From 760448c7db6b323eb7817164f1c97f2afeff87c7 Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <mauro.mugnaini@nubisware.com>
Date: Thu, 29 Apr 2021 19:18:52 +0200
Subject: [PATCH 1/2] Restored session existance check before OIDC/UMA ticket
 related checks

---
 .../portal/threadlocalexec/SmartGearsPortalValve.java  | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index a58b41b..8197001 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -71,10 +71,16 @@ public class SmartGearsPortalValve extends ValveBase {
 
                     _log.debug("Getting current user");
                     User user = getCurrentUser(request);
+                    // user cannot be null otherwise also the getCurrentUsername(request) returned null username in previous lines
                     _log.debug("Getting current session");
                     HttpSession session = request.getSession(false);
-                    OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
-                            session, scope);
+                    if (session == null) {
+                        _log.debug("Session is null, cannot continue");
+                        return;
+                    } else {
+                        OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
+                                session, scope);
+                    }
 
                     //_log.trace("Security token set OK for " + username + " in scope " + scope);
                 }

From 99b38ef4b73b3e274c5497f9fe23302dec12e474 Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <mauro.mugnaini@nubisware.com>
Date: Fri, 30 Apr 2021 08:27:46 +0200
Subject: [PATCH 2/2] Wrong extra return if session is null at check

---
 .../portal/threadlocalexec/SmartGearsPortalValve.java      | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index 8197001..a67f742 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -74,12 +74,11 @@ public class SmartGearsPortalValve extends ValveBase {
                     // user cannot be null otherwise also the getCurrentUsername(request) returned null username in previous lines
                     _log.debug("Getting current session");
                     HttpSession session = request.getSession(false);
-                    if (session == null) {
-                        _log.debug("Session is null, cannot continue");
-                        return;
-                    } else {
+                    if (session != null) {
                         OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
                                 session, scope);
+                    } else {
+                        _log.debug("Session is null, cannot continue");
                     }
 
                     //_log.trace("Security token set OK for " + username + " in scope " + scope);