BearerToken 간헐적 파싱 못하는 경우 발생에 대한 방어로직
This commit is contained in:
@@ -317,7 +317,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: Authorization");
|
||||
}
|
||||
|
||||
String[] components = authorization.split("\\s");
|
||||
String[] components = authorization.trim().split("\\s+", 2);
|
||||
|
||||
if (components.length != 2) {
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Malformat [Authorization] content");
|
||||
|
||||
Reference in New Issue
Block a user