This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 8f15bd32eff87b6deadd8b5be7ccd3ec0e7e74c4 Author: Roberto Cortez <[email protected]> AuthorDate: Wed Dec 26 16:13:20 2018 +0000 TOMEE-2365 - Fixed Basic header parsing. --- .../apache/tomee/security/cdi/BasicAuthenticationMechanism.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java index ba7adbd..f4c4722 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java @@ -49,7 +49,7 @@ public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism try { final CredentialValidationResult result = - identityStoreHandler.validate(new BasicAuthenticationCredential(request.getHeader(AUTHORIZATION))); + identityStoreHandler.validate(parseAuthenticationHeader(request.getHeader(AUTHORIZATION))); if (result.getStatus().equals(VALID)) { return httpMessageContext.notifyContainerAboutLogin(result); @@ -77,4 +77,10 @@ public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism final HttpMessageContext httpMessageContext) { } + + private BasicAuthenticationCredential parseAuthenticationHeader(final String authenticationHeader) { + return !authenticationHeader.isEmpty() && authenticationHeader.startsWith("Basic ") ? + new BasicAuthenticationCredential(authenticationHeader.substring(6)) : + new BasicAuthenticationCredential(null); + } }
