diff --git a/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationService.java b/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationService.java index 783def02ac7..e8bdc102577 100644 --- a/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationService.java +++ b/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationService.java @@ -50,6 +50,6 @@ public boolean isAuthenticated(Map> headers) { } private boolean checkApiKeyValid(List apiKeys) { - return apiKeys.stream().anyMatch(hardCodedApiKey::equalsIgnoreCase); + return apiKeys.size() == 1 && apiKeys.stream().allMatch(hardCodedApiKey::equalsIgnoreCase); } } diff --git a/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationServiceTest.java b/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationServiceTest.java index 430053d0918..4a03bb54116 100644 --- a/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationServiceTest.java +++ b/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationServiceTest.java @@ -69,8 +69,8 @@ void isAuthorized_notAuthorized() { } @Test - void isAuthorized_multipleValues_oneAuthorized() { + void isAuthorized_multipleValues_oneAuthorized_shouldReturnFalse() { var map = Map.of("x-api-key", List.of("invalid_api_key", TEST_API_KEY)); - assertThat(service.isAuthenticated(map)).isTrue(); + assertThat(service.isAuthenticated(map)).isFalse(); } } \ No newline at end of file