From 760448c7db6b323eb7817164f1c97f2afeff87c7 Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <mauro.mugnaini@nubisware.com>
Date: Thu, 29 Apr 2021 19:18:52 +0200
Subject: [PATCH] Restored session existance check before OIDC/UMA ticket
 related checks

---
 .../portal/threadlocalexec/SmartGearsPortalValve.java  | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index a58b41b..8197001 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -71,10 +71,16 @@ public class SmartGearsPortalValve extends ValveBase {
 
                     _log.debug("Getting current user");
                     User user = getCurrentUser(request);
+                    // user cannot be null otherwise also the getCurrentUsername(request) returned null username in previous lines
                     _log.debug("Getting current session");
                     HttpSession session = request.getSession(false);
-                    OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
-                            session, scope);
+                    if (session == null) {
+                        _log.debug("Session is null, cannot continue");
+                        return;
+                    } else {
+                        OIDCUmaUtil.checkUMATicketAndProvideInThreadLocal(request, (HttpServletResponse) resp, user,
+                                session, scope);
+                    }
 
                     //_log.trace("Security token set OK for " + username + " in scope " + scope);
                 }