v6.8.4

maven-portal-bom 4.0.0-SNAPSHOT

.classpath

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="test" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>

.gitignore

@@ -1 +1,174 @@
-/target/
+# 
+ignore_me
+tomcat
+
+target
+.classpath
+.visual
+.project
+.settings
+/**/.DS_Store
+
+# Created by https://www.toptal.com/developers/gitignore/api/java,macos,linux,visualstudiocode,eclipse
+# Edit at https://www.toptal.com/developers/gitignore?templates=java,macos,linux,visualstudiocode,eclipse
+
+### Eclipse ###
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# CDT- autotools
+.autotools
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Annotation Processing
+.apt_generated/
+.apt_generated_test/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet
+
+# Uncomment this line if you wish to ignore the project description file.
+# Typically, this file would be tracked if it contains build/dependency configurations:
+#.project
+
+### Eclipse Patch ###
+# Spring Boot Tooling
+.sts4-cache/
+
+### Java ###
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+replay_pid*
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+# End of https://www.toptal.com/developers/gitignore/api/java,macos,linux,visualstudiocode,eclipse

.project

@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>VREFolder-hook</name>
-	<comment></comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.jsdt.core.javascriptValidator</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.common.project.facet.core.builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.m2e.core.maven2Nature</nature>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
-	</natures>
-</projectDescription>

.settings/.jsdtscope

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" path="src/main/webapp"/>
-	<classpathentry kind="src" path="target/m2e-wtp/web-resources"/>
-	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.JRE_CONTAINER"/>
-	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.WebProject">
-		<attributes>
-			<attribute name="hide" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.baseBrowserLibrary"/>
-	<classpathentry kind="output" path=""/>
-</classpath>

.settings/org.eclipse.core.resources.prefs

@@ -1,4 +0,0 @@
-eclipse.preferences.version=1
-encoding//src/main/java=UTF-8
-encoding//src/main/resources=UTF-8
-encoding/<project>=UTF-8

.settings/org.eclipse.jdt.core.prefs

@@ -1,9 +0,0 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
-org.eclipse.jdt.core.compiler.compliance=1.8
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.release=disabled
-org.eclipse.jdt.core.compiler.source=1.8

.settings/org.eclipse.m2e.core.prefs

@@ -1,4 +0,0 @@
-activeProfiles=Liferay-v6.2-CE-(Tomcat-7)-(2)
-eclipse.preferences.version=1
-resolveWorkspaceProjects=true
-version=1

.settings/org.eclipse.wst.common.component

@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="VREFolder-hook">
-        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <property name="context-root" value="VREFolder-hook"/>
-        <property name="java-output-path" value="/VREFolder-hook/target/classes"/>
-    </wb-module>
-</project-modules>

.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<faceted-project>
-  <fixed facet="wst.jsdt.web"/>
-  <installed facet="jst.web" version="2.4"/>
-  <installed facet="liferay.hook" version="6.0"/>
-  <installed facet="wst.jsdt.web" version="1.0"/>
-  <installed facet="java" version="1.8"/>
-</faceted-project>

.settings/org.eclipse.wst.jsdt.ui.superType.container

@@ -1 +0,0 @@
-org.eclipse.wst.jsdt.launching.baseBrowserLibrary

.settings/org.eclipse.wst.jsdt.ui.superType.name

@@ -1 +0,0 @@
-Window

.settings/org.eclipse.wst.validation.prefs

@@ -1,2 +0,0 @@
-disabled=06target
-eclipse.preferences.version=1

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "java.configuration.updateBuildConfiguration": "interactive"
+}

CHANGELOG.md

@@ -4,12 +4,34 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v6.8.4]
 
-## [v6.7.0] - 2020-11-17
+- maven-parent 1.2.0
+- maven-portal-bom 4.0.0
+- [StorageHub] downstream components to upgrade in order to work with storagehub 1.5.0 [#27999]
+
+## [v6.8.3] - 2021-11-30
+
+- Bug Fix #22483: setUser2VREFolder may not restore ThreadLocal user variable
+
+## [v6.8.2] - 2021-05-25
+
+- Feature #21505: Updated to support new UMATokensProvider class
+
+## [v6.8.1] - 2021-04-12
+
+Just removed obsolete Home library deps from pom which were forgotten there in 6.8.0 release
+
+## [v6.8.0] - 2021-02-04
+
+Now uses storagehub methods and new auth (UMA tokens) to perform user adding and removal form VRE Folder and Roles (VRE-Manager) to set VRE Folder Administrators
+
+
+## [v6.7.1] - 2020-11-17
 
 Ported to git
 
-Removed Home Library dependency, integrated support to send events to the Orchestrator service and Keycloak
+Removed trigger that updates LDAP group upon users add/remove to VREs
 
 ## [v6.6.0] - 2018-03-02
 

pom.xml

@@ -6,13 +6,13 @@
 	<parent>
 		<groupId>org.gcube.tools</groupId>
 		<artifactId>maven-parent</artifactId>
-		<version>1.1.0</version>
+		<version>1.2.0</version>
 		<relativePath />
 	</parent>
 	<groupId>org.gcube.portal.plugins</groupId>
 	<artifactId>VREFolder-hook</artifactId>
 	<name>VREFolder-hook Hook</name>
-	<version>6.7.0</version>
+	<version>6.8.4</version>
 	<packaging>war</packaging>
 	<description>
 		VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@@ -22,7 +22,7 @@
 		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
 		<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
 	</scm>
-		<properties>
+	<properties>
 		<liferay.version>6.2.5</liferay.version>
 		<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>
 		<liferay.auto.deploy.dir>/Users/massi/portal/liferay-portal-6.2-ce-ga6/deploy</liferay.auto.deploy.dir>
@@ -35,7 +35,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>maven-portal-bom</artifactId>
-				<version>3.6.0</version>
+				<version>4.0.0</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -46,6 +46,11 @@
 			<groupId>org.gcube.common</groupId>
 			<artifactId>storagehub-client-library</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.portal</groupId>
+			<artifactId>oidc-library-portal</artifactId>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-encryption</artifactId>
@@ -64,12 +69,6 @@
 			<artifactId>common-scope</artifactId>
 			<scope>provided</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.gcube.portal</groupId>
-			<artifactId>oidc-library-portal</artifactId>
-			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
-			<scope>provided</scope>
-		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-log4j12</artifactId>

src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java

@@ -1,58 +1,39 @@
 package org.gcube.portal.plugins;
 
-import static org.gcube.common.authorization.client.Constants.authorizationService;
-
-import java.util.ArrayList;
 import java.util.List;
 
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
-import org.gcube.common.authorization.library.provider.UmaJWTProvider;
-import org.gcube.common.portal.PortalContext;
-import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.dsl.StorageHubClient;
 import org.gcube.common.storagehub.client.dsl.Util;
 import org.gcube.common.storagehub.client.dsl.VREFolderManager;
-import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
+import org.gcube.portal.plugins.util.AuthUtil;
 import org.gcube.vomanagement.usermanagement.GroupManager;
-import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
-import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
 import org.gcube.vomanagement.usermanagement.model.GCubeRole;
-import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.liferay.portal.model.Role;
-import com.liferay.portal.model.User;
 import com.liferay.portal.model.UserGroupRole;
 import com.liferay.portal.service.RoleLocalServiceUtil;
 import com.liferay.portal.service.UserGroupRoleLocalService;
 import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
 
 public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
-    /**
-     * logger
-     */
-    private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
-    private GroupManager gm;
-    private LiferayUserManager uMan;
-
-    public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
-        super(userGroupRoleLocalService);
-        gm = new LiferayGroupManager();
-        uMan = new LiferayUserManager();
-        System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
-    }
-
-    //TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also 
-    @Override
-    public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId,
-            long roleId) throws com.liferay.portal.kernel.exception.SystemException {
-        List<UserGroupRole> toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
-        return toReturn;
-    }
+	/**
+	 * logger
+	 */
+	private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
+	private GroupManager gm;
+	public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
+		super(userGroupRoleLocalService);
+		gm = new LiferayGroupManager();
+		System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
+	}
 
+	@Override
 	public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(
 			long userId, long groupId, long[] roleIds)
 					throws com.liferay.portal.kernel.exception.SystemException {			
@@ -81,61 +62,33 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
 		return toReturn;
 	}
 
+	private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
+		String previousToken = SecurityTokenProvider.instance.get();
+		String previousUMAToken = AccessTokenProvider.instance.get();
+		//this put the necessary auth tokens (legacy e UMA) in ThreadLocal
+		try {
+			AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
 
-    private boolean setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
-        String context = gm.getInfrastructureScope(groupId);
-        ScopeProvider.instance.set(context);
-        String vreFolderTitle = Util.getVREGroupFromContext(context);
-        _log.info("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
-        _log.debug("Before StorageHubClient shc = new StorageHubClient();");
-        StorageHubClient shc = new StorageHubClient();
-        _log.debug("Before shc.getVreFolderManager(vreFolderTitle);");
-        VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
-
-        String previousToken = SecurityTokenProvider.instance.get();
-
-        //get the super user
-        _log.debug("//get the super user");
-
-        String infraContext = "/" + PortalContext.getConfiguration().getInfrastructureName();
-        long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
-        User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
-        if (theAdmin == null) {
-            _log.warn("Cannot add the user as VRE Folder admin: there is no user having role "
-                    + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
-            return false;
-        } else {
-            RoleManager rm = new LiferayRoleManager();
-            String adminUsername = theAdmin.getScreenName();
-            _log.info("Got the super user: " + adminUsername);
-            String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
-            List<String> rolesString = new ArrayList<String>();
-            List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
-            for (GCubeRole gCubeRole : theAdminRoles) {
-                rolesString.add(gCubeRole.getRoleName());
-            }
-            rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
-            _log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" + theAdminToken);
-            authorizationService().setTokenRoles(theAdminToken, rolesString);
-            SecurityTokenProvider.instance.set(theAdminToken);
-
-            String previousUmaToken = UmaJWTProvider.instance.get();
-            OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
-
-            String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
-            _log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
-            if (enable)
-                vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
-            else
-                vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
-            SecurityTokenProvider.instance.set(previousToken);
-
-            if (previousUmaToken != null) {
-                UmaJWTProvider.instance.set(previousUmaToken);
-            }
-
-            return true;
-        }
-    }
+			String context = gm.getInfrastructureScope(groupId);
+			String vreFolderTitle = Util.getVREGroupFromContext(context);
+			_log.debug("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
+			StorageHubClient shc = new StorageHubClient();
+			VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
 
+			String theUserToPromoteOrDeclass = new LiferayUserManager().getUserById(userId).getUsername();
+			_log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
+			if (enable) 
+				vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
+			else 	
+				vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
+			_log.info("*VREFolder-Hook** add/remove role operation complete");
+		
+		} catch (Exception e) {
+			_log.error("An error occurred (or the user was already Admin) when trying to update shub role of userId "+ userId + " to the groupId: " + groupId, e);
+			throw e;
+		} finally {		
+			AccessTokenProvider.instance.set(previousUMAToken);
+			SecurityTokenProvider.instance.set(previousToken);
+		}
+	}
 }

src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java

@@ -1,27 +1,18 @@
 package org.gcube.portal.plugins;
 
-import static org.gcube.common.authorization.client.Constants.authorizationService;
-
-import java.util.ArrayList;
-import java.util.List;
-
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
-import org.gcube.common.authorization.library.provider.UmaJWTProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
 import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
-import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
 import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
+import org.gcube.portal.plugins.util.AuthUtil;
 import org.gcube.vomanagement.usermanagement.GroupManager;
-import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.UserManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
-import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
-import org.gcube.vomanagement.usermanagement.model.GCubeRole;
-import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
 
 import com.liferay.portal.kernel.exception.SystemException;
 import com.liferay.portal.kernel.log.Log;
@@ -35,7 +26,6 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
  *
  */
 public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
-
 	/**
 	 * logger
 	 */
@@ -131,13 +121,13 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 		try {
 			if (gm.isVRE(groupId)) {
 				_log.debug("Group is a VRE, proceeding with association ...");
-				String scope = gm.getInfrastructureScope(groupId);
+				String contextOfVRE = gm.getInfrastructureScope(groupId);
 				org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
 				String username = um.getUserById(userId).getUsername();
 				//add the user to shareLatex
-				Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
+				Thread t = new Thread(new CheckShareLatexUserThread(username, contextOfVRE));
 				t.start();
-				setUser2VREFolder(gm, um, username, scope, true);
+				setUser2VREFolder(gm, um, username, contextOfVRE, true);
 			} else {
 				_log.debug("Group is not a VRE, SKIP adding");
 			}
@@ -148,46 +138,38 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 		ScopeProvider.instance.set(currScope);
 	}
 
+	/**
+	 * 
+	 * @param gm
+	 * @param uMan
+	 * @param username2Add
+	 * @param context
+	 * @param add
+	 * @return
+	 * @throws Exception
+	 */
 	private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
 		String previousToken = SecurityTokenProvider.instance.get();
-		//get the super user
-		String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
-		long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
-		User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
-		if (theAdmin == null) {
-			_log.warn("Cannot add the user as VRE Folder admin: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
-			return false;
-		}
-		else {
-			RoleManager rm = new LiferayRoleManager();
-			String adminUsername = theAdmin.getScreenName();
-			_log.info("Got the super user: " +adminUsername);
-			String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
-			List<String> rolesString = new ArrayList<String>();
-			List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);			
-			for (GCubeRole gCubeRole : theAdminRoles) {
-				rolesString.add(gCubeRole.getRoleName());
-			}
-			rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
-			_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
-			authorizationService().setTokenRoles(theAdminToken, rolesString);
-			SecurityTokenProvider.instance.set(theAdminToken);
+		String previousUMAToken = AccessTokenProvider.instance.get();
+		try {
+			AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
+			_log.info("\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done  ****\n\n");
+			String vreFolderNameForsHub = getVREFolderNameFromContext(context);		
 
-			String previousUmaToken = UmaJWTProvider.instance.get();
-			OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
 			GroupManagerClient client = AbstractPlugin.groups().build();
 			if (add)
-				client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
+				client.addUserToGroup(username2Add,vreFolderNameForsHub);
 			else 
-				client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
+				client.removeUserFromGroup(username2Add, vreFolderNameForsHub);
+		} catch (Exception e) {
+			_log.error("An error occurred (or the user was already member) when trying to remove or add the user "+ username2Add + " to the VRE context: " + context, e);
+			throw e;
+		} finally {
+			AccessTokenProvider.instance.set(previousUMAToken);
 			SecurityTokenProvider.instance.set(previousToken);
-
-            if (previousUmaToken != null) {
-                UmaJWTProvider.instance.set(previousUmaToken);
-            }
-
-            return true;
 		}
+		_log.info("*VREFolder-Hook** " + username2Add + " was added or removed succefully from this VRE Folder. Added? (if false was removed)" + add);
+		return true;
 	}
 
 	private static String getVREFolderNameFromContext(String context) {
@@ -221,11 +203,11 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 		try {
 			if (gm.isVRE(groupId)) {
 				_log.debug("Group is a VRE, proceeding with removal ...");
-				String scope = gm.getInfrastructureScope(groupId);
+				String contextOfVRE = gm.getInfrastructureScope(groupId);
 				org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
-				String username = um.getUserById(userId).getUsername();
-				setUser2VREFolder(gm, um, username, scope, false);
-				Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
+				String username = um.getUserById(userId).getUsername();		
+				setUser2VREFolder(gm, um, username, contextOfVRE, false);
+				Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, contextOfVRE));
 				tToken.start();			
 			} else {
 				_log.debug("Group is not a VRE, SKIP removal");

src/main/java/org/gcube/portal/plugins/util/AuthUtil.java

@@ -0,0 +1,52 @@
+package org.gcube.portal.plugins.util;
+
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.portal.PortalContext;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
+import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
+
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.model.User;
+
+public class AuthUtil {
+	private static Log _log = LogFactoryUtil.getLog(AuthUtil.class);
+	public AuthUtil() {
+	}
+
+	public static void setInfraManagerLegacyAndUMATokenInThreadLocal() throws Exception {
+		//get the super user
+		_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+		//get the super user
+		String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
+		long rootgroupId = new LiferayGroupManager().getGroupIdFromInfrastructureScope(infraContext);			
+		User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+		if (theAdmin == null) {
+			_log.error("Cannot add the user to the VRE Folder: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER + " on context: " + infraContext);
+		}
+		String adminUsername = theAdmin.getScreenName();
+		_log.info("Got the super user: " + adminUsername);
+		String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
+		List<String> rolesString = new ArrayList<String>();
+		List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);			
+		for (GCubeRole gCubeRole : theAdminRoles) {
+			rolesString.add(gCubeRole.getRoleName());
+		}
+		rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+		_log.debug("legacy authorizationService().setTokenRoles done");
+		authorizationService().setTokenRoles(theAdminToken, rolesString);
+		SecurityTokenProvider.instance.set(theAdminToken);
+		OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
+		_log.debug("new authorizationService PortalClient set UMA-Token done");
+	}
+
+}