diff --git a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java index 608fcbeb..c9364cfa 100644 --- a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java +++ b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java @@ -132,15 +132,15 @@ private ServletRequest appendTransportHeader(ServletRequest request, ServletResp if (request instanceof HttpServletRequest) { Object certAttribute = request.getAttribute(IdentityCommonConstants.JAVAX_SERVLET_REQUEST_CERTIFICATE); String x509Certificate = ((HttpServletRequest) request).getHeader(IdentityCommonUtil.getMTLSAuthHeader()); - if (certAttribute != null) { + if (new IdentityCommonHelper().isTransportCertAsHeaderEnabled() && x509Certificate != null) { + return request; + } else if (certAttribute != null) { RequestWrapper requestWrapper = new RequestWrapper((HttpServletRequest) request); X509Certificate certificate = IdentityCommonUtil.getCertificateFromAttribute(certAttribute); requestWrapper.setHeader(IdentityCommonUtil.getMTLSAuthHeader(), new IdentityCommonHelper().encodeCertificateContent(certificate)); return requestWrapper; - } else if (new IdentityCommonHelper().isTransportCertAsHeaderEnabled() && x509Certificate != null) { - return request; - } else { + } else { getDefaultTokenFilter().handleValidationFailure((HttpServletResponse) response, HttpServletResponse.SC_BAD_REQUEST, IdentityCommonConstants.OAUTH2_INVALID_REQUEST_MESSAGE, "Transport certificate not found in the request");