Merge pull request #3381 from raehalme/KEYCLOAK-3755-master

KEYCLOAK-3755: isBearerTokenRequest and isBasicAuthRequest are now case-insensitive
This commit is contained in:
Stian Thorgersen 2016-10-20 07:12:27 +02:00 committed by GitHub
commit e39d28517c
2 changed files with 23 additions and 4 deletions

View file

@ -63,6 +63,8 @@ import java.io.IOException;
public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter implements ApplicationContextAware {
public static final String DEFAULT_LOGIN_URL = "/sso/login";
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String SCHEME_BEARER = "bearer ";
public static final String SCHEME_BASIC = "basic ";
/**
* Request matcher that matches requests to the {@link KeycloakAuthenticationEntryPoint#DEFAULT_LOGIN_URI default login URI}
@ -164,7 +166,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
*/
protected boolean isBearerTokenRequest(HttpServletRequest request) {
String authValue = request.getHeader(AUTHORIZATION_HEADER);
return authValue != null && authValue.startsWith("Bearer");
return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BEARER);
}
/**
@ -176,7 +178,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
*/
protected boolean isBasicAuthRequest(HttpServletRequest request) {
String authValue = request.getHeader(AUTHORIZATION_HEADER);
return authValue != null && authValue.startsWith("Basic");
return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BASIC);
}
@Override

View file

@ -127,6 +127,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
assertTrue(filter.isBearerTokenRequest(request));
}
@Test
public void testIsBearerTokenRequestCaseInsensitive() throws Exception {
assertFalse(filter.isBearerTokenRequest(request));
this.setAuthorizationHeader(request, "bearer");
assertTrue(filter.isBearerTokenRequest(request));
}
@Test
public void testIsBasicAuthRequest() throws Exception {
assertFalse(filter.isBasicAuthRequest(request));
@ -134,6 +141,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
assertTrue(filter.isBasicAuthRequest(request));
}
@Test
public void testIsBasicAuthRequestCaseInsensitive() throws Exception {
assertFalse(filter.isBasicAuthRequest(request));
this.setAuthorizationHeader(request, "basic");
assertTrue(filter.isBasicAuthRequest(request));
}
@Test
public void testAttemptAuthenticationExpectRedirect() throws Exception {
when(keycloakDeployment.getAuthUrl()).thenReturn(KeycloakUriBuilder.fromUri("http://localhost:8080/auth"));
@ -221,11 +235,14 @@ public class KeycloakAuthenticationProcessingFilterTest {
}
private void setBearerAuthHeader(MockHttpServletRequest request) {
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Bearer " + UUID.randomUUID().toString());
setAuthorizationHeader(request, "Bearer");
}
private void setBasicAuthHeader(MockHttpServletRequest request) {
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Basic " + UUID.randomUUID().toString());
setAuthorizationHeader(request, "Basic");
}
private void setAuthorizationHeader(MockHttpServletRequest request, String scheme) {
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, scheme + " " + UUID.randomUUID().toString());
}
}