Merge pull request 'Finalization of the enabling of the portal to send the user's UMA token in the HTTP services invokation' (#2) from mauro.mugnaini/threadlocal-vars-cleaner:master into master

2020-07-07 12:14:16 +02:00 · 2020-07-07 12:14:16 +02:00 · 561d278f15
parent 7c2c755e6f 3a4fee1fd4
commit 561d278f15
2 changed files with 75 additions and 73 deletions
--- a/pom.xml
+++ b/pom.xml
@ -11,7 +11,7 @@

 	<groupId>org.gcube.portal</groupId>
 	<artifactId>threadlocal-vars-cleaner</artifactId>
-	<version>2.2.0-SNAPSHOT</version>
+	<version>2.2.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<name>threadlocal-vars-cleaner</name>
 	<description>This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool</description>
@ -64,7 +64,7 @@
 		<dependency>
 			<groupId>org.gcube.portal</groupId>
 			<artifactId>oidc-library-portal</artifactId>
-			<version>[0.1.0,)</version>
+			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@ -25,9 +25,9 @@ import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.oidc.rest.JWTToken;
 import org.gcube.oidc.rest.OpenIdConnectConfiguration;
 import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
+import org.gcube.portal.oidc.lr62.JWTCacheProxy;
 import org.gcube.portal.oidc.lr62.JWTTokenUtil;
 import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration;
-import org.gcube.portal.oidc.lr62.OIDCTokenCacheProxy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@ -86,14 +86,9 @@ public class SmartGearsPortalValve extends ValveBase {
    private void checkUMATicket(HttpServletRequest request, String scope) {
        HttpSession session = request.getSession(false);
        if (session == null) {
-            if (_log.isDebugEnabled()) {
-                _log.debug("Session is null");
-            }
+            _log.debug("Session is null");
            return;
        }
-        if (_log.isTraceEnabled()) {
-            _log.trace("Session details: id=" + session.getId() + ", instance=" + session);
-        }
        String urlEncodedScope = null;
        try {
            urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
@ -101,92 +96,99 @@ public class SmartGearsPortalValve extends ValveBase {
            _log.error("Cannot URL encode scope", e);
            return;
        }
-        if (_log.isDebugEnabled()) {
-            _log.debug("URL encoded scope is: " + urlEncodedScope);
-            _log.debug("Getting UMA token from session");
-        }
+        _log.debug("URL encoded scope is: {}", urlEncodedScope);
+        _log.debug("Getting UMA token from session");
        JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
        if (umaToken == null) {
-            if (_log.isDebugEnabled()) {
-                _log.debug("UMA token not found in session");
-            }
-            if (_log.isDebugEnabled()) {
-                _log.debug("Getting current user");
-            }
+            _log.debug("UMA token not found in session");
+
+            _log.debug("Getting current user");
            User user = getCurrentUser(request);
            if (user == null) {
+                // Almost impossible
                _log.error("Current user not found, cannot continue");
                return;
            }
-            if (_log.isDebugEnabled()) {
-                _log.debug("Trying to get UMA token from cache proxy");
+            _log.debug("Trying to get UMA token from cache proxy");
+            umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
+        }
+        if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
+            if (umaToken == null) {
+                _log.debug("UMA token is null. Getting new one...");
+            } else {
+                _log.info("UMA token has been issued for another scope (" + umaToken.getAud()
+                        + "). Getting new one for scope: " + urlEncodedScope);
            }
-            umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session);
-            if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
-                if (umaToken == null) {
-                    if (_log.isDebugEnabled()) {
-                        _log.debug("UMA token is null. Getting new one...");
-                    }
-                } else {
-                    _log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: "
-                            + urlEncodedScope);
-                }
-                if (_log.isDebugEnabled()) {
-                    _log.debug("Getting OIDC token from session");
-                }
-                JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
+            _log.debug("Getting current user");
+            User user = getCurrentUser(request);
+            if (user == null) {
+                // Almost impossible
+                _log.error("Current user not found, cannot continue");
+                return;
+            }
+            _log.debug("Getting OIDC token from session");
+            JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
+            if (authToken == null) {
+                _log.debug("OIDC token not found in session. Trying to get it from cache proxy");
+                authToken = JWTCacheProxy.getInstance().getOIDCToken(user, session);
                if (authToken == null) {
-                    if (_log.isDebugEnabled()) {
-                        _log.debug("OIDC token not found in session. Trying to get it from cache proxy");
-                    }
-                    authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session);
-                    if (authToken == null) {
-                        _log.error("OIDC token is null, cannot continue");
+                    _log.warn("OIDC token is null also in cache proxy, cannot continue!");
+                    return;
+                } else {
+                    _log.debug("Setting OIDC token took from cache proxy in session");
+                    JWTTokenUtil.putOIDCInSession(authToken, session);
+                }
+            }
+            OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+            try {
+                if (authToken.isExpired()) {
+                    _log.debug("OIDC token is expired, refreshing it");
+                    try {
+                        authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
+                    } catch (Exception e) {
+                        _log.error("Refreshing OIDC token on server", e);
                        return;
-                    } else {
-                        if (_log.isDebugEnabled()) {
-                            _log.debug("OIDC token found in cache proxy");
-                        }
                    }
+                    _log.debug("Setting refreshed OIDC token in cache proxy");
+                    JWTCacheProxy.getInstance().setOIDCToken(user, session, authToken);
+                    _log.debug("Setting refreshed OIDC token in session");
+                    JWTTokenUtil.putOIDCInSession(authToken, session);
                }
                _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
+                umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(),
+                        urlEncodedScope, null);
+            } catch (Exception e) {
+                _log.error("Getting UMA token from server", e);
+                return;
+            }
+            _log.debug("Setting UMA token in cache proxy");
+            JWTCacheProxy.getInstance().setUMAToken(user, session, umaToken);
+            _log.debug("Setting UMA token in session");
+            JWTTokenUtil.putUMAInSession(umaToken, session);
+        } else {
+            if (umaToken.isExpired()) {
+                _log.debug("UMA token is expired, refreshing it");
                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
                try {
-                    // TODO: handle the token expired case and renew it with refresh token.
-                    umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
-                            authToken.getAsBearer(),
-                            urlEncodedScope, null);
+                    umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
                } catch (Exception e) {
-                    _log.error("Getting UMA token from server", e);
+                    _log.error("Refreshing UMA token on server", e);
                    return;
                }
-                if (_log.isDebugEnabled()) {
-                    _log.debug("Setting UMA token in cache proxy");
-                }
-                OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
-                if (_log.isDebugEnabled()) {
-                    _log.debug("Setting UMA token in session");
-                }
+                _log.debug("Setting refreshed UMA token in cache proxy");
+                JWTCacheProxy.getInstance().setUMAToken(getCurrentUser(request), session, umaToken);
+                _log.debug("Setting refreshed UMA token in session");
+                JWTTokenUtil.putUMAInSession(umaToken, session);
+            } else if (JWTTokenUtil.getUMAFromSession(session) == null) {
+                _log.debug("Setting UMA token in session");
                JWTTokenUtil.putUMAInSession(umaToken, session);
            }
        }
-        if (_log.isDebugEnabled()) {
-            _log.debug("Setting UMA token in UMA JWT provider");
-        }
-        UmaJWTProvider.instance.set(umaToken.getRaw());
-    }

-    private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) {
-        JWTToken token = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
-        if (token == null) {
-            _log.warn("OIDC token is null also in cache proxy!");
-        } else {
-            if (_log.isDebugEnabled()) {
-                _log.debug("Setting OIDC token took from cache proxy in session");
-            }
-            JWTTokenUtil.putOIDCInSession(token, session);
-        }
-        return token;
+        _log.debug("Current UMA token audience is: {}", umaToken.getAud());
+
+        _log.debug("Setting UMA token in UMA JWT provider");
+        UmaJWTProvider.instance.set(umaToken.getRaw());
    }

    /**