bugfix/http-static-variable

build.gradle

@@ -34,7 +34,7 @@ apply plugin: 'io.spring.dependency-management'
 
 allprojects {
     group 'org.radarbase'
-    version '2.1.2' // project version
+    version '2.1.3' // project version
 
     // The comment on the previous line is only there to identify the project version line easily
     // with a sed command, to auto-update the version number with the prepare-release-branch.sh

package.json

@@ -1,6 +1,6 @@
 {
   "name": "management-portal",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "Description for ManagementPortal",
   "private": true,
   "cacheDirectories": [

radar-auth/src/main/java/org/radarbase/auth/jwks/JwksTokenVerifierLoader.kt

@@ -28,23 +28,6 @@ class JwksTokenVerifierLoader(
     private val resourceName: String,
     private val algorithmParser: JwkParser,
 ) : TokenVerifierLoader {
-    private val httpClient = HttpClient(CIO).config {
-        install(HttpTimeout) {
-            connectTimeoutMillis = Duration.ofSeconds(10).toMillis()
-            socketTimeoutMillis = Duration.ofSeconds(10).toMillis()
-            requestTimeoutMillis = Duration.ofSeconds(30).toMillis()
-        }
-        install(ContentNegotiation) {
-            json(Json {
-                ignoreUnknownKeys = true
-                coerceInputValues = true
-            })
-        }
-        defaultRequest {
-            url(this@JwksTokenVerifierLoader.url)
-            accept(ContentType.Application.Json)
-        }
-    }
 
     override suspend fun fetch(): List<TokenVerifier> {
         val keySet = try {
@@ -69,7 +52,7 @@ class JwksTokenVerifierLoader(
 
     private suspend fun fetchPublicKeyInfo(): JsonWebKeySet = withContext(Dispatchers.IO) {
         logger.info("Getting the JWT public key at {}", url)
-        val response = httpClient.request()
+        val response = httpClient.request(url)
 
         if (!response.status.isSuccess()) {
             throw TokenValidationException("Cannot fetch token keys (${response.status}) - ${response.bodyAsText()}")
@@ -94,5 +77,22 @@ class JwksTokenVerifierLoader(
         }
 
         private val logger = LoggerFactory.getLogger(JwksTokenVerifierLoader::class.java)
+
+        private val httpClient = HttpClient(CIO).config {
+            install(HttpTimeout) {
+                connectTimeoutMillis = Duration.ofSeconds(10).toMillis()
+                socketTimeoutMillis = Duration.ofSeconds(10).toMillis()
+                requestTimeoutMillis = Duration.ofSeconds(30).toMillis()
+            }
+            install(ContentNegotiation) {
+                json(Json {
+                    ignoreUnknownKeys = true
+                    coerceInputValues = true
+                })
+            }
+            defaultRequest {
+                accept(ContentType.Application.Json)
+            }
+        }
     }
 }

src/main/java/org/radarbase/management/security/JwtAuthenticationFilter.kt

@@ -74,7 +74,12 @@ class JwtAuthenticationFilter @JvmOverloads constructor(
             val stringToken = tokenFromHeader(httpRequest)
             var token: RadarToken? = null
             var exMessage = "No token provided"
-            if (stringToken != null) {
+            token = session?.radarToken
+                ?.takeIf { Instant.now() < it.expiresAt }
+            if (token != null) {
+                Companion.logger.debug("Using token from session")
+            }
+            else if (stringToken != null) {
                 try {
                     token = validator.validateBlocking(stringToken)
                     Companion.logger.debug("Using token from header")
@@ -83,13 +88,6 @@ class JwtAuthenticationFilter @JvmOverloads constructor(
                     Companion.logger.info("Failed to validate token from header: {}", exMessage)
                 }
             }
-            if (token == null) {
-                token = session?.radarToken
-                    ?.takeIf { Instant.now() < it.expiresAt }
-                if (token != null) {
-                    Companion.logger.debug("Using token from session")
-                }
-            }
             if (!validateToken(token, httpRequest, httpResponse, session, exMessage)) {
                 return
             }