diff --git a/pom.xml b/pom.xml
index 064a5d9..ce575f2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
org.gcube.portal
threadlocal-vars-cleaner
- 2.2.0-SNAPSHOT
+ 2.2.1-SNAPSHOT
jar
threadlocal-vars-cleaner
This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool
@@ -64,7 +64,7 @@
org.gcube.portal
oidc-library-portal
- [0.1.0,)
+ [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)
provided
diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index 25250be..5d7974c 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -25,9 +25,9 @@ import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.oidc.rest.JWTToken;
import org.gcube.oidc.rest.OpenIdConnectConfiguration;
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
+import org.gcube.portal.oidc.lr62.JWTCacheProxy;
import org.gcube.portal.oidc.lr62.JWTTokenUtil;
import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration;
-import org.gcube.portal.oidc.lr62.OIDCTokenCacheProxy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -86,14 +86,9 @@ public class SmartGearsPortalValve extends ValveBase {
private void checkUMATicket(HttpServletRequest request, String scope) {
HttpSession session = request.getSession(false);
if (session == null) {
- if (_log.isDebugEnabled()) {
- _log.debug("Session is null");
- }
+ _log.debug("Session is null");
return;
}
- if (_log.isTraceEnabled()) {
- _log.trace("Session details: id=" + session.getId() + ", instance=" + session);
- }
String urlEncodedScope = null;
try {
urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
@@ -101,92 +96,99 @@ public class SmartGearsPortalValve extends ValveBase {
_log.error("Cannot URL encode scope", e);
return;
}
- if (_log.isDebugEnabled()) {
- _log.debug("URL encoded scope is: " + urlEncodedScope);
- _log.debug("Getting UMA token from session");
- }
+ _log.debug("URL encoded scope is: {}", urlEncodedScope);
+ _log.debug("Getting UMA token from session");
JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
if (umaToken == null) {
- if (_log.isDebugEnabled()) {
- _log.debug("UMA token not found in session");
- }
- if (_log.isDebugEnabled()) {
- _log.debug("Getting current user");
- }
+ _log.debug("UMA token not found in session");
+
+ _log.debug("Getting current user");
User user = getCurrentUser(request);
if (user == null) {
+ // Almost impossible
_log.error("Current user not found, cannot continue");
return;
}
- if (_log.isDebugEnabled()) {
- _log.debug("Trying to get UMA token from cache proxy");
+ _log.debug("Trying to get UMA token from cache proxy");
+ umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
+ }
+ if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
+ if (umaToken == null) {
+ _log.debug("UMA token is null. Getting new one...");
+ } else {
+ _log.info("UMA token has been issued for another scope (" + umaToken.getAud()
+ + "). Getting new one for scope: " + urlEncodedScope);
}
- umaToken = OIDCTokenCacheProxy.getInstance().getUMAToken(user, session);
- if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
- if (umaToken == null) {
- if (_log.isDebugEnabled()) {
- _log.debug("UMA token is null. Getting new one...");
- }
- } else {
- _log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: "
- + urlEncodedScope);
- }
- if (_log.isDebugEnabled()) {
- _log.debug("Getting OIDC token from session");
- }
- JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
+ _log.debug("Getting current user");
+ User user = getCurrentUser(request);
+ if (user == null) {
+ // Almost impossible
+ _log.error("Current user not found, cannot continue");
+ return;
+ }
+ _log.debug("Getting OIDC token from session");
+ JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
+ if (authToken == null) {
+ _log.debug("OIDC token not found in session. Trying to get it from cache proxy");
+ authToken = JWTCacheProxy.getInstance().getOIDCToken(user, session);
if (authToken == null) {
- if (_log.isDebugEnabled()) {
- _log.debug("OIDC token not found in session. Trying to get it from cache proxy");
- }
- authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session);
- if (authToken == null) {
- _log.error("OIDC token is null, cannot continue");
+ _log.warn("OIDC token is null also in cache proxy, cannot continue!");
+ return;
+ } else {
+ _log.debug("Setting OIDC token took from cache proxy in session");
+ JWTTokenUtil.putOIDCInSession(authToken, session);
+ }
+ }
+ OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+ try {
+ if (authToken.isExpired()) {
+ _log.debug("OIDC token is expired, refreshing it");
+ try {
+ authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
+ } catch (Exception e) {
+ _log.error("Refreshing OIDC token on server", e);
return;
- } else {
- if (_log.isDebugEnabled()) {
- _log.debug("OIDC token found in cache proxy");
- }
}
+ _log.debug("Setting refreshed OIDC token in cache proxy");
+ JWTCacheProxy.getInstance().setOIDCToken(user, session, authToken);
+ _log.debug("Setting refreshed OIDC token in session");
+ JWTTokenUtil.putOIDCInSession(authToken, session);
}
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
+ umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(),
+ urlEncodedScope, null);
+ } catch (Exception e) {
+ _log.error("Getting UMA token from server", e);
+ return;
+ }
+ _log.debug("Setting UMA token in cache proxy");
+ JWTCacheProxy.getInstance().setUMAToken(user, session, umaToken);
+ _log.debug("Setting UMA token in session");
+ JWTTokenUtil.putUMAInSession(umaToken, session);
+ } else {
+ if (umaToken.isExpired()) {
+ _log.debug("UMA token is expired, refreshing it");
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
try {
- // TODO: handle the token expired case and renew it with refresh token.
- umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
- authToken.getAsBearer(),
- urlEncodedScope, null);
+ umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
} catch (Exception e) {
- _log.error("Getting UMA token from server", e);
+ _log.error("Refreshing UMA token on server", e);
return;
}
- if (_log.isDebugEnabled()) {
- _log.debug("Setting UMA token in cache proxy");
- }
- OIDCTokenCacheProxy.getInstance().setRPTToken(user, session, umaToken);
- if (_log.isDebugEnabled()) {
- _log.debug("Setting UMA token in session");
- }
+ _log.debug("Setting refreshed UMA token in cache proxy");
+ JWTCacheProxy.getInstance().setUMAToken(getCurrentUser(request), session, umaToken);
+ _log.debug("Setting refreshed UMA token in session");
+ JWTTokenUtil.putUMAInSession(umaToken, session);
+ } else if (JWTTokenUtil.getUMAFromSession(session) == null) {
+ _log.debug("Setting UMA token in session");
JWTTokenUtil.putUMAInSession(umaToken, session);
}
}
- if (_log.isDebugEnabled()) {
- _log.debug("Setting UMA token in UMA JWT provider");
- }
- UmaJWTProvider.instance.set(umaToken.getRaw());
- }
- private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) {
- JWTToken token = OIDCTokenCacheProxy.getInstance().getOIDCToken(user, session);
- if (token == null) {
- _log.warn("OIDC token is null also in cache proxy!");
- } else {
- if (_log.isDebugEnabled()) {
- _log.debug("Setting OIDC token took from cache proxy in session");
- }
- JWTTokenUtil.putOIDCInSession(token, session);
- }
- return token;
+ _log.debug("Current UMA token audience is: {}", umaToken.getAud());
+
+ _log.debug("Setting UMA token in UMA JWT provider");
+ UmaJWTProvider.instance.set(umaToken.getRaw());
}
/**