From be0860d9281768ce4c62ba3cb5344e4eda44396b Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Fri, 3 Jul 2020 18:38:58 +0200 Subject: [PATCH] Fixed wrong token put in cache after refresh. Rationalized logs. --- .../SmartGearsPortalValve.java | 171 +++++++----------- 1 file changed, 66 insertions(+), 105 deletions(-) diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java index a7c78c8..9ab758f 100644 --- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java +++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java @@ -86,14 +86,9 @@ public class SmartGearsPortalValve extends ValveBase { private void checkUMATicket(HttpServletRequest request, String scope) { HttpSession session = request.getSession(false); if (session == null) { - if (_log.isDebugEnabled()) { - _log.debug("Session is null"); - } + _log.debug("Session is null"); return; } - if (_log.isTraceEnabled()) { - _log.trace("Session details: id=" + session.getId() + ", instance=" + session); - } String urlEncodedScope = null; try { urlEncodedScope = URLEncoder.encode(scope, "UTF-8"); @@ -101,99 +96,78 @@ public class SmartGearsPortalValve extends ValveBase { _log.error("Cannot URL encode scope", e); return; } - if (_log.isDebugEnabled()) { - _log.debug("URL encoded scope is: " + urlEncodedScope); - _log.debug("Getting UMA token from session"); - } + _log.debug("URL encoded scope is: {}", urlEncodedScope); + _log.debug("Getting UMA token from session"); JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session); if (umaToken == null) { - if (_log.isDebugEnabled()) { - _log.debug("UMA token not found in session"); - } - if (_log.isDebugEnabled()) { - _log.debug("Getting current user"); - } + _log.debug("UMA token not found in session"); + + _log.debug("Getting current user"); User user = getCurrentUser(request); if (user == null) { + // Almost impossible _log.error("Current user not found, cannot continue"); return; } - if (_log.isDebugEnabled()) { - _log.debug("Trying to get UMA token from cache proxy"); - } + _log.debug("Trying to get UMA token from cache proxy"); umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session); - if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) { - if (umaToken == null) { - if (_log.isDebugEnabled()) { - _log.debug("UMA token is null. Getting new one..."); - } - } else { - _log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: " - + urlEncodedScope); - } - if (_log.isDebugEnabled()) { - _log.debug("Getting OIDC token from session"); - } - JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session); + } + if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) { + if (umaToken == null) { + _log.debug("UMA token is null. Getting new one..."); + } else { + _log.info("UMA token has been issued for another scope (" + umaToken.getAud() + + "). Getting new one for scope: " + urlEncodedScope); + } + _log.debug("Getting current user"); + User user = getCurrentUser(request); + if (user == null) { + // Almost impossible + _log.error("Current user not found, cannot continue"); + return; + } + _log.debug("Getting OIDC token from session"); + JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session); + if (authToken == null) { + _log.debug("OIDC token not found in session. Trying to get it from cache proxy"); + authToken = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session); if (authToken == null) { - if (_log.isDebugEnabled()) { - _log.debug("OIDC token not found in session. Trying to get it from cache proxy"); - } - authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session); - if (authToken == null) { - _log.error("OIDC token is null, cannot continue"); + _log.warn("OIDC token is null also in cache proxy, cannot continue!"); + return; + } else { + _log.debug("Setting OIDC token took from cache proxy in session"); + JWTTokenUtil.putOIDCInSession(authToken, session); + } + } + OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); + try { + if (authToken.isExpired()) { + _log.debug("OIDC token is expired, refreshing it"); + try { + authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken); + } catch (Exception e) { + _log.error("Refreshing OIDC token on server", e); return; - } else { - if (_log.isDebugEnabled()) { - _log.debug("OIDC token found in cache proxy"); - } } + _log.debug("Setting refreshed OIDC token in cache proxy"); + OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, authToken); + _log.debug("Setting refreshed OIDC token in session"); + JWTTokenUtil.putOIDCInSession(authToken, session); } _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope); - OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); - try { - if (authToken.isExpired()) { - if (_log.isDebugEnabled()) { - _log.debug("OIDC token is expired, refreshing it"); - try { - authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), - authToken); - - } catch (Exception e) { - _log.error("Refreshing OIDC token on server", e); - return; - } - if (_log.isDebugEnabled()) { - _log.debug("Setting refreshed OIDC token in cache proxy"); - } - OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, umaToken); - if (_log.isDebugEnabled()) { - _log.debug("Setting refreshed OIDC token in session"); - } - JWTTokenUtil.putOIDCInSession(authToken, session); - } - } - umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), - authToken.getAsBearer(), - urlEncodedScope, null); - } catch (Exception e) { - _log.error("Getting UMA token from server", e); - return; - } - if (_log.isDebugEnabled()) { - _log.debug("Setting UMA token in cache proxy"); - } - OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken); - if (_log.isDebugEnabled()) { - _log.debug("Setting UMA token in session"); - } - JWTTokenUtil.putUMAInSession(umaToken, session); + umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(), + urlEncodedScope, null); + } catch (Exception e) { + _log.error("Getting UMA token from server", e); + return; } + _log.debug("Setting UMA token in cache proxy"); + OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken); + _log.debug("Setting UMA token in session"); + JWTTokenUtil.putUMAInSession(umaToken, session); } else { if (umaToken.isExpired()) { - if (_log.isDebugEnabled()) { - _log.debug("UMA token is expired, refreshing it"); - } + _log.debug("UMA token is expired, refreshing it"); OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); try { umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken); @@ -201,33 +175,20 @@ public class SmartGearsPortalValve extends ValveBase { _log.error("Refreshing UMA token on server", e); return; } - if (_log.isDebugEnabled()) { - _log.debug("Setting refreshed UMA token in cache proxy"); - } + _log.debug("Setting refreshed UMA token in cache proxy"); OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken); - if (_log.isDebugEnabled()) { - _log.debug("Setting refreshed UMA token in session"); - } + _log.debug("Setting refreshed UMA token in session"); + JWTTokenUtil.putUMAInSession(umaToken, session); + } else if (JWTTokenUtil.getUMAFromSession(session) == null) { + _log.debug("Setting UMA token in session"); JWTTokenUtil.putUMAInSession(umaToken, session); } } - if (_log.isDebugEnabled()) { - _log.debug("Setting UMA token in UMA JWT provider"); - } - UmaJWTProvider.instance.set(umaToken.getRaw()); - } - private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) { - JWTToken token = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session); - if (token == null) { - _log.warn("OIDC token is null also in cache proxy!"); - } else { - if (_log.isDebugEnabled()) { - _log.debug("Setting OIDC token took from cache proxy in session"); - } - JWTTokenUtil.putOIDCInSession(token, session); - } - return token; + _log.debug("Current UMA token audience is: {}", umaToken.getAud()); + + _log.debug("Setting UMA token in UMA JWT provider"); + UmaJWTProvider.instance.set(umaToken.getRaw()); } /**