[KEYCLOAK-6928] - Selecting first bearer if multiple values exists in authorization header

2018-09-28 12:44:13 -03:00 · 2018-09-28 12:44:13 -03:00 · 2da758ac86
commit 2da758ac86
parent efe6a38648
1 changed files with 7 additions and 2 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@ -72,8 +72,13 @@ public class BearerTokenRequestAuthenticator {
        for (String authHeader : authHeaders) {
            String[] split = authHeader.trim().split("\\s+");
            if (split == null || split.length != 2) continue;
-            if (!split[0].equalsIgnoreCase("Bearer")) continue;
-            tokenString = split[1];
+            if (split[0].equalsIgnoreCase("Bearer")) {
+                tokenString = split[1];
+                if (log.isDebugEnabled()) {
+                    log.debugf("Found [%s] values in authorization header, selecting the first value for Bearer.", authHeaders.size());
+                }
+                break;
+            };
        }

        if (tokenString == null) {