diff --git a/spring-security/src/main/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoder.java b/spring-security/src/main/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoder.java index 1e2a53377..5ce068dca 100644 --- a/spring-security/src/main/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoder.java +++ b/spring-security/src/main/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoder.java @@ -56,7 +56,7 @@ public Jwt decode(String encodedToken) { if (servletRequestAttributes != null) { HttpServletRequest request = servletRequestAttributes.getRequest(); - String clientCert = String.valueOf(request.getHeader(FWD_CLIENT_CERT_HEADER)); + String clientCert = request.getHeader(FWD_CLIENT_CERT_HEADER); if (clientCert != null) { SecurityContext.setClientCertificate(X509Certificate.newCertificate(clientCert)); } diff --git a/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoderTest.java b/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoderTest.java index a9b4c6728..7d9a94b48 100644 --- a/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoderTest.java +++ b/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/HybridJwtDecoderTest.java @@ -5,16 +5,22 @@ */ package com.sap.cloud.security.spring.token.authentication; +import ch.qos.logback.classic.Logger; +import ch.qos.logback.classic.spi.ILoggingEvent; +import ch.qos.logback.core.read.ListAppender; import com.sap.cloud.security.test.JwtGenerator; import com.sap.cloud.security.token.SecurityContext; import com.sap.cloud.security.token.Token; import com.sap.cloud.security.token.TokenClaims; import com.sap.cloud.security.token.validation.CombiningValidator; import com.sap.cloud.security.token.validation.ValidationResults; +import com.sap.cloud.security.x509.X509Certificate; import org.apache.commons.io.IOUtils; +import org.assertj.core.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; +import org.slf4j.LoggerFactory; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.oauth2.jwt.BadJwtException; import org.springframework.security.oauth2.jwt.Jwt; @@ -74,6 +80,21 @@ void decodeIasTokenWithProofToken() throws IOException { assertNotNull(SecurityContext.getClientCertificate()); } + @Test + void decodeIasTokenWithoutFwdCert() { + ListAppender listAppender = new ListAppender<>(); + Logger logger = (Logger) LoggerFactory.getLogger(X509Certificate.class); + listAppender.start(); + logger.addAppender(listAppender); + MockHttpServletRequest request = new MockHttpServletRequest(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(request)); + + String encodedToken = jwtGenerator.createToken().getTokenValue(); + cut.decode(encodedToken); + Assertions.assertThat(listAppender.list).isEmpty(); + listAppender.stop(); + } + @Test void decodeXsuaaTokenWithoutValidators() { String encodedToken = JwtGenerator.getInstance(XSUAA, "theClientId").createToken().getTokenValue(); diff --git a/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/IasJwtDecoderTest.java b/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/IasJwtDecoderTest.java index 60ba914bf..3d5ed5a93 100644 --- a/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/IasJwtDecoderTest.java +++ b/spring-security/src/test/java/com/sap/cloud/security/spring/token/authentication/IasJwtDecoderTest.java @@ -5,16 +5,22 @@ */ package com.sap.cloud.security.spring.token.authentication; +import ch.qos.logback.classic.Logger; +import ch.qos.logback.classic.spi.ILoggingEvent; +import ch.qos.logback.core.read.ListAppender; import com.sap.cloud.security.test.JwtGenerator; import com.sap.cloud.security.token.SecurityContext; import com.sap.cloud.security.token.Token; import com.sap.cloud.security.token.TokenClaims; import com.sap.cloud.security.token.validation.CombiningValidator; import com.sap.cloud.security.token.validation.ValidationResults; +import com.sap.cloud.security.x509.X509Certificate; import org.apache.commons.io.IOUtils; +import org.assertj.core.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; +import org.slf4j.LoggerFactory; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.oauth2.jwt.BadJwtException; import org.springframework.security.oauth2.jwt.Jwt; @@ -75,11 +81,17 @@ void decodeIasTokenWithProofToken() throws IOException { @Test void decodeIasTokenWithoutFwdCert() { + ListAppender listAppender = new ListAppender<>(); + Logger logger = (Logger) LoggerFactory.getLogger(X509Certificate.class); + listAppender.start(); + logger.addAppender(listAppender); MockHttpServletRequest request = new MockHttpServletRequest(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(request)); String encodedToken = jwtGenerator.createToken().getTokenValue(); - assertEquals("theClientId", cut.decode(encodedToken).getClaim(TokenClaims.AUTHORIZATION_PARTY)); + cut.decode(encodedToken); + Assertions.assertThat(listAppender.list).isEmpty(); + listAppender.stop(); } @Test