From 149e8ff5132a8f79e40c6e1d6e0991110b04aa1b Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Wed, 29 Jan 2020 17:10:45 +0100
Subject: Access tokens should not be an empty string

---
 .../main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java
index 86deb0b59b3..ec8c1f3f9f3 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java
@@ -22,9 +22,13 @@ public class AthenzAccessToken {
 
     private static String stripBearerTokenPrefix(String rawValue) {
         String stripped = rawValue.strip();
-        return stripped.startsWith(BEARER_TOKEN_PREFIX)
-                ? stripped.substring(BEARER_TOKEN_PREFIX.length())
+        String prefixRemoved = stripped.startsWith(BEARER_TOKEN_PREFIX)
+                ? stripped.substring(BEARER_TOKEN_PREFIX.length()).strip()
                 : stripped;
+        if (prefixRemoved.isBlank()) {
+            throw new IllegalArgumentException(String.format("Access token is blank: '%s'", prefixRemoved));
+        }
+        return prefixRemoved;
     }
 
     public String value() { return value; }
-- 
cgit v1.2.3