Implemented the token refresh on expired access-token validity

2020-07-01 19:42:10 +02:00 · 2020-07-01 19:42:10 +02:00 · 3f965a9143
parent 081e3dd257
commit 3f965a9143
1 changed files with 42 additions and 1 deletions
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@ -152,7 +152,27 @@ public class SmartGearsPortalValve extends ValveBase {
                _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
                try {
-                    // TODO: handle the token expired case and renew it with refresh token.
+                    if (authToken.isExpired()) {
+                        if (_log.isDebugEnabled()) {
+                            _log.debug("OIDC token is expired, refreshing it");
+                            try {
+                                authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(),
+                                        authToken);
+
+                            } catch (Exception e) {
+                                _log.error("Refreshing OIDC token on server", e);
+                                return;
+                            }
+                            if (_log.isDebugEnabled()) {
+                                _log.debug("Setting refreshed OIDC token in cache proxy");
+                            }
+                            OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, umaToken);
+                            if (_log.isDebugEnabled()) {
+                                _log.debug("Setting refreshed OIDC token in session");
+                            }
+                            JWTTokenUtil.putOIDCInSession(authToken, session);
+                        }
+                    }
                    umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
                            authToken.getAsBearer(),
                            urlEncodedScope, null);
@ -169,6 +189,27 @@ public class SmartGearsPortalValve extends ValveBase {
                }
                JWTTokenUtil.putUMAInSession(umaToken, session);
            }
+        } else {
+            if (umaToken.isExpired()) {
+                if (_log.isDebugEnabled()) {
+                    _log.debug("UMA token is expired, refreshing it");
+                }
+                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+                try {
+                    umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
+                } catch (Exception e) {
+                    _log.error("Refreshing UMA token on server", e);
+                    return;
+                }
+                if (_log.isDebugEnabled()) {
+                    _log.debug("Setting refreshed UMA token in cache proxy");
+                }
+                OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken);
+                if (_log.isDebugEnabled()) {
+                    _log.debug("Setting refreshed UMA token in session");
+                }
+                JWTTokenUtil.putUMAInSession(umaToken, session);
+            }
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Setting UMA token in UMA JWT provider");