concord-server: handle request without cookies (#1090)

server/impl/src/main/java/com/walmartlabs/concord/server/security/rememberme/ConcordRememberMeManager.java

@@ -35,7 +35,9 @@
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.servlet.http.HttpServletRequest;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.Optional;
 import java.util.stream.Stream;
 
 /**
@@ -84,12 +86,14 @@ protected void forgetIdentity(Subject subject) {
         }
 
         // delete the "remember me" cookie only if it is present
-        HttpServletRequest request = WebUtils.getHttpRequest(subject);
+        var request = WebUtils.getHttpRequest(subject);
         var rememberMeCookieName = getCookie().getName();
-        if (Stream.of(request.getCookies())
-                .anyMatch(cookie -> cookie.getName().equals(rememberMeCookieName))) {
-            super.forgetIdentity(subject);
-        }
+
+        Optional.ofNullable(request.getCookies()).stream()
+                .flatMap(Arrays::stream)
+                .filter(cookie -> cookie.getName().equals(rememberMeCookieName))
+                .findFirst()
+                .ifPresent(cookie -> super.forgetIdentity(subject));
     }
 
     private static class PrincipalCollectionSerializer implements Serializer<PrincipalCollection> {