git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@122329 82a268e6-3cf1-43bd-a215-b396298e98cf

src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java

@@ -1,6 +1,5 @@
 package org.gcube.common.authorization.library;
 
-import java.util.ArrayList;
 import java.util.List;
 
 import javax.xml.bind.annotation.XmlAccessType;
@@ -9,6 +8,8 @@ import javax.xml.bind.annotation.XmlElementRef;
 import javax.xml.bind.annotation.XmlElementRefs;
 import javax.xml.bind.annotation.XmlRootElement;
 
+import org.gcube.common.authorization.library.policies.Policy;
+import org.gcube.common.authorization.library.provider.ClientInfo;
 import org.gcube.common.scope.api.ServiceMap;
 import org.gcube.common.scope.impl.DefaultServiceMap;
 
@@ -16,33 +17,23 @@ import org.gcube.common.scope.impl.DefaultServiceMap;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class AuthorizationEntry {
 
-	private String clientId;
-	private List<String> roles;
+	ClientInfo clientInfo;
 	private String context;
 	@XmlElementRefs({@XmlElementRef(type=DefaultServiceMap.class)})
 	private ServiceMap map;
-	private List<CalledService> bannedServices = new ArrayList<CalledService>();
+	private List<Policy> policies;
 	
 	protected AuthorizationEntry(){}
 	
-	public AuthorizationEntry(String clientId, List<String> roles, String context) {
+	public AuthorizationEntry(ClientInfo clientInfo, String context, List<Policy> policies) {
 		super();
-		this.clientId = clientId;
-		this.roles = roles;
+		this.clientInfo = clientInfo;
 		this.context = context;
-	}
-	
-	public AuthorizationEntry(String userName, List<String> roles, String context , List<CalledService> bannedServices) {
-		this(userName, roles, context);
-		this.bannedServices = bannedServices;
+		this.policies = policies;
 	}
 
-	public String getClientId() {
-		return clientId;
-	}
-
-	public List<String> getRoles() {
-		return roles;
+	public ClientInfo getClientInfo() {
+		return clientInfo;
 	}
 
 	public String getContext() {
@@ -52,28 +43,13 @@ public class AuthorizationEntry {
 	public ServiceMap getMap() {
 		return map;
 	}
-
-	
 	
 	public void setMap(ServiceMap map) {
 		this.map = map;
 	}
 
-	public List<CalledService> getBannedServices() {
-		return bannedServices;
-	}
-
-	public void setBannedServices(List<CalledService> bannedServices) {
-		this.bannedServices = bannedServices;
-	}
-
-	
-
-	@Override
-	public String toString() {
-		return "AuthorizationEntry [clientId=" + clientId + ", roles=" + roles
-				+ ", context=" + context + ", map=" + map + ", bannedServices="
-				+ bannedServices + "]";
+	public List<Policy> getPolicies() {
+		return policies;
 	}
 
 	@Override
@@ -81,12 +57,8 @@ public class AuthorizationEntry {
 		final int prime = 31;
 		int result = 1;
 		result = prime * result
-				+ ((bannedServices == null) ? 0 : bannedServices.hashCode());
-		result = prime * result
-				+ ((clientId == null) ? 0 : clientId.hashCode());
+				+ ((clientInfo == null) ? 0 : clientInfo.hashCode());
 		result = prime * result + ((context == null) ? 0 : context.hashCode());
-		result = prime * result + ((map == null) ? 0 : map.hashCode());
-		result = prime * result + ((roles == null) ? 0 : roles.hashCode());
 		return result;
 	}
 
@@ -99,34 +71,17 @@ public class AuthorizationEntry {
 		if (getClass() != obj.getClass())
 			return false;
 		AuthorizationEntry other = (AuthorizationEntry) obj;
-		if (bannedServices == null) {
-			if (other.bannedServices != null)
+		if (clientInfo == null) {
+			if (other.clientInfo != null)
 				return false;
-		} else if (!bannedServices.equals(other.bannedServices))
-			return false;
-		if (clientId == null) {
-			if (other.clientId != null)
-				return false;
-		} else if (!clientId.equals(other.clientId))
+		} else if (!clientInfo.equals(other.clientInfo))
 			return false;
 		if (context == null) {
 			if (other.context != null)
 				return false;
 		} else if (!context.equals(other.context))
 			return false;
-		if (map == null) {
-			if (other.map != null)
-				return false;
-		} else if (!map.equals(other.map))
-			return false;
-		if (roles == null) {
-			if (other.roles != null)
-				return false;
-		} else if (!roles.equals(other.roles))
-			return false;
 		return true;
 	}
 	
-	
-	
 }

src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java

@@ -4,7 +4,7 @@ import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
-import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.UserInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,7 +27,7 @@ public class AuthorizationInvocationHandler<T, I extends T> implements Invocatio
 	public Object invoke(Object proxy, Method method, 
 			Object[] args) throws Throwable {
 		log.trace("calling proxed method "+method.getName()+" on "+handledClass);
-		ClientInfo info = AuthorizationProvider.instance.get();
+		UserInfo info = AuthorizationProvider.instance.get();
 		//checkSubjectToQuota(info, method);
 		//checkIsAllowedFor(info, method);
 		return method.invoke(obj, args);

src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java

@@ -3,7 +3,7 @@ package org.gcube.common.authorization.library;
 import java.util.concurrent.Callable;
 
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
-import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.scope.api.ScopeProvider;
 
 
@@ -18,7 +18,7 @@ public class AuthorizedTasks {
 		
 		final String callScope = ScopeProvider.instance.get();
 		
-		final ClientInfo userCall = AuthorizationProvider.instance.get();
+		final UserInfo userCall = AuthorizationProvider.instance.get();
 		
 		return new Callable<V>() {
 			@Override
@@ -49,7 +49,7 @@ public class AuthorizedTasks {
 		
 		final String callScope = ScopeProvider.instance.get();
 		
-		final ClientInfo userCall = AuthorizationProvider.instance.get();
+		final UserInfo userCall = AuthorizationProvider.instance.get();
 		
 		return new Runnable() {
 			@Override

src/main/java/org/gcube/common/authorization/library/PolicyUtils.java

@@ -0,0 +1,49 @@
+package org.gcube.common.authorization.library;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.policies.Policy;
+import org.gcube.common.authorization.library.policies.PolicyType;
+import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
+import org.gcube.common.authorization.library.policies.User2ServicePolicy;
+import org.gcube.common.authorization.library.policies.UserEntity.UserEntityType;
+import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.ServiceIdentifier;
+import org.gcube.common.authorization.library.provider.ServiceInfo;
+import org.gcube.common.authorization.library.provider.UserInfo;
+
+/**
+ * 
+ * @author lucio lelii
+ *
+ */
+public class PolicyUtils {
+
+	public static List<Policy> getRetainedPolicies(ClientInfo client, List<Policy> policies){
+	
+		List<Policy> retainedPolicies = new ArrayList<Policy>();
+		
+		for (Policy policy: policies){
+			if ((client instanceof UserInfo && policy.getPolicyType()==PolicyType.USER && checkPolicy((UserInfo) client, (User2ServicePolicy)policy))
+					|| (client instanceof ServiceInfo && policy.getPolicyType()==PolicyType.SERVICE && checkPolicy((ServiceInfo) client, (Service2ServicePolicy)policy)))
+				retainedPolicies.add(policy);
+		}
+		return retainedPolicies;
+	}
+
+	private static boolean checkPolicy(UserInfo client, User2ServicePolicy policy) {
+		if (policy.getEntity().getType()== UserEntityType.USER)
+			return client.getId().equals(policy.getEntity().getIdentifier());
+		else 
+			return client.getRoles().contains(policy.getEntity().getIdentifier());
+	}
+	
+	private static boolean checkPolicy(ServiceInfo client, Service2ServicePolicy policy) {
+		ServiceIdentifier serviceId = client.getServiceIdentifier();
+		String policyAsString = policy.getClient().getAsString();
+		return policyAsString.equals("*") || policyAsString.equals(serviceId.getServiceClass()+":*") ||
+				policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":*") ||
+				policyAsString.equals(serviceId.getFullIdentifier());
+	}
+}

src/main/java/org/gcube/common/authorization/library/policies/EnvironmentPolicy.java

@@ -1,77 +0,0 @@
-package org.gcube.common.authorization.library.policies;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class EnvironmentPolicy extends Policy{
-	
-	private String environment;
-	private ServiceAccess service;
-		
-	
-	protected EnvironmentPolicy() {}
-
-	public EnvironmentPolicy(String environment, ServiceAccess service) {
-		super();
-		this.environment = environment;
-		this.service = service;
-	}
-
-	@Override
-	public PolicyType getPolicyType() {
-		return PolicyType.ENVIRONMENT;
-	}
-
-	@Override
-	public String getPolicyAsString() {
-		return service.getAsString();
-	}
-
-	public String getEnvironment() {
-		return environment;
-	}
-
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result
-				+ ((environment == null) ? 0 : environment.hashCode());
-		result = prime * result + ((service == null) ? 0 : service.hashCode());
-		return result;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj)
-			return true;
-		if (obj == null)
-			return false;
-		if (getClass() != obj.getClass())
-			return false;
-		EnvironmentPolicy other = (EnvironmentPolicy) obj;
-		if (environment == null) {
-			if (other.environment != null)
-				return false;
-		} else if (!environment.equals(other.environment))
-			return false;
-		if (service == null) {
-			if (other.service != null)
-				return false;
-		} else if (!service.equals(other.service))
-			return false;
-		return true;
-	}
-
-	@Override
-	public String toString() {
-		return "EnvironmentPolicy [environment=" + environment + ", service="
-				+ service + "]";
-	}
-	
-	
-	
-}

src/main/java/org/gcube/common/authorization/library/policies/PolicyType.java

@@ -2,7 +2,6 @@ package org.gcube.common.authorization.library.policies;
 
 public enum PolicyType {
 
-	ENVIRONMENT, 
 	SERVICE, 
 	USER
 }

src/main/java/org/gcube/common/authorization/library/policies/Role.java

@@ -0,0 +1,24 @@
+package org.gcube.common.authorization.library.policies;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class Role extends UserEntity {
+	
+	protected Role() {
+		super();
+	}
+
+	public Role(String identifier) {
+		super(identifier);
+	}
+
+	@Override
+	public UserEntityType getType() {
+		return UserEntityType.ROLE;
+	}
+
+}

src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java

@@ -6,19 +6,19 @@ import javax.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ServicePolicy extends Policy{
+public class Service2ServicePolicy extends Policy{
 	
-	private String clientID;
-	private String environment;
+	private ServiceAccess client;
+	private String context;
 	private ServiceAccess serviceAccess;
 
-	protected ServicePolicy(){}
+	protected Service2ServicePolicy(){}
 	
-	public ServicePolicy(String environment, ServiceAccess serviceAccess,
-			String clientID) {
-		this.environment = environment;
+	public Service2ServicePolicy(String context, ServiceAccess serviceAccess,
+			ServiceAccess client) {
+		this.context = context;
 		this.serviceAccess = serviceAccess;
-		this.clientID = clientID;
+		this.client = client;
 	}
 
 	@Override
@@ -28,15 +28,15 @@ public class ServicePolicy extends Policy{
 
 	@Override
 	public String getPolicyAsString() {
-		return serviceAccess.getAsString();
+		return this.context+","+serviceAccess.getAsString()+","+serviceAccess.getAsString();
 	}
 
-	public String getClientID() {
-		return clientID;
+	public ServiceAccess getClient() {
+		return client;
 	}
 
-	public String getEnvironment() {
-		return environment;
+	public String getContext() {
+		return context;
 	}
 
 	public ServiceAccess getServiceAccess() {
@@ -47,10 +47,9 @@ public class ServicePolicy extends Policy{
 	public int hashCode() {
 		final int prime = 31;
 		int result = 1;
+		result = prime * result + ((client == null) ? 0 : client.hashCode());
 		result = prime * result
-				+ ((clientID == null) ? 0 : clientID.hashCode());
-		result = prime * result
-				+ ((environment == null) ? 0 : environment.hashCode());
+				+ ((context == null) ? 0 : context.hashCode());
 		result = prime * result
 				+ ((serviceAccess == null) ? 0 : serviceAccess.hashCode());
 		return result;
@@ -64,16 +63,16 @@ public class ServicePolicy extends Policy{
 			return false;
 		if (getClass() != obj.getClass())
 			return false;
-		ServicePolicy other = (ServicePolicy) obj;
-		if (clientID == null) {
-			if (other.clientID != null)
+		Service2ServicePolicy other = (Service2ServicePolicy) obj;
+		if (client == null) {
+			if (other.client != null)
 				return false;
-		} else if (!clientID.equals(other.clientID))
+		} else if (!client.equals(other.client))
 			return false;
-		if (environment == null) {
-			if (other.environment != null)
+		if (context == null) {
+			if (other.context != null)
 				return false;
-		} else if (!environment.equals(other.environment))
+		} else if (!context.equals(other.context))
 			return false;
 		if (serviceAccess == null) {
 			if (other.serviceAccess != null)
@@ -85,9 +84,10 @@ public class ServicePolicy extends Policy{
 
 	@Override
 	public String toString() {
-		return "ServicePolicy [clientID=" + clientID + ", environment="
-				+ environment + ", serviceAccess=" + serviceAccess + "]";
+		return "Service2ServicePolicy [client=" + client + ", environment="
+				+ context + ", serviceAccess=" + serviceAccess + "]";
 	}
+
 	
 	
 }

src/main/java/org/gcube/common/authorization/library/policies/User.java

@@ -0,0 +1,24 @@
+package org.gcube.common.authorization.library.policies;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class User extends UserEntity {
+	
+	protected User() {
+		super();
+	}
+
+	public User(String identifier) {
+		super(identifier);
+	}
+
+	@Override
+	public UserEntityType getType() {
+		return UserEntityType.USER;
+	}
+
+}

src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java

@@ -6,22 +6,23 @@ import javax.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
-public class UserPolicy extends Policy {
+public class User2ServicePolicy extends Policy {
 
-	private String clientID;
-	private String environment;
+	
+	private UserEntity entity;
+	private String context;
 	private ServiceAccess serviceAccess;
 	
-	protected UserPolicy(){}
+	protected User2ServicePolicy(){}
 	
-	public UserPolicy(String environment, ServiceAccess serviceAccess, String clientID) {
-		this.environment = environment;
+	public User2ServicePolicy(String context, ServiceAccess serviceAccess, UserEntity entity) {
+		this.context = context;
 		this.serviceAccess = serviceAccess;
-		this.clientID = clientID;
+		this.entity = entity;
 	}
 
-	public String getClientID() {
-		return clientID;
+	public UserEntity getEntity() {
+		return entity;
 	}
 	
 	@Override
@@ -31,21 +32,20 @@ public class UserPolicy extends Policy {
 
 	@Override
 	public String getPolicyAsString() {
-		return serviceAccess.getAsString();
+		return this.context+","+serviceAccess.getAsString()+","+entity.getAsString();
 	}
 
-	public String getEnvironment() {
-		return environment;
+	public String getContext() {
+		return context;
 	}
 
 	@Override
 	public int hashCode() {
 		final int prime = 31;
 		int result = 1;
+		result = prime * result + ((entity == null) ? 0 : entity.hashCode());
 		result = prime * result
-				+ ((clientID == null) ? 0 : clientID.hashCode());
-		result = prime * result
-				+ ((environment == null) ? 0 : environment.hashCode());
+				+ ((context == null) ? 0 : context.hashCode());
 		result = prime * result
 				+ ((serviceAccess == null) ? 0 : serviceAccess.hashCode());
 		return result;
@@ -59,16 +59,16 @@ public class UserPolicy extends Policy {
 			return false;
 		if (getClass() != obj.getClass())
 			return false;
-		UserPolicy other = (UserPolicy) obj;
-		if (clientID == null) {
-			if (other.clientID != null)
+		User2ServicePolicy other = (User2ServicePolicy) obj;
+		if (entity == null) {
+			if (other.entity != null)
 				return false;
-		} else if (!clientID.equals(other.clientID))
+		} else if (!entity.equals(other.entity))
 			return false;
-		if (environment == null) {
-			if (other.environment != null)
+		if (context == null) {
+			if (other.context != null)
 				return false;
-		} else if (!environment.equals(other.environment))
+		} else if (!context.equals(other.context))
 			return false;
 		if (serviceAccess == null) {
 			if (other.serviceAccess != null)
@@ -80,8 +80,8 @@ public class UserPolicy extends Policy {
 
 	@Override
 	public String toString() {
-		return "UserPolicy [clientID=" + clientID + ", environment="
-				+ environment + ", serviceAccess=" + serviceAccess + "]";
+		return "User2ServicePolicy [entity=" + entity + ", environment="
+				+ context + ", serviceAccess=" + serviceAccess + "]";
 	}
 	
 }

src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java

@@ -0,0 +1,67 @@
+package org.gcube.common.authorization.library.policies;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlSeeAlso({User.class,Role.class})
+public abstract class UserEntity {
+
+	private String identifier;
+	
+	public enum UserEntityType {
+		ROLE , USER
+	}
+	
+	protected UserEntity() {
+		super();
+	}
+
+	public UserEntity(String identifier) {
+		super();
+		this.identifier = identifier;
+	}
+
+	public String getIdentifier(){
+		return identifier;
+	}
+
+	public abstract UserEntityType getType();
+	
+	public final String getAsString() {
+		return this.getType()+":"+this.identifier;
+	}
+	
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = 1;
+		result = prime * result
+				+ ((identifier == null) ? 0 : identifier.hashCode());
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (obj == null)
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		UserEntity other = (UserEntity) obj;
+		if (identifier == null) {
+			if (other.identifier != null)
+				return false;
+		} else if (!identifier.equals(other.identifier))
+			return false;
+		return true;
+	}
+
+	
+	
+	
+}

src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java

@@ -11,10 +11,10 @@ public class AuthorizationProvider {
 	private static Logger logger = LoggerFactory.getLogger(AuthorizationProvider.class);
 	
 	// Thread local variable containing each thread's ID
-    private static final InheritableThreadLocal<ClientInfo> threadAuth =
-        new InheritableThreadLocal<ClientInfo>() {
+    private static final InheritableThreadLocal<UserInfo> threadAuth =
+        new InheritableThreadLocal<UserInfo>() {
     	    	
-    	@Override protected ClientInfo initialValue() {
+    	@Override protected UserInfo initialValue() {
                 return null;
         }
     	
@@ -22,13 +22,13 @@ public class AuthorizationProvider {
 	
 	private AuthorizationProvider(){}
     
-	public ClientInfo get(){
-		ClientInfo info = threadAuth.get();
+	public UserInfo get(){
+		UserInfo info = threadAuth.get();
 		logger.trace("getting "+info+" in thread "+Thread.currentThread().getId() );
 		return info;
 	}
 	
-	public void set(ClientInfo authorizationToken){
+	public void set(UserInfo authorizationToken){
 		threadAuth.set(authorizationToken);
 		logger.trace("setting "+authorizationToken+" in thread "+Thread.currentThread().getId() );
 	}

src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java

@@ -1,89 +1,21 @@
 package org.gcube.common.authorization.library.provider;
 
-import java.util.Collections;
 import java.util.List;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
-
-import org.gcube.common.authorization.library.policies.Policy;
-
+import javax.xml.bind.annotation.XmlSeeAlso;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ClientInfo {
+@XmlSeeAlso(value={UserInfo.class, ServiceInfo.class})
+public abstract class ClientInfo {
 
-	private String clientId;
-	private List<String> roles = Collections.emptyList();
-	private List<Policy> policies;
-	
-	protected ClientInfo(){}
-	
-	public ClientInfo(String clientId, List<String> roles, List<Policy> policies) {
-		super();
-		this.clientId = clientId;
-		this.roles = roles;
-		this.policies = policies;
-	}
-	
-	public String getClientId() {
-		return clientId;
-	}
-	public List<Policy> getPolicies() {
-		return policies;
-	}
-	/*
-	public boolean isTokenBannedForService(BannedService service){
-		return (bannedServices.contains(service));
-	}*/
+	public abstract String getId();
+		
+	public abstract List<String> getRoles();
 
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result
-				+ ((clientId == null) ? 0 : clientId.hashCode());
-		result = prime * result
-				+ ((policies == null) ? 0 : policies.hashCode());
-		result = prime * result + ((roles == null) ? 0 : roles.hashCode());
-		return result;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj)
-			return true;
-		if (obj == null)
-			return false;
-		if (getClass() != obj.getClass())
-			return false;
-		ClientInfo other = (ClientInfo) obj;
-		if (clientId == null) {
-			if (other.clientId != null)
-				return false;
-		} else if (!clientId.equals(other.clientId))
-			return false;
-		if (policies == null) {
-			if (other.policies != null)
-				return false;
-		} else if (!policies.equals(other.policies))
-			return false;
-		if (roles == null) {
-			if (other.roles != null)
-				return false;
-		} else if (!roles.equals(other.roles))
-			return false;
-		return true;
-	}
-
-	@Override
-	public String toString() {
-		return "ClientInfo [clientId=" + clientId + ", roles=" + roles
-				+ ", policies=" + policies + "]";
-	}
-	
-	
 	
 	
 }

src/main/java/org/gcube/common/authorization/library/provider/ServiceIdentifier.java

@@ -0,0 +1,84 @@
+package org.gcube.common.authorization.library.provider;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ServiceIdentifier {
+
+	private String serviceClass;
+	private String serviceName;
+	private String serviceId;
+	
+	public ServiceIdentifier() {}
+
+	public ServiceIdentifier(String serviceClass, String serviceName, String serviceId) {
+		super();
+		this.serviceClass = serviceClass;
+		this.serviceName = serviceName;
+		this.serviceId = serviceId;
+	}
+
+	public String getServiceClass() {
+		return serviceClass;
+	}
+
+	public String getServiceName() {
+		return serviceName;
+	}
+
+	public String getServiceId() {
+		return serviceId;
+	}
+	
+	public String getFullIdentifier(){
+		return getIdentifier(serviceClass, serviceName, serviceId);
+	}
+
+	public static String getIdentifier(String serviceClass, String serviceName, String serviceId){
+		return serviceClass+":"+serviceName+":"+serviceId;
+	}
+	
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = 1;
+		result = prime * result
+				+ ((serviceClass == null) ? 0 : serviceClass.hashCode());
+		result = prime * result
+				+ ((serviceId == null) ? 0 : serviceId.hashCode());
+		result = prime * result
+				+ ((serviceName == null) ? 0 : serviceName.hashCode());
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (obj == null)
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		ServiceIdentifier other = (ServiceIdentifier) obj;
+		if (serviceClass == null) {
+			if (other.serviceClass != null)
+				return false;
+		} else if (!serviceClass.equals(other.serviceClass))
+			return false;
+		if (serviceId == null) {
+			if (other.serviceId != null)
+				return false;
+		} else if (!serviceId.equals(other.serviceId))
+			return false;
+		if (serviceName == null) {
+			if (other.serviceName != null)
+				return false;
+		} else if (!serviceName.equals(other.serviceName))
+			return false;
+		return true;
+	}
+		
+}

src/main/java/org/gcube/common/authorization/library/provider/ServiceInfo.java

@@ -0,0 +1,67 @@
+package org.gcube.common.authorization.library.provider;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ServiceInfo extends ClientInfo{
+
+	ServiceIdentifier serviceIdentifier;
+	
+	protected ServiceInfo() {}
+
+	public ServiceInfo(ServiceIdentifier serviceIdentifier) {
+		super();
+		this.serviceIdentifier = serviceIdentifier;
+	}
+
+	@Override
+	public String getId() {
+		return serviceIdentifier.getFullIdentifier();
+	}
+
+	public ServiceIdentifier getServiceIdentifier() {
+		return serviceIdentifier;
+	}
+
+	@Override
+	public List<String> getRoles() {
+		return Collections.emptyList();
+	}
+
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = 1;
+		result = prime
+				* result
+				+ ((serviceIdentifier == null) ? 0 : serviceIdentifier
+						.hashCode());
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (obj == null)
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		ServiceInfo other = (ServiceInfo) obj;
+		if (serviceIdentifier == null) {
+			if (other.serviceIdentifier != null)
+				return false;
+		} else if (!serviceIdentifier.equals(other.serviceIdentifier))
+			return false;
+		return true;
+	}
+
+	
+	
+}

src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java

@@ -0,0 +1,74 @@
+package org.gcube.common.authorization.library.provider;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class UserInfo extends ClientInfo {
+
+	private String clientId;
+	private List<String> roles = Collections.emptyList();
+	
+	protected UserInfo(){}
+	
+	public UserInfo(String clientId, List<String> roles) {
+		super();
+		this.clientId = clientId;
+		this.roles = roles;
+	}
+	
+
+	@Override
+	public String getId() {
+		return clientId;
+	}
+
+	@Override
+	public List<String> getRoles() {
+		return roles;
+	}
+
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = 1;
+		result = prime * result
+				+ ((clientId == null) ? 0 : clientId.hashCode());
+		result = prime * result + ((roles == null) ? 0 : roles.hashCode());
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (obj == null)
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		UserInfo other = (UserInfo) obj;
+		if (clientId == null) {
+			if (other.clientId != null)
+				return false;
+		} else if (!clientId.equals(other.clientId))
+			return false;
+		if (roles == null) {
+			if (other.roles != null)
+				return false;
+		} else if (!roles.equals(other.roles))
+			return false;
+		return true;
+	}
+
+	@Override
+	public String toString() {
+		return "UserInfo [clientId=" + clientId + ", roles=" + roles + "]";
+	}
+		
+}

src/test/java/org/gcube/common/authorization/library/binder/AuthorizationEntryBinder.java

@@ -2,6 +2,7 @@ package org.gcube.common.authorization.library.binder;
 
 import java.io.StringReader;
 import java.io.StringWriter;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -9,6 +10,8 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.policies.Policy;
+import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.scope.impl.DefaultServiceMap;
 import org.junit.Assert;
 import org.junit.Test;
@@ -23,7 +26,7 @@ public class AuthorizationEntryBinder {
 	public void bind() throws Exception{
 		JAXBContext context = getContext();
 		StringWriter sw = new StringWriter();
-		AuthorizationEntry ae1 = new AuthorizationEntry("clientId", null, "scope");
+		AuthorizationEntry ae1 = new AuthorizationEntry(new UserInfo("lucio.lelii", new ArrayList<String>()), "scope", new ArrayList<Policy>());
 		Map<String, String> services = new HashMap<String, String>();
 		services.put("service", "endpoint");
 		ae1.setMap(new DefaultServiceMap("scope","versione", services ));

src/test/java/org/gcube/common/authorization/library/policies/SerializationTest.java

@@ -15,33 +15,26 @@ public class SerializationTest {
 	
 	@BeforeClass
 	public static void before() throws Exception{
-		 context = JAXBContext.newInstance(EnvironmentPolicy.class, UserPolicy.class, ServicePolicy.class);
-	}
-	
-	@Test
-	public void serializeEnvironmentPolicy() throws Exception{
-		EnvironmentPolicy ep = new EnvironmentPolicy("/gcube", new ServiceAccess());
-		StringWriter sw = new StringWriter();
-		context.createMarshaller().marshal(ep, sw);
-		EnvironmentPolicy epCopy = (EnvironmentPolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
-		Assert.assertEquals(ep, epCopy);
+		 context = JAXBContext.newInstance(User2ServicePolicy.class, Service2ServicePolicy.class);
 	}
 	
 	@Test
 	public void serializeUserPolicy() throws Exception{
-		UserPolicy up = new UserPolicy("/gcube", new ServiceAccess("ServiceName", "ServiceClass","serviceID"), "userID");
+		User2ServicePolicy up = new User2ServicePolicy("/gcube", new ServiceAccess("ServiceName", "ServiceClass","serviceID"), new User("userID"));
 		StringWriter sw = new StringWriter();
 		context.createMarshaller().marshal(up, sw);
-		UserPolicy upCopy = (UserPolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
+		User2ServicePolicy upCopy = (User2ServicePolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
+		System.out.println(upCopy.getPolicyAsString());
 		Assert.assertEquals(up, upCopy);
 	}
 	
 	@Test
 	public void serializeServicePolicy() throws Exception{
-		ServicePolicy sp = new ServicePolicy("/gcube", new ServiceAccess("ServiceName","ServiceClass"),"ServiceName:ServiceClass");
+		Service2ServicePolicy sp = new Service2ServicePolicy("/gcube", new ServiceAccess("ServiceName","ServiceClass"),new ServiceAccess("ServiceName2", "ServiceClass2"));
 		StringWriter sw = new StringWriter();
 		context.createMarshaller().marshal(sp, sw);
-		ServicePolicy spCopy = (ServicePolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
+		Service2ServicePolicy spCopy = (Service2ServicePolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
+		System.out.println(spCopy.getPolicyAsString());
 		Assert.assertEquals(sp, spCopy);
 	}
 }