The `UMATokensProvider` (formerly `UmaJWTProvider`) is now in this lib and new provider from common library (`AccessTokenProvider`) is used to transport the `access-token` only to the client lib

2021-05-24 19:06:52 +02:00 · 2021-05-24 19:06:52 +02:00 · 5407b79e9a
parent 00dc6538a9
commit 5407b79e9a
1 changed files with 11 additions and 6 deletions
--- a/src/main/java/org/gcube/portal/oidc/lr62/OIDCUmaUtil.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/OIDCUmaUtil.java
@ -9,7 +9,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

-import org.gcube.common.authorization.library.provider.UmaJWTProvider;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
 import org.gcube.oidc.rest.JWTToken;
 import org.gcube.oidc.rest.OpenIdConnectConfiguration;
 import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
@ -72,8 +72,8 @@ public class OIDCUmaUtil {
            JWTToken umaToken = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, clientAuthorizationBearer,
                    encodedContext, null);

-            log.debug("Setting token in the UMA JWT provider");
-            UmaJWTProvider.instance.set(JWTTokenUtil.getRawContent(umaToken));
+            provideTokensInThreadlocal(umaToken);
+
        } catch (Exception e) {
            log.error("Cannot retrieve client UMA token", e);
            return;
@ -86,7 +86,7 @@ public class OIDCUmaUtil {
     * The OIDC access token in the {@link JWTCacheProxy} for the user in the current <code>session</code> will be used.
     * 
     * @param request the current HTTP request
-     * @param screenName the user's user id
+     * @param userId the user's user id
     * @param scope the scope to issue the token for (e.g. "/gcube")
     * @return the temporary token in the requested context for the user
     * @throws UMAException if a generic error related to the UMA/RPT token issue occurs
@ -358,8 +358,7 @@ public class OIDCUmaUtil {
            JWTToken umaToken = getUMAToken(request, user, session, scope, false);
            log.trace("Current UMA token in use is: {}", umaToken.getTokenEssentials());

-            log.debug("Setting UMA token with jti {} in UMA JWT provider", umaToken.getJti());
-            UmaJWTProvider.instance.set(umaToken.getRaw());
+            provideTokensInThreadlocal(umaToken);
        } catch (MissingTokenException e) {
            if (FORCE_LOGOUT_ON_MISSING_OIDC) {
                log.debug("OIDC token is null in cache proxy, force redirecting to logut URI");
@ -392,6 +391,12 @@ public class OIDCUmaUtil {

    }

+    private static void provideTokensInThreadlocal(JWTToken umaTokens) {
+        log.debug("Setting UMA token with jti {} in UMA JWT provider", umaTokens.getJti());
+        UMATokensProvider.instance.set(JWTTokenUtil.getRawContent(umaTokens));
+        AccessTokenProvider.instance.set(JWTTokenUtil.getAccessTokenString(umaTokens));
+    }
+
    protected static void forceLogout(HttpServletResponse response) {
        try {
            if (!response.isCommitted()) {