From 893a3b1f29438d4ba71e59fba01ebef62f7835c9 Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Wed, 19 Feb 2025 11:39:52 +0200
Subject: [PATCH] Fix security token retrieval in SecurityTokenAuthenticator
 (#2289)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---
 .../security/controller/SecurityTokenAuthenticator.java        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityTokenAuthenticator.java b/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityTokenAuthenticator.java
index 9cfea827b..acec12423 100644
--- a/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityTokenAuthenticator.java
+++ b/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityTokenAuthenticator.java
@@ -64,7 +64,8 @@ public class SecurityTokenAuthenticator extends Authenticator.AbstractAuthentica
                                 : controllerManagement.getByControllerId(controllerSecurityToken.getControllerId()),
                         controllerSecurityToken.getTenant())
                 // validate if the presented token is the same as the one set for the target
-                .filter(target -> presentedToken.equals(target.getSecurityToken()))
+                .filter(target -> presentedToken.equals(
+                        systemSecurityContext.runAsSystemAsTenant(target::getSecurityToken, controllerSecurityToken.getTenant())))
                 .map(target -> authenticatedController(controllerSecurityToken.getTenant(), target.getControllerId()))
                 .orElse(null);
     }