Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bearer Token Padding

Browse Source 
Closes gh-8502
This commit is contained in:
kothasa
2020-05-11 12:32:56 +01:00
committed by Josh Cummings
parent 7cc6509200
commit d38dabac02
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java
+1 -1
View File
@@ -110,7 +110,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver {
throw new OAuth2AuthenticationException(error);
}
return matcher.group("token");
return authorization.substring(7);
}
return null;
}
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java
+19 -1
View File
@@ -34,7 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
*/
public class DefaultBearerTokenResolverTests {
private static final String CUSTOM_HEADER = "custom-header";
private static final String TEST_TOKEN = "test-token";
private static final String TEST_TOKEN = "ab5FG/ywfXPwiPc6ErRQM643QqY";
private DefaultBearerTokenResolver resolver;
@@ -51,6 +51,24 @@ public class DefaultBearerTokenResolverTests {
assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN);
}
@Test
public void resolveWhenValidHeaderIsPresentWithSingleBytePaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "=";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test
public void resolveWhenValidHeaderIsPresentWithTwoBytesPaddingIndicatorThenTokenIsResolved() {
String token = TEST_TOKEN + "==";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Bearer " + token);
assertThat(this.resolver.resolve(request)).isEqualTo(token);
}
@Test
public void resolveWhenCustomDefinedHeaderIsValidAndPresentThenTokenIsResolved() {
this.resolver.setBearerTokenHeaderName(CUSTOM_HEADER);