X-SCM-Session-ID and X-SCM-Client could now be send via query parameter

The use of query parameters is required for SSE, because the standard does not support header.
This works currently only for GET request to avoid parsing of request body.

scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java

@@ -31,7 +31,6 @@
 
 package sonia.scm.security;
 
-import com.google.common.collect.ImmutableSet;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.junit.jupiter.api.BeforeEach;
@@ -42,7 +41,6 @@ import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import java.util.HashMap;
-import java.util.Set;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -84,7 +82,7 @@ class BearerRealmTest {
 
   @Test
   void shouldDoGetAuthentication() {
-    BearerToken bearerToken = BearerToken.create("__session__", "__bearer__");
+    BearerToken bearerToken = BearerToken.create(SessionId.valueOf("__session__"), "__bearer__");
     AccessToken accessToken = mock(AccessToken.class);
 
     when(accessToken.getSubject()).thenReturn("trillian");

scm-webapp/src/test/java/sonia/scm/web/BearerWebTokenGeneratorTest.java

@@ -31,20 +31,19 @@
 
 package sonia.scm.web;
 
-import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.AuthenticationToken;
-
-
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
 import org.mockito.junit.jupiter.MockitoExtension;
 import sonia.scm.security.BearerToken;
 import sonia.scm.security.SessionId;
-import sonia.scm.util.HttpUtil;
+
+import javax.servlet.http.HttpServletRequest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.when;
 
 /**
  *
@@ -90,7 +89,7 @@ class BearerWebTokenGeneratorTest {
   @Test
   void shouldCreateTokenWithSessionId(){
     doReturn("Bearer asd").when(request).getHeader("Authorization");
-    doReturn("bcd123").when(request).getHeader(HttpUtil.HEADER_SCM_SESSION);
+    doReturn("bcd123").when(request).getHeader(SessionId.PARAMETER);
 
     AuthenticationToken token = tokenGenerator.createToken(request);
     assertThat(token)

scm-webapp/src/test/java/sonia/scm/web/CookieBearerWebTokenGeneratorTest.java

@@ -76,7 +76,7 @@ class CookieBearerWebTokenGeneratorTest {
 
   @Test
   void shouldCreateTokenWithSessionId() {
-    when(request.getHeader(HttpUtil.HEADER_SCM_SESSION)).thenReturn("abc123");
+    when(request.getHeader(SessionId.PARAMETER)).thenReturn("abc123");
 
     assignBearerCookie("authc");