Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Incorrect header in useHttpBasicAuthForPasswordFlow

See original GitHub issue

Hello,

When configuring the basic authentication header for password flow you are using “Authentication” and the correct header for the scheme is “Authorization”

const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
                headers = headers.set(
                    'Authentication',
                    'BASIC ' + header);

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:13

Top GitHub Comments

1reaction

jeroenheijmanscommented, Jul 31, 2018

FYI: I just got a notification that this was changed in spring-security, slated for milestone “5.0.8”. That might make the workaround unneeded.

1reaction

vinliangxcommented, Jul 30, 2018

This is the workaround I’ve implemented for Spring Security:

The filter

import org.springframework.web.filter.OncePerRequestFilter;

@Component
public class BasicAuthHeaderFilter extends OncePerRequestFilter {
   @Override
   protected void doFilterInternal(HttpServletRequest request, 
                                                     HttpServletResponse response, 
                                                     FilterChain chain) throws ServletException, IOException {
      HttpServletRequestWrapper requestWrapper = new HttpServletRequestWrapper(request) {
                @Override
                public String getHeader(String name) {
                    String header = super.getHeader(name);                    
                    if (header == null && name.equalsIgnoreCase("authorization")){
                        header = super.getHeader("authentication");
                    }
                    if (header != null && header.toLowerCase().startsWith("basic")) {
                        return header.replaceAll("^[Bb][Aa][Ss][Ii][Cc]", "Basic");
                    }
                    return header;
                }
       };
      chain.doFilter(requestWrapper, response);
   }
}

Registering the Filter:

import org.springframework.boot.web.servlet.FilterRegistrationBean;

@Bean
public FilterRegistrationBean<BasicAuthHeaderFilter> filterFilterRegistrationBean(BasicAuthHeaderFilter filter) {
    FilterRegistrationBean<BasicAuthHeaderFilter> reg = new FilterRegistrationBean<>(filter);
    reg.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return reg;
}

Thanks again @jeroenheijmans

Top Results From Across the Web

angular-oauth2-oidc - UNPKG

useHttpBasicAuthForPasswordFlow ) {\r\n const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);\r\n headers = headers.set(\r\n 'Authorization' ...