diff --git a/src/org/avalonmediasystem/security/module/AvalonSecurity.java b/src/org/avalonmediasystem/security/module/AvalonSecurity.java
index 63b8b76..4b9c158 100644
--- a/src/org/avalonmediasystem/security/module/AvalonSecurity.java
+++ b/src/org/avalonmediasystem/security/module/AvalonSecurity.java
@@ -9,15 +9,14 @@
 
 import java.io.IOException;
 import java.util.List;
-
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
-
 import java.nio.charset.Charset;
-
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
+
+import org.apache.commons.lang.StringUtils;
 import org.apache.http.client.utils.URLEncodedUtils;
 import org.apache.http.NameValuePair;
 
@@ -36,7 +35,7 @@ public void onAppStart(IApplicationInstance appInstance) {
     }
   }
 
-  private String authStream(String authToken) {
+  private List<String> authStream(String authToken) {
     URL authUrl;
 
     try {
@@ -47,19 +46,22 @@ private String authStream(String authToken) {
     }
 
     getLogger().debug("Authorizing against " + authUrl.toString());
+    List<String> authorized = new java.util.ArrayList<String>();
     try {
       HttpURLConnection http = (HttpURLConnection)authUrl.openConnection();
       http.addRequestProperty("Accept", "text/plain");
       http.setRequestMethod("GET");
       http.connect();
-      if (http.getResponseCode() != 202 ) {
-        return null;
-      } else {
+      if (http.getResponseCode() == 202 ) {
         BufferedReader reader = new BufferedReader(new InputStreamReader(http.getInputStream()));
-        String authorized = reader.readLine().trim();
-        getLogger().debug("Authorized to stream " + authorized);
-        return authorized;
+        String authorizedStream = reader.readLine();
+        while (authorizedStream != null) {
+          authorized.add(authorizedStream);
+          authorizedStream = reader.readLine();
+        }
+        getLogger().debug("Authorized to stream " + authorized.toString());
       }
+      return authorized;
     } catch (IOException err) {
       getLogger().error("Error connecting to " + authUrl.toString(), err);
       return null;
@@ -85,7 +87,7 @@ public void onConnect(IClient client, RequestFunction function,
     AMFDataObj connectObj = (AMFDataObj)params.get(2);
     String appName = connectObj.get("app").toString();
     String authToken = getAuthToken(appName);
-    String authorized = authStream(authToken).replace(" ", ";");
+    String authorized = StringUtils.join(authStream(authToken), ";");
     getLogger().info("StreamReadAccess: " + authorized);
     client.setStreamReadAccess(authorized);
   }
@@ -94,14 +96,12 @@ public void onHTTPSessionCreate(IHTTPStreamerSession httpSession) {
     getLogger().info("onHTTPSessionCreate: " + httpSession.getSessionId());
     String query = httpSession.getQueryStr();
     String authToken = getAuthToken(query);
-
-    String authResponse = authStream(authToken);
-    if (authResponse == null) {
+    
+    List<String> authorized = authStream(authToken);
+    if (authorized.isEmpty()) {
       httpSession.rejectSession();
       return;
     }
-    
-    String[] authorized = authResponse.split(" ");
     String streamName = httpSession.getStreamName();
 
     for (String authorizedStream:authorized) {