From eda34cf4deb74dcc032015d58c0c88c130e9592a Mon Sep 17 00:00:00 2001 From: manoj Date: Tue, 26 May 2015 15:12:31 +0530 Subject: [PATCH] Change logic of token extraction --- .../authenticator/OAuthAuthenticator.java | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 20fca28b316..e1768eb1b30 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -34,11 +34,14 @@ import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import java.util.StringTokenizer; +import java.util.regex.Matcher; +import java.util.regex.Pattern; public class OAuthAuthenticator implements WebappAuthenticator { private static final String OAUTH_AUTHENTICATOR = "OAuth"; private static APITokenAuthenticator authenticator = new APITokenAuthenticator(); + private static final String REGEX_BEARER_PATTERN = "\"[B|b]earer\\\\s\""; private static final Log log = LogFactory.getLog(OAuthAuthenticator.class); @@ -90,15 +93,21 @@ public class OAuthAuthenticator implements WebappAuthenticator { } private String getBearerToken(Request request) { + MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); String tokenValue = null; + if (authorization != null) { + authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); - if (authBC.startsWithIgnoreCase("bearer ", 0)) { - String bearerToken = authBC.toString(); - tokenValue = bearerToken.substring(8, bearerToken.length() - 1); + tokenValue = authBC.toString(); + Pattern pattern = Pattern.compile(REGEX_BEARER_PATTERN); + Matcher matcher = pattern.matcher(tokenValue); + + if (matcher.find()){ + tokenValue = tokenValue.substring(matcher.end()); } } return tokenValue;