fix 10221 - 403 issue

fix 10221 - 403 issue; swagger annotations cause issue in authentication object. If user authorization is enabled, authentication object is obtained from SecurityContextHolder

web/src/main/java/org/cbioportal/web/StudyController.java

@@ -23,6 +23,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -98,10 +99,10 @@ public ResponseEntity<List<CancerStudy>> getAllStudies(
         @ApiParam("Name of the property that the result list is sorted by")
         @RequestParam(required = false) StudySortBy sortBy,
         @ApiParam("Direction of the sort")
-        @RequestParam(defaultValue = "ASC") Direction direction,
-        @ApiParam(hidden = true, required = false)
-        @RequestParam(required = false) Authentication authentication) {
-
+        @RequestParam(defaultValue = "ASC") Direction direction)
+        {
+
+        Authentication authentication = null;    
         // Only use this feature on the public portal and make sure it is never used
         // on portals using auth, as in auth setting, different users will have different
         // results.
@@ -115,6 +116,8 @@ public ResponseEntity<List<CancerStudy>> getAllStudies(
                 && direction == Direction.ASC) {
             return new ResponseEntity<>(defaultResponse, HttpStatus.OK);
         }
+        else
+            authentication = SecurityContextHolder.getContext().getAuthentication();
 
         if (projection == Projection.META) {
             HttpHeaders responseHeaders = new HttpHeaders();