updated bom

Reviewed-on: #9

.classpath

@@ -1,5 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
 	<classpathentry kind="src" output="target/classes" path="src/main/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
@@ -10,18 +21,8 @@
 		<attributes>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>

.settings/org.eclipse.jdt.core.prefs

@@ -1,5 +1,8 @@
 eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8

.settings/org.eclipse.m2e.core.prefs

@@ -1,4 +1,4 @@
-activeProfiles=
+activeProfiles=gcube-developer
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
 version=1

CHANGELOG.md

@@ -0,0 +1,33 @@
+
+# Changelog for /  threadlocal-vars-cleaner
+
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v2.3.1] - 2021-05-25
+
+- Feature #21503 Update threadlocal-vars-cleaner to support AccessTokenProvider
+
+## [v2.3.0] - 2021-05-03
+
+- Fix Bug #20591 Keycloak-LR 6.2 Integration: portlet calls in landing page have not UMA token set
+
+## [v2.2.1] - 2020-12-17
+
+- Added support for OIDC related communications
+
+- Fixed wrong token put in cache after refresh. Rationalized logs.
+
+- Ported to git
+
+## [v2.1.1] - 2020-03-26
+
+- Small fix which checks if the current Liferay Site is a valid context and avoid to call auth if it is not
+
+## [v2.1.0] - 2015-02-22
+
+- Added automatic injection of context and token of any AJAX calls
+
+## [v2.0.0] - 2016-06-23
+
+- First release after switch to new liferay version (6.2.6)

FUNDING.md

@@ -0,0 +1,26 @@
+# Acknowledgments
+
+The projects leading to this software have received funding from a series of European Union programmes including:
+
+- the Sixth Framework Programme for Research and Technological Development
+    - [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260).
+- the Seventh Framework Programme for research, technological development and demonstration 
+    - [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488);
+    - [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019);
+    - [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465);
+    - [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644);
+    - [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754).
+- the H2020 research and innovation programme 
+    - [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024);
+    - [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119);
+    - [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142);
+    - [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182);
+    - [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680);
+    - [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610);
+    - [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001);
+    - [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194);
+    - [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914);
+    - [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091);
+    - [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650);
+    - [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409);
+    - [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042);

distro/changelog.xml

@@ -1,17 +0,0 @@
-<ReleaseNotes>
-	<Changeset
-		component="org.gcube.portal.threadlocal-vars-cleaner.2-1-1"
-		date="2020-03-26">
-		<Change>Small fix which checks if the current Liferay Site is a valid context and avoid to call auth if it is not</Change>
-	</Changeset>
-	<Changeset
-		component="org.gcube.portal.threadlocal-vars-cleaner.2-1-0" date="18">
-		<Change>Added automatic injection of context and token of any AJAX
-			calls</Change>
-	</Changeset>
-	<Changeset
-		component="org.gcube.portal.threadlocal-vars-cleaner.2-0-0"
-		date="2016-06-23">
-		<Change>First Release</Change>
-	</Changeset>
-</ReleaseNotes>

distro/descriptor.xml

@@ -1,42 +0,0 @@
-<assembly
-	xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-	<id>servicearchive</id>
-	<formats>
-		<format>tar.gz</format>
-	</formats>
-	<baseDirectory>/</baseDirectory>
-	<fileSets>
-		<fileSet>
-			<directory>${distroDirectory}</directory>
-			<outputDirectory>/</outputDirectory>
-			<useDefaultExcludes>true</useDefaultExcludes>
-			<includes>
-				<include>README</include>
-				<include>LICENSE</include>			
-				<include>changelog.xml</include>
-				<include>profile.xml</include>
-			</includes>
-			<fileMode>755</fileMode>
-			<filtered>true</filtered>
-		</fileSet>
-		<fileSet>
-			<directory>target/apidocs</directory>
-			<outputDirectory>/${artifactId}/doc/api</outputDirectory>
-			<useDefaultExcludes>true</useDefaultExcludes>
-			<fileMode>755</fileMode>
-		</fileSet>
-	</fileSets>
-	<files>
-		<file>
-			<source>${distroDirectory}/profile.xml</source>
-			<outputDirectory>./</outputDirectory>
-			<filtered>true</filtered>
-		</file>
-		<file>
-			<source>target/${build.finalName}.jar</source>
-			<outputDirectory>/${artifactId}</outputDirectory>
-		</file>
-	</files>
-</assembly>

distro/profile.xml

@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<ID></ID>
-	<Type>Library</Type>
-	<Profile>
-		<Description>${description}</Description>
-		<Class>Portal</Class>
-		<Name>${artifactId}</Name>
-		<Version>1.0.0</Version>
-		<Packages>
-			<Software>
-				<Name>${artifactId}</Name>
-				<Version>${version}</Version>
-				<MavenCoordinates>
-					<groupId>${groupId}</groupId>
-					<artifactId>${artifactId}</artifactId>
-					<version>${version}</version>
-				</MavenCoordinates>
-				<Files>
-					<File>${build.finalName}.war</File>
-				</Files>
-			</Software>
-		</Packages>
-	</Profile>
-</Resource>

pom.xml

@@ -11,13 +11,12 @@
 
 	<groupId>org.gcube.portal</groupId>
 	<artifactId>threadlocal-vars-cleaner</artifactId>
-	<version>2.1.1</version>
+	<version>2.3.1</version>
 	<packaging>jar</packaging>
 	<name>threadlocal-vars-cleaner</name>
 	<description>This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool</description>
 	<properties>
 		<java-version>1.8</java-version>
-		<distroDirectory>${project.basedir}/distro</distroDirectory>
 		<webappDirectory>${project.build.directory}/${project.build.finalName}</webappDirectory>
 		<distroDirectory>distro</distroDirectory>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -33,7 +32,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>maven-portal-bom</artifactId>
-				<version>3.6.0</version>
+				<version>3.6.3</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -61,11 +60,21 @@
 			<artifactId>portal-manager</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.portal</groupId>
+			<artifactId>oidc-library-portal</artifactId>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>com.liferay.portal</groupId>
 			<artifactId>portal-service</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>javax.portlet</groupId>
+			<artifactId>portlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
@@ -81,21 +90,6 @@
 	<build>
 		<finalName>threadlocal-vars-cleaner-${project.version}</finalName>
 		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-war-plugin</artifactId>
-				<executions>
-					<execution>
-						<phase>compile</phase>
-						<goals>
-							<goal>exploded</goal>
-						</goals>
-					</execution>
-				</executions>
-				<configuration>
-					<webappDirectory>${webappDirectory}</webappDirectory>
-				</configuration>
-			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>

src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java

@@ -8,124 +8,146 @@ import java.util.List;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.valves.ValveBase;
 import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
-import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.liferay.portal.model.User;
 import com.liferay.portal.service.UserLocalServiceUtil;
+
 /**
  * 
  * @author Massimiliano Assante, CNR ISTI
  * @author Lucio Lelii, CNR ISTI
+ * @author Mauro Mugnaini, Nubisware S.r.l.
  *
  */
-public class SmartGearsPortalValve extends ValveBase  {
-	private static final Logger _log = LoggerFactory.getLogger(SmartGearsPortalValve.class);
-	private final static String DEFAULT_ROLE = "OrganizationMember";
-	private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
+public class SmartGearsPortalValve extends ValveBase {
 
+    private static final Logger _log = LoggerFactory.getLogger(SmartGearsPortalValve.class);
+    private final static String DEFAULT_ROLE = "OrganizationMember";
+    private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
 
-	@Override
-	public void invoke(Request req, Response resp) throws IOException,	ServletException {
-		SecurityTokenProvider.instance.reset();
-		ScopeProvider.instance.reset();
-		AuthorizationProvider.instance.reset();
-		//_log.trace("SmartGearsPortalValve SecurityTokenProvider and AuthorizationProvider reset OK");
-		if (req instanceof HttpServletRequest) {
-			HttpServletRequest request =  (HttpServletRequest) req;
-			if (!req.getRequestURL().toString().endsWith(LIFERAY_POLLER_CONTEXT)) { //avoid calling gCube auth service for liferay internal poller
-				PortalContext context = PortalContext.getConfiguration();
-				String scope = context.getCurrentScope(request);
-				String username = getCurrentUsername(request);
-				if (scope != null && username != null && validateContext(scope)) {
-					String userToken = null;
-					try {
-						ScopeProvider.instance.set(scope);
-						userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
-						SecurityTokenProvider.instance.set(userToken);
-					} 
-					catch (ObjectNotFound ex) {
-						userToken = generateAuthorizationToken(username, scope);
-						SecurityTokenProvider.instance.set(userToken);
-						_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
-					}			
-					catch (Exception e) {
-						_log.error("Something went wrong in generating token for " + username + " in scope " + scope);
-						e.printStackTrace();
-					}
-					//_log.trace("Security token set OK for " + username + " in scope " + scope);
-				}
-			}
-		}
-		getNext().invoke(req, resp);
-	}
-	
-	/**
-	 * 
-	 * @param context
-	 * @return true if is the context is syntactically valid
-	 */
-	private static boolean validateContext(String context) {
-		String separator = "/";			
-		if (!context.matches("\\S+"))
-			return false;
-		String[] components=context.split(separator);
-		if (components.length<2 || components.length>4) 
-			return false;
-		return true;
-	}
+    @Override
+    public void invoke(Request req, Response resp) throws IOException, ServletException {
+        SecurityTokenProvider.instance.reset();
+        ScopeProvider.instance.reset();
+        AuthorizationProvider.instance.reset();
+        AccessTokenProvider.instance.reset();
+        //_log.trace("SmartGearsPortalValve SecurityTokenProvider and AuthorizationProvider reset OK");
+        if (req instanceof HttpServletRequest) {
+            HttpServletRequest request = (HttpServletRequest) req;
+            if (!req.getRequestURL().toString().endsWith(LIFERAY_POLLER_CONTEXT)) { //avoid calling gCube auth service for liferay internal poller
+                PortalContext context = PortalContext.getConfiguration();
+                String scope = context.getCurrentScope(request);
+                String username = getCurrentUsername(request);
+                if (scope != null && username != null && validateContext(scope)) {
+                    String userToken = null;
+                    try {
+                        ScopeProvider.instance.set(scope);
+                        userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
+                        SecurityTokenProvider.instance.set(userToken);
+                    } catch (ObjectNotFound ex) {
+                        userToken = generateAuthorizationToken(username, scope);
+                        SecurityTokenProvider.instance.set(userToken);
+                        _log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
+                    } catch (Exception e) {
+                        _log.error("Something went wrong in generating token for " + username + " in scope " + scope);
+                        e.printStackTrace();
+                    }
 
-	/**
-	 * 
-	 * @param username
-	 * @param scope
-	 * @throws Exception
-	 */
-	private static String generateAuthorizationToken(String username, String scope)  {
-		List<String> userRoles = new ArrayList<>();
-		userRoles.add(DEFAULT_ROLE);
-		String token;
-		try {
-			token = authorizationService().generateUserToken(new UserInfo(username, userRoles), scope);
-		} catch (Exception e) {
-			e.printStackTrace();
-			return null;
-		}
-		return token;
-	}
+                    _log.debug("Getting current user");
+                    User user = getCurrentUser(request);
+                    // user cannot be null otherwise also the getCurrentUsername(request) returned null username in previous lines
+                    _log.debug("Getting current session");
+                    HttpSession session = request.getSession(false);
+                    if (session != null) {
+                        OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
+                                session, scope);
+                    } else {
+                        _log.debug("Session is null, cannot continue with OIDC/UMA checks");
+                    }
 
-	/**
-	 * 
-	 * @param httpServletRequest the httpServletRequest object
-	 * @return the instance of the user 
-	 * @see GCubeUser
-	 */
-	public static String getCurrentUsername(HttpServletRequest httpServletRequest) {
-		String userIdNo = httpServletRequest.getHeader(PortalContext.USER_ID_ATTR_NAME);
-		if (userIdNo != null && userIdNo.compareTo("undefined") != 0) {
-			long userId = -1;
-			try {
-				userId = Long.parseLong(userIdNo);
-				return UserLocalServiceUtil.getUser(userId).getScreenName();
-			} catch (NumberFormatException e) {
-				_log.error("The userId is not a number -> " + userIdNo);
-				return null;
-			} catch (Exception e) {
-				_log.error("The userId does not belong to any user -> " + userIdNo);
-				return null;
-			}
-		} 
-		return null;
-	}
+                    //_log.trace("Security token set OK for " + username + " in scope " + scope);
+                }
+            }
+        }
+        getNext().invoke(req, resp);
+    }
+
+    /**
+     * 
+     * @param context
+     * @return true if is the context is syntactically valid
+     */
+    private static boolean validateContext(String context) {
+        String separator = "/";
+        if (!context.matches("\\S+"))
+            return false;
+        String[] components = context.split(separator);
+        if (components.length < 2 || components.length > 4)
+            return false;
+        return true;
+    }
+
+    /**
+     * 
+     * @param username
+     * @param scope
+     * @throws Exception
+     */
+    private static String generateAuthorizationToken(String username, String scope) {
+        List<String> userRoles = new ArrayList<>();
+        userRoles.add(DEFAULT_ROLE);
+        String token;
+        try {
+            token = authorizationService().generateUserToken(new UserInfo(username, userRoles), scope);
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+        return token;
+    }
+
+    /**
+     * 
+     * @param httpServletRequest the httpServletRequest object
+     * @return the instance of the user 
+     * @see GCubeUser
+     */
+    public static String getCurrentUsername(HttpServletRequest httpServletRequest) {
+        User user = getCurrentUser(httpServletRequest);
+        return user != null ? user.getScreenName() : null;
+    }
+
+    public static User getCurrentUser(HttpServletRequest httpServletRequest) {
+        String userIdNo = httpServletRequest.getHeader(PortalContext.USER_ID_ATTR_NAME);
+        if (userIdNo != null && userIdNo.compareTo("undefined") != 0) {
+            long userId = -1;
+            try {
+                userId = Long.parseLong(userIdNo);
+                return UserLocalServiceUtil.getUser(userId);
+            } catch (NumberFormatException e) {
+                _log.error("The userId is not a number -> " + userIdNo);
+                return null;
+            } catch (Exception e) {
+                _log.error("The userId does not belong to any user -> " + userIdNo);
+                return null;
+            }
+        }
+        return null;
+    }
 }
-