diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
index 0f9dc39..3fb0ae5 100644
--- a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
+++ b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
@@ -217,14 +217,15 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 	@Override
 	public AuthorizationEntry get(String token) throws ObjectNotFound, Exception{
 		String realToken = Utils.getRealToken(token);
+		String maskedToken= String.format("%s********",realToken.substring(0, realToken.length()-8));
 		int infrastructureHashFromToken = Utils.getInfrastructureHashFromToken(token, endpoints.getDefaultInfrastructure());
 		AuthorizationEndpoint endpoint = getEndpoint(infrastructureHashFromToken);
 		
 		if (cache.containsKey(realToken) && cache.get(realToken).isValid(endpoint.getClientCacheValidity())){
-			log.trace("valid entry found in cache for token {}, returning it",String.format("%s********",realToken.substring(0, realToken.length()-8)));
+			log.trace("valid entry found in cache for token {}, returning it",maskedToken);
 			return cache.get(realToken).getEntry();
 		} else
-			log.trace("invalid entry found in cache for token {}, contacting auth service",String.format("%s********",realToken.substring(0, realToken.length()-8)));
+			log.trace("invalid entry found in cache for token {}, contacting auth service",maskedToken);
 		
 		final String methodPath = "/token/"; 
 
@@ -234,7 +235,7 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 		URL url = new URL(callUrl.toString());
 		HttpURLConnection connection = makeRequest(url, "GET", false);
 		connection.setDoInput(true);
-		if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
+		if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+maskedToken+" not found");
 		if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service (error code is "+connection.getResponseCode()+")");
 		if (connection.getContentLengthLong()<=0) return null;