You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by jb...@apache.org on 2012/07/16 18:21:47 UTC
svn commit: r1362116 - in /shiro/branches/1.2.x/web/src:
main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
Author: jbunting
Date: Mon Jul 16 16:21:47 2012
New Revision: 1362116
URL: http://svn.apache.org/viewvc?rev=1362116&view=rev
Log:
SHIRO-375: adding test and fix for colon in password in basic auth
Modified:
shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
Modified: shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java?rev=1362116&r1=1362115&r2=1362116&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java (original)
+++ shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java Mon Jul 16 16:21:47 2012
@@ -362,6 +362,6 @@ public class BasicHttpAuthenticationFilt
*/
protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
String decoded = Base64.decodeToString(encoded);
- return decoded.split(":");
+ return decoded.split(":", 2);
}
}
Modified: shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java?rev=1362116&r1=1362115&r2=1362116&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java (original)
+++ shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java Mon Jul 16 16:21:47 2012
@@ -114,6 +114,30 @@ public class BasicHttpFilterAuthenticati
verify(response);
}
+ @Test
+ public void createTokenColonInPassword() throws Exception {
+ testFilter = new BasicHttpAuthenticationFilter();
+ HttpServletRequest request = createMock(HttpServletRequest.class);
+ expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "pass:word"));
+ expect(request.getRemoteHost()).andReturn("localhost");
+
+ HttpServletResponse response = createMock(HttpServletResponse.class);
+
+ replay(request);
+ replay(response);
+
+ AuthenticationToken token = testFilter.createToken(request, response);
+ assertNotNull(token);
+ assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
+
+ UsernamePasswordToken upToken = (UsernamePasswordToken) token;
+ assertEquals("pedro", upToken.getUsername());
+ assertEquals("pass:word", new String(upToken.getPassword()));
+
+ verify(request);
+ verify(response);
+ }
+
private String createAuthorizationHeader(String username, String password) {
return "Basic " + new String(Base64.encode((username + ":" + password).getBytes()));
}