Merge pull request 'OIDC UMA token in threadlocal changes' (#1) from mauro.mugnaini/VREFolder-hook:master into master

pom.xml

@@ -64,6 +64,12 @@
 			<artifactId>common-scope</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.portal</groupId>
+			<artifactId>oidc-library-portal</artifactId>
+			<version>[0.1.0,)</version>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-log4j12</artifactId>

src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java

@@ -6,11 +6,13 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.dsl.StorageHubClient;
 import org.gcube.common.storagehub.client.dsl.Util;
 import org.gcube.common.storagehub.client.dsl.VREFolderManager;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.vomanagement.usermanagement.GroupManager;
 import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@@ -38,6 +40,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
     private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
     private GroupManager gm;
     private LiferayUserManager uMan;
+
     public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
         super(userGroupRoleLocalService);
         gm = new LiferayGroupManager();
@@ -47,13 +50,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
 
     //TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also 
     @Override
-	public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId, long roleId) throws com.liferay.portal.kernel.exception.SystemException {			
+    public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId,
+            long roleId) throws com.liferay.portal.kernel.exception.SystemException {
         List<UserGroupRole> toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
         return toReturn;
     }
 
     @Override
-	public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long userId, long groupId, long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {			
+    public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long userId, long groupId,
+            long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {
         List<UserGroupRole> toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
         try {
             String context = gm.getInfrastructureScope(groupId);
@@ -69,7 +74,8 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
                 for (int i = 0; i < roleIds.length; i++) {
                     Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
                     if (role.getName().compareTo(GCubeRole.VRE_MANAGER_LABEL) == 0) {
-						_log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId + " on Site groupId="+groupId);
+                        _log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId
+                                + " on Site groupId=" + groupId);
                         vreManagerRolePresent = true;
                         break;
                     }
@@ -78,8 +84,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
             } else {
                 _log.debug("addUserGroupRoles NOT done in a VRE, groupId=" + groupId);
             }
-		}
+        } catch (Exception e) {
-		catch (Exception e) {
             e.printStackTrace();
         }
         return toReturn;
@@ -105,6 +110,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
         VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
 
         String previousToken = SecurityTokenProvider.instance.get();
+
         //get the super user
         _log.info("//get the super user");
 
@@ -112,10 +118,10 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
         long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
         User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
         if (theAdmin == null) {
-			_log.warn("Cannot add the user as VRE Folder admin: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+            _log.warn("Cannot add the user as VRE Folder admin: there is no user having role "
+                    + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
             return false;
-		}
+        } else {
-		else {
             RoleManager rm = new LiferayRoleManager();
             String adminUsername = theAdmin.getScreenName();
             _log.info("Got the super user: " + adminUsername);
@@ -130,6 +136,9 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
             authorizationService().setTokenRoles(theAdminToken, rolesString);
             SecurityTokenProvider.instance.set(theAdminToken);
 
+            String previousUmaToken = UmaJWTProvider.instance.get();
+            OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
+
             String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
             _log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
             if (enable)
@@ -137,9 +146,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
             else
                 vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
             SecurityTokenProvider.instance.set(previousToken);
+
+            if (previousUmaToken != null) {
+                UmaJWTProvider.instance.set(previousUmaToken);
+            }
+
             return true;
         }
     }
 
-
 }

src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java

@@ -6,10 +6,12 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
 import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
 import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
 import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
@@ -174,12 +176,20 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 			_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
 			authorizationService().setTokenRoles(theAdminToken, rolesString);
 			SecurityTokenProvider.instance.set(theAdminToken);
+
+			String previousUmaToken = UmaJWTProvider.instance.get();
+			OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
 			GroupManagerClient client = AbstractPlugin.groups().build();
 			if (add)
 				client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
 			else 
 				client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
 			SecurityTokenProvider.instance.set(previousToken);
+
+            if (previousUmaToken != null) {
+                UmaJWTProvider.instance.set(previousUmaToken);
+            }
+
             return true;
 		}
 	}