root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge branch '6.0.x' into 6.1.x 

Closes gh-13759
This commit is contained in:
Marcus Da Coregio 2023-08-31 10:16:07 -03:00
parent 14b328e3ed 629540f9d8
commit b64d5395c5
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
View File

@ -52,7 +52,7 @@ public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint,
@Override @Override
public void commence(HttpServletRequest request, HttpServletResponse response, public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException { AuthenticationException authException) throws IOException {
response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + "\""); response.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + "\"");
response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase()); response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
} }

19
web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java
View File

@ -16,8 +16,12 @@
package org.springframework.security.web.authentication.www; package org.springframework.security.web.authentication.www;
import java.io.IOException;
import java.util.List;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
@ -61,4 +65,19 @@ public class BasicAuthenticationEntryPointTests {
assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\""); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\"");
} }
// gh-13737
@Test
void commenceWhenResponseHasHeaderThenOverride() throws IOException {
BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint();
ep.setRealmName("hello");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/some_path");
MockHttpServletResponse response = new MockHttpServletResponse();
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"test\"");
ep.commence(request, response, new DisabledException("Disabled"));
List<String> headers = response.getHeaders("WWW-Authenticate");
assertThat(headers).hasSize(1);
assertThat(headers.get(0)).isEqualTo("Basic realm=\"hello\"");
}
} }