Use SpringUtils to check scheme

Fixes 6183
This commit is contained in:
Bhavik Kumar 2018-11-30 01:31:53 +13:00 committed by Rob Winch
parent be423debfd
commit 90b9cfaf55
2 changed files with 4 additions and 2 deletions

View File

@ -37,6 +37,7 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
/**
@ -154,7 +155,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
String header = request.getHeader("Authorization");
if (header == null || !header.toLowerCase().startsWith("basic ")) {
if (!StringUtils.startsWithIgnoreCase(header, "basic ")) {
chain.doFilter(request, response);
return;
}

View File

@ -22,6 +22,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@ -46,7 +47,7 @@ public class ServerHttpBasicAuthenticationConverter implements
ServerHttpRequest request = exchange.getRequest();
String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
return Mono.empty();
}