diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java index 01dea59ac0..05e417868f 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.java @@ -87,7 +87,7 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication @Override public EPerson getAuthenticatedEPerson(HttpServletRequest request, Context context) { - String token = getToken(request); + String token = getToken(request, true); try { EPerson ePerson = jwtTokenHandler.parseEPersonFromToken(token, request, context); return ePerson; @@ -110,7 +110,7 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication @Override public void invalidateAuthenticationData(HttpServletRequest request, HttpServletResponse response, Context context) throws Exception { - String token = getToken(request); + String token = getToken(request, false); Cookie cookie = new Cookie(AUTHORIZATION_COOKIE, ""); cookie.setHttpOnly(true); response.addCookie(cookie); @@ -156,10 +156,10 @@ public class JWTTokenRestAuthenticationServiceImpl implements RestAuthentication response.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, token)); } - private String getToken(HttpServletRequest request) { + private String getToken(HttpServletRequest request, Boolean useCookie) { String tokenValue = null; String authHeader = request.getHeader(AUTHORIZATION_HEADER); - String authCookie = getAuthorizationCookie(request); + String authCookie = useCookie ? getAuthorizationCookie(request) : ""; if (StringUtils.isNotBlank(authHeader)) { tokenValue = authHeader.replace(AUTHORIZATION_TYPE, "").trim(); } else if (StringUtils.isNotBlank(authCookie)) {