From 856af1f081160209deb19a0f574ab81ef2e5975a Mon Sep 17 00:00:00 2001 From: Camelia Dumitru <62257307+Camelia-Orcid@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:48:50 +0000 Subject: [PATCH] Papi limit filter NPE when no Authorization header (#7122) * Fixes for papi limit filter and ML start * Added the exception, fixed formatting * Fixed the NPE when no authorization header in the request --- .../orcid/api/filters/ApiRateLimitFilter.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java index 54a911f8dd..2db61a53b1 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java @@ -101,15 +101,19 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl throws ServletException, IOException { LOG.trace("ApiRateLimitFilter starts, rate limit is : " + enableRateLimiting); if (enableRateLimiting) { - String tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim(); - + String tokenValue = null; + if (httpServletRequest.getHeader("Authorization") != null) { + tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim(); + } String ipAddress = httpServletRequest.getRemoteAddr(); String clientId = null; - try { - clientId = orcidTokenStore.readClientId(tokenValue); - } catch (Exception ex) { - LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex); + if (tokenValue != null) { + try { + clientId = orcidTokenStore.readClientId(tokenValue); + } catch (Exception ex) { + LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex); + } } boolean isAnonymous = (clientId == null); LocalDate today = LocalDate.now();