Papi limit filter NPE when no Authorization header (#7122)

* Fixes for papi limit filter and ML start * Added the exception, fixed formatting * Fixed the NPE when no authorization header in the request
ORCID · Nov 5, 2024 · 856af1f · 856af1f
1 parent 85cfb05
commit 856af1f
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -101,15 +101,19 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
             throws ServletException, IOException {
         LOG.trace("ApiRateLimitFilter starts, rate limit is : " + enableRateLimiting);
         if (enableRateLimiting) {
-            String tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
-
+            String tokenValue = null;
+            if (httpServletRequest.getHeader("Authorization") != null) {
+                tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
+            }
             String ipAddress = httpServletRequest.getRemoteAddr();
 
             String clientId = null;
-            try {
-                clientId = orcidTokenStore.readClientId(tokenValue);
-            } catch (Exception ex) {
-                LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+            if (tokenValue != null) {
+                try {
+                    clientId = orcidTokenStore.readClientId(tokenValue);
+                } catch (Exception ex) {
+                    LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+                }
             }
             boolean isAnonymous = (clientId == null);
             LocalDate today = LocalDate.now();