Resolve Bearer token after subscribing to publisher
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error. After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber. Closes gh-8865
This commit is contained in:
parent
fd669f751d
commit
da4bd22c6d
|
@ -50,7 +50,7 @@ public class ServerBearerTokenAuthenticationConverter
|
|||
private boolean allowUriQueryParameter = false;
|
||||
|
||||
public Mono<Authentication> convert(ServerWebExchange exchange) {
|
||||
return Mono.justOrEmpty(token(exchange.getRequest()))
|
||||
return Mono.fromCallable(() -> token(exchange.getRequest()))
|
||||
.map(token -> {
|
||||
if (token.isEmpty()) {
|
||||
BearerTokenError error = invalidTokenError();
|
||||
|
|
|
@ -131,6 +131,17 @@ public class ServerBearerTokenAuthenticationConverterTests {
|
|||
.hasMessageContaining(("Bearer token is malformed"));
|
||||
}
|
||||
|
||||
// gh-8865
|
||||
@Test
|
||||
public void resolveWhenHeaderWithInvalidCharactersIsPresentAndNotSubscribedThenNoneExceptionIsThrown() {
|
||||
MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
|
||||
.get("/")
|
||||
.header(HttpHeaders.AUTHORIZATION, "Bearer an\"invalid\"token");
|
||||
|
||||
assertThatCode(() -> this.converter.convert(MockServerWebExchange.from(request)))
|
||||
.doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() {
|
||||
MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest
|
||||
|
|
Loading…
Reference in New Issue