diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0bc3c3c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/target/
+/.project
+/.classpath
+/.settings
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..2551052
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,8 @@
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+# Changelog for Authorization utils
+
+## [v1.0.0]
+
+- First Release
+
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..3af0507
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,312 @@
+# European Union Public Licence V. 1.1
+
+
+EUPL © the European Community 2007
+
+
+This European Union Public Licence (the “EUPL”) applies to the Work or Software
+(as defined below) which is provided under the terms of this Licence. Any use of
+the Work, other than as authorised under this Licence is prohibited (to the
+extent such use is covered by a right of the copyright holder of the Work).
+
+The Original Work is provided under the terms of this Licence when the Licensor
+(as defined below) has placed the following notice immediately following the
+copyright notice for the Original Work:
+
+Licensed under the EUPL V.1.1
+
+or has expressed by any other mean his willingness to license under the EUPL.
+
+
+
+## 1. Definitions
+
+In this Licence, the following terms have the following meaning:
+
+- The Licence: this Licence.
+
+- The Original Work or the Software: the software distributed and/or
+ communicated by the Licensor under this Licence, available as Source Code and
+ also as Executable Code as the case may be.
+
+- Derivative Works: the works or software that could be created by the Licensee,
+ based upon the Original Work or modifications thereof. This Licence does not
+ define the extent of modification or dependence on the Original Work required
+ in order to classify a work as a Derivative Work; this extent is determined by
+ copyright law applicable in the country mentioned in Article 15.
+
+- The Work: the Original Work and/or its Derivative Works.
+
+- The Source Code: the human-readable form of the Work which is the most
+ convenient for people to study and modify.
+
+- The Executable Code: any code which has generally been compiled and which is
+ meant to be interpreted by a computer as a program.
+
+- The Licensor: the natural or legal person that distributes and/or communicates
+ the Work under the Licence.
+
+- Contributor(s): any natural or legal person who modifies the Work under the
+ Licence, or otherwise contributes to the creation of a Derivative Work.
+
+- The Licensee or “You”: any natural or legal person who makes any usage of the
+ Software under the terms of the Licence.
+
+- Distribution and/or Communication: any act of selling, giving, lending,
+ renting, distributing, communicating, transmitting, or otherwise making
+ available, on-line or off-line, copies of the Work or providing access to its
+ essential functionalities at the disposal of any other natural or legal
+ person.
+
+
+
+## 2. Scope of the rights granted by the Licence
+
+The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
+sub-licensable licence to do the following, for the duration of copyright vested
+in the Original Work:
+
+- use the Work in any circumstance and for all usage, reproduce the Work, modify
+- the Original Work, and make Derivative Works based upon the Work, communicate
+- to the public, including the right to make available or display the Work or
+- copies thereof to the public and perform publicly, as the case may be, the
+- Work, distribute the Work or copies thereof, lend and rent the Work or copies
+- thereof, sub-license rights in the Work or copies thereof.
+
+Those rights can be exercised on any media, supports and formats, whether now
+known or later invented, as far as the applicable law permits so.
+
+In the countries where moral rights apply, the Licensor waives his right to
+exercise his moral right to the extent allowed by law in order to make effective
+the licence of the economic rights here above listed.
+
+The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
+any patents held by the Licensor, to the extent necessary to make use of the
+rights granted on the Work under this Licence.
+
+
+
+## 3. Communication of the Source Code
+
+The Licensor may provide the Work either in its Source Code form, or as
+Executable Code. If the Work is provided as Executable Code, the Licensor
+provides in addition a machine-readable copy of the Source Code of the Work
+along with each copy of the Work that the Licensor distributes or indicates, in
+a notice following the copyright notice attached to the Work, a repository where
+the Source Code is easily and freely accessible for as long as the Licensor
+continues to distribute and/or communicate the Work.
+
+
+
+## 4. Limitations on copyright
+
+Nothing in this Licence is intended to deprive the Licensee of the benefits from
+any exception or limitation to the exclusive rights of the rights owners in the
+Original Work or Software, of the exhaustion of those rights or of other
+applicable limitations thereto.
+
+
+
+## 5. Obligations of the Licensee
+
+The grant of the rights mentioned above is subject to some restrictions and
+obligations imposed on the Licensee. Those obligations are the following:
+
+Attribution right: the Licensee shall keep intact all copyright, patent or
+trademarks notices and all notices that refer to the Licence and to the
+disclaimer of warranties. The Licensee must include a copy of such notices and a
+copy of the Licence with every copy of the Work he/she distributes and/or
+communicates. The Licensee must cause any Derivative Work to carry prominent
+notices stating that the Work has been modified and the date of modification.
+
+Copyleft clause: If the Licensee distributes and/or communicates copies of the
+Original Works or Derivative Works based upon the Original Work, this
+Distribution and/or Communication will be done under the terms of this Licence
+or of a later version of this Licence unless the Original Work is expressly
+distributed only under this version of the Licence. The Licensee (becoming
+Licensor) cannot offer or impose any additional terms or conditions on the Work
+or Derivative Work that alter or restrict the terms of the Licence.
+
+Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
+Works or copies thereof based upon both the Original Work and another work
+licensed under a Compatible Licence, this Distribution and/or Communication can
+be done under the terms of this Compatible Licence. For the sake of this clause,
+“Compatible Licence” refers to the licences listed in the appendix attached to
+this Licence. Should the Licensee’s obligations under the Compatible Licence
+conflict with his/her obligations under this Licence, the obligations of the
+Compatible Licence shall prevail.
+
+Provision of Source Code: When distributing and/or communicating copies of the
+Work, the Licensee will provide a machine-readable copy of the Source Code or
+indicate a repository where this Source will be easily and freely available for
+as long as the Licensee continues to distribute and/or communicate the Work.
+
+Legal Protection: This Licence does not grant permission to use the trade names,
+trademarks, service marks, or names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the copyright notice.
+
+
+
+## 6. Chain of Authorship
+
+The original Licensor warrants that the copyright in the Original Work granted
+hereunder is owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each Contributor warrants that the copyright in the modifications he/she brings
+to the Work are owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each time You accept the Licence, the original Licensor and subsequent
+Contributors grant You a licence to their contributions to the Work, under the
+terms of this Licence.
+
+
+
+## 7. Disclaimer of Warranty
+
+The Work is a work in progress, which is continuously improved by numerous
+contributors. It is not a finished work and may therefore contain defects or
+“bugs” inherent to this type of software development.
+
+For the above reason, the Work is provided under the Licence on an “as is” basis
+and without warranties of any kind concerning the Work, including without
+limitation merchantability, fitness for a particular purpose, absence of defects
+or errors, accuracy, non-infringement of intellectual property rights other than
+copyright as stated in Article 6 of this Licence.
+
+This disclaimer of warranty is an essential part of the Licence and a condition
+for the grant of any rights to the Work.
+
+
+
+## 8. Disclaimer of Liability
+
+Except in the cases of wilful misconduct or damages directly caused to natural
+persons, the Licensor will in no event be liable for any direct or indirect,
+material or moral, damages of any kind, arising out of the Licence or of the use
+of the Work, including without limitation, damages for loss of goodwill, work
+stoppage, computer failure or malfunction, loss of data or any commercial
+damage, even if the Licensor has been advised of the possibility of such
+damage. However, the Licensor will be liable under statutory product liability
+laws as far such laws apply to the Work.
+
+
+
+## 9. Additional agreements
+
+While distributing the Original Work or Derivative Works, You may choose to
+conclude an additional agreement to offer, and charge a fee for, acceptance of
+support, warranty, indemnity, or other liability obligations and/or services
+consistent with this Licence. However, in accepting such obligations, You may
+act only on your own behalf and on your sole responsibility, not on behalf of
+the original Licensor or any other Contributor, and only if You agree to
+indemnify, defend, and hold each Contributor harmless for any liability incurred
+by, or claims asserted against such Contributor by the fact You have accepted
+any such warranty or additional liability.
+
+
+
+## 10. Acceptance of the Licence
+
+The provisions of this Licence can be accepted by clicking on an icon “I agree”
+placed under the bottom of a window displaying the text of this Licence or by
+affirming consent in any other similar way, in accordance with the rules of
+applicable law. Clicking on that icon indicates your clear and irrevocable
+acceptance of this Licence and all of its terms and conditions.
+
+Similarly, you irrevocably accept this Licence and all of its terms and
+conditions by exercising any rights granted to You by Article 2 of this Licence,
+such as the use of the Work, the creation by You of a Derivative Work or the
+Distribution and/or Communication by You of the Work or copies thereof.
+
+
+
+## 11. Information to the public
+
+In case of any Distribution and/or Communication of the Work by means of
+electronic communication by You (for example, by offering to download the Work
+from a remote location) the distribution channel or media (for example, a
+website) must at least provide to the public the information requested by the
+applicable law regarding the Licensor, the Licence and the way it may be
+accessible, concluded, stored and reproduced by the Licensee.
+
+
+
+## 12. Termination of the Licence
+
+The Licence and the rights granted hereunder will terminate automatically upon
+any breach by the Licensee of the terms of the Licence.
+
+Such a termination will not terminate the licences of any person who has
+received the Work from the Licensee under the Licence, provided such persons
+remain in full compliance with the Licence.
+
+
+
+## 13. Miscellaneous
+
+Without prejudice of Article 9 above, the Licence represents the complete
+agreement between the Parties as to the Work licensed hereunder.
+
+If any provision of the Licence is invalid or unenforceable under applicable
+law, this will not affect the validity or enforceability of the Licence as a
+whole. Such provision will be construed and/or reformed so as necessary to make
+it valid and enforceable.
+
+The European Commission may publish other linguistic versions and/or new
+versions of this Licence, so far this is required and reasonable, without
+reducing the scope of the rights granted by the Licence. New versions of the
+Licence will be published with a unique version number.
+
+All linguistic versions of this Licence, approved by the European Commission,
+have identical value. Parties can take advantage of the linguistic version of
+their choice.
+
+
+
+## 14. Jurisdiction
+
+Any litigation resulting from the interpretation of this License, arising
+between the European Commission, as a Licensor, and any Licensee, will be
+subject to the jurisdiction of the Court of Justice of the European Communities,
+as laid down in article 238 of the Treaty establishing the European Community.
+
+Any litigation arising between Parties, other than the European Commission, and
+resulting from the interpretation of this License, will be subject to the
+exclusive jurisdiction of the competent court where the Licensor resides or
+conducts its primary business.
+
+
+
+## 15. Applicable Law
+
+This Licence shall be governed by the law of the European Union country where
+the Licensor resides or has his registered office.
+
+This licence shall be governed by the Belgian law if:
+
+- a litigation arises between the European Commission, as a Licensor, and any
+- Licensee; the Licensor, other than the European Commission, has no residence
+- or registered office inside a European Union country.
+
+
+
+## Appendix
+
+
+
+“Compatible Licences” according to article 5 EUPL are:
+
+
+- GNU General Public License (GNU GPL) v. 2
+
+- Open Software License (OSL) v. 2.1, v. 3.0
+
+- Common Public License v. 1.0
+
+- Eclipse Public License v. 1.0
+
+- Cecill v. 2.0
+
diff --git a/README.md b/README.md
index d16af03..9df9587 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,71 @@
-# authorization-utils
+# Authorization utils
+
+This library provides facilities to deal with different authorization tokens
+
+## Built With
+
+* [OpenJDK](https://openjdk.java.net/) - The JDK used
+* [Maven](https://maven.apache.org/) - Dependency Management
+
+## Documentation
+
+N/A
+
+## Change log
+
+See [Releases](https://code-repo.d4science.org/gCubeSystem/gcat/releases).
+
+## Authors
+
+* **Luca Frosini** ([ORCID](https://orcid.org/0000-0003-3183-2291)) - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience)
+
+## How to Cite this Software
+
+Tell people how to cite this software.
+* Cite an associated paper?
+* Use a specific BibTeX entry for the software?
+
+
+ @Manual{,
+ title = {Authorization Utils},
+ author = {{Frosini, Luca}},
+ organization = {ISTI - CNR},
+ address = {Pisa, Italy},
+ year = 2021,
+ url = {http://www.gcube-system.org/}
+ }
+
+## License
+
+This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
+
+
+## About the gCube Framework
+This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
+open-source software toolkit used for building and operating Hybrid Data
+Infrastructures enabling the dynamic deployment of Virtual Research Environments
+by favouring the realisation of reuse oriented policies.
+
+The projects leading to this software have received funding from a series of European Union programmes including:
+
+- the Sixth Framework Programme for Research and Technological Development
+ - DILIGENT (grant no. 004260).
+- the Seventh Framework Programme for research, technological development and demonstration
+ - D4Science (grant no. 212488);
+ - D4Science-II (grant no.239019);
+ - ENVRI (grant no. 283465);
+ - iMarine(grant no. 283644);
+ - EUBrazilOpenBio (grant no. 288754).
+- the H2020 research and innovation programme
+ - SoBigData (grant no. 654024);
+ - PARTHENOS (grant no. 654119);
+ - EGIEngage (grant no. 654142);
+ - ENVRIplus (grant no. 654182);
+ - BlueBRIDGE (grant no. 675680);
+ - PerformFish (grant no. 727610);
+ - AGINFRAplus (grant no. 731001);
+ - DESIRA (grant no. 818194);
+ - ARIADNEplus (grant no. 823914);
+ - RISIS2 (grant no. 824091);
+
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..d29855b
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,49 @@
+
+ 4.0.0
+
+ org.gcube.tools
+ maven-parent
+ 1.1.0
+
+
+ org.gcube.common
+ authorization-utils
+ 1.0.0-SNAPSHOT
+
+
+ UTF-8
+
+
+
+ scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git
+ scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git
+ https://code-repo.d4science.org/gCubeSystem/${project.artifactId}
+
+
+
+
+
+ org.gcube.distribution
+ gcube-bom
+ 2.1.0-SNAPSHOT
+ pom
+ import
+
+
+
+
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.gcube.common
+ authorization-client
+
+
+
+
+
\ No newline at end of file
diff --git a/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java b/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java
new file mode 100644
index 0000000..e98a256
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java
@@ -0,0 +1,53 @@
+package org.gcube.common.authorization.utils.manager;
+
+import java.util.Collection;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+import org.gcube.common.authorization.utils.secret.Secret;
+
+public class SecretHolder {
+
+ private SortedSet authorizationSecrets;
+
+ public SecretHolder() {
+ this.authorizationSecrets = new TreeSet();
+ }
+
+ public SecretHolder(Collection authorizationSecrets) {
+ this.authorizationSecrets = new TreeSet(authorizationSecrets);
+ }
+
+ public void addAuthorizationSecret(Secret authorizationSecret) {
+ if(authorizationSecret!=null) {
+ authorizationSecrets.add(authorizationSecret);
+ }
+ }
+
+ public SortedSet getAuthorizationSecrets() {
+ return authorizationSecrets;
+ }
+
+ public String getUsername() {
+ for(Secret authorizationSecret : authorizationSecrets) {
+ try {
+ return authorizationSecret.getUsername();
+ }catch (Exception e) {
+ // trying the next one
+ }
+ }
+ return null;
+ }
+
+ public String getContext() {
+ for(Secret authorizationSecret : authorizationSecrets) {
+ try {
+ return authorizationSecret.getContext();
+ }catch (Exception e) {
+ // trying the next one
+ }
+ }
+ return null;
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java
new file mode 100644
index 0000000..405a6be
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java
@@ -0,0 +1,80 @@
+package org.gcube.common.authorization.utils.manager;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.gcube.common.authorization.utils.provider.SecretProvider;
+import org.gcube.common.authorization.utils.provider.ClientIDSecretProvider;
+import org.gcube.common.authorization.utils.provider.GCubeSecretProvider;
+import org.gcube.common.authorization.utils.secret.Secret;
+import org.gcube.common.authorization.utils.secret.JWTSecret;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class SecretManager {
+
+ public static final InheritableThreadLocal instance = new InheritableThreadLocal() {
+
+ @Override
+ protected SecretManager initialValue() {
+ return new SecretManager();
+ }
+
+ };
+
+ private List authorizationSecretProviders;
+ private SecretHolder secretHolder;
+
+ private SecretManager(){
+ authorizationSecretProviders = new ArrayList<>();
+ secretHolder = new SecretHolder();
+ }
+
+ public List getAuthorizationSecretProviders(){
+ if(authorizationSecretProviders == null) {
+ authorizationSecretProviders = new ArrayList<>();
+
+ @SuppressWarnings("unchecked")
+ Class[] classes = new Class[]{
+ JWTSecret.class, GCubeSecretProvider.class, ClientIDSecretProvider.class
+ };
+
+ for(Class clz : classes) {
+ try {
+ SecretProvider authorizationSecretProvider = clz.newInstance();
+ addAuthorizationSecretProvider(authorizationSecretProvider);
+ } catch (Exception e) {
+
+ }
+ }
+ }
+ return authorizationSecretProviders;
+ }
+
+ public void addAuthorizationSecretProvider(SecretProvider authorizationSecretProvider) {
+ authorizationSecretProviders.add(authorizationSecretProvider);
+ Secret authorizationSecret = authorizationSecretProvider.getAuthorizationSecret();
+ secretHolder.addAuthorizationSecret(authorizationSecret);
+ }
+
+ public void startSession(Secret authorizationSecrets) throws Exception {
+ authorizationSecrets.set();
+ }
+
+ public void startSession(Collection authorizationSecrets) throws Exception {
+ setAll(authorizationSecrets);
+ }
+
+ public void endSession() throws Exception {
+ setAll(secretHolder.getAuthorizationSecrets());
+ }
+
+ private void setAll(Collection authorizationSecrets) throws Exception {
+ for(Secret authorizationSecret : authorizationSecrets) {
+ authorizationSecret.set();
+ }
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java
new file mode 100644
index 0000000..860881f
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java
@@ -0,0 +1,16 @@
+package org.gcube.common.authorization.utils.provider;
+
+import org.gcube.common.authorization.utils.secret.Secret;
+import org.gcube.common.authorization.utils.secret.ClienIDSecret;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class ClientIDSecretProvider implements SecretProvider {
+
+ @Override
+ public Secret getAuthorizationSecret() {
+ return new ClienIDSecret("", "");
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java
new file mode 100644
index 0000000..4bcd56f
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java
@@ -0,0 +1,21 @@
+package org.gcube.common.authorization.utils.provider;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.utils.secret.Secret;
+import org.gcube.common.authorization.utils.secret.GCubeSecret;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class GCubeSecretProvider implements SecretProvider {
+
+ @Override
+ public Secret getAuthorizationSecret() {
+ String token = SecurityTokenProvider.instance.get();
+ if(token!=null) {
+ return new GCubeSecret(token);
+ }
+ return null;
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java
new file mode 100644
index 0000000..8833798
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java
@@ -0,0 +1,21 @@
+package org.gcube.common.authorization.utils.provider;
+
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.authorization.utils.secret.Secret;
+import org.gcube.common.authorization.utils.secret.JWTSecret;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class JWTSecretProvider implements SecretProvider {
+
+ @Override
+ public Secret getAuthorizationSecret() {
+ String token = AccessTokenProvider.instance.get();
+ if(token!=null) {
+ return new JWTSecret(token);
+ }
+ return null;
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java
new file mode 100644
index 0000000..b676669
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java
@@ -0,0 +1,12 @@
+package org.gcube.common.authorization.utils.provider;
+
+import org.gcube.common.authorization.utils.secret.Secret;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public interface SecretProvider {
+
+ public Secret getAuthorizationSecret();
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java
new file mode 100644
index 0000000..46587f1
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java
@@ -0,0 +1,64 @@
+package org.gcube.common.authorization.utils.secret;
+
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class ClienIDSecret extends Secret {
+
+ protected String clientID;
+
+ public ClienIDSecret(String clientID, String token) {
+ super(30, token);
+ this.clientID = clientID;
+ }
+
+ @Override
+ public void set() throws Exception {
+// TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, contextToAuthorise, null);
+// System.out.println(tr.getAccessToken());
+ }
+
+ @Override
+ public String getContext() throws Exception {
+ return null;
+ }
+
+ @Override
+ public String getUsername() throws Exception {
+ return clientID;
+ }
+
+ @Override
+ public Map getHTTPAuthorizationHeaders() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = super.hashCode();
+ result = prime * result + Objects.hash(clientID);
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ ClienIDSecret other = (ClienIDSecret) obj;
+ return Objects.equals(clientID, other.clientID);
+ }
+
+ @Override
+ public int compareTo(Secret obj) {
+ int res = super.compareTo(obj);
+ return res == 0 ? clientID.compareTo(clientID) : res;
+ }
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
new file mode 100644
index 0000000..3a1f8e6
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
@@ -0,0 +1,69 @@
+package org.gcube.common.authorization.utils.secret;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.gcube.common.authorization.client.Constants;
+import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.exception.AuthorizationException;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
+import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.utils.Caller;
+import org.gcube.common.scope.api.ScopeProvider;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class GCubeSecret extends Secret {
+
+ public static final String TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
+
+ @Override
+ protected void check(String token) throws AuthorizationException {
+ super.check(token);
+ if(!Pattern.matches(GCubeSecret.TOKEN_REGEX, token)) {
+ throw new AuthorizationException("The GUCBE token must comply with the regex " + TOKEN_REGEX);
+ }
+ }
+
+ public GCubeSecret(String token) {
+ super(20, token);
+ }
+
+ @Override
+ public void set() throws Exception {
+ SecurityTokenProvider.instance.set(token);
+ AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token);
+ ClientInfo clientInfo = authorizationEntry.getClientInfo();
+ logger.debug("User : {} - Type : {}", clientInfo.getId(), clientInfo.getType().name());
+ String qualifier = authorizationEntry.getQualifier();
+ Caller caller = new Caller(clientInfo, qualifier);
+ AuthorizationProvider.instance.set(caller);
+ ScopeProvider.instance.set(getContext());
+ }
+
+ protected ClientInfo getClientInfo() throws Exception {
+ return Constants.authorizationService().get(token).getClientInfo();
+ }
+
+ @Override
+ public String getContext() throws Exception {
+ return Constants.authorizationService().get(token).getContext();
+ }
+
+ @Override
+ public String getUsername() throws Exception {
+ return getClientInfo().getId();
+ }
+
+
+ @Override
+ public Map getHTTPAuthorizationHeaders() {
+ Map authorizationHeaders = new HashMap<>();
+ authorizationHeaders.put(org.gcube.common.authorization.client.Constants.TOKEN_HEADER_ENTRY, token);
+ return authorizationHeaders;
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
new file mode 100644
index 0000000..46fabfc
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
@@ -0,0 +1,42 @@
+package org.gcube.common.authorization.utils.secret;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public class JWTSecret extends Secret {
+
+ public JWTSecret(String token) {
+ super(10, token);
+ }
+
+ @Override
+ public void set() throws Exception {
+ AccessTokenProvider.instance.set(token);
+
+ }
+
+ @Override
+ public String getContext() throws Exception {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Map getHTTPAuthorizationHeaders() {
+ Map authorizationHeaders = new HashMap<>();
+ authorizationHeaders.put("Authorization", "Bearer " + token);
+ return authorizationHeaders;
+ }
+
+ @Override
+ public String getUsername() throws Exception {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java
new file mode 100644
index 0000000..80cc239
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java
@@ -0,0 +1,78 @@
+package org.gcube.common.authorization.utils.secret;
+
+import java.util.Map;
+import java.util.Objects;
+
+import org.gcube.common.authorization.library.exception.AuthorizationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @author Luca Frosini (ISTI - CNR)
+ */
+public abstract class Secret implements Comparable {
+
+ protected static final Logger logger = LoggerFactory.getLogger(Secret.class);
+
+ protected int priority;
+ protected String token;
+
+ protected void check(String token) throws AuthorizationException {
+ if(token == null) {
+ throw new AuthorizationException("token cannot be null");
+ }
+ if(token.compareTo("")==0) {
+ throw new AuthorizationException("token cannot be an empty string");
+ }
+ }
+
+ protected Secret(int priority, String token) {
+ this.priority = priority;
+ check(token);
+ this.token = token;
+ }
+
+ public String getToken() {
+ return token;
+ }
+
+ public abstract void set() throws Exception;
+
+ public abstract String getContext() throws Exception;
+
+ public abstract String getUsername() throws Exception;
+
+ public abstract Map getHTTPAuthorizationHeaders();
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(priority, token);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ Secret other = (Secret) obj;
+ return priority == other.priority && Objects.equals(token, other.token);
+ }
+
+ @Override
+ public int compareTo(Secret obj) {
+ if (this == obj) {
+ return 0;
+ }
+ if (obj == null) {
+ return priority;
+ }
+ if (getClass() != obj.getClass()) {
+ return priority;
+ }
+ return token.compareTo(obj.token);
+ }
+
+}