2021-01-22 15:01:58 +01:00
1 changed files with 37 additions and 23 deletions
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@ -48,6 +48,7 @@ public class SmartGearsPortalValve extends ValveBase {
    private final static String DEFAULT_ROLE = "OrganizationMember";
    private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";

+    private static boolean REFRESH_UMA_TOKEN = false;
    private static String LOGOUT_URI = "/c/portal/logout";
    private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true;
    private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true;
@ -125,37 +126,50 @@ public class SmartGearsPortalValve extends ValveBase {
                _log.trace("Current UMA token is OK {}", umaToken.getTokenEssentials());
            } else {
                if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) {
-                    _log.debug("Suitable UMA token found but is expired, trying to refresh it {}",
-                            umaToken.getTokenEssentials());
+                    if (REFRESH_UMA_TOKEN) {
+                        _log.debug("Suitable UMA token found but is expired, trying to refresh it {}",
+                                umaToken.getTokenEssentials());

-                    OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
-                            .getConfiguration(request);
-                    try {
-                        umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
-                        _log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials());
+                        OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
+                                .getConfiguration(request);
+                        try {
+                            umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
+                            _log.debug("Got a refreshed UMA token {}", umaToken.getTokenEssentials());

-                        _log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]",
-                                user.getScreenName(), sessionId);
+                            _log.debug("Setting the refreshed UMA token in cache proxy for user {}, and session]",
+                                    user.getScreenName(), sessionId);

-                        JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken);
-                    } catch (OpenIdConnectRESTHelperException e) {
-                        if (e.hasJSONPayload()) {
-                            if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
-                                if (FORCE_LOGOUT_ON_INVALID_OIDC) {
-                                    _log.warn("OIDC token is become invalid, forcing redirect to logout URI");
-                                    forceLogout(response);
+                            JWTCacheProxy.getInstance().setUMAToken(user, sessionId, umaToken);
+                        } catch (OpenIdConnectRESTHelperException e) {
+                            if (e.hasJSONPayload()) {
+                                if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
+                                    if (FORCE_LOGOUT_ON_INVALID_OIDC) {
+                                        _log.warn("OIDC token is become invalid, forcing redirect to logout URI");
+                                        forceLogout(response);
+                                    } else {
+                                        _log.warn("OIDC token is become invalid, cannot continue");
+                                    }
+                                    return;
+                                } else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
+                                    _log.info("UMA token is no more active, get new one");
                                } else {
-                                    _log.warn("OIDC token is become invalid, cannot continue");
+                                    _log.error("Other UMA token refresh error", e);
                                }
-                                return;
-                            } else if (OpenIdConnectRESTHelper.isTokenNotActiveError(e.getResponseString())) {
-                                _log.info("UMA token is no more active, get new one");
                            } else {
-                                _log.error("Other UMA token refresh error", e);
+                                _log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e);
                            }
-                        } else {
-                            _log.error("Refreshing UMA token on server " + umaToken.getTokenEssentials(), e);
+                            umaToken = null;
+                            _log.debug(
+                                    "Removing inactive UMA token from cache proxy if present for user {} and session {}",
+                                    user.getScreenName(), sessionId);
+
+                            JWTCacheProxy.getInstance().removeUMAToken(user, sessionId);
                        }
+                    } else {
+                        _log.debug("Suitable UMA token found but it is expired."
+                                + "It will be replaced with new one according to settings {}",
+                                umaToken.getTokenEssentials());
+
                        umaToken = null;
                        _log.debug("Removing inactive UMA token from cache proxy if present for user {} and session {}",
                                user.getScreenName(), sessionId);