Details
Description
In isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English. This happens because at the line String authzScheme = getAuthzScheme().toLowerCase(); , the toLowerCase methods takes i18n into consideration. If the locale of the host is Turkish the string "BASIC" becomes "basıc" but not "basic" (there is the letter "ı" lowercase i without the dot in Turkish) So the comparison returns false. The method fails.
The solution is pretty easy:
The two lines of the method "isLoginAttempt" in BasicHttpAuthenticationFilter class should be changed as below to make sure it works always the same:
protected boolean isLoginAttempt(String authzHeader)
{ String authzScheme = getAuthzScheme().toLowerCase(Locale.ENGLISH); return authzHeader.toLowerCase(Locale.ENGLISH).startsWith(authzScheme); }