A lot of logs added and rationalized loop

2021-01-19 15:04:31 +01:00 · 2021-01-19 15:04:31 +01:00 · 1a0f9b5086
parent 9a25509add
commit 1a0f9b5086
1 changed files with 203 additions and 166 deletions
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@ -33,8 +33,11 @@ import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
 import com.liferay.portal.model.User;
 import com.liferay.portal.service.UserLocalServiceUtil;
+import com.liferay.portal.util.PortalUtil;

 /**
 * 
@ -95,17 +98,31 @@ public class SmartGearsPortalValve extends ValveBase {
    private void checkUMATicket(HttpServletRequest request, HttpServletResponse response, String scope) {
        _log.debug("Getting current user");
        User user = getCurrentUser(request);
+        User purUser = null;
+        try {
+            purUser = PortalUtil.getUser(request);
+        } catch (PortalException | SystemException e) {
+            _log.debug("Cannot get user via portal util: {}", e.getMessage());
+        }
        if (user == null) {
-            // Almost impossible
            _log.error("Current user not found, cannot continue");
            return;
+        } else {
+            _log.debug("Current user is: {} [{}]", user.getScreenName(), user.getEmailAddress());
+            if (purUser != null) {
+                _log.debug("Current PURet user is: {} [{}]", purUser.getScreenName(), purUser.getEmailAddress());
+            } else {
+                _log.debug("Current PURet user null");
+            }
        }
        HttpSession session = request.getSession(false);
        if (session == null) {
            _log.debug("Session is null, cannot continue");
            return;
+        } else {
+            _log.debug("Current session ID is {} and class instance is [{}]", session.getId(),
+                    Integer.toHexString(session.hashCode()));
        }
-        synchronized (session) {
        String urlEncodedScope = null;
        try {
            urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
@ -116,34 +133,42 @@ public class SmartGearsPortalValve extends ValveBase {
        }
        _log.debug("URL encoded scope is: {}", urlEncodedScope);

-            _log.trace("Getting UMA token from session: {}", session);
+        _log.trace("Getting UMA token from session {} [{}]", session.getId(), Integer.toHexString(session.hashCode()));
        JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
        if (umaToken == null) {
            _log.debug("UMA token not found in session. Trying to get it from cache proxy");
            umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
        }
        if (umaToken != null && !umaToken.isExpired() && umaToken.getAud().contains(urlEncodedScope)) {
-                _log.trace("Current UMA token is OK");
+            _log.trace("Current UMA token is OK [{}]", umaToken.getTokenEssentials());
            if (JWTTokenUtil.getUMAFromSession(session) == null) {
-                    _log.debug("Setting UMA token also in current session");
+                _log.debug("Setting UMA token also in current session {} [{}]", session.getId(),
+                        Integer.toHexString(session.hashCode()));
+
                JWTTokenUtil.putUMAInSession(umaToken, session);
            }
        } else if (JWTCacheProxy.getInstance().getUMAToken(user, session) != null
                && !JWTCacheProxy.getInstance().getUMAToken(user, session).isExpired()
                && JWTCacheProxy.getInstance().getUMAToken(user, session).getAud().contains(urlEncodedScope)) {

-                _log.debug("Cache proxy already contains the suitable UMA token. Putting it also in session and using it");
+            _log.debug("Cache proxy already contains the suitable UMA token: {}", umaToken.getTokenEssentials());
+            _log.debug("Putting it also in session {} [{}] and using it", session.getId(),
+                    Integer.toHexString(session.hashCode()));
+
            umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
            JWTTokenUtil.putUMAInSession(umaToken, session);
        } else {
            if (umaToken != null && umaToken.getAud().contains(urlEncodedScope) && umaToken.isExpired()) {
-                    _log.debug("UMA token is expired, trying to refresh it");
-                    OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+                _log.debug("UMA token is expired, trying to refresh it [{}]", umaToken.getTokenEssentials());
+                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration
+                        .getConfiguration(request);
                try {
                    umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
-                        _log.debug("Setting refreshed UMA token in cache proxy");
+                    _log.debug("Setting refreshed UMA token in cache proxy [{}]", umaToken.getTokenEssentials());
                    JWTCacheProxy.getInstance().setUMAToken(getCurrentUser(request), session, umaToken);
-                        _log.debug("Setting refreshed UMA token in session");
+                    _log.debug("Setting refreshed UMA token in session {} [{}]", session.getId(),
+                            Integer.toHexString(session.hashCode()));
+
                    JWTTokenUtil.putUMAInSession(umaToken, session);
                } catch (OpenIdConnectRESTHelperException e) {
                    if (e.hasJSONPayload()) {
@ -159,12 +184,16 @@ public class SmartGearsPortalValve extends ValveBase {
                            _log.info("UMA token is no more active, get new one");
                        }
                    } else {
-                            _log.error("Refreshing UMA token on server", e);
+                        _log.error("Refreshing UMA token on server [" + umaToken.getTokenEssentials() + "]", e);
                    }
                    umaToken = null;
-                        _log.info("Removing probably inactive OIDC token from session");
+                    _log.info("Removing probably inactive OIDC token from session {} [{}}", session.getId(),
+                            Integer.toHexString(session.hashCode()));
+
                    JWTTokenUtil.removeOIDCFromSession(session);
-                        _log.info("Removing all inactive UMA token from session and from cache proxy if present");
+                    _log.info("Removing all inactive UMA token from session {} [{}] and from cache proxy if present",
+                            session.getId(), Integer.toHexString(session.hashCode()));
+
                    JWTTokenUtil.removeUMAFromSession(session);
                    JWTCacheProxy.getInstance().removeUMAToken(user, session);
                }
@ -175,10 +204,12 @@ public class SmartGearsPortalValve extends ValveBase {
                    _log.debug("Getting new UMA token for scope {}", urlEncodedScope);
                } else if (!umaToken.getAud().contains(urlEncodedScope)) {
                    scopeIsChanged = true;
-                        _log.info("UMA token has been issued for another scope ({}). Getting new one for scope: {}",
-                                umaToken.getAud(), urlEncodedScope);
+                    _log.info("Getting new UMA for scope {} since it has been issued for another scope [{}]",
+                            urlEncodedScope, umaToken.getTokenEssentials());
                }
-                    _log.debug("Getting OIDC token from session");
+                _log.debug("Getting OIDC token from session {} [{}]", session.getId(),
+                        Integer.toHexString(session.hashCode()));
+
                JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
                if (authToken == null) {
                    _log.debug("OIDC token not found in session. Trying to get it from cache proxy");
@ -188,21 +219,21 @@ public class SmartGearsPortalValve extends ValveBase {
                        if (FORCE_LOGOUT_ON_MISSING_OIDC) {
                            _log.warn("OIDC token is null also in cache proxy, force redirecting to logut URI");
                            forceLogout(session, response);
-                                return;
                        } else {
                            _log.error("OIDC token is null also in cache proxy, cannot continue!");
-                                return;
                        }
+                        return;
                    } else {
-                            _log.debug("Setting OIDC token took from cache proxy in session");
+                        _log.debug("Setting OIDC token took from cache proxy in session {} [{}}", session.getId(),
+                                Integer.toHexString(session.hashCode()));
+
                        JWTTokenUtil.putOIDCInSession(authToken, session);
                    }
                }
                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
-                    boolean OK = false;
                boolean isNotAuthorized = false;
                int authorizationAttempts = 0;
-                    while (!OK) {
+                do {
                    try {
                        if (isNotAuthorized || scopeIsChanged || authToken.isExpired()) {
                            if (isNotAuthorized) {
@ -212,9 +243,11 @@ public class SmartGearsPortalValve extends ValveBase {
                                                + "[attempts: {}]",
                                        authorizationAttempts);
                            } else if (scopeIsChanged) {
-                                    _log.info("Scope is changed, refreshing token to be sure that new grants are present");
+                                _log.info(
+                                        "Scope is changed, refreshing token to be sure that new grants are present");
                            } else if (authToken.isExpired()) {
-                                    _log.debug("OIDC token is expired, trying to refresh it");
+                                _log.debug("OIDC token is expired, trying to refresh it [{}]",
+                                        authToken.getTokenEssentials());
                            }
                            try {
                                authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(),
@ -236,7 +269,6 @@ public class SmartGearsPortalValve extends ValveBase {
                        umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
                                authToken.getAccessTokenAsBearer(), urlEncodedScope, null);

-                            OK = true;
                    } catch (OpenIdConnectRESTHelperException e) {
                        if (e.hasJSONPayload()) {
                            if (OpenIdConnectRESTHelper.isInvalidBearerTokenError(e.getResponseString())) {
@ -272,22 +304,27 @@ public class SmartGearsPortalValve extends ValveBase {
                            return;
                        }
                    }
+                } while (isNotAuthorized);
            }
-                }
-                _log.debug("Setting UMA token in cache proxy and in session");
+            _log.debug("Setting UMA token in cache proxy and in session {} [{}]", session.getId(),
+                    Integer.toHexString(session.hashCode()));
+
            JWTCacheProxy.getInstance().setUMAToken(user, session, umaToken);
            JWTTokenUtil.putUMAInSession(umaToken, session);
        }
-            _log.trace("Current UMA token audience is: {}", umaToken.getAud());
+        _log.trace("Current UMA token in use is: {}", umaToken.getTokenEssentials());

        _log.debug("Setting UMA token in UMA JWT provider");
        UmaJWTProvider.instance.set(umaToken.getRaw());
    }
-    }

    protected void forceLogout(HttpSession session, HttpServletResponse response) {
        try {
+            if (!response.isCommitted()) {
                response.sendRedirect(LOGOUT_URI);
+            } else {
+                _log.warn("Cannot redirect to logout URI since the response is already commited");
+            }
        } catch (IOException e) {
            _log.error("Cannot redirect to logout URI: " + LOGOUT_URI, e);
        }