gCubeSystem
/
oidc-library-portal
17
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The `UMATokensProvider` (formerly `UmaJWTProvider`) is now in this lib and new provider from common library (`AccessTokenProvider`) is used to transport the `access-token` only to the client lib

This commit is contained in:
Mauro Mugnaini 2021-05-24 19:06:52 +02:00
parent 00dc6538a9
commit 5407b79e9a
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/org/gcube/portal/oidc/lr62/OIDCUmaUtil.java
View File

@ -9,7 +9,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.gcube.common.authorization.library.provider.UmaJWTProvider; import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.oidc.rest.JWTToken; import org.gcube.oidc.rest.JWTToken;
import org.gcube.oidc.rest.OpenIdConnectConfiguration; import org.gcube.oidc.rest.OpenIdConnectConfiguration;
import org.gcube.oidc.rest.OpenIdConnectRESTHelper; import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
@ -72,8 +72,8 @@ public class OIDCUmaUtil {
JWTToken umaToken = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, clientAuthorizationBearer, JWTToken umaToken = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, clientAuthorizationBearer,
encodedContext, null); encodedContext, null);
log.debug("Setting token in the UMA JWT provider"); provideTokensInThreadlocal(umaToken);
UmaJWTProvider.instance.set(JWTTokenUtil.getRawContent(umaToken));
} catch (Exception e) { } catch (Exception e) {
log.error("Cannot retrieve client UMA token", e); log.error("Cannot retrieve client UMA token", e);
return; return;
@ -86,7 +86,7 @@ public class OIDCUmaUtil {
* The OIDC access token in the {@link JWTCacheProxy} for the user in the current <code>session</code> will be used. * The OIDC access token in the {@link JWTCacheProxy} for the user in the current <code>session</code> will be used.
* *
* @param request the current HTTP request * @param request the current HTTP request
* @param screenName the user's user id * @param userId the user's user id
* @param scope the scope to issue the token for (e.g. "/gcube") * @param scope the scope to issue the token for (e.g. "/gcube")
* @return the temporary token in the requested context for the user * @return the temporary token in the requested context for the user
* @throws UMAException if a generic error related to the UMA/RPT token issue occurs * @throws UMAException if a generic error related to the UMA/RPT token issue occurs
@ -358,8 +358,7 @@ public class OIDCUmaUtil {
JWTToken umaToken = getUMAToken(request, user, session, scope, false); JWTToken umaToken = getUMAToken(request, user, session, scope, false);
log.trace("Current UMA token in use is: {}", umaToken.getTokenEssentials()); log.trace("Current UMA token in use is: {}", umaToken.getTokenEssentials());
log.debug("Setting UMA token with jti {} in UMA JWT provider", umaToken.getJti()); provideTokensInThreadlocal(umaToken);
UmaJWTProvider.instance.set(umaToken.getRaw());
} catch (MissingTokenException e) { } catch (MissingTokenException e) {
if (FORCE_LOGOUT_ON_MISSING_OIDC) { if (FORCE_LOGOUT_ON_MISSING_OIDC) {
log.debug("OIDC token is null in cache proxy, force redirecting to logut URI"); log.debug("OIDC token is null in cache proxy, force redirecting to logut URI");
@ -392,6 +391,12 @@ public class OIDCUmaUtil {
} }
private static void provideTokensInThreadlocal(JWTToken umaTokens) {
log.debug("Setting UMA token with jti {} in UMA JWT provider", umaTokens.getJti());
UMATokensProvider.instance.set(JWTTokenUtil.getRawContent(umaTokens));
AccessTokenProvider.instance.set(JWTTokenUtil.getAccessTokenString(umaTokens));
}
protected static void forceLogout(HttpServletResponse response) { protected static void forceLogout(HttpServletResponse response) {
try { try {
if (!response.isCommitted()) { if (!response.isCommitted()) {