Use SpringUtils to check scheme

Fixes 6183

web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java

@@ -37,6 +37,7 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
@@ -154,7 +155,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 
 		String header = request.getHeader("Authorization");
 
-		if (header == null || !header.toLowerCase().startsWith("basic ")) {
+		if (!StringUtils.startsWithIgnoreCase(header, "basic ")) {
 			chain.doFilter(request, response);
 			return;
 		}

web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java

@@ -22,6 +22,7 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 
 import reactor.core.publisher.Mono;
@@ -46,7 +47,7 @@ public class ServerHttpBasicAuthenticationConverter implements
 		ServerHttpRequest request = exchange.getRequest();
 
 		String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
-		if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
+		if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
 			return Mono.empty();
 		}