Fix problem of stale access tokens with a LIFO queue -- see PR #1437

igvteam · Dec 1, 2023 · 3217d70 · 3217d70
1 parent 7bcb418
commit 3217d70
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 15 deletions.
diff --git a/src/main/java/org/broad/igv/util/HttpUtils.java b/src/main/java/org/broad/igv/util/HttpUtils.java
@@ -99,7 +99,7 @@ private class CachedRedirect {
     private Map<URL, CachedRedirect> redirectCache = new HashMap<URL, CachedRedirect>();
 
     // oauth tokens set from command line script
-    private Map<Pattern, String> accessTokens = new HashMap<>();
+    Deque<Pair<Pattern, String>> accessTokens = new ArrayDeque<>();
 
     /**
      * @return the single instance
@@ -137,7 +137,10 @@ public void setAccessToken(String token, String host) {
         } else {
             host = host.replace("*", ".*");
         }
-        this.accessTokens.put(Pattern.compile(host, Pattern.CASE_INSENSITIVE), token);
+
+        // If new pattern matches existing keys replace them
+        Pattern newPattern = Pattern.compile(host, Pattern.CASE_INSENSITIVE);
+        this.accessTokens.add(new Pair<>(newPattern, token));
     }
 
 
@@ -147,19 +150,17 @@ public void setAccessToken(String token, String host) {
      * @param url
      * @return
      */
-    String getAccessTokenFor(URL url) {
+    String getCachedTokenFor(URL url) {
 
-        for (Map.Entry<Pattern, String> entry : this.accessTokens.entrySet()) {
-            final Pattern pattern = entry.getKey();
-            Matcher matcher = pattern.matcher(url.getHost());
+        Iterator<Pair<Pattern, String>> iter = accessTokens.descendingIterator();
+        while(iter.hasNext()) {
+            Pair<Pattern, String> next = iter.next();
+            Matcher matcher = next.getFirst().matcher(url.getHost());
             if (matcher.find()) {
-                return entry.getValue();
+                return next.getSecond();
             }
         }
         return null;
-//        if (token == null && oauthProvider != null && oauthProvider.appliesToUrl(url)) {
-//            token = oauthProvider.getAccessToken();
-//        }
     }
 
     public void clearAccessTokens() {
@@ -689,7 +690,7 @@ private HttpURLConnection openConnection(
 
         // If we have an explicitly set oauth token for this URL use it.  This is used by port and batch commands
         // and will ovveride oAuth authentication check
-        String token = this.getAccessTokenFor(url);
+        String token = this.getCachedTokenFor(url);
 
         if (token == null) {
 

diff --git a/src/test/java/org/broad/igv/util/HttpUtilsTest.java b/src/test/java/org/broad/igv/util/HttpUtilsTest.java
@@ -117,24 +117,30 @@ public void testAccessTokenCache() throws MalformedURLException {
         try {
             // Exact match
             HttpUtils.getInstance().setAccessToken("foo", "bar.foo.com");
-            String token = HttpUtils.getInstance().getAccessTokenFor(new URL("https://bar.foo.com/path"));
+            String token = HttpUtils.getInstance().getCachedTokenFor(new URL("https://bar.foo.com/path"));
             assertEquals("foo", token);
             HttpUtils.getInstance().clearAccessTokens();
 
             // Wildcard match
             HttpUtils.getInstance().setAccessToken("foo", "*.foo.com");
-            token = HttpUtils.getInstance().getAccessTokenFor(new URL("https://bar.foo.com/path"));
+            token = HttpUtils.getInstance().getCachedTokenFor(new URL("https://bar.foo.com/path"));
             assertEquals("foo", token);
 
+            // Superceding match
+            HttpUtils.getInstance().setAccessToken("foo2", "bar.foo.com");
+            token = HttpUtils.getInstance().getCachedTokenFor(new URL("https://bar.foo.com/path"));
+            assertEquals("foo2", token);
+
+
             // Clear token
             HttpUtils.getInstance().clearAccessTokens();
-            token = HttpUtils.getInstance().getAccessTokenFor(new URL("https://bar.foo.com/path"));
+            token = HttpUtils.getInstance().getCachedTokenFor(new URL("https://bar.foo.com/path"));
             assertNull(token);
             HttpUtils.getInstance().clearAccessTokens();
 
             // Match all hosts
             HttpUtils.getInstance().setAccessToken("foo", "");
-            token = HttpUtils.getInstance().getAccessTokenFor(new URL("https://igv.org/path"));
+            token = HttpUtils.getInstance().getCachedTokenFor(new URL("https://igv.org/path"));
             assertEquals("foo", token);
         } finally {
             HttpUtils.getInstance().clearAccessTokens();