Use SpringUtils to check scheme

bhavikkumar · rwinch · commit 90b9cfaf55ff · 2018-11-29T20:42:39.000-06:00
Fixes 6183
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -37,6 +37,7 @@
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
@@ -154,7 +155,7 @@ protected void doFilterInternal(HttpServletRequest request,
 
 		String header = request.getHeader("Authorization");
 
-		if (header == null || !header.toLowerCase().startsWith("basic ")) {
+		if (!StringUtils.startsWithIgnoreCase(header, "basic ")) {
 			chain.doFilter(request, response);
 			return;
 		}
diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
@@ -22,6 +22,7 @@
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 
 import reactor.core.publisher.Mono;
@@ -46,7 +47,7 @@ public Mono<Authentication> apply(ServerWebExchange exchange) {
 		ServerHttpRequest request = exchange.getRequest();
 
 		String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
-		if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
+		if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
 			return Mono.empty();
 		}
 
