gCubeSystem
/
threadlocal-vars-cleaner
14
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Fixed wrong token put in cache after refresh. Rationalized logs.

This commit is contained in:
Mauro Mugnaini 2020-07-03 18:38:58 +02:00
parent 3f965a9143
commit be0860d928
1 changed files with 66 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
View File

@ -86,14 +86,9 @@ public class SmartGearsPortalValve extends ValveBase {
private void checkUMATicket(HttpServletRequest request, String scope) { private void checkUMATicket(HttpServletRequest request, String scope) {
HttpSession session = request.getSession(false); HttpSession session = request.getSession(false);
if (session == null) { if (session == null) {
if (_log.isDebugEnabled()) { _log.debug("Session is null");
_log.debug("Session is null");
}
return; return;
} }
if (_log.isTraceEnabled()) {
_log.trace("Session details: id=" + session.getId() + ", instance=" + session);
}
String urlEncodedScope = null; String urlEncodedScope = null;
try { try {
urlEncodedScope = URLEncoder.encode(scope, "UTF-8"); urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
@ -101,99 +96,78 @@ public class SmartGearsPortalValve extends ValveBase {
_log.error("Cannot URL encode scope", e); _log.error("Cannot URL encode scope", e);
return; return;
} }
if (_log.isDebugEnabled()) { _log.debug("URL encoded scope is: {}", urlEncodedScope);
_log.debug("URL encoded scope is: " + urlEncodedScope); _log.debug("Getting UMA token from session");
_log.debug("Getting UMA token from session");
}
JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session); JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
if (umaToken == null) { if (umaToken == null) {
if (_log.isDebugEnabled()) { _log.debug("UMA token not found in session");
_log.debug("UMA token not found in session");
} _log.debug("Getting current user");
if (_log.isDebugEnabled()) {
_log.debug("Getting current user");
}
User user = getCurrentUser(request); User user = getCurrentUser(request);
if (user == null) { if (user == null) {
// Almost impossible
_log.error("Current user not found, cannot continue"); _log.error("Current user not found, cannot continue");
return; return;
} }
if (_log.isDebugEnabled()) { _log.debug("Trying to get UMA token from cache proxy");
_log.debug("Trying to get UMA token from cache proxy");
}
umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session); umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session);
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) { }
if (umaToken == null) { if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
if (_log.isDebugEnabled()) { if (umaToken == null) {
_log.debug("UMA token is null. Getting new one..."); _log.debug("UMA token is null. Getting new one...");
} } else {
} else { _log.info("UMA token has been issued for another scope (" + umaToken.getAud()
_log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: " + "). Getting new one for scope: " + urlEncodedScope);
+ urlEncodedScope); }
} _log.debug("Getting current user");
if (_log.isDebugEnabled()) { User user = getCurrentUser(request);
_log.debug("Getting OIDC token from session"); if (user == null) {
} // Almost impossible
JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session); _log.error("Current user not found, cannot continue");
return;
}
_log.debug("Getting OIDC token from session");
JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
if (authToken == null) {
_log.debug("OIDC token not found in session. Trying to get it from cache proxy");
authToken = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
if (authToken == null) { if (authToken == null) {
if (_log.isDebugEnabled()) { _log.warn("OIDC token is null also in cache proxy, cannot continue!");
_log.debug("OIDC token not found in session. Trying to get it from cache proxy"); return;
} } else {
authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session); _log.debug("Setting OIDC token took from cache proxy in session");
if (authToken == null) { JWTTokenUtil.putOIDCInSession(authToken, session);
_log.error("OIDC token is null, cannot continue"); }
}
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
try {
if (authToken.isExpired()) {
_log.debug("OIDC token is expired, refreshing it");
try {
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
} catch (Exception e) {
_log.error("Refreshing OIDC token on server", e);
return; return;
} else {
if (_log.isDebugEnabled()) {
_log.debug("OIDC token found in cache proxy");
}
} }
_log.debug("Setting refreshed OIDC token in cache proxy");
OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, authToken);
_log.debug("Setting refreshed OIDC token in session");
JWTTokenUtil.putOIDCInSession(authToken, session);
} }
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope); _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(),
try { urlEncodedScope, null);
if (authToken.isExpired()) { } catch (Exception e) {
if (_log.isDebugEnabled()) { _log.error("Getting UMA token from server", e);
_log.debug("OIDC token is expired, refreshing it"); return;
try {
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(),
authToken);
} catch (Exception e) {
_log.error("Refreshing OIDC token on server", e);
return;
}
if (_log.isDebugEnabled()) {
_log.debug("Setting refreshed OIDC token in cache proxy");
}
OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, umaToken);
if (_log.isDebugEnabled()) {
_log.debug("Setting refreshed OIDC token in session");
}
JWTTokenUtil.putOIDCInSession(authToken, session);
}
}
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
authToken.getAsBearer(),
urlEncodedScope, null);
} catch (Exception e) {
_log.error("Getting UMA token from server", e);
return;
}
if (_log.isDebugEnabled()) {
_log.debug("Setting UMA token in cache proxy");
}
OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
if (_log.isDebugEnabled()) {
_log.debug("Setting UMA token in session");
}
JWTTokenUtil.putUMAInSession(umaToken, session);
} }
_log.debug("Setting UMA token in cache proxy");
OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
_log.debug("Setting UMA token in session");
JWTTokenUtil.putUMAInSession(umaToken, session);
} else { } else {
if (umaToken.isExpired()) { if (umaToken.isExpired()) {
if (_log.isDebugEnabled()) { _log.debug("UMA token is expired, refreshing it");
_log.debug("UMA token is expired, refreshing it");
}
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
try { try {
umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken); umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
@ -201,33 +175,20 @@ public class SmartGearsPortalValve extends ValveBase {
_log.error("Refreshing UMA token on server", e); _log.error("Refreshing UMA token on server", e);
return; return;
} }
if (_log.isDebugEnabled()) { _log.debug("Setting refreshed UMA token in cache proxy");
_log.debug("Setting refreshed UMA token in cache proxy");
}
OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken); OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken);
if (_log.isDebugEnabled()) { _log.debug("Setting refreshed UMA token in session");
_log.debug("Setting refreshed UMA token in session"); JWTTokenUtil.putUMAInSession(umaToken, session);
} } else if (JWTTokenUtil.getUMAFromSession(session) == null) {
_log.debug("Setting UMA token in session");
JWTTokenUtil.putUMAInSession(umaToken, session); JWTTokenUtil.putUMAInSession(umaToken, session);
} }
} }
if (_log.isDebugEnabled()) {
_log.debug("Setting UMA token in UMA JWT provider");
}
UmaJWTProvider.instance.set(umaToken.getRaw());
}
private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) { _log.debug("Current UMA token audience is: {}", umaToken.getAud());
JWTToken token = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
if (token == null) { _log.debug("Setting UMA token in UMA JWT provider");
_log.warn("OIDC token is null also in cache proxy!"); UmaJWTProvider.instance.set(umaToken.getRaw());
} else {
if (_log.isDebugEnabled()) {
_log.debug("Setting OIDC token took from cache proxy in session");
}
JWTTokenUtil.putOIDCInSession(token, session);
}
return token;
} }
/** /**