diff --git a/src/main/java/org/gcube/portal/oauth/OauthService.java b/src/main/java/org/gcube/portal/oauth/OauthService.java
index 68cd8a2..ee7a628 100644
--- a/src/main/java/org/gcube/portal/oauth/OauthService.java
+++ b/src/main/java/org/gcube/portal/oauth/OauthService.java
@@ -43,6 +43,11 @@ public class OauthService {
 	 */
 	private Map<String, CacheBean> entries;
 
+	/**
+	 * Cleaner thread
+	 */
+	CacheCleaner cleaner;
+
 	/**
 	 * Since this is a singleton sub-service, there will be just one call to this constructor and one running thread
 	 * to clean up expired codes.
@@ -50,10 +55,16 @@ public class OauthService {
 	public OauthService() {
 		logger.info("Singleton gcube-oauth service built.");
 		entries = new ConcurrentHashMap<String, CacheBean>();
-		CacheCleaner cleaner = new CacheCleaner(entries);
+		cleaner = new CacheCleaner(entries);
 		cleaner.start();
 	}
 
+	@Override
+	protected void finalize(){
+		if(cleaner != null)
+			cleaner.interrupt();
+	}
+
 	/**
 	 * Used to check that the token type is of type user
 	 * @param clientType 
@@ -73,7 +84,7 @@ public class OauthService {
 	private boolean checkIsapplicationTokenType(ClientType clientType){
 		return clientType.equals(ClientType.EXTERNALSERVICE);
 	}
-	
+
 	@GET
 	@Path("check")
 	@Produces(MediaType.TEXT_PLAIN)
@@ -136,7 +147,7 @@ public class OauthService {
 		Status status = Status.BAD_REQUEST;
 		logger.info("Request to exchange code for token");
 		logger.info("Params are client_id = " + clientId + ", client_secret = " + clientSecret.substring(0, 10) +
-				 "*******************"+ ", redirect_uri = " +redirectUri + ", code = " + code.substring(0, 10) + "*******************" + ", grant_type = " + grantType);
+				"*******************"+ ", redirect_uri = " +redirectUri + ", code = " + code.substring(0, 10) + "*******************" + ", grant_type = " + grantType);
 
 		try{
 			// check if something is missing