diff --git a/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java b/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java index c61b680c29706..ef644ce1007b8 100644 --- a/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java +++ b/extensions/elytron-security-oauth2/runtime/src/main/java/io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2AuthMechanism.java @@ -24,6 +24,8 @@ @ApplicationScoped public class OAuth2AuthMechanism implements HttpAuthenticationMechanism { + private static final String BEARER_PREFIX = "Bearer "; + protected static final ChallengeData CHALLENGE_DATA = new ChallengeData( HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, @@ -42,15 +44,17 @@ public class OAuth2AuthMechanism implements HttpAuthenticationMechanism { public Uni authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) { String authHeader = context.request().headers().get("Authorization"); - String bearerToken = authHeader != null ? authHeader.substring(7) : null; - if (bearerToken != null) { - // Install the OAuth2 principal as the caller - return identityProviderManager - .authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer"))); + if (authHeader == null || !authHeader.startsWith(BEARER_PREFIX)) { + // No suitable bearer token has been found in this request, + return Uni.createFrom().nullItem(); } - // No suitable header has been found in this request, - return Uni.createFrom().nullItem(); + + String bearerToken = authHeader.substring(BEARER_PREFIX.length()); + + // Install the OAuth2 principal as the caller + return identityProviderManager + .authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer"))); } @Override