server: set the default token for anonymous queries (i.e., queries wi…

…thout token), #TASK-4791, #TASK-4641

cellbase-core/src/main/java/org/opencb/cellbase/core/token/DataAccessTokenManager.java

@@ -17,14 +17,14 @@
 package org.opencb.cellbase.core.token;
 
 import io.jsonwebtoken.*;
-import io.jsonwebtoken.impl.TextCodec;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.*;
 
@@ -47,19 +47,16 @@ public class DataAccessTokenManager {
     public static final String MAX_NUM_QUERIES_FIELD_NAME = "maxNumQueries";
 
     public DataAccessTokenManager(String key) {
-        this(SignatureAlgorithm.HS256.getValue(), new SecretKeySpec(TextCodec.BASE64.decode(key), SignatureAlgorithm.HS256.getJcaName()));
-        defaultToken = encode("ANONYMOUS", new DataAccessToken(DataAccessToken.CURRENT_VERSION, new HashMap<>(), MAX_NUM_ANOYMOUS_QUERIES));
+        this(SignatureAlgorithm.HS256.getValue(), new SecretKeySpec(Base64.getEncoder().encode(key.getBytes(StandardCharsets.UTF_8)),
+                SignatureAlgorithm.HS256.getJcaName()));
     }
 
     public DataAccessTokenManager(String algorithm, Key secretKey) {
         this.algorithm = SignatureAlgorithm.forName(algorithm);
         this.privateKey = secretKey;
         this.publicKey = secretKey;
         jwtParser = Jwts.parserBuilder().setSigningKey(publicKey).build();
-    }
-
-    public DataAccessTokenManager() {
-        jwtParser = Jwts.parserBuilder().build();
+        defaultToken = encode("ANONYMOUS", new DataAccessToken(DataAccessToken.CURRENT_VERSION, new HashMap<>(), MAX_NUM_ANOYMOUS_QUERIES));
     }
 
     public String encode(String organization, DataAccessToken dat) {

cellbase-server/src/main/java/org/opencb/cellbase/server/rest/GenericRestWSServer.java

@@ -33,6 +33,7 @@
 import org.opencb.cellbase.core.exception.CellBaseException;
 import org.opencb.cellbase.core.result.CellBaseDataResponse;
 import org.opencb.cellbase.core.result.CellBaseDataResult;
+import org.opencb.cellbase.core.token.DataAccessTokenManager;
 import org.opencb.cellbase.core.utils.SpeciesUtils;
 import org.opencb.cellbase.lib.managers.CellBaseManagerFactory;
 import org.opencb.cellbase.lib.managers.DataReleaseManager;
@@ -94,6 +95,8 @@ public class GenericRestWSServer implements IWSServer {
     // this webservice has no species, do not validate
     private static final String DONT_CHECK_SPECIES = "do not validate species";
 
+    protected static String defaultToken;
+
     public GenericRestWSServer(@PathParam("version") String version, @Context UriInfo uriInfo, @Context HttpServletRequest hsr)
             throws QueryException, IOException, CellBaseException {
         this(version, DONT_CHECK_SPECIES, uriInfo, hsr);
@@ -150,6 +153,11 @@ private void init() throws IOException, CellBaseException {
 
             // Initialize Monitor
             monitor = new Monitor(cellBaseManagerFactory.getMetaManager());
+
+            // Get default token (for anonymous queries)
+            DataAccessTokenManager tokenManager = new DataAccessTokenManager(cellBaseConfiguration.getSecretKey());
+            defaultToken = tokenManager.getDefaultToken();
+            logger.info("default token {}", defaultToken);
         }
     }
 
@@ -164,6 +172,13 @@ private void initQuery() throws CellBaseException {
             uriParams.remove("assembly");
         }
 
+        // Set default token, if necessary
+        logger.info("before checking, token {}", uriParams.get(DATA_ACCESS_TOKEN));
+        if (StringUtils.isEmpty(uriParams.get(DATA_ACCESS_TOKEN))) {
+            uriParams.put(DATA_ACCESS_TOKEN, defaultToken);
+        }
+        logger.info("after checking, token {}", uriParams.get(DATA_ACCESS_TOKEN));
+
         checkLimit();
 
         // check version. species is validated later