Skip to content

Commit

Permalink
Merge pull request #67 from at88mph/SP-3544
Browse files Browse the repository at this point in the history 
Use target URL for calling with token.
  • Loading branch information
@at88mph
at88mph authored Jun 24, 2024
2 parents 963ce29 + 13df96a commit 42bbe23
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 20 deletions.
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
# tags with and without build number so operators use the versioned
# tag but we always keep a timestamped tag in case a semantic tag gets
# replaced accidentally
VER=0.2.2
VER=0.2.3
TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
unset VER
21 changes: 10 additions & 11 deletions src/main/java/org/opencadc/scienceportal/SciencePortalAuthAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
import ca.nrc.cadc.rest.InlineContentHandler;
import ca.nrc.cadc.rest.RestAction;
import ca.nrc.cadc.util.StringUtil;
import java.net.URL;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opencadc.token.Client;
Expand Down Expand Up @@ -104,34 +105,32 @@ protected Client getOIDCClient() throws IOException {
return this.applicationConfiguration.getOIDCClient();
}

protected Subject getCurrentSubject() throws Exception {
protected Subject getCurrentSubject(final URL targetURL) throws Exception {
final String rawCookieHeader = this.syncInput.getHeader("cookie");
final Subject subject = AuthenticationUtil.getCurrentSubject();

if (StringUtil.hasText(rawCookieHeader)) {
final String[] firstPartyCookies =
Arrays.stream(rawCookieHeader.split(";"))
.map(String::trim)
.filter(cookieString -> cookieString.startsWith(
ApplicationConfiguration.FIRST_PARTY_COOKIE_NAME))
.toArray(String[]::new);
Arrays.stream(rawCookieHeader.split(";"))
.map(String::trim)
.filter(cookieString -> cookieString.startsWith(
ApplicationConfiguration.FIRST_PARTY_COOKIE_NAME))
.toArray(String[]::new);

if (firstPartyCookies.length > 0 && applicationConfiguration.isOIDCConfigured()) {
for (final String cookie : firstPartyCookies) {
// Only split on the first "=" symbol, and trim any wrapping double quotes
final String encryptedCookieValue =
cookie.split("=", 2)[1].replaceAll("\"", "");
cookie.split("=", 2)[1].replaceAll("\"", "");

try {
final String accessToken = getOIDCClient().getAccessToken(encryptedCookieValue);

subject.getPrincipals().add(new AuthorizationTokenPrincipal(AuthenticationUtil.AUTHORIZATION_HEADER,
AuthenticationUtil.CHALLENGE_TYPE_BEARER
+ " " + accessToken));
subject.getPublicCredentials().add(
new AuthorizationToken(AuthenticationUtil.CHALLENGE_TYPE_BEARER, accessToken,
Collections.singletonList(
URI.create(syncInput.getRequestURI()).getHost())));
subject.getPublicCredentials().add(new AuthorizationToken(AuthenticationUtil.CHALLENGE_TYPE_BEARER, accessToken,
Collections.singletonList(targetURL.getHost())));
} catch (NoSuchElementException noTokenForKeyInCacheException) {
LOGGER.warn("Cookie found and decrypted but no value in cache. Ignoring cookie...");
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opencadc/scienceportal/SciencePortalAuthGetAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public abstract class SciencePortalAuthGetAction extends SciencePortalAuthAction
@Override
public void doAction() throws Exception {
final URL apiURL = getAPIURL();
final Subject subject = getCurrentSubject();
final Subject subject = getCurrentSubject(apiURL);
final String apiEndpoint = String.format("%s%s", apiURL.toExternalForm(), getEndpoint());
final URL apiEndpointURL = new URL(apiEndpoint);
final String query;
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opencadc/scienceportal/session/DeleteAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public void doAction() throws Exception {
final URL apiURL = new URL(getAPIURL().toExternalForm()
+ syncInput.getRequestPath().substring(syncInput.getContextPath().length()));

final Subject authenticatedUser = getCurrentSubject();
final Subject authenticatedUser = getCurrentSubject(apiURL);

Subject.doAs(authenticatedUser, (PrivilegedExceptionAction<?>) () -> {
final HttpDelete httpDelete = new HttpDelete(apiURL, true);
Expand Down
3 changes: 1 addition & 2 deletions src/main/java/org/opencadc/scienceportal/session/PostAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,7 @@ public class PostAction extends SciencePortalAuthAction {
@Override
public void doAction() throws Exception {
final URL apiURL = new URL(getAPIURL().toExternalForm() + PostAction.SESSION_ENDPOINT);

final Subject authenticatedUser = getCurrentSubject();
final Subject authenticatedUser = getCurrentSubject(apiURL);
final Map<String, Object> payload = new HashMap<>();
payload.putAll(syncInput.getParameterNames().stream().collect(
Collectors.toMap(key -> key, key -> syncInput.getParameter(key))));
Expand Down
6 changes: 2 additions & 4 deletions src/main/java/org/opencadc/scienceportal/userinfo/GetAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,10 @@
public class GetAction extends SciencePortalAuthAction {
@Override
public void doAction() throws Exception {
final Subject subjectFromCookie = getCurrentSubject();
final URL sessionsURL = getSessionsURL();
final Subject subjectFromCookie = getCurrentSubject(sessionsURL);
Subject.doAs(subjectFromCookie, (PrivilegedExceptionAction<?>) () -> {
final URL sessionsURL;

try {
sessionsURL = getSessionsURL();
final HttpGet sessionAccessCheck = new HttpGet(sessionsURL, true);
sessionAccessCheck.run();

Expand Down

0 comments on commit 42bbe23

Please sign in to comment.