Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989

Closed
wants to merge 4 commits into from
Closed

Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2905671
allow AuthenticationConverter to be settable in BasicAuthenticationFi…
mmoayyed Oct 10, 2023
dd60d36
fix null check issue
mmoayyed Oct 10, 2023
d30d253
add test cases to prove settable authentication converter works corre…
mmoayyed Oct 10, 2023
22777e5
address feedback in review - partial
mmoayyed Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions ...n/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,11 @@ public void setCredentialsCharset(String credentialsCharset) {
this.authenticationConverter.setCredentialsCharset(Charset.forName(credentialsCharset));
}

public void setAuthenticationConverter(final BasicAuthenticationConverter authenticationConverter) {
Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
this.authenticationConverter = authenticationConverter;
}

protected String getCredentialsCharset(HttpServletRequest httpRequest) {
return this.credentialsCharset;
}
Expand Down
24 changes: 24 additions & 0 deletions ...a/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
Expand Down Expand Up @@ -106,6 +107,29 @@ public void testGettersSetters() {
assertThat(this.filter.getAuthenticationEntryPoint()).isNotNull();
}

@Test
public void testAuthenticationConverterIgnoresRequest() throws Exception {
String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic " + CodecTestUtils.encodeBase64(token));
request.setServletPath("/ignored-request");
request.setSession(new MockHttpSession());
final MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain chain = mock(FilterChain.class);
this.filter.setAuthenticationConverter(new BasicAuthenticationConverter() {
@Override
public UsernamePasswordAuthenticationToken convert(final HttpServletRequest request) {
if (request.getServletPath().equalsIgnoreCase("/ignored-request")) {
return null;
}
return super.convert(request);
}
});
this.filter.doFilter(request, response, chain);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
assertThat(response.getStatus()).isEqualTo(200);
}

@Test
public void testInvalidBasicAuthorizationTokenIsIgnored() throws Exception {
String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
Expand Down