Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bearer Token Padding 

Closes gh-8502
This commit is contained in:
kothasa 2020-05-11 12:32:56 +01:00 committed by Josh Cummings
parent 7cc6509200
commit d38dabac02
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
View File

@ -110,7 +110,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
throw new OAuth2AuthenticationException(error); throw new OAuth2AuthenticationException(error);
} }
return matcher.group("token"); return authorization.substring(7);
} }
return null; return null;
} }

20
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
View File

@ -34,7 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
*/ */
public class DefaultBearerTokenResolverTests { public class DefaultBearerTokenResolverTests {
private static final String CUSTOM_HEADER = "custom-header"; private static final String CUSTOM_HEADER = "custom-header";
private static final String TEST_TOKEN = "test-token"; private static final String TEST_TOKEN = "ab5FG/ywfXPwiPc6ErRQM643QqY";
private DefaultBearerTokenResolver resolver; private DefaultBearerTokenResolver resolver;
@ -51,6 +51,24 @@ public class DefaultBearerTokenResolverTests {
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
} }
@Test
public void resolveWhenValidHeaderIsPresentWithSingleBytePaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "=";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test
public void resolveWhenValidHeaderIsPresentWithTwoBytesPaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "==";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test @Test
public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() { public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER); this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER);