@@ -1564,14 +1564,18 @@ private ErrorDetails validateAuthTokenWithSession(SIF3Session sif3Session, boole
15641564 * - If it is for a different session then we have to ??? (not sure what to do here yet)
15651565 * - If there is no session then we assume that there is no environment associated with the given security
15661566 * token. Now we do the following:
1567- * - If we have autoCreate = true (i.e. automatically create environment)
1568- * - Validate security token with security server.
1569- * - if valid then
1567+ * - Check if there is an already existing session available for the securityToken. We need to access the
1568+ * DB for that.
1569+ * - if there is one then update the DB with the latest securityToken info and we are done
1570+ * - if there isn't then
1571+ * - If we have autoCreate = true (i.e. automatically create environment)
1572+ * - Validate security token with security server.
1573+ * - if valid then
15701574 * - Get latest token info from security server
15711575 * - At this point we should get some environment key information from the token and
15721576 * use it to create environment
1573- * - if not valid => return error (not authorised)
1574- * - If autoCreate = false then we return error (not authorised)
1577+ * - if not valid => return error (not authorised)
1578+ * - If autoCreate = false then we return error (not authorised)
15751579 *
15761580 * At the end of this method we either have returned an error or a sif3 session is now in the
15771581 * workstore (DB) AND the cache.
@@ -1600,25 +1604,21 @@ private ErrorDetails validateBearerSession(AuthenticationInfo authInfo)
16001604 {
16011605 TokenInfo tokenInfo = new TokenInfo (authInfo .getUserToken ());
16021606 EnvironmentType environment = envMgr .reloadEnvironmentForSecurityToken (tokenInfo , isSecure ());
1603- if (environment == null ) // no environment seems to exist
1607+
1608+ // If there is no environment then there are two potential reasons:
1609+ // 1) It really does not exist
1610+ // 2) There is an environment but for a different bearer token because a previous one has expired or was
1611+ // re-generated! To cover this case we must get the info for the token and then attempt to reload it that
1612+ // way. Only if it still doesn't exist we can say for sure that there is no environment for the bearer token.
1613+ if (environment == null )
16041614 {
1605- if (getProviderEnvironment ().getAutoCreateEnvironment ())
1606- {
1607- logger .debug ("Attempt to automatically create environment for security token: " +authInfo .getUserToken ());
1608- tokenInfo = getBearerTokenInfo (authInfo );
1609-
1610- ErrorDetails errors = createOrLoadEnvByTokenInfo (tokenInfo , envMgr );
1611- if (errors != null )
1612- {
1613- return errors ;
1614- }
1615- }
1616- else // don't create environment automatically
1617- {
1618- errorStr = "No environment exits for the given security token = " +authInfo .getUserToken ()+". Ensure that environment is created first." ;
1619- logger .error (errorStr );
1620- return new ErrorDetails (Status .UNAUTHORIZED .getStatusCode (), NOT_AUTHORIZED , errorStr );
1621- }
1615+ logger .debug ("No envionment found yet => Attempt get bearer token info and reload environment from there..." );
1616+ tokenInfo = getBearerTokenInfo (authInfo );
1617+ ErrorDetails errors = createOrLoadEnvByTokenInfo (tokenInfo , envMgr , getProviderEnvironment ().getAutoCreateEnvironment ());
1618+ if (errors != null )
1619+ {
1620+ return errors ;
1621+ }
16221622 }
16231623 }
16241624 catch (VerifyError ex )
@@ -1877,7 +1877,7 @@ private String getTimestampFromRequest()
18771877 * - If one is found all is good and we don't need to create one and return null
18781878 * - appUserInfo is not available => log error and return ErrorDetails
18791879 */
1880- private ErrorDetails createOrLoadEnvByTokenInfo (TokenInfo tokenInfo , DirectProviderEnvironmentManager envMgr )
1880+ private ErrorDetails createOrLoadEnvByTokenInfo (TokenInfo tokenInfo , DirectProviderEnvironmentManager envMgr , boolean allowCreate )
18811881 {
18821882 if (tokenInfo == null ) // should not be the case but for robustness...
18831883 {
@@ -1914,12 +1914,22 @@ else if (StringUtils.notEmpty(tokenInfo.getEnvironmentID()))
19141914 environment = envMgr .getEnvironmentByEnvKey (tokenInfo .getAppUserInfo (), tokenInfo , isSecure ());
19151915 if (environment == null ) // try to create it
19161916 {
1917- EnvironmentType inputEnvironment = makeEnvironmentForBearerToken (null , tokenInfo );
1918- environment = envMgr .createOrUpdateEnvironment (inputEnvironment , tokenInfo , isSecure ());
1919- if (environment == null ) // failed to create environment
1920- {
1921- return new ErrorDetails (Status .INTERNAL_SERVER_ERROR .getStatusCode (), "Failed to create environment for '" +tokenInfo .getAppUserInfo ()+"' for consumer '" +tokenInfo .getConsumerName ()+"'." , "Internal System error. Please contact your system administrator." );
1922- }
1917+ if (allowCreate )
1918+ {
1919+ logger .debug ("Attempt to automatically create environment for security token: " +authInfo .getUserToken ());
1920+ EnvironmentType inputEnvironment = makeEnvironmentForBearerToken (null , tokenInfo );
1921+ environment = envMgr .createOrUpdateEnvironment (inputEnvironment , tokenInfo , isSecure ());
1922+ if (environment == null ) // failed to create environment
1923+ {
1924+ return new ErrorDetails (Status .INTERNAL_SERVER_ERROR .getStatusCode (), "Failed to create environment for '" +tokenInfo .getAppUserInfo ()+"' for consumer '" +tokenInfo .getConsumerName ()+"'." , "Internal System error. Please contact your system administrator." );
1925+ }
1926+ }
1927+ else // don't create environment automatically
1928+ {
1929+ String errorStr = "No environment exits for the given security token = " +authInfo .getUserToken ()+". Ensure that environment is created first." ;
1930+ logger .error (errorStr );
1931+ return new ErrorDetails (Status .UNAUTHORIZED .getStatusCode (), NOT_AUTHORIZED , errorStr );
1932+ }
19231933 }
19241934 }
19251935 }
0 commit comments