Skip to content

Commit 2e32be4

Browse files
committed
Fix API security chain for /gettoken and streaming endpoints
1 parent 3da30fa commit 2e32be4

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/LocalEGATSDProxyApplication.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,16 @@ public RestTemplate restTemplate(RestTemplateBuilder builder) {
119119
.build();
120120
}
121121

122+
@Bean
123+
@Order(3)
124+
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
125+
http.securityMatcher("/gettoken", "/stream/**", "/files", "/resumables")
126+
.csrf(AbstractHttpConfigurer::disable)
127+
.authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
128+
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
129+
return http.build();
130+
}
131+
122132
@Bean
123133
public TSDFileAPIClient tsdFileAPIClient(
124134
@Value("${tsd.secure}") String secure,

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/controllers/rest/ProxyController.java

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -208,11 +208,16 @@ public ResponseEntity<?> deleteResumable(
208208
*/
209209
@GetMapping("/gettoken")
210210
public ResponseEntity<?> getToken(
211-
@RequestHeader(HttpHeaders.PROXY_AUTHORIZATION) String bearerAuthorization)
211+
@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authorization,
212+
@RequestHeader(value = HttpHeaders.PROXY_AUTHORIZATION, required = false)
213+
String proxyAuthorization)
212214
throws IOException {
213-
String elixirToken = getElixirAAIToken(bearerAuthorization);
214-
Token token =
215-
tsdFileAPIClient.getToken(tokenType, oidcType, getElixirAAIToken(bearerAuthorization));
215+
String bearer = StringUtils.hasText(proxyAuthorization) ? proxyAuthorization : authorization;
216+
if (!StringUtils.hasText(bearer) || !bearer.startsWith("Bearer ")) {
217+
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
218+
}
219+
220+
Token token = tsdFileAPIClient.getToken(tokenType, oidcType, getElixirAAIToken(bearer));
216221
return ResponseEntity.ok(token);
217222
}
218223

0 commit comments

Comments
 (0)