You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by jb...@apache.org on 2012/07/16 18:21:47 UTC

svn commit: r1362116 - in /shiro/branches/1.2.x/web/src: main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java

Author: jbunting
Date: Mon Jul 16 16:21:47 2012
New Revision: 1362116

URL: http://svn.apache.org/viewvc?rev=1362116&view=rev
Log:
SHIRO-375: adding test and fix for colon in password in basic auth

Modified:
    shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
    shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java

Modified: shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java?rev=1362116&r1=1362115&r2=1362116&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java (original)
+++ shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java Mon Jul 16 16:21:47 2012
@@ -362,6 +362,6 @@ public class BasicHttpAuthenticationFilt
      */
     protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
         String decoded = Base64.decodeToString(encoded);
-        return decoded.split(":");
+        return decoded.split(":", 2);
     }
 }

Modified: shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java?rev=1362116&r1=1362115&r2=1362116&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java (original)
+++ shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java Mon Jul 16 16:21:47 2012
@@ -114,6 +114,30 @@ public class BasicHttpFilterAuthenticati
 		verify(response);
     }
 
+    @Test
+    public void createTokenColonInPassword() throws Exception {
+        testFilter = new BasicHttpAuthenticationFilter();
+        HttpServletRequest request = createMock(HttpServletRequest.class);
+        expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "pass:word"));
+        expect(request.getRemoteHost()).andReturn("localhost");
+
+        HttpServletResponse response = createMock(HttpServletResponse.class);
+
+        replay(request);
+        replay(response);
+
+		AuthenticationToken token = testFilter.createToken(request, response);
+		assertNotNull(token);
+		assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
+
+		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
+		assertEquals("pedro", upToken.getUsername());
+		assertEquals("pass:word", new String(upToken.getPassword()));
+
+		verify(request);
+		verify(response);
+    }
+
     private String createAuthorizationHeader(String username, String password) {
     	return "Basic " + new String(Base64.encode((username + ":" + password).getBytes()));
     }