Merge pull request #6 from darioseidl/master
Prevent ArrayIndexOutOfBoundsException in JwtTokenFilter.getTokenString
This commit is contained in:
commit
eef3d052fe
@ -48,10 +48,15 @@ public class JwtTokenFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
private Optional<String> getTokenString(String header) {
|
||||
if (header == null || header.split("").length < 2) {
|
||||
if (header == null) {
|
||||
return Optional.empty();
|
||||
} else {
|
||||
return Optional.ofNullable(header.split(" ")[1]);
|
||||
String[] split = header.split(" ");
|
||||
if (split.length < 2) {
|
||||
return Optional.empty();
|
||||
} else {
|
||||
return Optional.ofNullable(split[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
package io.spring.api.security;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@ -18,6 +19,10 @@ import static java.util.Arrays.asList;
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Value("${spring.h2.console.enabled:false}")
|
||||
private boolean h2ConsoleEnabled;
|
||||
|
||||
@Bean
|
||||
public JwtTokenFilter jwtTokenFilter() {
|
||||
return new JwtTokenFilter();
|
||||
@ -25,6 +30,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
if (h2ConsoleEnabled)
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/h2-console", "/h2-console/**").permitAll()
|
||||
.and()
|
||||
.headers().frameOptions().sameOrigin();
|
||||
|
||||
http.csrf().disable()
|
||||
.cors()
|
||||
.and()
|
||||
|
@ -4,4 +4,6 @@ jwt.secret=nRvyYC4soFxBdZ-F-5Nnzz5USXstR1YylsTd-mA0aKtI9HUlriGrtkf-TiuDapkLiUCog
|
||||
jwt.sessionTime=86400
|
||||
mybatis.config-location=classpath:mybatis-config.xml
|
||||
mybatis.mapper-locations=mapper/*.xml
|
||||
logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG
|
||||
logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG
|
||||
# Uncomment the following line to enable and allow access to the h2-console
|
||||
#spring.h2.console.enabled=true
|
||||
|
Loading…
Reference in New Issue
Block a user