Fixed the NPE when no authorization header in the request

ORCID · Nov 5, 2024 · 5d74558 · 5d74558
1 parent 62f11c1
commit 5d74558
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -101,15 +101,20 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
             throws ServletException, IOException {
         LOG.trace("ApiRateLimitFilter starts, rate limit is : " + enableRateLimiting);
         if (enableRateLimiting) {
-            String tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
+            String tokenValue = null;
+            if (httpServletRequest.getHeader("Authorization") != null) {
+                tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
+            }
 
             String ipAddress = httpServletRequest.getRemoteAddr();
 
             String clientId = null;
-            try {
-                clientId = orcidTokenStore.readClientId(tokenValue);
-            } catch (Exception ex) {
-                LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+            if (tokenValue != null) {
+                try {
+                    clientId = orcidTokenStore.readClientId(tokenValue);
+                } catch (Exception ex) {
+                    LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+                }
             }
             boolean isAnonymous = (clientId == null);
             LocalDate today = LocalDate.now();