diff --git a/authentication-module/pom.xml b/authentication-module/pom.xml
index dd588562c74960256ded28a61addb3ff6782398a..97db28fb2b14d568a794cb608823dbdb8f07bfcf 100644
--- a/authentication-module/pom.xml
+++ b/authentication-module/pom.xml
@@ -34,6 +34,11 @@
<artifactId>nimbus-jose-jwt</artifactId>
<version>${nimbus.jwt.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.ow2.asm</groupId>
+ <artifactId>asm</artifactId>
+ <version>${asm.version}</version>
+ </dependency>
</dependencies>
<build>
diff --git a/jams-server/pom.xml b/jams-server/pom.xml
index 5a9964471d0569db03b38be85319dc760d381eca..16d4bc93a882176e56580aec0eaf03f8167df009 100644
--- a/jams-server/pom.xml
+++ b/jams-server/pom.xml
@@ -61,6 +61,11 @@
<artifactId>nimbus-jose-jwt</artifactId>
<version>${nimbus.jwt.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.ow2.asm</groupId>
+ <artifactId>asm</artifactId>
+ <version>${asm.version}</version>
+ </dependency>
</dependencies>
<build>
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
index 696cec90a72cfd6510ce73d3bd3d3eb51a490f8b..e653da22132a55b46b7638764d39e10330cf5a1f 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
@@ -31,16 +31,18 @@ public class InstallFilter implements Filter {
boolean isLogin = false;
if(request.getServletPath().contains("start")) isLogin = true;
SignedJWT signedJWT = null;
- try {
- JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
- signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
- if(signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0){
- authsuccess = true;
- request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
- request.setAttribute("accessLevel",signedJWT.getJWTClaimsSet().getClaim("scope"));
+ if(request.getHeader("Bearer") != null) {
+ try {
+ JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
+ signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
+ if (signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0) {
+ authsuccess = true;
+ request.setAttribute("username", signedJWT.getJWTClaimsSet().getSubject());
+ request.setAttribute("accessLevel", signedJWT.getJWTClaimsSet().getClaim("scope"));
+ }
+ } catch (Exception e) {
+ log.info("Received an invalid token, declining access...");
}
- } catch (Exception e) {
- log.info("Received an invalid token, declining access...");
}
if(authsuccess || isLogin) filterChain.doFilter(servletRequest,servletResponse);
else response.sendError(403,"You are not authorized to access this page!");
diff --git a/pom.xml b/pom.xml
index bd0f1c4265f1b4ff8ba0a7c8bc9c2cbe459bd6b1..1da1ddf2517e99911f33af62e080eda9e27a47f3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,6 +45,7 @@
<javax.servlet.version>4.0.1</javax.servlet.version>
<maven.clean.version>3.1.0</maven.clean.version>
<nimbus.jwt.version>8.17</nimbus.jwt.version>
+ <asm.version>8.0</asm.version>
</properties>
<dependencies>