Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Specify charset in WWW-Authenticate for Basic Auth

Browse Source 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
This commit is contained in:
Andrey Litvitski
2026-02-18 22:20:35 +03:00
committed by Josh Cummings
parent c7235ec0a3
commit d1ce69ca99
7 changed files with 60 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
+1 -1
View File
@@ -197,7 +197,7 @@ public class NamespaceHttpTests {
// @formatter:off
this.mockMvc.perform(get("/"))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\""));
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\", charset=\"UTF-8\""));
// @formatter:on
}
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
+2 -2
View File
@@ -103,7 +103,7 @@ public class HttpBasicConfigurerTests {
// @formatter:off
this.mvc.perform(get("/"))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\", charset=\"UTF-8\""));
// @formatter:on
}
@@ -114,7 +114,7 @@ public class HttpBasicConfigurerTests {
// @formatter:off
this.mvc.perform(get("/"))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\""));
.andExpect(header().string("WWW-Authenticate", "Basic realm=\"Realm\", charset=\"UTF-8\""));
// @formatter:on
}
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
+4 -4
View File
@@ -71,7 +71,7 @@ public class NamespaceHttpBasicTests {
// @formatter:off
this.mvc.perform(requestWithInvalidPassword)
.andExpect(status().isUnauthorized())
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\", charset=\"UTF-8\""));
// @formatter:on
MockHttpServletRequestBuilder requestWithValidPassword = get("/").with(httpBasic("user", "password"));
this.mvc.perform(requestWithValidPassword).andExpect(status().isNotFound());
@@ -85,7 +85,7 @@ public class NamespaceHttpBasicTests {
// @formatter:off
this.mvc.perform(requestWithInvalidPassword)
.andExpect(status().isUnauthorized())
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\""));
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Realm\", charset=\"UTF-8\""));
// @formatter:on
MockHttpServletRequestBuilder requestWithValidPassword = get("/").with(httpBasic("user", "password"));
this.mvc.perform(requestWithValidPassword).andExpect(status().isNotFound());
@@ -101,7 +101,7 @@ public class NamespaceHttpBasicTests {
// @formatter:off
this.mvc.perform(requestWithInvalidPassword)
.andExpect(status().isUnauthorized())
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\", charset=\"UTF-8\""));
// @formatter:on
}
@@ -112,7 +112,7 @@ public class NamespaceHttpBasicTests {
// @formatter:off
this.mvc.perform(requestWithInvalidPassword)
.andExpect(status().isUnauthorized())
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\""));
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\", charset=\"UTF-8\""));
// @formatter:on
}
config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
+1 -1
View File
@@ -133,7 +133,7 @@ public class NamespaceHttpBasicTests {
// @formatter:on
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\"");
assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\", charset=\"UTF-8\"");
}
private void loadContext(String context) {
config/src/test/kotlin/org/springframework/security/config/annotation/web/HttpBasicDslTests.kt
+2 -2
View File
@@ -74,7 +74,7 @@ class HttpBasicDslTests {
this.mockMvc.get("/")
.andExpect {
header { string("WWW-Authenticate", "Basic realm=\"Realm\"") }
header { string("WWW-Authenticate", "Basic realm=\"Realm\", charset=\"UTF-8\"") }
}
}
@@ -110,7 +110,7 @@ class HttpBasicDslTests {
this.mockMvc.get("/")
.andExpect {
header { string("WWW-Authenticate", "Basic realm=\"Custom Realm\"") }
header { string("WWW-Authenticate", "Basic realm=\"Custom Realm\", charset=\"UTF-8\"") }
}
}