_PROCESSING_FILTER;
}
}

Write Preview
Loading…
Cancel
Save