diff --git a/src/controller/user-management-controller.ts b/src/controller/user-management-controller.ts
index 7c4c927..bf08715 100644
--- a/src/controller/user-management-controller.ts
+++ b/src/controller/user-management-controller.ts
@@ -92,6 +92,10 @@ class UserManagementController implements IController {
             let user_name = request.query.user_name;
             if (user_name == undefined || user_name == null) throw new HttpException(400, "user_name query param missing");
 
+            const rawQuery = request.originalUrl.split("?")[1] || "";
+            const match = rawQuery.match(/user_name=([^&]*)/);
+            user_name = match ? match[1] : "";
+            user_name = decodeURIComponent(user_name);
             return userManagementServiceInstance.getUserProfile(user_name as string).then((result) => {
                 Ok(response, result);
             }).catch((error: any) => {
diff --git a/src/middleware/authorization-middleware.ts b/src/middleware/authorization-middleware.ts
index 8718852..77c40ee 100644
--- a/src/middleware/authorization-middleware.ts
+++ b/src/middleware/authorization-middleware.ts
@@ -12,6 +12,11 @@ function authorizationMiddleware(roles: string[], validateProjectGroup?: boolean
 
         let authToken = Utility.extractToken(req);
 
+        if (roles.length > 0 && authToken == null) {
+            next(new Forbidden());
+            return;
+        }
+
         if (authToken == null) {
 
             if (allowInraCom) {