Skip to content

Commit

Permalink
Merge pull request #27342 from sberyozkin/do_not_report_basic_quarkus…
Browse files Browse the repository at this point in the history 
…_realm

Do not set 'realm=Quarkus' in Basic auth challenge
  • Loading branch information
@sberyozkin
sberyozkin committed Aug 18, 2022
2 parents 3f34f11 + c8843a7 commit 8787a2a
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 8 deletions.
3 changes: 2 additions & 1 deletion ...eployment/src/test/java/io/quarkus/vertx/http/security/CombinedFormBasicAuthTestCase.java
View file
Expand Up @@ -23,6 +23,7 @@ public class CombinedFormBasicAuthTestCase {

private static final String APP_PROPS = "" +
"quarkus.http.auth.basic=true\n" +
"quarkus.http.auth.realm=TestRealm\n" +
"quarkus.http.auth.form.enabled=true\n" +
"quarkus.http.auth.form.login-page=login\n" +
"quarkus.http.auth.form.error-page=error\n" +
Expand Down Expand Up @@ -154,7 +155,7 @@ public void testBasicAuthFailure() {
.then()
.assertThat()
.statusCode(401)
.header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\""));
.header("WWW-Authenticate", equalTo("basic realm=\"TestRealm\""));

}
}
4 changes: 2 additions & 2 deletions extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/AuthConfig.java
View file
Expand Up @@ -29,8 +29,8 @@ public class AuthConfig {
/**
* The authentication realm
*/
@ConfigItem(defaultValue = "Quarkus")
public String realm;
@ConfigItem
public Optional<String> realm;

/**
* The HTTP permissions
Expand Down
2 changes: 1 addition & 1 deletion ...me/src/main/java/io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.java
View file
Expand Up @@ -95,7 +95,7 @@ public BasicAuthenticationMechanism(final String realmName, final boolean silent

public BasicAuthenticationMechanism(final String realmName, final boolean silent,
Charset charset, Map<Pattern, Charset> userAgentCharsets) {
this.challenge = BASIC_PREFIX + "realm=\"" + realmName + "\"";
this.challenge = realmName == null ? BASIC : BASIC_PREFIX + "realm=\"" + realmName + "\"";
this.silent = silent;
this.charset = charset;
this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap<>(userAgentCharsets));
Expand Down
3 changes: 2 additions & 1 deletion ...tp/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.java
View file
Expand Up @@ -279,7 +279,8 @@ public Supplier<?> setupBasicAuth(HttpBuildTimeConfig buildTimeConfig) {
return new Supplier<BasicAuthenticationMechanism>() {
@Override
public BasicAuthenticationMechanism get() {
return new BasicAuthenticationMechanism(buildTimeConfig.auth.realm, buildTimeConfig.auth.form.enabled);
return new BasicAuthenticationMechanism(buildTimeConfig.auth.realm.orElse(null),
buildTimeConfig.auth.form.enabled);
}
};
}
Expand Down
6 changes: 3 additions & 3 deletions ...gration-tests/oidc/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java
View file
Expand Up @@ -75,7 +75,7 @@ public void testBasicAuthWrongPassword() {
.when().get("/api/users/me")
.then()
.statusCode(401)
.header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\""));
.header("WWW-Authenticate", equalTo("basic"));
}

@Test
Expand Down Expand Up @@ -144,7 +144,7 @@ public void testVerificationFailedNoBearerTokenAndBasicCreds() {
RestAssured.given()
.when().get("/api/users/me").then()
.statusCode(401)
.header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\""));
.header("WWW-Authenticate", equalTo("basic"));
}

@Test
Expand All @@ -171,7 +171,7 @@ public void testBearerAuthFailureWhereBasicIsRequired() {
.when().get("/basic-only")
.then()
.statusCode(401)
.header("WWW-Authenticate", equalTo("basic realm=\"Quarkus\""));
.header("WWW-Authenticate", equalTo("basic"));
}

@Test
Expand Down

0 comments on commit 8787a2a

Please sign in to comment.