Extracted the UMA issuing code for logged user from the Valve in the `threadlocal-vars-cleaner` project to be used also after the login process for UMA issue in the context, since the Valve has already finished its work at that moment. (#20591)

CHANGELOG.md

@@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 # Changelog for "oidc-enrollment-hook"
 
+## [v1.2.0-SNAPSHOT]
+- Now an UMA token is issued also after the login in the `PostLoginAction` to assure token's presence for the context without have to wait the next HTTP call and the Valve's intervention, in the case when it is not necessary the redirect to an origin URI after the login. (#20591)
+
 ## [v1.1.3]
 - Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the email address but by using the User's username, the Liferay `screenname`. (#20827) (#20840)
 

pom.xml

@@ -11,7 +11,7 @@
 	<groupId>org.gcube.portal</groupId>
 	<artifactId>oidc-enrollment-hook</artifactId>
 	<packaging>war</packaging>
-	<version>1.1.3</version>
+	<version>1.2.0-SNAPSHOT</version>
 	<properties>
 		<liferay.version>6.2.5</liferay.version>
 		<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>

src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java

@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.gcube.common.portal.PortalContext;
 import org.gcube.oidc.rest.JWTToken;
 
 import com.liferay.portal.kernel.events.Action;
@@ -20,6 +21,8 @@ public class PostLoginAction extends Action {
 
     protected static final Log log = LogFactoryUtil.getLog(PostLoginAction.class);
 
+    public static boolean REQUEST_UMA_ALSO_WITH_REDIRECT = true;
+
     @Override
     public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
         if (log.isInfoEnabled()) {
@@ -27,6 +30,7 @@ public class PostLoginAction extends Action {
         }
         JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
         HttpSession session = request.getSession(false);
+        String redirect = (String) request.getAttribute(OpenIdConnectLoginFilter.REDIRECT_ATTRIBUTE);;
         if (token != null && session != null) {
             User user = (User) session.getAttribute(WebKeys.USER);
             if (user != null) {
@@ -38,6 +42,15 @@ public class PostLoginAction extends Action {
                 log.error("User object not found in session " + session.getId() + " ["
                         + Integer.toHexString(session.hashCode()) + "]");
             }
+            if (redirect == null || REQUEST_UMA_ALSO_WITH_REDIRECT) {
+                if (log.isDebugEnabled()) {
+                    log.debug("Getting current infrastructure context via portal context class");
+                }
+                String currentContext = "/" + PortalContext.getConfiguration().getInfrastructureName();
+                OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, response, user, session, currentContext);
+            } else if (log.isDebugEnabled()) {
+                log.debug("UMA token will be set by the valve after the redirection to: " + redirect);
+            }
         } else {
             if (token == null) {
                 log.error("OIDC token object is null in request");
@@ -46,18 +59,21 @@ public class PostLoginAction extends Action {
                 log.error("Session is null");
             }
         }
-        String redirect = (String) request.getAttribute(OpenIdConnectLoginFilter.REDIRECT_ATTRIBUTE);
+
         if (redirect != null) {
             if (log.isDebugEnabled()) {
                 log.debug("Redirecting to the original requested URI: " + redirect);
             }
             try {
+                // I'm not sure I can use this LR facility since it's used also by landing-page-hook.
+                // Indeed perhaps it should also be discussed if it takes precedence over this redirect in the case.
+                // session.setAttribute(WebKeys.LAST_PATH, new LastPath(null, URLDecoder.decode(redirect, "UTF-8"))
                 response.sendRedirect(URLDecoder.decode(redirect, "UTF-8"));
             } catch (IOException e) {
                 new ActionException("Redirecting to original requested URI: " + redirect, e);
             }
-        } else if (log.isTraceEnabled()) {
-            log.trace("No original requested URI has been found in session");
+        } else if (log.isDebugEnabled()) {
+            log.debug("No original requested URI has been found in session");
         }
     }