Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BasicAuthorizationInterceptor should add its header conditionally [SPR-17326] #21860

Closed
spring-issuemaster opened this issue Oct 3, 2018 · 1 comment
Assignees
Milestone

Comments

@spring-issuemaster
Copy link
Collaborator

@spring-issuemaster spring-issuemaster commented Oct 3, 2018

Christopher Smith opened SPR-17326 and commented

BasicAuthorizationInterceptor made including auth headers in a RestTemplate much easier, but it has the downside of adding its header unconditionally. This means that there's no reliable way for the consumer to override the header for a particular request (such as one made using delegated credentials).

I suggest making the add operation conditional on the Authorization header's not already being present in the request headers.


Affects: 4.3.16

Issue Links:

  • #21452 Create HttpHeaders.setBasicAuth(String username, String password)
@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Oct 8, 2018

Juergen Hoeller commented

Taking the opportunity to align this interceptor with the new HttpHeaders.setBasicAuth methods and the corresponding ExchangeFilterFunctions.basicAuthentication methods in 5.1, I've added a new BasicAuthenticationInterceptor (with detection of an existing Authorization header and with reuse of HttpHeaders.setBasicAuth and an aligned default ISO-8859-1 encoding), deprecating BasicAuthorizationInterceptor accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.