Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use SpringUtils to check scheme

Browse Source 
Fixes 6183
This commit is contained in:
Bhavik Kumar 2018-11-30 01:31:53 +13:00 committed by Rob Winch
parent be423debfd
commit 90b9cfaf55
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
View File

@ -37,6 +37,7 @@ import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
/** /**
@ -154,7 +155,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
String header = request.getHeader("Authorization"); String header = request.getHeader("Authorization");
if (header == null || !header.toLowerCase().startsWith("basic ")) { if (!StringUtils.startsWithIgnoreCase(header, "basic ")) {
chain.doFilter(request, response); chain.doFilter(request, response);
return; return;
} }

3
web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
View File

@ -22,6 +22,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
@ -46,7 +47,7 @@ public class ServerHttpBasicAuthenticationConverter implements
ServerHttpRequest request = exchange.getRequest(); ServerHttpRequest request = exchange.getRequest();
String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION); String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) { if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
return Mono.empty(); return Mono.empty();
} }