Fixed wrong token put in cache after refresh. Rationalized logs.
This commit is contained in:
parent
3f965a9143
commit
be0860d928
|
@ -86,14 +86,9 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
private void checkUMATicket(HttpServletRequest request, String scope) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session == null) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Session is null");
|
||||
}
|
||||
_log.debug("Session is null");
|
||||
return;
|
||||
}
|
||||
if (_log.isTraceEnabled()) {
|
||||
_log.trace("Session details: id=" + session.getId() + ", instance=" + session);
|
||||
}
|
||||
String urlEncodedScope = null;
|
||||
try {
|
||||
urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
|
||||
|
@ -101,99 +96,78 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
_log.error("Cannot URL encode scope", e);
|
||||
return;
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("URL encoded scope is: " + urlEncodedScope);
|
||||
_log.debug("Getting UMA token from session");
|
||||
}
|
||||
_log.debug("URL encoded scope is: {}", urlEncodedScope);
|
||||
_log.debug("Getting UMA token from session");
|
||||
JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
|
||||
if (umaToken == null) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("UMA token not found in session");
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Getting current user");
|
||||
}
|
||||
_log.debug("UMA token not found in session");
|
||||
|
||||
_log.debug("Getting current user");
|
||||
User user = getCurrentUser(request);
|
||||
if (user == null) {
|
||||
// Almost impossible
|
||||
_log.error("Current user not found, cannot continue");
|
||||
return;
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Trying to get UMA token from cache proxy");
|
||||
}
|
||||
_log.debug("Trying to get UMA token from cache proxy");
|
||||
umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session);
|
||||
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
|
||||
if (umaToken == null) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("UMA token is null. Getting new one...");
|
||||
}
|
||||
} else {
|
||||
_log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: "
|
||||
+ urlEncodedScope);
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Getting OIDC token from session");
|
||||
}
|
||||
JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
|
||||
}
|
||||
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
|
||||
if (umaToken == null) {
|
||||
_log.debug("UMA token is null. Getting new one...");
|
||||
} else {
|
||||
_log.info("UMA token has been issued for another scope (" + umaToken.getAud()
|
||||
+ "). Getting new one for scope: " + urlEncodedScope);
|
||||
}
|
||||
_log.debug("Getting current user");
|
||||
User user = getCurrentUser(request);
|
||||
if (user == null) {
|
||||
// Almost impossible
|
||||
_log.error("Current user not found, cannot continue");
|
||||
return;
|
||||
}
|
||||
_log.debug("Getting OIDC token from session");
|
||||
JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
|
||||
if (authToken == null) {
|
||||
_log.debug("OIDC token not found in session. Trying to get it from cache proxy");
|
||||
authToken = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
|
||||
if (authToken == null) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("OIDC token not found in session. Trying to get it from cache proxy");
|
||||
}
|
||||
authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session);
|
||||
if (authToken == null) {
|
||||
_log.error("OIDC token is null, cannot continue");
|
||||
_log.warn("OIDC token is null also in cache proxy, cannot continue!");
|
||||
return;
|
||||
} else {
|
||||
_log.debug("Setting OIDC token took from cache proxy in session");
|
||||
JWTTokenUtil.putOIDCInSession(authToken, session);
|
||||
}
|
||||
}
|
||||
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
|
||||
try {
|
||||
if (authToken.isExpired()) {
|
||||
_log.debug("OIDC token is expired, refreshing it");
|
||||
try {
|
||||
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
|
||||
} catch (Exception e) {
|
||||
_log.error("Refreshing OIDC token on server", e);
|
||||
return;
|
||||
} else {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("OIDC token found in cache proxy");
|
||||
}
|
||||
}
|
||||
_log.debug("Setting refreshed OIDC token in cache proxy");
|
||||
OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, authToken);
|
||||
_log.debug("Setting refreshed OIDC token in session");
|
||||
JWTTokenUtil.putOIDCInSession(authToken, session);
|
||||
}
|
||||
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
|
||||
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
|
||||
try {
|
||||
if (authToken.isExpired()) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("OIDC token is expired, refreshing it");
|
||||
try {
|
||||
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(),
|
||||
authToken);
|
||||
|
||||
} catch (Exception e) {
|
||||
_log.error("Refreshing OIDC token on server", e);
|
||||
return;
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting refreshed OIDC token in cache proxy");
|
||||
}
|
||||
OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, umaToken);
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting refreshed OIDC token in session");
|
||||
}
|
||||
JWTTokenUtil.putOIDCInSession(authToken, session);
|
||||
}
|
||||
}
|
||||
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
|
||||
authToken.getAsBearer(),
|
||||
urlEncodedScope, null);
|
||||
} catch (Exception e) {
|
||||
_log.error("Getting UMA token from server", e);
|
||||
return;
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting UMA token in cache proxy");
|
||||
}
|
||||
OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting UMA token in session");
|
||||
}
|
||||
JWTTokenUtil.putUMAInSession(umaToken, session);
|
||||
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(),
|
||||
urlEncodedScope, null);
|
||||
} catch (Exception e) {
|
||||
_log.error("Getting UMA token from server", e);
|
||||
return;
|
||||
}
|
||||
_log.debug("Setting UMA token in cache proxy");
|
||||
OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
|
||||
_log.debug("Setting UMA token in session");
|
||||
JWTTokenUtil.putUMAInSession(umaToken, session);
|
||||
} else {
|
||||
if (umaToken.isExpired()) {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("UMA token is expired, refreshing it");
|
||||
}
|
||||
_log.debug("UMA token is expired, refreshing it");
|
||||
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
|
||||
try {
|
||||
umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
|
||||
|
@ -201,33 +175,20 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
_log.error("Refreshing UMA token on server", e);
|
||||
return;
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting refreshed UMA token in cache proxy");
|
||||
}
|
||||
_log.debug("Setting refreshed UMA token in cache proxy");
|
||||
OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken);
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting refreshed UMA token in session");
|
||||
}
|
||||
_log.debug("Setting refreshed UMA token in session");
|
||||
JWTTokenUtil.putUMAInSession(umaToken, session);
|
||||
} else if (JWTTokenUtil.getUMAFromSession(session) == null) {
|
||||
_log.debug("Setting UMA token in session");
|
||||
JWTTokenUtil.putUMAInSession(umaToken, session);
|
||||
}
|
||||
}
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting UMA token in UMA JWT provider");
|
||||
}
|
||||
UmaJWTProvider.instance.set(umaToken.getRaw());
|
||||
}
|
||||
|
||||
private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) {
|
||||
JWTToken token = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
|
||||
if (token == null) {
|
||||
_log.warn("OIDC token is null also in cache proxy!");
|
||||
} else {
|
||||
if (_log.isDebugEnabled()) {
|
||||
_log.debug("Setting OIDC token took from cache proxy in session");
|
||||
}
|
||||
JWTTokenUtil.putOIDCInSession(token, session);
|
||||
}
|
||||
return token;
|
||||
_log.debug("Current UMA token audience is: {}", umaToken.getAud());
|
||||
|
||||
_log.debug("Setting UMA token in UMA JWT provider");
|
||||
UmaJWTProvider.instance.set(umaToken.getRaw());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue