From 45dd17038aff2b8207892dee27dd8d85eaeebc9b Mon Sep 17 00:00:00 2001
From: Mike Roda <mike.roda@sas.com>
Date: Wed, 17 May 2023 13:49:23 -0400
Subject: [PATCH] fix: allow bearer or Bearer for Authentication header

- apparently the whitespace is being trimmed off by spring in the xml
so the request matcher isn't doing a case insensitive comparison when
the header value is Bearer

Change-Id: I0f93cc2a0ebf364560687c4e57887a100753dd2d
---
 .../identity/uaa/security/web/UaaRequestMatcher.java            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java b/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
index d5d83da2fda..089d663a7f2 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
@@ -135,7 +135,7 @@ else if (!matchesHeader(requestValue, expectedHeaderEntry.getValue())) {
 
     private boolean matchesHeader(String requestValue, List<String> expectedValues) {
         for (String headerValue : expectedValues) {
-            if ("bearer ".equalsIgnoreCase(headerValue)) {
+            if ("bearer".equalsIgnoreCase(headerValue.trim())) {
                 //case insensitive for Authorization: Bearer match
                 if (requestValue == null || !requestValue.toLowerCase().startsWith(headerValue)) {
                     return false;