I’m experiencing this strange behaviour. (Cuba PLatform 6.10.11)
I implemented a Custom rest Auth controller as explained here:
https://doc.cuba-platform.com/manual-6.10/rest_api_v2_custom_auth.html
When I get token 2 session are created, the last one is returned in OAuth2AccessTokenResult, which I enrich in middleware whith session attributes representing external user in secondary RDMSStore associated with a web-application (different from Standard-UI, saving a rest authentication log in primary database. (cuba-login configured as ldap whith custom rest-token url /rest/extdb/token, where is associated my Spring MVC controller, POST method, similar in scheme to LDAP controller in source)
Late using a service in middleware i try to get a Session Attribute (session obtained via UserSessionSource) to get atrribute extID representing logged user, but session identifier is of first session created when getting token.
I do not know if it is a bug or I do not understand something.
Custom Controller extract (similar to LDAP and Example) and service consuming UserSession to filter whith attribute records from secondary RDBMS Store)
// Enrich APPContext on Server
attributes.put("extID", personId);
// Generate Token for APP User
OAuthTokenIssuer.OAuth2AccessTokenResult tokenResult = oAuthTokenIssuer.issueToken("app- logicway", locale, Collections.emptyMap());
// Register in Attributes of UserSession in Middleware
//attributes.put("userSession", tokenResult.getUserSession().getId());
attributes.put("restToken", tokenResult.getAccessToken().getValue());
attributes.put("restRefreshToken", tokenResult.getAccessToken().getRefreshToken().getValue());
attributes.put("tokenExpire", tokenResult.getAccessToken().getExpiration());
When I get UserSession via UserSessionSource I get the first one with no attributes
@Service(DdtService.NAME)
public class DdtServiceBean implements DdtService {
@Inject
private DataManager dataManager;
@Inject
private UserSessionSource uss;
@Inject
protected ExtLoginService extLoginService;
private static Integer badId = -1;
private UserSession userSession = null;
private UUID userSessionID = null;
@Override
public List<Ddtinfo> getLastDDT(Integer num) {
if (uss.checkCurrentUserSession()) {
userSession = uss.getUserSession();
userSessionID = userSession.getId();
} else {
return null;
}
//Integer userID = extLoginService.getIDbySession(userSessionID);
//Integer userID = userSession.getAttribute("extID");
Integer userID = 989;
//if ((userID != null) || (userID != badId)) {
if (userID != null) {
return searchDdt(userID,num);
}
return null;
}
private List<Ddtinfo> searchDdt(Integer personID, Integer num) {
// Search DDTs
String queryStr ="select d from applogicway$Ddtinfo d where d.idPersona.id=:personID order by d.uploadTime DESC";
LoadContext<Ddtinfo> loadContext = LoadContext.create(Ddtinfo.class)
.setQuery(LoadContext.createQuery(queryStr)
.setParameter("personID",personID)
.setMaxResults(num));
return (List<Ddtinfo>) dataManager.loadList(loadContext);
}
I tried some workaround getting Attributes (not found in UserSession) but session is different so no success.
Atthached app.log and some screens of saved token,log and sessions.
Thanks in advance
Fabrizio
Screenshots.zip (1.2 MB)
tokenSessionProblems.zip (14.6 KB)