Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic auth header without user results in exception #7976

Closed
PatrikSteuer opened this issue Feb 12, 2020 · 2 comments · Fixed by #8109
Closed

Basic auth header without user results in exception #7976

PatrikSteuer opened this issue Feb 12, 2020 · 2 comments · Fixed by #8109
Assignees
@eleftherias
Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@PatrikSteuer
Copy link

Summary

When providing a basic auth header without any user/password combination an java.lang.StringIndexOutOfBoundsException: String index out of range: -1 is thrown.

Actual Behavior

When a Basic Auth Web Request is executed with following header: Authorization: Basic an index out of range exception is caused. By these lines within the BasicAuthenticationConverter

This exception causes an http 500 respones.

Expected Behavior

Expected would be a http 401 as result of the original web request

Configuration

Version

spring-security: 5.2.2.RELEASE

Sample
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 12, 2020
@eleftherias eleftherias self-assigned this Feb 20, 2020
@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 20, 2020
@zeeshanadnan
Copy link
Contributor

@eleftherias if no one is working on this i would like to take it.

@eleftherias eleftherias added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Mar 5, 2020
@eleftherias
Copy link
Contributor

Thanks @zeeshanadnan! The issue is yours.

@zeeshanadnan zeeshanadnan mentioned this issue Mar 12, 2020
Merged
zeeshanadnan added a commit to zeeshanadnan/spring-security that referenced this issue Mar 16, 2020
@zeeshanadnan
Fix exception for empty basic auth header token
a7525b1 
fixes spring-projectsgh-7976
eleftherias pushed a commit that referenced this issue Mar 16, 2020
@zeeshanadnan @eleftherias
Fix exception for empty basic auth header token
935c547 
fixes gh-7976
@eleftherias eleftherias added this to the 5.4.0.M1 milestone Mar 16, 2020
@rwinch rwinch removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Mar 16, 2020
eleftherias pushed a commit that referenced this issue Mar 16, 2020
@zeeshanadnan @eleftherias
Fix exception for empty basic auth header token
dfa7880 
fixes gh-7976
@spring-projects-issues spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.3.x labels Mar 16, 2020
Closed
eleftherias pushed a commit that referenced this issue Mar 16, 2020
@zeeshanadnan @eleftherias
Fix exception for empty basic auth header token
a49a325 
fixes gh-7976
Closed
@rwinch rwinch mentioned this issue Mar 31, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
Development

Successfully merging a pull request may close this issue.

Fix exception from empty basic auth header token zeeshanadnan/spring-security
5 participants
@rwinch @eleftherias @zeeshanadnan @PatrikSteuer @spring-projects-issues