Merge pull request 'The UMA refresh token flow is skipped by the specific setting (constant in the class) and a new token is requested if the old is expired.' (#7) from mauro.mugnaini/threadlocal-vars-cleaner:master into master

This commit is contained in:
Massimiliano Assante 2021-01-22 15:01:57 +01:00
commit 62a6375372
1 changed files with 37 additions and 23 deletions

View File

@ -48,6 +48,7 @@ public class SmartGearsPortalValve extends ValveBase {
private final static String DEFAULT_ROLE = "OrganizationMember"; private final static String DEFAULT_ROLE = "OrganizationMember";
private final static String LIFERAY_POLLER_CONTEXT = "poller/receive"; private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
private static boolean REFRESH_UMA_TOKEN = false;
private static String LOGOUT_URI = "/c/portal/logout"; private static String LOGOUT_URI = "/c/portal/logout";
private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true; private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true;
private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true; private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true;
@ -125,37 +126,50 @@ public class SmartGearsPortalValve extends ValveBase {
_log.trace("Current UMA token is OK {}", umaToken.getTokenEssentials()); _log.trace("Current UMA token is OK {}", umaToken.getTokenEssentials());
} else { } else {
if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) { if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) {
_log.debug("Suitable UMA token found but is expired, trying to refresh it {}", if (REFRESH_UMA_TOKEN) {
umaToken.getTokenEssentials()); _log.debug("Suitable UMA token found but is expired, trying to refresh it {}",
umaToken.getTokenEssentials());
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
.getConfiguration(request); .getConfiguration(request);
try { try {
umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken); umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
_log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials()); _log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials());
_log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]", _log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]",
user.getScreenName(), sessionId); user.getScreenName(), sessionId);
JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken); JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken);
} catch (OpenIdConnectRESTHelperException e) { } catch (OpenIdConnectRESTHelperException e) {
if (e.hasJSONPayload()) { if (e.hasJSONPayload()) {
if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) { if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
if (FORCE_LOGOUT_ON_INVALID_OIDC) { if (FORCE_LOGOUT_ON_INVALID_OIDC) {
_log.warn("OIDC token is become invalid, forcing redirect to logout URI"); _log.warn("OIDC token is become invalid, forcing redirect to logout URI");
forceLogout(response); forceLogout(response);
} else {
_log.warn("OIDC token is become invalid, cannot continue");
}
return;
} else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
_log.info("UMA token is no more active, get new one");
} else { } else {
_log.warn("OIDC token is become invalid, cannot continue"); _log.error("Other UMA token refresh error", e);
} }
return;
} else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
_log.info("UMA token is no more active, get new one");
} else { } else {
_log.error("Other UMA token refresh error", e); _log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e);
} }
} else { umaToken = null;
_log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e); _log.debug(
"Removing inactive UMA token from cache proxy if present for user {} and session {}",
user.getScreenName(), sessionId);
JWTCacheProxy.getInstance().removeUMAToken(user, sessionId);
} }
} else {
_log.debug("Suitable UMA token found but it is expired."
+ "It will be replaced with new one according to settings {}",
umaToken.getTokenEssentials());
umaToken = null; umaToken = null;
_log.debug("Removing inactive UMA token from cache proxy if present for user {} and session {}", _log.debug("Removing inactive UMA token from cache proxy if present for user {} and session {}",
user.getScreenName(), sessionId); user.getScreenName(), sessionId);