diff --git a/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java b/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java index c61b680c29706..ef644ce1007b8 100644 --- a/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java +++ b/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java @@ -24,6 +24,8 @@ @ApplicationScoped public class OAuth2AuthMechanism implements HttpAuthenticationMechanism { + private static final String BEARER_PREFIX = "Bearer "; + protected static final ChallengeData CHALLENGE_DATA = new ChallengeData( HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, @@ -42,15 +44,17 @@ public class OAuth2AuthMechanism implements HttpAuthenticationMechanism { public Uni authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) { String authHeader = context.request().headers().get("Authorization"); - String bearerToken = authHeader != null ? authHeader.substring(7) : null; - if (bearerToken != null) { - // Install the OAuth2 principal as the caller - return identityProviderManager - .authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer"))); + if (authHeader == null || !authHeader.startsWith(BEARER_PREFIX)) { + // No suitable bearer token has been found in this request, + return Uni.createFrom().nullItem(); } - // No suitable header has been found in this request, - return Uni.createFrom().nullItem(); + + String bearerToken = authHeader.substring(BEARER_PREFIX.length()); + + // Install the OAuth2 principal as the caller + return identityProviderManager + .authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer"))); } @Override diff --git a/integration-tests/elytron-security-oauth2/src/test/java/io/quarkus/it/elytron/oauth2/ElytronOauth2ExtensionResourceTestCase.java b/integration-tests/elytron-security-oauth2/src/test/java/io/quarkus/it/elytron/oauth2/ElytronOauth2ExtensionResourceTestCase.java index 496863baf8204..3a3797eabb130 100644 --- a/integration-tests/elytron-security-oauth2/src/test/java/io/quarkus/it/elytron/oauth2/ElytronOauth2ExtensionResourceTestCase.java +++ b/integration-tests/elytron-security-oauth2/src/test/java/io/quarkus/it/elytron/oauth2/ElytronOauth2ExtensionResourceTestCase.java @@ -56,7 +56,7 @@ public void authenticated() { ensureStarted(); RestAssured.given() .when() - .header("Authorization", "Bearer: " + BEARER_TOKEN) + .header("Authorization", "Bearer " + BEARER_TOKEN) .get("/api/authenticated") .then() .statusCode(200) @@ -78,7 +78,7 @@ public void forbidden() { ensureStarted(); RestAssured.given() .when() - .header("Authorization", "Bearer: " + BEARER_TOKEN) + .header("Authorization", "Bearer " + BEARER_TOKEN) .get("/api/forbidden") .then() .statusCode(403); @@ -99,13 +99,13 @@ public void testGrpcAuthorization() { ensureStarted(); RestAssured.given() .when() - .header("Authorization", "Bearer: " + BEARER_TOKEN) + .header("Authorization", "Bearer " + BEARER_TOKEN) .get("/api/grpc-writer") .then() .statusCode(500); RestAssured.given() .when() - .header("Authorization", "Bearer: " + BEARER_TOKEN) + .header("Authorization", "Bearer " + BEARER_TOKEN) .get("/api/grpc-reader") .then() .statusCode(200)