diff --git a/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java b/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java
index 5a10f8f47..b57defd2b 100644
--- a/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java
@@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.codelibs.core.lang.StringUtil;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.util.ComponentUtil;
 
 public class AccessTokenHelper {
@@ -36,13 +37,19 @@ public class AccessTokenHelper {
     public String getAccessTokenFromRequest(final HttpServletRequest request) {
         final String token = request.getHeader("Authorization");
         if (token != null) {
-            return token;
+            final String[] values = token.trim().split(" ");
+            if (values.length == 2 && "Bearer".equals(values[0])) {
+                return values[1];
+            } else if (values.length == 1) {
+                return values[0];
+            }
+            throw new InvalidAccessTokenException("invalid_request", "Invalid format: " + token);
         }
         final String name = ComponentUtil.getFessConfig().getApiAccessTokenRequestParameter();
-        if (StringUtil.isBlank(name)) {
-            return null;
+        if (StringUtil.isNotBlank(name)) {
+            return request.getParameter(name);
         }
-        return request.getParameter(name);
+        return null;
     }
 
     public void setRandom(final Random random) {
diff --git a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
index cb7cb24e3..374cfd01d 100644
--- a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
@@ -160,18 +160,6 @@ public class RoleQueryHelper {
         ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add));
     }
 
-    protected String getAccessToken(final HttpServletRequest request) {
-        final String token = request.getHeader("Authorization");
-        if (token != null) {
-            final String[] values = token.trim().split(" ");
-            if (values.length == 2 && "Bearer".equals(values[0])) {
-                return values[1];
-            }
-            throw new InvalidAccessTokenException("invalid_request", "Invalid format: " + token);
-        }
-        return request.getParameter("access_token");
-    }
-
     protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {
         final String parameter = request.getParameter(parameterKey);
         if (logger.isDebugEnabled()) {