If you take a look at BasicAuthenticationConverter.java @ convert(HttpServletRequest request), around line 90, you'll see:
byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
There is no validation on the length of the header, so if a "Authorization: Basic" or "Authorization: Basic " is sent, a String exception will be thrown. Need to add a length check before hand.
Comment From: rwinch
I believe this was fixed in gh-7976 and will be available on April 1. Can you please confirm @SledgeHammer01?
Comment From: SledgeHammer01
I believe this was fixed in gh-7976 and will be available on April 1. Can you please confirm @SledgeHammer01?
Ah, Sure :). Would I be able to reference with Spring Boot 2.2.6 or will there be some conflicts? If it is ok, how can I override the version? Just a property of
Comment From: rwinch
The fix was backported to 5.2.3 and 5.3.1. Spring Boot should pick up the latest 5.2.x version in its next release. In the meantime, you should be able to override the property (just as you demonstrated) without any conflicts.
It isn't as intuitive as I'd like, but if you look at the label of the issue I posted you can see the ticket was backported. Looking at the issues in the timeline with the same subject you can find backport issues and which milestones it is fixed in. Again, I know this isn't that intuitive, but GitHub issues don't allow for selecting multiple milestones. Hopefully my explanation makes sense and can help you in the future.
Comment From: rwinch
Closing as duplicate of gh-7976