6f5a443175
Previously ServerBearerTokenAuthenticationConverter would throw an IllegalArgumentException when the access token in a URI was empty String. It also incorrectly provided HttpStatus.BAD_REQUEST for an empty String access token in the headers. This changes ServerBearerTokenAuthenticationConverter to consistently throw a OAuth2AuthenticationException with an HttpStatus.UNAUTHORIZED Fixes gh-7011 |
||
|---|---|---|
| .. | ||
| main/java/org/springframework/security/oauth2/server/resource | ||
| test/java/org/springframework/security/oauth2/server/resource | ||