From 646b714399140d9297538f57727b34f4d1ef5d3f Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Thu, 18 Jun 2020 12:29:14 +0200 Subject: [PATCH] Now client id for the logout is took from the token itself since can be issued for new (dynamically) created gateways --- .../oidc/lr62/SessionDestroyAction.java | 74 ++++++++++--------- 1 file changed, 41 insertions(+), 33 deletions(-) diff --git a/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java b/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java index d084185..3546d97 100644 --- a/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java +++ b/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java @@ -1,52 +1,60 @@ -package com.nubisware.oidc.lr62; +package org.gcube.portal.oidc.lr62; import java.io.IOException; +import java.util.List; import javax.servlet.http.HttpSession; +import org.gcube.oidc.rest.JWTToken; +import org.gcube.oidc.rest.OpenIdConnectRESTHelper; + import com.liferay.portal.kernel.events.ActionException; import com.liferay.portal.kernel.events.SessionAction; import com.liferay.portal.kernel.log.Log; import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.model.User; -import com.nubisware.oidc.rest.JWTToken; -import com.nubisware.oidc.rest.OpenIdConnectRESTHelper; public class SessionDestroyAction extends SessionAction { - protected static final Log log = LogFactoryUtil.getLog(SessionDestroyAction.class); + protected static final Log log = LogFactoryUtil.getLog(SessionDestroyAction.class); - @Override - public void run(HttpSession session) throws ActionException { + @Override + public void run(HttpSession session) throws ActionException { if (log.isTraceEnabled()) { log.trace("Session details: id=" + session.getId() + ", instance=" + session); } - LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(); - if (configuration.logoutOnPortalLogout()) { - JWTToken token = JWTTokenUtil.getOIDCFromSession(session); - if (token != null) { - if (log.isDebugEnabled()) { - log.debug("Performing logout on OIDC server due to session destroy"); - } - try { - OpenIdConnectRESTHelper.logout(token, configuration.getLogoutUrl(), configuration.getClientId()); - } catch (IOException e) { - throw new ActionException("Performing logut on OIDC server", e); - } - } else { - log.error("Cannot find the OIDC token in session"); - } - } else { - if (log.isDebugEnabled()) { - log.debug("Don't performing OIDC logout according to configuration"); - } - } - if (log.isDebugEnabled()) { - log.debug("Removing OIDC tokens from cache proxy"); - } - User user = (User) session.getAttribute("USER"); - OIDCTokenProxy.getInstance().removeOIDCToken(user, session); - OIDCTokenProxy.getInstance().removeUMAToken(user, session); - } + LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(); + if (configuration.logoutOnPortalLogout()) { + JWTToken token = JWTTokenUtil.getOIDCFromSession(session); + if (token != null) { + if (log.isDebugEnabled()) { + log.debug("Performing logout on OIDC server due to session destroy"); + } + try { + List tokenAud = token.getAud(); + tokenAud.remove(JWTToken.ACCOUNT_RESOURCE); + String clientId = tokenAud.iterator().next(); + if (log.isDebugEnabled()) { + log.debug("Performing logout from the client: " + clientId); + } + OpenIdConnectRESTHelper.logout(token, configuration.getLogoutURL(), clientId); + } catch (IOException e) { + throw new ActionException("Performing logut on OIDC server", e); + } + } else { + log.warn("Cannot find the OIDC token in session"); + } + } else { + if (log.isDebugEnabled()) { + log.debug("Don't performing OIDC logout according to configuration"); + } + } + if (log.isDebugEnabled()) { + log.debug("Removing OIDC tokens from cache proxy"); + } + User user = (User) session.getAttribute("USER"); + OIDCTokenCacheProxy.getInstance().removeOIDCToken(user, session); + OIDCTokenCacheProxy.getInstance().removeUMAToken(user, session); + } }