isBearerTokenRequest and isBasicAuthRequest is now case-insensitive.
This commit is contained in:
parent
3c8aaaa61f
commit
e8ce9704c1
2 changed files with 23 additions and 4 deletions
|
@ -63,6 +63,8 @@ import java.io.IOException;
|
|||
public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter implements ApplicationContextAware {
|
||||
public static final String DEFAULT_LOGIN_URL = "/sso/login";
|
||||
public static final String AUTHORIZATION_HEADER = "Authorization";
|
||||
public static final String SCHEME_BEARER = "bearer ";
|
||||
public static final String SCHEME_BASIC = "basic ";
|
||||
|
||||
/**
|
||||
* Request matcher that matches requests to the {@link KeycloakAuthenticationEntryPoint#DEFAULT_LOGIN_URI default login URI}
|
||||
|
@ -164,7 +166,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
|
|||
*/
|
||||
protected boolean isBearerTokenRequest(HttpServletRequest request) {
|
||||
String authValue = request.getHeader(AUTHORIZATION_HEADER);
|
||||
return authValue != null && authValue.startsWith("Bearer");
|
||||
return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BEARER);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -176,7 +178,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
|
|||
*/
|
||||
protected boolean isBasicAuthRequest(HttpServletRequest request) {
|
||||
String authValue = request.getHeader(AUTHORIZATION_HEADER);
|
||||
return authValue != null && authValue.startsWith("Basic");
|
||||
return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BASIC);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -127,6 +127,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
|
|||
assertTrue(filter.isBearerTokenRequest(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIsBearerTokenRequestCaseInsensitive() throws Exception {
|
||||
assertFalse(filter.isBearerTokenRequest(request));
|
||||
this.setAuthorizationHeader(request, "bearer");
|
||||
assertTrue(filter.isBearerTokenRequest(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIsBasicAuthRequest() throws Exception {
|
||||
assertFalse(filter.isBasicAuthRequest(request));
|
||||
|
@ -134,6 +141,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
|
|||
assertTrue(filter.isBasicAuthRequest(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIsBasicAuthRequestCaseInsensitive() throws Exception {
|
||||
assertFalse(filter.isBasicAuthRequest(request));
|
||||
this.setAuthorizationHeader(request, "basic");
|
||||
assertTrue(filter.isBasicAuthRequest(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAttemptAuthenticationExpectRedirect() throws Exception {
|
||||
when(keycloakDeployment.getAuthUrl()).thenReturn(KeycloakUriBuilder.fromUri("http://localhost:8080/auth"));
|
||||
|
@ -221,11 +235,14 @@ public class KeycloakAuthenticationProcessingFilterTest {
|
|||
}
|
||||
|
||||
private void setBearerAuthHeader(MockHttpServletRequest request) {
|
||||
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Bearer " + UUID.randomUUID().toString());
|
||||
setAuthorizationHeader(request, "Bearer");
|
||||
}
|
||||
|
||||
private void setBasicAuthHeader(MockHttpServletRequest request) {
|
||||
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Basic " + UUID.randomUUID().toString());
|
||||
setAuthorizationHeader(request, "Basic");
|
||||
}
|
||||
|
||||
private void setAuthorizationHeader(MockHttpServletRequest request, String scheme) {
|
||||
request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, scheme + " " + UUID.randomUUID().toString());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue