fix JwtTokeUpdater thread safety

Author: deedee

src/java/main/com/topcoder/direct/services/view/action/ServiceBackendDataTablesAction.java

@@ -323,7 +323,7 @@ protected JsonNode getJsonResultFromAPI(URI apiEndPoint) throws Exception {
             // specify the get request
             HttpGet getRequest = new HttpGet(apiEndPoint);
 
-            String token = jwtTokenUpdater.check().getToken();
+            String token = jwtTokenUpdater.getV3Token();
 
             getRequest.setHeader(HttpHeaders.AUTHORIZATION,
                     "Bearer " + token);

src/java/main/com/topcoder/direct/services/view/action/contest/launch/GetGroupMemberAction.java

@@ -190,7 +190,7 @@ private RestResult<GroupMember> getGroupMemberByGid(Long gid) throws Exception {
             HttpGet request = new HttpGet(groupApiEndpointUri);
             String jwtToken;
             try{
-                jwtToken = jwtTokenUpdater.check().getToken();
+                jwtToken = jwtTokenUpdater.getV3Token();
             } catch (Exception e) {
                 logger.error("Can't get jwt token");
                 throw e;

src/java/main/com/topcoder/direct/services/view/action/my/MyChallengesAction.java

@@ -3,12 +3,15 @@
  */
 package com.topcoder.direct.services.view.action.my;
 
+import com.topcoder.direct.services.configs.ServerConfiguration;
 import com.topcoder.direct.services.view.action.ServiceBackendDataTablesAction;
 import com.topcoder.direct.services.view.dto.my.Challenge;
 import com.topcoder.direct.services.view.dto.my.RestResult;
-import com.topcoder.direct.services.view.exception.JwtAuthenticationException;
+import com.topcoder.direct.services.view.util.DirectUtils;
 import org.codehaus.jackson.JsonNode;
 
+import org.apache.struts2.ServletActionContext;
+
 import java.text.DateFormat;
 import java.text.NumberFormat;
 import java.text.SimpleDateFormat;
@@ -46,11 +49,9 @@ public class MyChallengesAction extends ServiceBackendDataTablesAction {
      */
     @Override
     public String execute() throws Exception {
-        try {
-            getJwtTokenUpdater().check();
-        } catch (JwtAuthenticationException e) {
+        if (DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
+                ServerConfiguration.JWT_COOOKIE_KEY) == null)
             return "forward";
-        }
 
         // populate filter data
         this.setupFilterPanel();

src/java/main/com/topcoder/direct/services/view/action/my/MyCreatedChallengesAction.java

@@ -7,14 +7,11 @@
 import com.topcoder.direct.services.view.action.ServiceBackendDataTablesAction;
 import com.topcoder.direct.services.view.dto.my.Challenge;
 import com.topcoder.direct.services.view.dto.my.RestResult;
-import com.topcoder.direct.services.view.exception.JwtAuthenticationException;
 import com.topcoder.direct.services.view.util.DirectUtils;
-import com.topcoder.direct.services.view.util.JwtTokenUpdater;
 import com.topcoder.service.user.UserService;
 import org.apache.struts2.ServletActionContext;
 import org.codehaus.jackson.JsonNode;
 
-import javax.servlet.http.Cookie;
 import java.text.DateFormat;
 import java.text.NumberFormat;
 import java.text.SimpleDateFormat;
@@ -63,11 +60,9 @@ public class MyCreatedChallengesAction extends ServiceBackendDataTablesAction {
      */
     @Override
     public String execute() throws Exception {
-        try {
-            getJwtTokenUpdater().check();
-        } catch (JwtAuthenticationException e) {
+        if (DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
+                ServerConfiguration.JWT_COOOKIE_KEY) == null)
             return "forward";
-        }
 
         // populate filter data
         this.setupFilterPanel();

src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java

@@ -7,15 +7,13 @@
 
 import java.util.Arrays;
 import java.util.Set;
-import java.util.Map;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import com.topcoder.direct.services.view.util.jwt.JWTToken;
-import com.topcoder.direct.services.view.util.jwt.MyTest;
 import com.topcoder.direct.services.view.util.jwt.TokenExpiredException;
 import org.apache.struts2.ServletActionContext;
 
@@ -226,8 +224,6 @@ public class AuthenticationInterceptor extends AbstractInterceptor {
      */
     private String redirectBackUrlIdentityKey;
 
-    private MyTest myTest;
-
     /**
      * Default constructor, constructs an instance of this class.
      */
@@ -294,15 +290,15 @@ public String intercept(ActionInvocation invocation) throws Exception {
             return loginPageName;
         }
 
-        JWTToken jwtToken;
+        JWTToken jwtToken = null;
         try {
             String[] knownIssuers = new String[]{ "https://" + DirectProperties.DOMAIN_AUTH0 };
             jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.CLIENT_SECRET_AUTH0, Arrays.asList(knownIssuers));
         } catch (TokenExpiredException e) {
             //refresh token here
             //redirect to loginpage for now
-            logger.error("Token is expired. redirect to login page");
-            return loginPageName;
+            logger.error("Token is expired. Should do refresh token here");
+            //return loginPageName;
         } catch (Exception e) {
             return loginPageName;
         }
@@ -441,12 +437,4 @@ public void setRedirectBackUrlIdentityKey(String redirectBackUrlIdentityKey) {
         Helper.checkNotNullOrEmpty(redirectBackUrlIdentityKey, "redirectBackUrlIdentityKey");
         this.redirectBackUrlIdentityKey = redirectBackUrlIdentityKey;
     }
-
-    public MyTest getMyTest() {
-        return myTest;
-    }
-
-    public void setMyTest(MyTest myTest) {
-        this.myTest = myTest;
-    }
 }

src/java/main/com/topcoder/direct/services/view/util/DirectUtils.java

@@ -3787,7 +3787,7 @@ public static Set<ProjectGroup> getGroupsFromApi(TCSubject tcSubject, JwtTokenUp
         HttpGet getRequest = new HttpGet(uri.build());
         logger.info("Getting Group with thi uri: " + uri.build().toString());
 
-        String v3Token = jwtTokenUpdater.check().getToken();
+        String v3Token = jwtTokenUpdater.getV3Token();
 
         getRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + v3Token);
 

src/java/main/com/topcoder/direct/services/view/util/JwtTokenUpdater.java

@@ -40,13 +40,6 @@ public class JwtTokenUpdater {
      */
     private String authorizationURL;
 
-    /**
-     * v3 token
-     */
-    private String token;
-
-    private String v2Token = null;
-
     /**
      * ssoLogin Url
      */
@@ -69,12 +62,12 @@ public JwtTokenUpdater() {
     }
 
     /**
-     * Check token from cookie
+     * Validate and get v3 token from cookies
      *
-     * @return this class instance
+     * @return v3 token
      * @throws Exception
      */
-    public JwtTokenUpdater check() throws Exception {
+    public String getV3Token() throws Exception {
         Cookie jwtCookieV3 = DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
                 ServerConfiguration.JWT_V3_COOKIE_KEY);
         Cookie jwtCookieV2 = DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
@@ -84,9 +77,7 @@ public JwtTokenUpdater check() throws Exception {
             throw new JwtAuthenticationException("Please re-login");
         }
 
-        validateCookieV2V3(jwtCookieV2,jwtCookieV3);
-        v2Token = jwtCookieV2.getValue();
-        return this;
+        return validateCookieV2V3(jwtCookieV2,jwtCookieV3);
     }
 
 
@@ -163,9 +154,10 @@ private String getValidJwtToken(String v3token, String v2token) throws JwtAuthen
      *
      * @param v2 cookie v2
      * @param v3 cookie v3
+     * @return valid v3 token
      * @throws Exception
      */
-    private void validateCookieV2V3(Cookie v2, Cookie v3) throws Exception {
+    private String validateCookieV2V3(Cookie v2, Cookie v3) throws Exception {
         String validToken;
         String v3Token = null;
         if (v3 == null) {
@@ -179,17 +171,9 @@ private void validateCookieV2V3(Cookie v2, Cookie v3) throws Exception {
             DirectUtils.addDirectCookie(ServletActionContext.getResponse(), ServerConfiguration.JWT_V3_COOKIE_KEY,  validToken, -1);
         }
 
-        token = validToken;
+        return validToken;
     }
 
-    /**
-     * True if user has logge-in and has v2token
-     * Must be called after {@link #check()}
-     * @return
-     */
-    public boolean isLoggedIn() {
-        return v2Token != null && !v2Token.isEmpty();
-    }
 
     public String getAuthorizationURL() {
         return authorizationURL;
@@ -206,13 +190,4 @@ public String getSsoLoginUrl() {
     public void setSsoLoginUrl(String ssoLoginUrl) {
         this.ssoLoginUrl = ssoLoginUrl;
     }
-
-    /**
-     * Get v3 token
-     * Must be called after {@link #check()}
-     * @return
-     */
-    public String getToken() {
-        return token;
-    }
 }