Prosoft Git

keycloak-aplcache

isBearerTokenRequest and isBasicAuthRequest is now case-insensitive.

10/19/2016 2:36:08 PM
Thomas Raehalme

Thomas Raehalme

Commit: e8ce970

Tree: 2c66a5c

Parents: 3c8aaaa

Changes

adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java 6(+4 -2)

adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java 21(+19 -2)

Details

adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java 6(+4 -2) 

diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
index a3ed6b8..be03dcc 100644
--- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
+++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
@@ -63,6 +63,8 @@ import java.io.IOException;
 public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter implements ApplicationContextAware {
     public static final String DEFAULT_LOGIN_URL = "/sso/login";
     public static final String AUTHORIZATION_HEADER = "Authorization";
+    public static final String SCHEME_BEARER = "bearer ";
+    public static final String SCHEME_BASIC = "basic ";
 
     /**
      * Request matcher that matches requests to the {@link KeycloakAuthenticationEntryPoint#DEFAULT_LOGIN_URI default login URI}
@@ -164,7 +166,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
      */
     protected boolean isBearerTokenRequest(HttpServletRequest request) {
         String authValue = request.getHeader(AUTHORIZATION_HEADER);
-        return authValue != null && authValue.startsWith("Bearer");
+        return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BEARER);
     }
 
     /**
@@ -176,7 +178,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
      */
     protected boolean isBasicAuthRequest(HttpServletRequest request) {
         String authValue = request.getHeader(AUTHORIZATION_HEADER);
-        return authValue != null && authValue.startsWith("Basic");
+        return authValue != null && authValue.toLowerCase().startsWith(SCHEME_BASIC);
     }
 
     @Override

adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java 21(+19 -2) 

diff --git a/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java b/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java
index 055447f..fd6672a 100755
--- a/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java
+++ b/adapters/oidc/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java
@@ -128,6 +128,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
     }
 
     @Test
+    public void testIsBearerTokenRequestCaseInsensitive() throws Exception {
+        assertFalse(filter.isBearerTokenRequest(request));
+        this.setAuthorizationHeader(request, "bearer");
+        assertTrue(filter.isBearerTokenRequest(request));
+    }
+
+    @Test
     public void testIsBasicAuthRequest() throws Exception {
         assertFalse(filter.isBasicAuthRequest(request));
         this.setBasicAuthHeader(request);
@@ -135,6 +142,13 @@ public class KeycloakAuthenticationProcessingFilterTest {
     }
 
     @Test
+    public void testIsBasicAuthRequestCaseInsensitive() throws Exception {
+        assertFalse(filter.isBasicAuthRequest(request));
+        this.setAuthorizationHeader(request, "basic");
+        assertTrue(filter.isBasicAuthRequest(request));
+    }
+
+    @Test
     public void testAttemptAuthenticationExpectRedirect() throws Exception {
         when(keycloakDeployment.getAuthUrl()).thenReturn(KeycloakUriBuilder.fromUri("http://localhost:8080/auth"));
         when(keycloakDeployment.getResourceName()).thenReturn("resource-name");
@@ -221,11 +235,14 @@ public class KeycloakAuthenticationProcessingFilterTest {
     }
 
     private void setBearerAuthHeader(MockHttpServletRequest request) {
-        request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Bearer " + UUID.randomUUID().toString());
+        setAuthorizationHeader(request, "Bearer");
     }
 
     private void setBasicAuthHeader(MockHttpServletRequest request) {
-        request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, "Basic " + UUID.randomUUID().toString());
+        setAuthorizationHeader(request, "Basic");
     }
 
+    private void setAuthorizationHeader(MockHttpServletRequest request, String scheme) {
+      request.addHeader(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER, scheme + " " + UUID.randomUUID().toString());
+    }
 }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github