Allow custom header during bearer token extraction
Added ability to specify the header that ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver use to extract a Bearer Token. Fixes gh-8337
This commit is contained in:
parent
95f0d02d79
commit
2f8eb16d76
|
@ -45,6 +45,8 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
|
||||||
|
|
||||||
private boolean allowUriQueryParameter = false;
|
private boolean allowUriQueryParameter = false;
|
||||||
|
|
||||||
|
private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritDoc}
|
* {@inheritDoc}
|
||||||
*/
|
*/
|
||||||
|
@ -85,8 +87,21 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
|
||||||
this.allowUriQueryParameter = allowUriQueryParameter;
|
this.allowUriQueryParameter = allowUriQueryParameter;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String resolveFromAuthorizationHeader(HttpServletRequest request) {
|
/**
|
||||||
String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
|
* Set this value to configure what header is checked when resolving a Bearer Token.
|
||||||
|
* This value is defaulted to {@link HttpHeaders#AUTHORIZATION}.
|
||||||
|
*
|
||||||
|
* This allows other headers to be used as the Bearer Token source such as {@link HttpHeaders#PROXY_AUTHORIZATION}
|
||||||
|
*
|
||||||
|
* @param bearerTokenHeaderName the header to check when retrieving the Bearer Token.
|
||||||
|
* @since 5.4
|
||||||
|
*/
|
||||||
|
public void setBearerTokenHeaderName(String bearerTokenHeaderName) {
|
||||||
|
this.bearerTokenHeaderName = bearerTokenHeaderName;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String resolveFromAuthorizationHeader(HttpServletRequest request) {
|
||||||
|
String authorization = request.getHeader(this.bearerTokenHeaderName);
|
||||||
if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
|
if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
|
||||||
Matcher matcher = authorizationPattern.matcher(authorization);
|
Matcher matcher = authorizationPattern.matcher(authorization);
|
||||||
|
|
||||||
|
|
|
@ -50,6 +50,7 @@ public class ServerBearerTokenAuthenticationConverter
|
||||||
Pattern.CASE_INSENSITIVE);
|
Pattern.CASE_INSENSITIVE);
|
||||||
|
|
||||||
private boolean allowUriQueryParameter = false;
|
private boolean allowUriQueryParameter = false;
|
||||||
|
private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
|
||||||
|
|
||||||
public Mono<Authentication> convert(ServerWebExchange exchange) {
|
public Mono<Authentication> convert(ServerWebExchange exchange) {
|
||||||
return Mono.justOrEmpty(token(exchange.getRequest()))
|
return Mono.justOrEmpty(token(exchange.getRequest()))
|
||||||
|
@ -90,8 +91,21 @@ public class ServerBearerTokenAuthenticationConverter
|
||||||
this.allowUriQueryParameter = allowUriQueryParameter;
|
this.allowUriQueryParameter = allowUriQueryParameter;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String resolveFromAuthorizationHeader(HttpHeaders headers) {
|
/**
|
||||||
String authorization = headers.getFirst(HttpHeaders.AUTHORIZATION);
|
* Set this value to configure what header is checked when resolving a Bearer Token.
|
||||||
|
* This value is defaulted to {@link HttpHeaders#AUTHORIZATION}.
|
||||||
|
*
|
||||||
|
* This allows other headers to be used as the Bearer Token source such as {@link HttpHeaders#PROXY_AUTHORIZATION}
|
||||||
|
*
|
||||||
|
* @param bearerTokenHeaderName the header to check when retrieving the Bearer Token.
|
||||||
|
* @since 5.4
|
||||||
|
*/
|
||||||
|
public void setBearerTokenHeaderName(String bearerTokenHeaderName) {
|
||||||
|
this.bearerTokenHeaderName = bearerTokenHeaderName;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String resolveFromAuthorizationHeader(HttpHeaders headers) {
|
||||||
|
String authorization = headers.getFirst(this.bearerTokenHeaderName);
|
||||||
if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
|
if (StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
|
||||||
Matcher matcher = authorizationPattern.matcher(authorization);
|
Matcher matcher = authorizationPattern.matcher(authorization);
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
|
||||||
* @author Vedran Pavic
|
* @author Vedran Pavic
|
||||||
*/
|
*/
|
||||||
public class DefaultBearerTokenResolverTests {
|
public class DefaultBearerTokenResolverTests {
|
||||||
|
private static final String CUSTOM_HEADER = "custom-header";
|
||||||
private static final String TEST_TOKEN = "test-token";
|
private static final String TEST_TOKEN = "test-token";
|
||||||
|
|
||||||
private DefaultBearerTokenResolver resolver;
|
private DefaultBearerTokenResolver resolver;
|
||||||
|
@ -51,6 +51,15 @@ public class DefaultBearerTokenResolverTests {
|
||||||
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
|
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
|
||||||
|
this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER);
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
request.addHeader(CUSTOM_HEADER, "Bearer " + TEST_TOKEN);
|
||||||
|
|
||||||
|
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
|
public void resolveWhenLowercaseHeaderIsPresentThenTokenIsResolved() {
|
||||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
|
|
@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.catchThrowableOfType;
|
||||||
* @since 5.1
|
* @since 5.1
|
||||||
*/
|
*/
|
||||||
public class ServerBearerTokenAuthenticationConverterTests {
|
public class ServerBearerTokenAuthenticationConverterTests {
|
||||||
|
private static final String CUSTOM_HEADER = "custom-header";
|
||||||
private static final String TEST_TOKEN = "test-token";
|
private static final String TEST_TOKEN = "test-token";
|
||||||
|
|
||||||
private ServerBearerTokenAuthenticationConverter converter;
|
private ServerBearerTokenAuthenticationConverter converter;
|
||||||
|
@ -56,6 +57,16 @@ public class ServerBearerTokenAuthenticationConverterTests {
|
||||||
assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
|
assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
|
||||||
|
this.converter.setBearerTokenHeaderName(CUSTOM_HEADER);
|
||||||
|
MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
|
||||||
|
.get("/")
|
||||||
|
.header(CUSTOM_HEADER, "Bearer " + TEST_TOKEN);
|
||||||
|
|
||||||
|
assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
|
||||||
|
}
|
||||||
|
|
||||||
// gh-7011
|
// gh-7011
|
||||||
@Test
|
@Test
|
||||||
public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
|
public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() {
|
||||||
|
|
Loading…
Reference in New Issue