allowedRoles added to AuthorizationControl annotation

descriptor.xml

@@ -24,7 +24,7 @@
 	</fileSets>
 	<files>
 		<file>
-			<source>target/${build.finalName}.war</source>
+			<source>target/${build.finalName}.jar</source>
 			<outputDirectory>/${artifactId}</outputDirectory>
 		</file>
 	</files>

pom.xml

@@ -11,11 +11,7 @@
 		<groupId>org.gcube.tools</groupId>
 		<version>1.1.0</version>
 	</parent>
-
+	  	
-	<properties>
-		<distroDirectory>distro</distroDirectory>
-	</properties>
-  	
   	<dependencies>
   		<dependency>
 	  		<groupId>org.gcube.common</groupId>

src/main/java/org/gcube/common/authorization/control/AuthorizationAspect.java

@@ -4,6 +4,8 @@ package org.gcube.common.authorization.control;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
 
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@@ -35,13 +37,19 @@ public class AuthorizationAspect {
 		MethodSignature signature = (MethodSignature) joinPoint.getSignature();
 	    Method method = signature.getMethod();
 		AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
-		log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowed(), method.getName());
+		log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
 		String userId = AuthorizationProvider.instance.get().getClient().getId();
+		List<String> userRoles = AuthorizationProvider.instance.get().getClient().getRoles();
 		
-		if (authAnn.allowed().length!=0 && !Arrays.asList(authAnn.allowed()).contains(userId)) {
+		if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
 			RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s", userId, method.getName())));
 			throw ex;	
 		}
+		List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
+		if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
+			RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s (role non allowed)", userId, method.getName())));
+			throw ex;	
+		}
 	}
 	
 }

src/main/java/org/gcube/common/authorization/control/annotations/AuthorizationControl.java

@@ -14,6 +14,7 @@ import org.gcube.common.authorization.library.policies.Action;
 public @interface AuthorizationControl {
 	
 	Action[] actions() default {}; 
-	String[] allowed() default {};
+	String[] allowedUsers() default {};
+	String[] allowedRoles() default {};
 	Class<? extends RuntimeException> exception();
 }