The UMA refresh token flow is skipped by the specific setting (constant in the class) and a new token is requested if the old is expired.
This commit is contained in:
parent
8e28d139b5
commit
07c8a1219e
|
@ -48,6 +48,7 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
private final static String DEFAULT_ROLE = "OrganizationMember";
|
private final static String DEFAULT_ROLE = "OrganizationMember";
|
||||||
private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
|
private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
|
||||||
|
|
||||||
|
private static boolean REFRESH_UMA_TOKEN = false;
|
||||||
private static String LOGOUT_URI = "/c/portal/logout";
|
private static String LOGOUT_URI = "/c/portal/logout";
|
||||||
private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true;
|
private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true;
|
||||||
private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true;
|
private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true;
|
||||||
|
@ -125,37 +126,50 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
_log.trace("Current UMA token is OK {}", umaToken.getTokenEssentials());
|
_log.trace("Current UMA token is OK {}", umaToken.getTokenEssentials());
|
||||||
} else {
|
} else {
|
||||||
if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) {
|
if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) {
|
||||||
_log.debug("Suitable UMA token found but is expired, trying to refresh it {}",
|
if (REFRESH_UMA_TOKEN) {
|
||||||
umaToken.getTokenEssentials());
|
_log.debug("Suitable UMA token found but is expired, trying to refresh it {}",
|
||||||
|
umaToken.getTokenEssentials());
|
||||||
|
|
||||||
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
|
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
|
||||||
.getConfiguration(request);
|
.getConfiguration(request);
|
||||||
try {
|
try {
|
||||||
umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
|
umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
|
||||||
_log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials());
|
_log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials());
|
||||||
|
|
||||||
_log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]",
|
_log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]",
|
||||||
user.getScreenName(), sessionId);
|
user.getScreenName(), sessionId);
|
||||||
|
|
||||||
JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken);
|
JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken);
|
||||||
} catch (OpenIdConnectRESTHelperException e) {
|
} catch (OpenIdConnectRESTHelperException e) {
|
||||||
if (e.hasJSONPayload()) {
|
if (e.hasJSONPayload()) {
|
||||||
if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
|
if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
|
||||||
if (FORCE_LOGOUT_ON_INVALID_OIDC) {
|
if (FORCE_LOGOUT_ON_INVALID_OIDC) {
|
||||||
_log.warn("OIDC token is become invalid, forcing redirect to logout URI");
|
_log.warn("OIDC token is become invalid, forcing redirect to logout URI");
|
||||||
forceLogout(response);
|
forceLogout(response);
|
||||||
|
} else {
|
||||||
|
_log.warn("OIDC token is become invalid, cannot continue");
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
} else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
|
||||||
|
_log.info("UMA token is no more active, get new one");
|
||||||
} else {
|
} else {
|
||||||
_log.warn("OIDC token is become invalid, cannot continue");
|
_log.error("Other UMA token refresh error", e);
|
||||||
}
|
}
|
||||||
return;
|
|
||||||
} else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
|
|
||||||
_log.info("UMA token is no more active, get new one");
|
|
||||||
} else {
|
} else {
|
||||||
_log.error("Other UMA token refresh error", e);
|
_log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e);
|
||||||
}
|
}
|
||||||
} else {
|
umaToken = null;
|
||||||
_log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e);
|
_log.debug(
|
||||||
|
"Removing inactive UMA token from cache proxy if present for user {} and session {}",
|
||||||
|
user.getScreenName(), sessionId);
|
||||||
|
|
||||||
|
JWTCacheProxy.getInstance().removeUMAToken(user, sessionId);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
_log.debug("Suitable UMA token found but it is expired."
|
||||||
|
+ "It will be replaced with new one according to settings {}",
|
||||||
|
umaToken.getTokenEssentials());
|
||||||
|
|
||||||
umaToken = null;
|
umaToken = null;
|
||||||
_log.debug("Removing inactive UMA token from cache proxy if present for user {} and session {}",
|
_log.debug("Removing inactive UMA token from cache proxy if present for user {} and session {}",
|
||||||
user.getScreenName(), sessionId);
|
user.getScreenName(), sessionId);
|
||||||
|
|
Loading…
Reference in New Issue