Updating auth filter

Author: hvarg

server/src/main/java/org/diskproject/server/filters/KeycloakAuthenticationFilter.java

@@ -9,6 +9,8 @@
 import javax.ws.rs.container.PreMatching;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.InvalidParameterException;
@@ -24,78 +26,90 @@
 
 @PreMatching
 public class KeycloakAuthenticationFilter implements ContainerRequestFilter {
-  @Context
-  HttpServletRequest request;
-
-  @Override
-
-  public void filter(ContainerRequestContext requestContext) throws IOException {
-    if (requestContext.getMethod().equals("GET") || requestContext.getMethod().equals("FETCH") ||
-        requestContext.getMethod().equals("OPTIONS")) {
-    } else {
-      String token = requestContext.getHeaderString("Authorization");
-      if (token == null || "".equals(token)) {
-        requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Access denied").build());
-      } else {
-        final JwtValidator validator = new JwtValidator();
-        try {
-          if (token.contains("Bearer")) {
-            token = token.substring(7);
-          }
-          DecodedJWT jwtToken = validator.validate(token.replaceAll("Bearer ", ""));
-          String email = jwtToken.getClaim("email").asString();
-          requestContext.setProperty("username", email);
-        } catch (InvalidParameterException e) {
-          requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Access denied").build());
-          e.printStackTrace();
+    @Context
+    HttpServletRequest request;
+
+    @Override
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        // Only filter POSTS
+        if (requestContext.getMethod().equals("GET") ||
+            requestContext.getMethod().equals("FETCH") ||
+            requestContext.getMethod().equals("OPTIONS")) {
+                return;
         }
-      }
-    }
-  }
 
-  public class JwtValidator {
-    private final List<String> allowedIsses = Collections
-        .singletonList("https://auth.mint.isi.edu/realms/production");
+        // Special case for getData.
+        UriInfo uriInfo = requestContext.getUriInfo();
+        String path = uriInfo.getAbsolutePath().getPath();
+        if (path.endsWith("getData"))
+            return;
+
+        // All other request must have an authorization token.
+        String token = requestContext.getHeaderString("Authorization");
+        if (token != null && !token.equals("")) {
+            final JwtValidator validator = new JwtValidator();
+            try {
+                // Remove the Bearer part
+                if (token.startsWith("Bearer")) {
+                    token = token.substring(7);
+                }
+                DecodedJWT jwtToken = validator.validate(token);
+                String email = jwtToken.getClaim("email").asString();
+                requestContext.setProperty("username", email);
+                return;
+            } catch (InvalidParameterException e) {
+                e.printStackTrace();
+            }
+        }
 
-    private String getKeycloakCertificateUrl(DecodedJWT token) {
-      return token.getIssuer() + "/protocol/openid-connect/certs";
+        requestContext.abortWith(
+                Response.status(Response.Status.UNAUTHORIZED)
+                        .entity("Access denied").build());
     }
 
-    private RSAPublicKey loadPublicKey(DecodedJWT token) throws JwkException, MalformedURLException {
-
-      final String url = getKeycloakCertificateUrl(token);
-      JwkProvider provider = new UrlJwkProvider(new URL(url));
+    public class JwtValidator {
+        private final List<String> allowedIsses = Collections
+                .singletonList("https://auth.mint.isi.edu/realms/production");
 
-      return (RSAPublicKey) provider.get(token.getKeyId()).getPublicKey();
-    }
-
-    /**
-     * Validate a JWT token
-     * 
-     * @param token
-     * @return decoded token
-     */
-    public DecodedJWT validate(String token) {
-      try {
-        final DecodedJWT jwt = JWT.decode(token);
-
-        if (!allowedIsses.contains(jwt.getIssuer())) {
-          throw new InvalidParameterException(String.format("Unknown Issuer %s", jwt.getIssuer()));
+        private String getKeycloakCertificateUrl(DecodedJWT token) {
+            return token.getIssuer() + "/protocol/openid-connect/certs";
         }
 
-        RSAPublicKey publicKey = loadPublicKey(jwt);
+        private RSAPublicKey loadPublicKey(DecodedJWT token) throws JwkException, MalformedURLException {
 
-        Algorithm algorithm = Algorithm.RSA256(publicKey, null);
-        JWTVerifier verifier = JWT.require(algorithm)
-            .withIssuer(jwt.getIssuer())
-            .build();
+            final String url = getKeycloakCertificateUrl(token);
+            JwkProvider provider = new UrlJwkProvider(new URL(url));
 
-        verifier.verify(token);
-        return jwt;
+            return (RSAPublicKey) provider.get(token.getKeyId()).getPublicKey();
+        }
 
-      } catch (Exception e) {
-        throw new InvalidParameterException("JWT validation failed: " + e.getMessage());
-      }
+        /**
+         * Validate a JWT token
+         * 
+         * @param token
+         * @return decoded token
+         */
+        public DecodedJWT validate(String token) {
+            try {
+                final DecodedJWT jwt = JWT.decode(token);
+
+                if (!allowedIsses.contains(jwt.getIssuer())) {
+                    throw new InvalidParameterException(String.format("Unknown Issuer %s", jwt.getIssuer()));
+                }
+
+                RSAPublicKey publicKey = loadPublicKey(jwt);
+
+                Algorithm algorithm = Algorithm.RSA256(publicKey, null);
+                JWTVerifier verifier = JWT.require(algorithm)
+                        .withIssuer(jwt.getIssuer())
+                        .build();
+
+                verifier.verify(token);
+                return jwt;
+
+            } catch (Exception e) {
+                throw new InvalidParameterException("JWT validation failed: " + e.getMessage());
+            }
+        }
     }
-  }
 }

server/src/main/java/org/diskproject/server/repository/DiskRepository.java

@@ -1427,8 +1427,10 @@ private List<WorkflowBindings> getTLOIBindings(String username, List<WorkflowBin
                     sparqlVar = "_CSV_";
                 }
 
-                if (sparqlVar == null)
+                if (sparqlVar == null) {
+                    tloiBinding.addBinding(vBinding);
                     continue;
+                }
 
                 // Get the data bindings for the sparql variable
                 List<String> dsUrls = dataVarBindings.get(sparqlVar);
@@ -1951,19 +1953,23 @@ private void processWorkflowOutputs (TriggeredLOI tloi, LineOfInquiry loi, Workf
             }
         }
 
-        System.out.println("OUT VARS: ");
-        System.out.println(outputAssignations);
-
         // Now process generated outputs.
         for (String outname : outputs.keySet()) {
-            for (String varName: outputAssignations.keySet()) {
-                String varBinding = outputAssignations.get(varName);
-                if (varBinding.contains("DO_NO_STORE") ||
-                    varBinding.contains("DOWNLOAD_ONLY") ||
-                    varBinding.contains("IMAGE") ||
-                    varBinding.contains("VISUALIZE")) {
+            String varBinding = outputAssignations.get(outname);
+            //for (String varName: outputAssignations.keySet()) {
+                //String varBinding = outputAssignations.get(varName);
+                if (varBinding == null) {
+                    System.out.println("[M] Variable binding not found for " + outname);
+                } else if (varBinding.contains("_DO_NO_STORE_") ||
+                    varBinding.contains("_DOWNLOAD_ONLY_") ||
+                    varBinding.contains("_IMAGE_") ||
+                    varBinding.contains("_VISUALIZE_")) {
                     // DO NOTHING, some of these should be upload to MINIO
-                } else if (varBinding.contains("CONFIDENCE_VALUE")) {
+                } else if (varBinding.contains("_CONFIDENCE_VALUE_")) {
+                    System.out.println("OUT: " + outname);
+                    //System.out.println("var: " + varName);
+                    System.out.println("bin: " + varBinding);
+
                     String dataid = outputs.get(outname).id;
                     FileAndMeta fm = methodAdapter.fetchData(dataid);
                     byte[] byteConf = fm.data;
@@ -1983,7 +1989,7 @@ private void processWorkflowOutputs (TriggeredLOI tloi, LineOfInquiry loi, Workf
                 } else {
                     System.out.println("Output information not found");
                 }
-            }
+            //}
         }
     }