Fixes #1642 [Core] Bearer authorization header is not recognized

eclipse-dirigible · Mar 4, 2022 · 147896d · 147896d
1 parent 875264a
commit 147896d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...les/security/security-oauth/src/main/java/org/eclipse/dirigible/oauth/utils/JwtUtils.java b/...les/security/security-oauth/src/main/java/org/eclipse/dirigible/oauth/utils/JwtUtils.java
@@ -96,8 +96,8 @@ private static String getJwtFromHeader(HttpServletRequest httpServletRequest) {
 		String authorizationHeader = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
 		if (authorizationHeader != null) {	
 			// Expected format Authorization header value: Bearer eyJhbGciOiJS...
-			if (authorizationHeader.startsWith(AUTHORIZATION_HEADER_VALUE_BEARER)) {
-				String tokenValue = authorizationHeader.replace(AUTHORIZATION_HEADER_VALUE_BEARER, "");
+			if (authorizationHeader.toLowerCase().startsWith(AUTHORIZATION_HEADER_VALUE_BEARER.toLowerCase())) {
+				String tokenValue = authorizationHeader.substring(AUTHORIZATION_HEADER_VALUE_BEARER.length());
 				if (isValidJwt(httpServletRequest, tokenValue)) {
 					jwt = tokenValue;
 				}