From c9352f8900e465720ffef464245c9b2e5095c7d2 Mon Sep 17 00:00:00 2001
From: James <Jamestp19@gmail.com>
Date: Fri, 20 Sep 2024 15:32:09 -0400
Subject: [PATCH 1/2] Don't care about auth header in open access

---
 .../avillach/resource/visualization/service/HpdsService.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java b/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
index ff40e44f..41f68f67 100644
--- a/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
+++ b/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
@@ -128,7 +128,7 @@ private void sanityCheck(QueryRequest queryRequest, ResultType requestType, Stri
         if (applicationProperties.getOrigin() == null) throw new IllegalArgumentException("picSureUrl is required");
         if (applicationProperties.getAuthHpdsResourceId() == null)
             throw new IllegalArgumentException("picSureUuid is required");
-        if (queryRequest.getResourceCredentials().get(AUTH_HEADER_NAME) == null)
+        if (AUTHORIZED_ACCESS.getValue().equals(accessType) && queryRequest.getResourceCredentials().get(AUTH_HEADER_NAME) == null)
             throw new IllegalArgumentException("No authorization token found in queryRequest");
         if (requestType == null) throw new IllegalArgumentException("ResultType is required");
         if (requestType != ResultType.CATEGORICAL_CROSS_COUNT && requestType != ResultType.CONTINUOUS_CROSS_COUNT)

From 29f9ed95eeb6b51bdde9d685545ccb00f4ebc17a Mon Sep 17 00:00:00 2001
From: James <Jamestp19@gmail.com>
Date: Fri, 20 Sep 2024 15:44:20 -0400
Subject: [PATCH 2/2] More open access checks

---
 .../resource/visualization/service/HpdsService.java         | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java b/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
index 41f68f67..da9dde03 100644
--- a/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
+++ b/pic-sure-resources/pic-sure-visualization-resource/src/main/java/edu/harvard/hms/dbmi/avillach/resource/visualization/service/HpdsService.java
@@ -92,9 +92,11 @@ public Map<String, Map<String, String>> getOpenCrossCountsMap(QueryRequest query
      */
     private HttpHeaders prepareQueryRequest(QueryRequest queryRequest, ResultType resultType, String accessType) {
         HttpHeaders headers = new HttpHeaders();
-        headers.add(AUTH_HEADER_NAME,
+        if (AUTHORIZED_ACCESS.getValue().equals(accessType)) {
+            headers.add(AUTH_HEADER_NAME,
                 queryRequest.getResourceCredentials().get(AUTH_HEADER_NAME)
-        );
+            );
+        }
 
         headers.add("request-source", accessType);