gCubeSystem
/
oidc-enrollment-hook
16
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Now client id for the logout is took from the token itself since can be issued for new (dynamically) created gateways

This commit is contained in:
Mauro Mugnaini 2020-06-18 12:29:14 +02:00
parent 41262534b4
commit 646b714399
1 changed files with 41 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
View File

@ -1,52 +1,60 @@
package com.nubisware.oidc.lr62;
package org.gcube.portal.oidc.lr62;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.gcube.oidc.rest.JWTToken;
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.events.SessionAction;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.model.User;
import com.nubisware.oidc.rest.JWTToken;
import com.nubisware.oidc.rest.OpenIdConnectRESTHelper;
public class SessionDestroyAction extends SessionAction {
protected static final Log log = LogFactoryUtil.getLog(SessionDestroyAction.class);
protected static final Log log = LogFactoryUtil.getLog(SessionDestroyAction.class);
@Override
public void run(HttpSession session) throws ActionException {
@Override
public void run(HttpSession session) throws ActionException {
if (log.isTraceEnabled()) {
log.trace("Session details: id=" + session.getId() + ", instance=" + session);
}
LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration();
if (configuration.logoutOnPortalLogout()) {
JWTToken token = JWTTokenUtil.getOIDCFromSession(session);
if (token != null) {
if (log.isDebugEnabled()) {
log.debug("Performing logout on OIDC server due to session destroy");
}
try {
OpenIdConnectRESTHelper.logout(token, configuration.getLogoutUrl(), configuration.getClientId());
} catch (IOException e) {
throw new ActionException("Performing logut on OIDC server", e);
}
} else {
log.error("Cannot find the OIDC token in session");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Don't performing OIDC logout according to configuration");
}
}
if (log.isDebugEnabled()) {
log.debug("Removing OIDC tokens from cache proxy");
}
User user = (User) session.getAttribute("USER");
OIDCTokenProxy.getInstance().removeOIDCToken(user, session);
OIDCTokenProxy.getInstance().removeUMAToken(user, session);
}
LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration();
if (configuration.logoutOnPortalLogout()) {
JWTToken token = JWTTokenUtil.getOIDCFromSession(session);
if (token != null) {
if (log.isDebugEnabled()) {
log.debug("Performing logout on OIDC server due to session destroy");
}
try {
List<String> tokenAud = token.getAud();
tokenAud.remove(JWTToken.ACCOUNT_RESOURCE);
String clientId = tokenAud.iterator().next();
if (log.isDebugEnabled()) {
log.debug("Performing logout from the client: " + clientId);
}
OpenIdConnectRESTHelper.logout(token, configuration.getLogoutURL(), clientId);
} catch (IOException e) {
throw new ActionException("Performing logut on OIDC server", e);
}
} else {
log.warn("Cannot find the OIDC token in session");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Don't performing OIDC logout according to configuration");
}
}
if (log.isDebugEnabled()) {
log.debug("Removing OIDC tokens from cache proxy");
}
User user = (User) session.getAttribute("USER");
OIDCTokenCacheProxy.getInstance().removeOIDCToken(user, session);
OIDCTokenCacheProxy.getInstance().removeUMAToken(user, session);
}
}