From 5d74558969c52dc55f40895d60ab1ac75a3583a6 Mon Sep 17 00:00:00 2001 From: Camelia Dumitru Date: Tue, 5 Nov 2024 07:22:40 +0000 Subject: [PATCH] Fixed the NPE when no authorization header in the request --- .../org/orcid/api/filters/ApiRateLimitFilter.java | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java index 54a911f8dd..33f6c506c2 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java @@ -101,15 +101,20 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl throws ServletException, IOException { LOG.trace("ApiRateLimitFilter starts, rate limit is : " + enableRateLimiting); if (enableRateLimiting) { - String tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim(); + String tokenValue = null; + if (httpServletRequest.getHeader("Authorization") != null) { + tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim(); + } String ipAddress = httpServletRequest.getRemoteAddr(); String clientId = null; - try { - clientId = orcidTokenStore.readClientId(tokenValue); - } catch (Exception ex) { - LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex); + if (tokenValue != null) { + try { + clientId = orcidTokenStore.readClientId(tokenValue); + } catch (Exception ex) { + LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex); + } } boolean isAnonymous = (clientId == null); LocalDate today = LocalDate.now();