Reactive HttpBasic Support For Coloned Passwords

This makes so that reactive httpBasic supports passwords containing
one or more colons.

web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java

@@ -54,7 +54,7 @@ public class ServerHttpBasicAuthenticationConverter implements
 				"" : authorization.substring(BASIC.length(), authorization.length());
 		byte[] decodedCredentials = base64Decode(credentials);
 		String decodedAuthz = new String(decodedCredentials);
-		String[] userParts = decodedAuthz.split(":");
+		String[] userParts = decodedAuthz.split(":", 2);
 
 		if (userParts.length != 2) {
 			return Mono.empty();

web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java

@@ -79,6 +79,15 @@ public class ServerHttpBasicAuthenticationConverterTests {
 		assertThat(authentication.getCredentials()).isEqualTo("password");
 	}
 
+	@Test
+	public void applyWhenUserPasswordHasColon() {
+		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcm5hbWU6cGFzczp3b3Jk"));
+
+		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
+		assertThat(authentication.getPrincipal()).isEqualTo("user");
+		assertThat(authentication.getCredentials()).isEqualTo("pass:word");
+	}
+
 	@Test
 	public void applyWhenLowercaseSchemeThenAuthentication() {
 		Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA=="));