BasicAuthenticationInterceptor should cache the encoded credentials #23204
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
type: enhancement
A general enhancement
Milestone
As
BasicAuthenticationInterceptor
is just anInterceptor
that recreates the encodedBasic Authentication
header for each request, I think the encoded credentials should be cached and reused.Maybe
org.springframework.http.HttpHeaders
could offer astatic encodeBasicAuth(String username, String password, @Nullable Charset charset)
that does the same assetBasicAuth()
, but instead of setting the header directly, it just returns theBasic <encoded username:password>
string.Suggested class therefore would change to:
Pro: neither username nor pass has to be kept as cleartext.
The text was updated successfully, but these errors were encountered: