Skip to content

Basic auth header without user results in exception #7976

New issue
New issue
Closed
#8109
Closed
Basic auth header without user results in exception#7976
#8109
Assignees
eleftherias
Labels
in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement
Milestone
 
5.4.0-M1
@PatrikSteuer

Description

@PatrikSteuer
PatrikSteuer
opened on Feb 12, 2020

Summary

When providing a basic auth header without any user/password combination an java.lang.StringIndexOutOfBoundsException: String index out of range: -1 is thrown.

Actual Behavior

When a Basic Auth Web Request is executed with following header: Authorization: Basic an index out of range exception is caused. By these lines within the BasicAuthenticationConverter

This exception causes an http 500 respones.

Expected Behavior

Expected would be a http 401 as result of the original web request

Configuration

Version

spring-security: 5.2.2.RELEASE

Sample

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions