Fix API security chain for /gettoken and streaming endpoints

Author: pavelvazquez

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/LocalEGATSDProxyApplication.java

@@ -119,6 +119,16 @@ public RestTemplate restTemplate(RestTemplateBuilder builder) {
         .build();
   }
 
+  @Bean
+  @Order(3)
+  public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
+    http.securityMatcher("/gettoken", "/stream/**", "/files", "/resumables")
+        .csrf(AbstractHttpConfigurer::disable)
+        .authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
+        .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
+    return http.build();
+  }
+
   @Bean
   public TSDFileAPIClient tsdFileAPIClient(
       @Value("${tsd.secure}") String secure,

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/controllers/rest/ProxyController.java

@@ -208,11 +208,16 @@ public ResponseEntity<?> deleteResumable(
    */
   @GetMapping("/gettoken")
   public ResponseEntity<?> getToken(
-      @RequestHeader(HttpHeaders.PROXY_AUTHORIZATION) String bearerAuthorization)
+      @RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authorization,
+      @RequestHeader(value = HttpHeaders.PROXY_AUTHORIZATION, required = false)
+          String proxyAuthorization)
       throws IOException {
-    String elixirToken = getElixirAAIToken(bearerAuthorization);
-    Token token =
-        tsdFileAPIClient.getToken(tokenType, oidcType, getElixirAAIToken(bearerAuthorization));
+    String bearer = StringUtils.hasText(proxyAuthorization) ? proxyAuthorization : authorization;
+    if (!StringUtils.hasText(bearer) || !bearer.startsWith("Bearer ")) {
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+    }
+
+    Token token = tsdFileAPIClient.getToken(tokenType, oidcType, getElixirAAIToken(bearer));
     return ResponseEntity.ok(token);
   }