diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9963751..9f5565b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for "oidc-enrollment-hook"
+## [v1.2.0-SNAPSHOT]
+- Now an UMA token is issued also after the login in the `PostLoginAction` to assure token's presence for the context without have to wait the next HTTP call and the Valve's intervention, in the case when it is not necessary the redirect to an origin URI after the login. (#20591)
+
## [v1.1.3]
- Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the email address but by using the User's username, the Liferay `screenname`. (#20827) (#20840)
diff --git a/pom.xml b/pom.xml
index ab0a653..cbed59f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
org.gcube.portal
oidc-enrollment-hook
war
- 1.1.3
+ 1.2.0-SNAPSHOT
6.2.5
6.2.10.12
diff --git a/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java b/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
index d95e81c..b23e87e 100644
--- a/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.gcube.common.portal.PortalContext;
import org.gcube.oidc.rest.JWTToken;
import com.liferay.portal.kernel.events.Action;
@@ -20,6 +21,8 @@ public class PostLoginAction extends Action {
protected static final Log log = LogFactoryUtil.getLog(PostLoginAction.class);
+ public static boolean REQUEST_UMA_ALSO_WITH_REDIRECT = true;
+
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
if (log.isInfoEnabled()) {
@@ -27,6 +30,7 @@ public class PostLoginAction extends Action {
}
JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
HttpSession session = request.getSession(false);
+ String redirect = (String) request.getAttribute(OpenIdConnectLoginFilter.REDIRECT_ATTRIBUTE);;
if (token != null && session != null) {
User user = (User) session.getAttribute(WebKeys.USER);
if (user != null) {
@@ -38,6 +42,15 @@ public class PostLoginAction extends Action {
log.error("User object not found in session " + session.getId() + " ["
+ Integer.toHexString(session.hashCode()) + "]");
}
+ if (redirect == null || REQUEST_UMA_ALSO_WITH_REDIRECT) {
+ if (log.isDebugEnabled()) {
+ log.debug("Getting current infrastructure context via portal context class");
+ }
+ String currentContext = "/" + PortalContext.getConfiguration().getInfrastructureName();
+ OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, response, user, session, currentContext);
+ } else if (log.isDebugEnabled()) {
+ log.debug("UMA token will be set by the valve after the redirection to: " + redirect);
+ }
} else {
if (token == null) {
log.error("OIDC token object is null in request");
@@ -46,18 +59,21 @@ public class PostLoginAction extends Action {
log.error("Session is null");
}
}
- String redirect = (String) request.getAttribute(OpenIdConnectLoginFilter.REDIRECT_ATTRIBUTE);
+
if (redirect != null) {
if (log.isDebugEnabled()) {
log.debug("Redirecting to the original requested URI: " + redirect);
}
try {
+ // I'm not sure I can use this LR facility since it's used also by landing-page-hook.
+ // Indeed perhaps it should also be discussed if it takes precedence over this redirect in the case.
+ // session.setAttribute(WebKeys.LAST_PATH, new LastPath(null, URLDecoder.decode(redirect, "UTF-8"))
response.sendRedirect(URLDecoder.decode(redirect, "UTF-8"));
} catch (IOException e) {
new ActionException("Redirecting to original requested URI: " + redirect, e);
}
- } else if (log.isTraceEnabled()) {
- log.trace("No original requested URI has been found in session");
+ } else if (log.isDebugEnabled()) {
+ log.debug("No original requested URI has been found in session");
}
}