GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

BasicAuthenticationFilter case insenstive 

Fixes: gh-5617
pull/6576/head
Rob Winch 8 years ago
parent
fd27c07b55
commit
c642de537a
2 changed files with 21 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
  2. 20
      web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java

2
web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
Unescape View File

@ -154,7 +154,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter { @@ -154,7 +154,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
String header = request.getHeader("Authorization");
if (header == null || !header.startsWith("Basic ")) {
if (header == null || !header.toLowerCase().startsWith("basic ")) {
chain.doFilter(request, response);
return;
}

20
web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
Unescape View File

@ -156,6 +156,26 @@ public class BasicAuthenticationFilterTests { @@ -156,6 +156,26 @@ public class BasicAuthenticationFilterTests {
.isEqualTo("rod");
}
// gh-5586
@Test
public void doFilterWhenSchemeLowercaseThenCaseInsensitveMatchWorks() throws Exception {
String token = "rod:koala";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization",
"basic " + new String(Base64.encodeBase64(token.getBytes())));
request.setServletPath("/some_file.html");
// Test
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
FilterChain chain = mock(FilterChain.class);
filter.doFilter(request, new MockHttpServletResponse(), chain);
verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
.isEqualTo("rod");
}
@Test
public void testOtherAuthorizationSchemeIsIgnored() throws Exception {

Write Preview
Loading…
Cancel
Save