Fix exception for empty basic auth header token
fixes spring-projectsgh-7976
This commit is contained in:
parent
75f22285c6
commit
a49a325db2
|
@ -87,6 +87,10 @@ public class BasicAuthenticationConverter implements AuthenticationConverter {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (header.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
|
||||||
|
throw new BadCredentialsException("Empty basic authentication token");
|
||||||
|
}
|
||||||
|
|
||||||
byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
|
byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
|
||||||
byte[] decoded;
|
byte[] decoded;
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -111,4 +111,12 @@ public class BasicAuthenticationConverterTests {
|
||||||
assertThat(authentication.getName()).isEqualTo("rod");
|
assertThat(authentication.getName()).isEqualTo("rod");
|
||||||
assertThat(authentication.getCredentials()).isEqualTo("");
|
assertThat(authentication.getCredentials()).isEqualTo("");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test(expected = BadCredentialsException.class)
|
||||||
|
public void requestWhenEmptyBasicAuthorizationHeaderTokenThenError() {
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
request.addHeader("Authorization", "Basic ");
|
||||||
|
converter.convert(request);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -424,4 +424,20 @@ public class BasicAuthenticationFilterTests {
|
||||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
|
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenEmptyBasicAuthorizationHeaderTokenThenUnauthorized() throws Exception {
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
request.addHeader("Authorization", "Basic ");
|
||||||
|
request.setServletPath("/some_file.html");
|
||||||
|
request.setSession(new MockHttpSession());
|
||||||
|
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
|
||||||
|
FilterChain chain = mock(FilterChain.class);
|
||||||
|
filter.doFilter(request, response, chain);
|
||||||
|
verify(chain, never()).doFilter(any(ServletRequest.class),
|
||||||
|
any(ServletResponse.class));
|
||||||
|
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
|
||||||
|
assertThat(response.getStatus()).isEqualTo(401);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue