Change logic of token extraction

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -34,11 +34,14 @@ import org.wso2.carbon.webapp.authenticator.framework.Constants;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
 
 import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class OAuthAuthenticator implements WebappAuthenticator {
 
     private static final String OAUTH_AUTHENTICATOR = "OAuth";
     private static APITokenAuthenticator authenticator = new APITokenAuthenticator();
+    private static final String REGEX_BEARER_PATTERN = "\"[B|b]earer\\\\s\"";
 
     private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
 
@@ -90,15 +93,21 @@ public class OAuthAuthenticator implements WebappAuthenticator {
     }
 
     private String getBearerToken(Request request) {
+
         MessageBytes authorization =
                 request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
         String tokenValue = null;
+
         if (authorization != null) {
+
             authorization.toBytes();
             ByteChunk authBC = authorization.getByteChunk();
-            if (authBC.startsWithIgnoreCase("bearer ", 0)) {
-                String bearerToken = authBC.toString();
-                tokenValue = bearerToken.substring(8, bearerToken.length() - 1);
+            tokenValue = authBC.toString();
+            Pattern pattern = Pattern.compile(REGEX_BEARER_PATTERN);
+            Matcher matcher = pattern.matcher(tokenValue);
+
+            if (matcher.find()){
+                tokenValue = tokenValue.substring(matcher.end());
             }
         }
         return tokenValue;