fix: allow bearer or Bearer for Authentication header

- apparently the whitespace is being trimmed off by spring in the xml so the request matcher isn't doing a case insensitive comparison when the header value is Bearer Change-Id: I0f93cc2a0ebf364560687c4e57887a100753dd2d
cloudfoundry · May 17, 2023 · 45dd170 · 45dd170
1 parent c1b1c62
commit 45dd170
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java b/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
@@ -135,7 +135,7 @@ else if (!matchesHeader(requestValue, expectedHeaderEntry.getValue())) {
 
     private boolean matchesHeader(String requestValue, List<String> expectedValues) {
         for (String headerValue : expectedValues) {
-            if ("bearer ".equalsIgnoreCase(headerValue)) {
+            if ("bearer".equalsIgnoreCase(headerValue.trim())) {
                 //case insensitive for Authorization: Bearer match
                 if (requestValue == null || !requestValue.toLowerCase().startsWith(headerValue)) {
                     return false;