[Hotfix][ALS-6861] BDC Auth showing as down on the BDC Graphana dashb…

…oard (#186)

* [ALS-6861] Optimize logging and enhance routing flexibility

* [ALS-6861] Optimize logging and enhance routing flexibility

* [ALS-6861] Remove logging

pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/filter/JWTFilter.java

@@ -93,7 +93,6 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
         } else {
             // If the header is present, we need to check the token
             String token = authorizationHeader.substring(6).trim();
-            logger.debug(" token: {}", token);
 
             // Parse the token
             Jws<Claims> jws = this.jwtUtil.parseToken(token);
@@ -102,20 +101,15 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
             if (userId.startsWith(AuthNaming.LONG_TERM_TOKEN_PREFIX)) {
                 // For profile information, we do indeed allow long term token
                 // to be a valid token.
-                if (request.getRequestURI().startsWith("/user/me")) {
-                    // Get the subject claim, remove the LONG_TERM_TOKEN_PREFIX, and use that String value to
-                    // look up the existing user.
+                if (request.getRequestURI().startsWith("/auth/user/me")) {
                     String realClaimsSubject = jws.getPayload().getSubject().substring(AuthNaming.LONG_TERM_TOKEN_PREFIX.length() + 1);
 
                     setSecurityContextForUser(request, response, realClaimsSubject);
                 } else {
                     logger.error("the long term token with subject, {}, cannot access to PSAMA.", userId);
                     response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Long term tokens cannot be used to access to PSAMA.");
                 }
-
-            }
-
-            if (userId.startsWith(AuthNaming.PSAMA_APPLICATION_TOKEN_PREFIX)) {
+            } else if (userId.startsWith(AuthNaming.PSAMA_APPLICATION_TOKEN_PREFIX)) {
                 logger.info("User Authentication Starts with {}", AuthNaming.PSAMA_APPLICATION_TOKEN_PREFIX);
 
                 // Check if user is attempting to access the correct introspect endpoint. If not reject the request
@@ -147,7 +141,7 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
                 // Set the security context for the application
                 setSecurityContextForApplication(request, customApplicationDetails);
             } else {
-                logger.debug("UserID: {} is not a long term token and not a PSAMA application token.", userId);
+                logger.info("UserID: {} is not a long term token and not a PSAMA application token.", userId);
                 // Authenticate as User
                 setSecurityContextForUser(request, response, jws.getPayload().getSubject());
             }
@@ -157,10 +151,10 @@ protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServlet
     }
 
     private void setSecurityContextForApplication(HttpServletRequest request, CustomApplicationDetails authenticatedApplication) {
-        logger.info("Setting security context for application: {}", authenticatedApplication.getApplication().getName());
+        logger.debug("Setting security context for application: {}", authenticatedApplication.getApplication().getName());
         UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(authenticatedApplication, null, authenticatedApplication.getAuthorities());
         authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-        logger.info("Created authenticationToken object {} for application: {}", authentication, authenticatedApplication.getApplication().getName());
+        logger.debug("Created authenticationToken object {} for application: {}", authentication, authenticatedApplication.getApplication().getName());
         SecurityContextHolder.getContext().setAuthentication(authentication);
     }
 
@@ -175,7 +169,7 @@ private void setSecurityContextForApplication(HttpServletRequest request, Custom
      * @param realClaimsSubject the subject of the user's claims in the JWT token
      */
     private void setSecurityContextForUser(HttpServletRequest request, HttpServletResponse response, String realClaimsSubject) {
-        logger.info("Setting security context for user: {}", realClaimsSubject);
+        logger.debug("Setting security context for user: {}", realClaimsSubject);
 
         CustomUserDetails authenticatedUser = (CustomUserDetails) this.customUserDetailService.loadUserByUsername(realClaimsSubject);
 
@@ -184,15 +178,15 @@ private void setSecurityContextForUser(HttpServletRequest request, HttpServletRe
             throw new IllegalArgumentException("Cannot validate user claims, based on information stored in the JWT token.");
         }
 
-        logger.info("User with email: {} is found.", authenticatedUser.getUser().getEmail());
+        logger.debug("User with email: {} is found.", authenticatedUser.getUser().getEmail());
 
         if (!authenticatedUser.getUser().isActive()) {
             logger.warn("User with ID: {} is deactivated.", authenticatedUser.getUser().getUuid());
             throw new NotAuthorizedException("User is deactivated");
         }
 
-        logger.info("User with ID: {} is active.", authenticatedUser.getUser().getUuid());
-        logger.info("Checking if user has accepted the latest terms of service.");
+        logger.debug("User with ID: {} is active.", authenticatedUser.getUser().getUuid());
+        logger.debug("Checking if user has accepted the latest terms of service.");
         if (!tosService.hasUserAcceptedLatest(authenticatedUser.getUser().getSubject())) {
             logger.info("User with ID: {} has not accepted the latest terms of service.", authenticatedUser.getUser().getUuid());
             //If user has not accepted terms of service and is attempted to get information other than the terms of service, don't authenticate
@@ -216,7 +210,7 @@ private void setSecurityContextForUser(HttpServletRequest request, HttpServletRe
             }
         }
 
-        logger.info("User with email {} has privileges {}.", authenticatedUser.getUser().getEmail(), authenticatedUser.getUser().getTotalPrivilege().stream().map(Privilege::getName).collect(Collectors.joining(",")));
+        logger.debug("User with email {} has privileges {}.", authenticatedUser.getUser().getEmail(), authenticatedUser.getUser().getTotalPrivilege().stream().map(Privilege::getName).collect(Collectors.joining(",")));
         UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(authenticatedUser, null, authenticatedUser.getAuthorities());
         authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
         SecurityContextHolder.getContext().setAuthentication(authentication);

pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/UserController.java

@@ -120,7 +120,6 @@ public ResponseEntity<?> getCurrentUser(
     public ResponseEntity<?> getQueryTemplate(
             @Parameter(description = "Application Id for the returning queryTemplate")
             @PathVariable("applicationId") String applicationId) {
-        logger.info("getQueryTemplate() applicationId: {}", applicationId);
         Optional<String> mergedTemplate = this.userService.getQueryTemplate(applicationId);
 
         if (mergedTemplate.isEmpty()) {
@@ -132,7 +131,7 @@ public ResponseEntity<?> getQueryTemplate(
     }
 
     @Operation(description = "Retrieve the queryTemplate of default application")
-    @GetMapping(path = "/me/queryTemplate", produces = "application/json")
+    @GetMapping(value = {"/me/queryTemplate", "/me/queryTemplate/"}, produces = "application/json")
     public ResponseEntity<?> getQueryTemplate() {
         Map<String, String> defaultQueryTemplate = userService.getDefaultQueryTemplate();
 

pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java

@@ -79,7 +79,6 @@ public UserService(BasicMailService basicMailService, TOSService tosService,
 
         long defaultLongTermTokenExpirationTime = 1000L * 60 * 60 * 24 * 30; //
         this.longTermTokenExpirationTime = longTermTokenExpirationTime > 0 ? longTermTokenExpirationTime : defaultLongTermTokenExpirationTime;
-
     }
 
     public HashMap<String, String> getUserProfileResponse(Map<String, Object> claims) {