Intial GIT commit

.classpath

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="test" value="true"/>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+		<attributes>
+			<attribute name="test" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry combineaccessrules="false" kind="src" path="/oidc-library"/>
+	<classpathentry combineaccessrules="false" kind="src" path="/oidc-library-portal"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

.gitignore

@@ -0,0 +1,2 @@
+target
+bin/*

.project

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>oidc-enrollment-hook</name>
+	<comment></comment>
+	<projects>
+		<project>oidc-library</project>
+		<project>oidc-library-portal</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
+	</natures>
+</projectDescription>

.settings/.jsdtscope

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/webapp"/>
+	<classpathentry excluding="**/bower_components/*|**/node_modules/*|**/*.min.js" kind="src" path="target/m2e-wtp/web-resources"/>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.WebProject">
+		<attributes>
+			<attribute name="hide" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.baseBrowserLibrary"/>
+	<classpathentry kind="output" path=""/>
+</classpath>

.settings/org.eclipse.core.resources.prefs

@@ -0,0 +1,6 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding//src/main/resources=UTF-8
+encoding//src/test/java=UTF-8
+encoding//src/test/resources=UTF-8
+encoding/<project>=UTF-8

.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,11 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8

.settings/org.eclipse.m2e.core.prefs

@@ -0,0 +1,4 @@
+activeProfiles=gcube-developer
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1

.settings/org.eclipse.m2e.wtp.prefs

@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+org.eclipse.m2e.wtp.enabledProjectSpecificPrefs=false

.settings/org.eclipse.wst.common.component

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="oidc-enrollment-hook">
+        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+        <property name="java-output-path" value="/target/classes"/>
+        <property name="context-root" value="oidc-enrollment-hook"/>
+        <property name="component.exclusion.patterns" value="WEB-INF/lib/oidc-library*.jar"/>
+    </wb-module>
+</project-modules>

.settings/org.eclipse.wst.common.project.facet.core.prefs.xml

@@ -0,0 +1,7 @@
+<root>
+  <facet id="jst.jaxrs">
+    <node name="libprov">
+      <attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
+    </node>
+  </facet>
+</root>

.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <fixed facet="wst.jsdt.web"/>
+  <installed facet="liferay.hook" version="6.0"/>
+  <installed facet="wst.jsdt.web" version="1.0"/>
+  <installed facet="java" version="1.8"/>
+  <installed facet="jst.web" version="2.5"/>
+  <installed facet="jst.jaxrs" version="2.1"/>
+</faceted-project>

.settings/org.eclipse.wst.jsdt.ui.superType.container

@@ -0,0 +1 @@
+org.eclipse.wst.jsdt.launching.baseBrowserLibrary

.settings/org.eclipse.wst.jsdt.ui.superType.name

@@ -0,0 +1 @@
+Window

.settings/org.eclipse.wst.validation.prefs

@@ -0,0 +1,2 @@
+disabled=06target
+eclipse.preferences.version=1

pom.xml

@@ -0,0 +1,133 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<artifactId>maven-parent</artifactId>
+		<groupId>org.gcube.tools</groupId>
+		<version>1.1.0</version>
+		<relativePath />
+	</parent>
+	<groupId>org.gcube.portal</groupId>
+	<artifactId>oidc-enrollment-hook</artifactId>
+	<packaging>war</packaging>
+	<version>0.4.0-SNAPSHOT</version>
+	<properties>
+		<java-version>1.8</java-version>
+		<liferay.version>6.2.5</liferay.version>
+		<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>
+		<liferay.auto.deploy.dir>/Users/themaxx/Development/Server/liferay-portal-6.2-ce-ga6/deploy
+		</liferay.auto.deploy.dir>
+		<liferay.app.server.deploy.dir>/Users/themaxx/Development/Server/liferay-portal-6.2-ce-ga6/tomcat-7.0.62/webapps
+		</liferay.app.server.deploy.dir>
+		<liferay.app.server.lib.global.dir>/Users/themaxx/Development/Server/liferay-portal-6.2-ce-ga6/tomcat-7.0.62/lib/ext
+		</liferay.app.server.lib.global.dir>
+		<liferay.app.server.portal.dir>/Users/themaxx/Development/Server/liferay-portal-6.2-ce-ga6/tomcat-7.0.62/webapps/ROOT
+		</liferay.app.server.portal.dir>
+	</properties>
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.gcube.distribution</groupId>
+				<artifactId>maven-portal-bom</artifactId>
+				<version>3.6.0</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+			<dependency>
+				<groupId>org.jboss.resteasy</groupId>
+				<artifactId>resteasy-jaxb-provider</artifactId>
+				<exclusions>
+					<exclusion>
+						<groupId>com.sun.istack</groupId>
+						<artifactId>istack-commons-runtime</artifactId>
+					</exclusion>
+					<exclusion>
+						<groupId>org.jvnet.staxex</groupId>
+						<artifactId>stax-ex</artifactId>
+					</exclusion>
+					<exclusion>
+						<groupId>org.glassfish.jaxb</groupId>
+						<artifactId>txw2</artifactId>
+					</exclusion>
+					<exclusion>
+						<groupId>com.sun.xml.fastinfoset</groupId>
+						<artifactId>FastInfoset</artifactId>
+					</exclusion>
+					<exclusion>
+						<groupId>org.glassfish.jaxb</groupId>
+						<artifactId>jaxb-runtime</artifactId>
+					</exclusion>
+				</exclusions>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+	<dependencies>
+		<dependency>
+			<groupId>org.gcube.portal</groupId>
+			<artifactId>oidc-library-portal</artifactId>
+			<version>[0.1.0,)</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>oidc-library</artifactId>
+			<version>[0.1.0,)</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>com.liferay.portal</groupId>
+			<artifactId>portal-service</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>com.liferay.portal</groupId>
+			<artifactId>util-java</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>javax.portlet</groupId>
+			<artifactId>portlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+	</dependencies>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>com.liferay.maven.plugins</groupId>
+				<artifactId>liferay-maven-plugin</artifactId>
+				<version>${liferay.maven.plugin.version}</version>
+				<configuration>
+					<autoDeployDir>${liferay.auto.deploy.dir}</autoDeployDir>
+					<appServerDeployDir>${liferay.app.server.deploy.dir}
+					</appServerDeployDir>
+					<appServerLibGlobalDir>${liferay.app.server.lib.global.dir}
+					</appServerLibGlobalDir>
+					<appServerPortalDir>${liferay.app.server.portal.dir}
+					</appServerPortalDir>
+					<liferayVersion>${liferay.version}</liferayVersion>
+					<pluginType>hook</pluginType>
+				</configuration>
+			</plugin>
+			<plugin>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<encoding>UTF-8</encoding>
+					<source>${maven.compiler.source}</source>
+					<target>${maven.compiler.target}</target>
+				</configuration>
+			</plugin>
+			<plugin>
+				<artifactId>maven-war-plugin</artifactId>
+				<configuration>
+					<packagingExcludes>WEB-INF/lib/oidc-library*.jar</packagingExcludes>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+</project>

src/main/java/com/nubisware/oidc/lr62/OpenIdConnectAutoLogin.java

@@ -0,0 +1,163 @@
+package com.nubisware.oidc.lr62;
+
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Locale;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.util.LocaleUtil;
+import com.liferay.portal.kernel.util.StringPool;
+import com.liferay.portal.model.User;
+import com.liferay.portal.security.auth.BaseAutoLogin;
+import com.liferay.portal.service.ServiceContext;
+import com.liferay.portal.service.UserLocalServiceUtil;
+import com.liferay.portal.util.PortalUtil;
+import com.liferay.util.PwdGenerator;
+import com.nubisware.oidc.gcube.URLEncodedContextMapper;
+import com.nubisware.oidc.rest.JWTToken;
+
+public class OpenIdConnectAutoLogin extends BaseAutoLogin {
+
+    private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class);
+
+    @Override
+    public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        JWTToken token = JWTToken.fromString((String) request.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
+        if (token == null) {
+            return null;
+        }
+        if (log.isTraceEnabled()) {
+            log.trace("Token's access token part is: " + token.getAccessTokenString());
+        }
+        LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+        long companyId = PortalUtil.getCompanyId(request);
+        long groupId = PortalUtil.getScopeGroupId(request);
+        String portalURL = PortalUtil.getPortalURL(request, true);
+        User user = createOrUpdateUser(token, companyId, groupId, portalURL, configuration);
+        if (user != null) {
+            log.info("Applying sites and roles strategy");
+            try {
+                UserSitesToGroupsAndRolesMapper mapper = new UserSitesToGroupsAndRolesMapper(
+                        user, new URLEncodedContextMapper(
+                                token.getResourceNameToAccessRolesMap(Arrays.asList(JWTToken.ACCOUNT_RESOURCE))));
+
+                mapper.map();
+            } catch (Throwable t) {
+                // TODO: to be removed when tested in depth
+                log.error("Applying strategy", t);
+            }
+            log.debug("Returning logged in user's info");
+            return new String[] { String.valueOf(user.getUserId()), UUID.randomUUID().toString(), "false" };
+        } else {
+            log.warn("User is null");
+            return null;
+        }
+    }
+
+    public static User createOrUpdateUser(JWTToken token, long companyId, long groupId, String portalURL,
+            LiferayOpenIdConnectConfiguration configuration) throws Exception {
+
+        String email = token.getEmail();
+        String given = token.getGiven();
+        String family = token.getFamily();
+        String subject = token.getSub();
+        User user = null;
+        try {
+            boolean updateUser = false;
+            // Search by email first
+            user = UserLocalServiceUtil.fetchUserByEmailAddress(companyId, email);
+            if (user == null) {
+                log.debug("No Liferay user found with email address=" + email + ", trying with openId");
+                // Then search by openId, in case user has changed the email address
+                user = UserLocalServiceUtil.fetchUserByOpenId(companyId, subject);
+                if (user == null) {
+                    log.debug("No Liferay user found with openid=" + subject + " and email address=" + email);
+                    if (configuration.createUnexistingUser()) {
+                        log.info("A new user will be created");
+                        user = addUser(companyId, groupId, portalURL, email, given, family, subject);
+                    } else {
+                        log.info("User will not be created according to configuration");
+                        return null;
+                    }
+                } else {
+                    log.info("User found by its openId, the email will be updated");
+                    updateUser = true;
+                }
+            }
+            if (user != null) {
+                log.debug("User found, updating name details with info from userinfo if changed");
+                if (given != user.getFirstName()) {
+                    user.setFirstName(given);
+                    updateUser = true;
+                }
+                if (family != user.getLastName()) {
+                    user.setLastName(family);
+                    updateUser = true;
+                }
+                if (email != user.getEmailAddress()) {
+                    user.setEmailAddress(email);
+                    updateUser = true;
+                }
+            }
+            if (updateUser) {
+                UserLocalServiceUtil.updateUser(user);
+            }
+        } catch (SystemException | PortalException e) {
+            throw new RuntimeException(e);
+        }
+        return user;
+    }
+
+    public static User addUser(long companyId, long groupId, String portalURL, String emailAddress, String firstName,
+            String lastName, String openid) throws SystemException, PortalException {
+
+        Locale locale = LocaleUtil.getMostRelevantLocale();
+        long creatorUserId = 0;
+        boolean autoPassword = false;
+        String password1 = PwdGenerator.getPassword();
+        String password2 = password1;
+        boolean autoScreenName = true;
+        String screenName = StringPool.BLANK;
+        long facebookId = 0;
+        String openId = openid;
+        String middleName = StringPool.BLANK;
+        int prefixId = 0;
+        int suffixId = 0;
+        boolean male = true;
+        int birthdayMonth = Calendar.JANUARY;
+        int birthdayDay = 1;
+        int birthdayYear = 1970;
+        String jobTitle = StringPool.BLANK;
+        long[] groupIds = null;
+        long[] organizationIds = null;
+        long[] roleIds = null;
+        long[] userGroupIds = null;
+        boolean sendEmail = false;
+        ServiceContext serviceContext = new ServiceContext();
+        serviceContext.setScopeGroupId(groupId);
+        serviceContext.setPortalURL(portalURL);
+
+        User user = UserLocalServiceUtil.addUser(creatorUserId, companyId, autoPassword, password1, password2,
+                autoScreenName, screenName, emailAddress, facebookId, openId, locale, firstName, middleName, lastName,
+                prefixId, suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
+                roleIds, userGroupIds, sendEmail, serviceContext);
+
+        // No password
+        user.setPasswordReset(false);
+        // email is already verified by oidc connect provider
+        user.setEmailAddressVerified(true);
+        // No reminder query at first login.
+        user.setReminderQueryQuestion("x");
+        user.setReminderQueryAnswer("y");
+        UserLocalServiceUtil.updateUser(user);
+        return user;
+    }
+
+}

src/main/java/com/nubisware/oidc/lr62/OpenIdConnectLoginFilter.java

@@ -0,0 +1,80 @@
+package com.nubisware.oidc.lr62;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.servlet.BaseFilter;
+import com.liferay.portal.model.User;
+import com.liferay.portal.util.PortalUtil;
+import com.nubisware.oidc.rest.JWTToken;
+import com.nubisware.oidc.rest.OpenIdConnectConfiguration;
+import com.nubisware.oidc.rest.OpenIdConnectRESTHelper;
+
+public class OpenIdConnectLoginFilter extends BaseFilter {
+
+    protected static final Log log = LogFactoryUtil.getLog(OpenIdConnectLoginFilter.class);
+
+    public OpenIdConnectLoginFilter() {
+        super();
+        if (log.isDebugEnabled()) {
+            log.debug("Filter created");
+        }
+    }
+
+    @Override
+    protected void processFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws Exception {
+
+        User user;
+        try {
+            user = PortalUtil.getUser(request);
+        } catch (PortalException | SystemException e) {
+            throw new ServletException("Getting user using utls", e);
+        }
+        HttpSession session = null;
+        JWTToken token = null;
+        if (user == null) {
+            session = request.getSession(false);
+            String uri = request.getRequestURI();
+            if (log.isDebugEnabled()) {
+                log.debug("No user logged in " + uri);
+            }
+            String sessionId = session.getId();
+            OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+            if (request.getParameter("state") != null && request.getParameter("state").equals(sessionId)) {
+                try {
+                    token = OpenIdConnectRESTHelper.queryToken(configuration.getClientId(),
+                            configuration.getTokenUrl(), request.getParameter("code"), configuration.getScope(),
+                            request.getRequestURL().toString());
+                } catch (Exception e) {
+                    throw new ServletException("Querying token from OIDC server", e);
+                }
+                request.setAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE, token.getRaw());
+                // The Autologin class will perform the auto-login with the token
+            } else {
+                String redirectKeycloakURL = OpenIdConnectRESTHelper.buildLoginUrl(configuration.getAuthorizationUrl(),
+                        configuration.getClientId(), sessionId, request.getRequestURL().toString());
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Redirecting to Keycloak login URL: " + redirectKeycloakURL);
+                }
+                response.sendRedirect(redirectKeycloakURL);
+                return;
+            }
+        }
+        processFilter(getClass(), request, response, filterChain);
+    }
+
+    @Override
+    protected Log getLog() {
+        return log;
+    }
+
+}

src/main/java/com/nubisware/oidc/lr62/PostLoginAction.java

@@ -0,0 +1,30 @@
+package com.nubisware.oidc.lr62;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.liferay.portal.kernel.events.Action;
+import com.liferay.portal.kernel.events.ActionException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.nubisware.oidc.rest.JWTToken;
+
+public class PostLoginAction extends Action {
+
+	protected static final Log log = LogFactoryUtil.getLog(PostLoginAction.class);
+
+    @Override
+    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
+        if (log.isInfoEnabled()) {
+            log.info("PostLoginAction invoked");
+        }
+        JWTToken token = JWTToken.fromString((String) request.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
+        HttpSession session = request.getSession(false);
+        if (token != null && session != null) {
+            log.info("Setting OIDC token in session with id: " + session.getId());
+            session.setAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE, token.getRaw());
+        }
+    }
+
+}

src/main/java/com/nubisware/oidc/lr62/PreLoginAction.java

@@ -0,0 +1,22 @@
+package com.nubisware.oidc.lr62;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.liferay.portal.kernel.events.Action;
+import com.liferay.portal.kernel.events.ActionException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+
+public class PreLoginAction extends Action {
+
+	protected static final Log log = LogFactoryUtil.getLog(PreLoginAction.class);
+
+    @Override
+    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
+        if (log.isDebugEnabled()) {
+            log.debug("PreLoginAction invoked");
+        }
+    }
+
+}

src/main/java/com/nubisware/oidc/lr62/SessionCreateAction.java

@@ -0,0 +1,22 @@
+package com.nubisware.oidc.lr62;
+
+import javax.servlet.http.HttpSession;
+
+import com.liferay.portal.kernel.events.ActionException;
+import com.liferay.portal.kernel.events.SessionAction;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+
+public class SessionCreateAction extends SessionAction {
+
+	protected static final Log log = LogFactoryUtil.getLog(SessionCreateAction.class);
+
+	@Override
+	public void run(HttpSession session) throws ActionException {
+		if (log.isDebugEnabled()) {
+			log.debug("Session created");
+		}
+		// Noting to do at the moment
+	}
+
+}

src/main/java/com/nubisware/oidc/lr62/SessionDestroyAction.java

@@ -0,0 +1,41 @@
+package com.nubisware.oidc.lr62;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpSession;
+
+import com.liferay.portal.kernel.events.ActionException;
+import com.liferay.portal.kernel.events.SessionAction;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.nubisware.oidc.rest.JWTToken;
+import com.nubisware.oidc.rest.OpenIdConnectRESTHelper;
+
+public class SessionDestroyAction extends SessionAction {
+
+	protected static final Log log = LogFactoryUtil.getLog(SessionDestroyAction.class);
+
+	@Override
+	public void run(HttpSession session) throws ActionException {
+	    if (log.isTraceEnabled()) {
+	        log.trace("Session id is: " + session.getId());
+	    }
+		LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration();
+		if (configuration.logoutOnPortalLogout()) {
+			JWTToken token = JWTToken.fromString((String) session.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
+			if (token != null) {
+				log.debug("Performing logout on OIDC server due to session destroy");
+				try {
+					OpenIdConnectRESTHelper.logout(token, configuration.getLogoutUrl(), configuration.getClientId());
+				} catch (IOException e) {
+					throw new ActionException("Performing logut on OIDC server", e);
+				}
+			} else {
+				log.error("Cannot find the OIDC token in session");
+			}
+		} else {
+			log.debug("Don't performing OIDC logout according to configuration");
+		}
+	}
+
+}

src/main/resources/portal.properties

@@ -0,0 +1,17 @@
+servlet.session.create.events=com.nubisware.oidc.lr62.SessionCreateAction
+login.events.pre=com.nubisware.oidc.lr62.PreLoginAction
+auto.login.hooks=com.nubisware.oidc.lr62.OpenIdConnectAutoLogin
+login.events.post=com.nubisware.oidc.lr62.PostLoginAction
+servlet.session.destroy.events=com.nubisware.oidc.lr62.SessionDestroyAction
+
+session.shared.attributes=USER_
+
+company.login.prepopulate.domain=false
+d4science.oidc-authorization=https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/auth
+d4science.oidc-token=https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token
+d4science.oidc-issuer=https://nubis2.int.d4science.net/auth/realms/d4science
+d4science.oidc-client-id=portal
+d4science.oidc-scope=openid profile email
+d4science.oidc-logout=https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/logout
+d4science.oidc-logout-on-portal-logout=true
+d4science.oidc-create-unexisting-user=true

src/main/webapp/WEB-INF/liferay-hook.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd">
+
+<hook>
+	<portal-properties>portal.properties</portal-properties>
+	<servlet-filter>
+	    <servlet-filter-name>OpenIdConnectLoginFilter</servlet-filter-name>
+        <servlet-filter-impl>com.nubisware.oidc.lr62.OpenIdConnectLoginFilter</servlet-filter-impl>
+    </servlet-filter>
+    <servlet-filter-mapping>
+        <servlet-filter-name>OpenIdConnectLoginFilter</servlet-filter-name>
+        <url-pattern>/c/portal/login</url-pattern>
+        <dispatcher>REQUEST</dispatcher>
+        <dispatcher>FORWARD</dispatcher>
+    </servlet-filter-mapping>
+</hook>

src/main/webapp/WEB-INF/liferay-plugin-package.properties

@@ -0,0 +1,11 @@
+name=OIDC Login Hook
+module-group-id=liferay
+module-incremental-version=1
+tags=
+short-description=
+long-description=
+change-log=
+page-url=http://www.liferay.com
+author=Liferay, Inc.
+licenses=LGPL
+liferay-versions=6.2.0+

src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="http://java.sun.com/xml/ns/javaee"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+	id="WebApp_ID" version="2.5" />

src/test/java/META-INF/module-log4j-ext.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+	<category name="com.nubisware.oidc">
+		<priority value="DEBUG" />
+	</category>
+</log4j:configuration>

src/test/resources/log4j.properties

@@ -0,0 +1,7 @@
+log4j.rootLogger=DEBUG, CONSOLE
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.EnhancedPatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
+
+log4j.category.com.nubisware=DEBUG

src/test/resources/logging.properties

@@ -0,0 +1,6 @@
+debug.com.sun.portal.level=WARNING
+
+org.apache.catalina.core.ContainerBase.[Catalina].handlers=java.util.logging.ConsoleHandler
+org.apache.catalina.core.ContainerBase.[Catalina].level=INFO
+
+com.nubisware.level = DEBUG