Removed -SNAPSHOT to release the component

set gcube-bom 2.1.0-SNAPSHOT

.classpath

@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="test" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="test" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="src" path="target/generated-sources">
-		<attributes>
-			<attribute name="optional" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>

.gitignore

@@ -0,0 +1,3 @@
+/target/
+/.classpath
+/bin/

.settings/.gitignore

@@ -0,0 +1,3 @@
+/org.eclipse.core.resources.prefs
+/org.eclipse.jdt.core.prefs
+/org.eclipse.m2e.core.prefs

CHANGELOG.md

@@ -0,0 +1,157 @@
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+# Changelog for Common Smartgears
+
+## [v3.1.6]
+
+- Added Linux distribution version [#22933]
+
+## [v3.1.5] - 2022-04-20
+
+- Added roles to ExternalService Info on request handler verification
+
+## [v3.1.4] - 2022-03-29
+
+- fixes issue [#23075]
+
+## [v3.1.3] - 2022-03-21
+
+- fixed bug on policies
+
+
+## [v3.1.2] - 2022-01-19
+
+- enabled policy check on smartgears
+- container configuration for test added
+
+## [v3.1.1] - 2021-09-29
+
+- minimal privilege granted also on empty resource_access in JWT token
+
+## [v3.1.0] - 2021-05-14
+
+- use of AccessTokenProvider
+- use gcube-jackson instead of minimal-json for access token parsing  [#21097]
+
+
+## [v3.0.2] - 2020-03-01
+
+- check if response  is already committed on error
+
+
+## [v3.0.1] - 2020-11-18
+
+- new Uma Token integration
+
+## [v3.0.0] - 2020-10-20
+
+- Switched container JSON management to gcube-jackson [#19283]
+
+## [v.2.2.0] - 2020-01-23
+
+- Multiple token are generated in the same call in place of one per call
+
+
+## [v.2.1.9] - 2019-11-08
+
+- Project adapted to be build with Jenkins
+
+
+## [v.2.1.8]  - 2019-05-27
+
+- Support oauth2 protocol accepting token in the auhtorization header field
+
+
+## [v.2.1.7]  - 2019-02-26
+
+- Added Proxy Address to Application Configuration
+- Added protocol to Container Configuration (http by default)
+- Changed the logs in accounting handler to log error or success and eventually error code
+
+
+## [v.2.1.5] - 2017-09-19
+
+- Added ThreadLocal InnerMethodName to set method name from application
+
+
+## [v.2.1.4] - 2017-07-25
+
+- Validation handler for application split in 2 different handlers: - ContextRetriever that set Token and Scope - RequestValidation that does all the required checks
+
+
+## [v.2.1.3] - 2017-06-06
+
+- Added gcube bom dependency
+- Search for handlers in the root classpath
+
+
+## [v.2.1.2]  - 2017-05-02
+
+- Modified the Authorization filter to accept also children scope when authorizeChildrenContext is enabled on ContianerConfiguration
+- Shutdown of Accounting thread added
+
+
+## [v.2.1.1] - 2017-03-16
+
+- Minor issue on filter exclusion fixed
+
+
+## [v.2.0.1] - 2016-12-15
+
+- Proxy configuration added
+- Solved a bug in events registration for ProfileManager
+- Added a scheduler for period update of GCoreEnpoints
+- Exclude modified to support exclude for sub-group of handlers
+
+
+## [v.2.0.0]  - 2016-11-07
+
+- Integration with Authorization 2.0
+
+
+## [v.1.2.7]  - 2016-05-18
+
+- Removed commons-io dependency [#2355]
+
+## [v.1.2.6]  - 2016-04-08
+
+- Added missing class for service loader of org.gcube.smartgears.handlers.container.ContainerHandler [#2474]
+- Added flush of accounting data [#1353]
+
+
+## [v.1.2.5]  - 2016-02-08
+
+- Enhanced accounting version
+
+
+## [v.1.2.4]  - 2015-12-09
+
+- Transparent accounting added on service calls
+
+
+## [v.1.2.3] - 2015-07-27
+
+- Authorization token control added
+- Added support to HTTP Basic authorization
+
+
+## [v.1.2.2] - 2015-04-27
+
+- Fixed available space information on ghn profile
+
+
+## [v.1.2.1] - 2014-02-13
+
+- Scopes can be removed from container
+- Node profile set to static
+- Internal adjustments for move to Java 7
+- Wildcard allowed in exclude directives
+- Domain corrected derived in gHN profile
+- Cleaner shutdown
+- Further improvement in shutdown handling
+
+
+## [v.1.0.0] - 2013-10-24
+
+- First Release
+

LICENSE.md

@@ -0,0 +1,312 @@
+# European Union Public Licence V. 1.1
+
+
+EUPL © the European Community 2007
+
+
+This European Union Public Licence (the “EUPL”) applies to the Work or Software
+(as defined below) which is provided under the terms of this Licence. Any use of
+the Work, other than as authorised under this Licence is prohibited (to the
+extent such use is covered by a right of the copyright holder of the Work).
+
+The Original Work is provided under the terms of this Licence when the Licensor
+(as defined below) has placed the following notice immediately following the
+copyright notice for the Original Work:
+
+Licensed under the EUPL V.1.1
+
+or has expressed by any other mean his willingness to license under the EUPL.
+
+
+
+## 1. Definitions
+
+In this Licence, the following terms have the following meaning:
+
+- The Licence: this Licence.
+
+- The Original Work or the Software: the software distributed and/or
+  communicated by the Licensor under this Licence, available as Source Code and
+  also as Executable Code as the case may be.
+
+- Derivative Works: the works or software that could be created by the Licensee,
+  based upon the Original Work or modifications thereof. This Licence does not
+  define the extent of modification or dependence on the Original Work required
+  in order to classify a work as a Derivative Work; this extent is determined by
+  copyright law applicable in the country mentioned in Article 15.
+
+- The Work: the Original Work and/or its Derivative Works.
+
+- The Source Code: the human-readable form of the Work which is the most
+  convenient for people to study and modify.
+
+- The Executable Code: any code which has generally been compiled and which is
+  meant to be interpreted by a computer as a program.
+
+- The Licensor: the natural or legal person that distributes and/or communicates
+  the Work under the Licence.
+
+- Contributor(s): any natural or legal person who modifies the Work under the
+  Licence, or otherwise contributes to the creation of a Derivative Work.
+
+- The Licensee or “You”: any natural or legal person who makes any usage of the
+  Software under the terms of the Licence.
+
+- Distribution and/or Communication: any act of selling, giving, lending,
+  renting, distributing, communicating, transmitting, or otherwise making
+  available, on-line or off-line, copies of the Work or providing access to its
+  essential functionalities at the disposal of any other natural or legal
+  person.
+
+
+
+## 2. Scope of the rights granted by the Licence
+
+The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
+sub-licensable licence to do the following, for the duration of copyright vested
+in the Original Work:
+
+- use the Work in any circumstance and for all usage, reproduce the Work, modify
+- the Original Work, and make Derivative Works based upon the Work, communicate
+- to the public, including the right to make available or display the Work or
+- copies thereof to the public and perform publicly, as the case may be, the
+- Work, distribute the Work or copies thereof, lend and rent the Work or copies
+- thereof, sub-license rights in the Work or copies thereof.
+
+Those rights can be exercised on any media, supports and formats, whether now
+known or later invented, as far as the applicable law permits so.
+
+In the countries where moral rights apply, the Licensor waives his right to
+exercise his moral right to the extent allowed by law in order to make effective
+the licence of the economic rights here above listed.
+
+The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
+any patents held by the Licensor, to the extent necessary to make use of the
+rights granted on the Work under this Licence.
+
+
+
+## 3. Communication of the Source Code
+
+The Licensor may provide the Work either in its Source Code form, or as
+Executable Code. If the Work is provided as Executable Code, the Licensor
+provides in addition a machine-readable copy of the Source Code of the Work
+along with each copy of the Work that the Licensor distributes or indicates, in
+a notice following the copyright notice attached to the Work, a repository where
+the Source Code is easily and freely accessible for as long as the Licensor
+continues to distribute and/or communicate the Work.
+
+
+
+## 4. Limitations on copyright
+
+Nothing in this Licence is intended to deprive the Licensee of the benefits from
+any exception or limitation to the exclusive rights of the rights owners in the
+Original Work or Software, of the exhaustion of those rights or of other
+applicable limitations thereto.
+
+
+
+## 5. Obligations of the Licensee
+
+The grant of the rights mentioned above is subject to some restrictions and
+obligations imposed on the Licensee. Those obligations are the following:
+
+Attribution right: the Licensee shall keep intact all copyright, patent or
+trademarks notices and all notices that refer to the Licence and to the
+disclaimer of warranties. The Licensee must include a copy of such notices and a
+copy of the Licence with every copy of the Work he/she distributes and/or
+communicates. The Licensee must cause any Derivative Work to carry prominent
+notices stating that the Work has been modified and the date of modification.
+
+Copyleft clause: If the Licensee distributes and/or communicates copies of the
+Original Works or Derivative Works based upon the Original Work, this
+Distribution and/or Communication will be done under the terms of this Licence
+or of a later version of this Licence unless the Original Work is expressly
+distributed only under this version of the Licence. The Licensee (becoming
+Licensor) cannot offer or impose any additional terms or conditions on the Work
+or Derivative Work that alter or restrict the terms of the Licence.
+
+Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
+Works or copies thereof based upon both the Original Work and another work
+licensed under a Compatible Licence, this Distribution and/or Communication can
+be done under the terms of this Compatible Licence. For the sake of this clause,
+“Compatible Licence” refers to the licences listed in the appendix attached to
+this Licence. Should the Licensee’s obligations under the Compatible Licence
+conflict with his/her obligations under this Licence, the obligations of the
+Compatible Licence shall prevail.
+
+Provision of Source Code: When distributing and/or communicating copies of the
+Work, the Licensee will provide a machine-readable copy of the Source Code or
+indicate a repository where this Source will be easily and freely available for
+as long as the Licensee continues to distribute and/or communicate the Work.
+
+Legal Protection: This Licence does not grant permission to use the trade names,
+trademarks, service marks, or names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the copyright notice.
+
+
+
+## 6. Chain of Authorship
+
+The original Licensor warrants that the copyright in the Original Work granted
+hereunder is owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each Contributor warrants that the copyright in the modifications he/she brings
+to the Work are owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each time You accept the Licence, the original Licensor and subsequent
+Contributors grant You a licence to their contributions to the Work, under the
+terms of this Licence.
+
+
+
+## 7. Disclaimer of Warranty
+
+The Work is a work in progress, which is continuously improved by numerous
+contributors. It is not a finished work and may therefore contain defects or
+“bugs” inherent to this type of software development.
+
+For the above reason, the Work is provided under the Licence on an “as is” basis
+and without warranties of any kind concerning the Work, including without
+limitation merchantability, fitness for a particular purpose, absence of defects
+or errors, accuracy, non-infringement of intellectual property rights other than
+copyright as stated in Article 6 of this Licence.
+
+This disclaimer of warranty is an essential part of the Licence and a condition
+for the grant of any rights to the Work.
+
+
+
+## 8. Disclaimer of Liability
+
+Except in the cases of wilful misconduct or damages directly caused to natural
+persons, the Licensor will in no event be liable for any direct or indirect,
+material or moral, damages of any kind, arising out of the Licence or of the use
+of the Work, including without limitation, damages for loss of goodwill, work
+stoppage, computer failure or malfunction, loss of data or any commercial
+damage, even if the Licensor has been advised of the possibility of such
+damage. However, the Licensor will be liable under statutory product liability
+laws as far such laws apply to the Work.
+
+
+
+## 9. Additional agreements
+
+While distributing the Original Work or Derivative Works, You may choose to
+conclude an additional agreement to offer, and charge a fee for, acceptance of
+support, warranty, indemnity, or other liability obligations and/or services
+consistent with this Licence. However, in accepting such obligations, You may
+act only on your own behalf and on your sole responsibility, not on behalf of
+the original Licensor or any other Contributor, and only if You agree to
+indemnify, defend, and hold each Contributor harmless for any liability incurred
+by, or claims asserted against such Contributor by the fact You have accepted
+any such warranty or additional liability.
+
+
+
+## 10. Acceptance of the Licence
+
+The provisions of this Licence can be accepted by clicking on an icon “I agree”
+placed under the bottom of a window displaying the text of this Licence or by
+affirming consent in any other similar way, in accordance with the rules of
+applicable law. Clicking on that icon indicates your clear and irrevocable
+acceptance of this Licence and all of its terms and conditions.
+
+Similarly, you irrevocably accept this Licence and all of its terms and
+conditions by exercising any rights granted to You by Article 2 of this Licence,
+such as the use of the Work, the creation by You of a Derivative Work or the
+Distribution and/or Communication by You of the Work or copies thereof.
+
+
+
+## 11. Information to the public
+
+In case of any Distribution and/or Communication of the Work by means of
+electronic communication by You (for example, by offering to download the Work
+from a remote location) the distribution channel or media (for example, a
+website) must at least provide to the public the information requested by the
+applicable law regarding the Licensor, the Licence and the way it may be
+accessible, concluded, stored and reproduced by the Licensee.
+
+
+
+## 12. Termination of the Licence
+
+The Licence and the rights granted hereunder will terminate automatically upon
+any breach by the Licensee of the terms of the Licence.
+
+Such a termination will not terminate the licences of any person who has
+received the Work from the Licensee under the Licence, provided such persons
+remain in full compliance with the Licence.
+
+
+
+## 13. Miscellaneous
+
+Without prejudice of Article 9 above, the Licence represents the complete
+agreement between the Parties as to the Work licensed hereunder.
+
+If any provision of the Licence is invalid or unenforceable under applicable
+law, this will not affect the validity or enforceability of the Licence as a
+whole. Such provision will be construed and/or reformed so as necessary to make
+it valid and enforceable.
+
+The European Commission may publish other linguistic versions and/or new
+versions of this Licence, so far this is required and reasonable, without
+reducing the scope of the rights granted by the Licence. New versions of the
+Licence will be published with a unique version number.
+
+All linguistic versions of this Licence, approved by the European Commission,
+have identical value. Parties can take advantage of the linguistic version of
+their choice.
+
+
+
+## 14. Jurisdiction
+
+Any litigation resulting from the interpretation of this License, arising
+between the European Commission, as a Licensor, and any Licensee, will be
+subject to the jurisdiction of the Court of Justice of the European Communities,
+as laid down in article 238 of the Treaty establishing the European Community.
+
+Any litigation arising between Parties, other than the European Commission, and
+resulting from the interpretation of this License, will be subject to the
+exclusive jurisdiction of the competent court where the Licensor resides or
+conducts its primary business.
+
+
+
+## 15. Applicable Law
+
+This Licence shall be governed by the law of the European Union country where
+the Licensor resides or has his registered office.
+
+This licence shall be governed by the Belgian law if:
+
+- a litigation arises between the European Commission, as a Licensor, and any
+- Licensee; the Licensor, other than the European Commission, has no residence
+- or registered office inside a European Union country.
+
+
+
+## Appendix
+
+
+
+“Compatible Licences” according to article 5 EUPL are:
+
+
+- GNU General Public License (GNU GPL) v. 2
+
+- Open Software License (OSL) v. 2.1, v. 3.0
+
+- Common Public License v. 1.0
+
+- Eclipse Public License v. 1.0
+
+- Cecill v. 2.0
+

README.md

@@ -0,0 +1,79 @@
+# Common Smartgears
+
+A core gCube library which empower a servlet container (e.g. tomcat) with a set of functionality such as:
+
+- node and application infrastructure registration
+- authorization
+- accounting
+
+
+## Built With
+
+* [OpenJDK](https://openjdk.java.net/) - The JDK used
+* [Maven](https://maven.apache.org/) - Dependency Management
+
+## Documentation
+
+[SmartGears](https://wiki.gcube-system.org/gcube/SmartGears)
+
+## Change log
+
+See [Releases](https://code-repo.d4science.org/gCubeSystem/common-smartgears/releases).
+
+## Authors
+
+* **Luca Frosini** ([ORCID](https://orcid.org/0000-0003-3183-2291)) - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience)
+* **Lucio Lelii** - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience)
+* **Fabio Simeoni** - FAO of the UN, Italy
+
+
+## How to Cite this Software
+
+Tell people how to cite this software. 
+* Cite an associated paper?
+* Use a specific BibTeX entry for the software?
+
+
+    @Manual{,
+        title = {Common Smartgears},
+        author = {{Frosini, Luca}, {Lelii, Lucio}, {Simeoni, Fabio}},
+        organization = {{ISTI - CNR}, {FAO}},
+        address = {{Pisa, Italy}, {Roma, Italy}},
+        year = 2019,
+        url = {http://www.gcube-system.org/}
+    } 
+
+## License
+
+This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
+
+
+## About the gCube Framework
+This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
+open-source software toolkit used for building and operating Hybrid Data
+Infrastructures enabling the dynamic deployment of Virtual Research Environments
+by favouring the realisation of reuse oriented policies.
+ 
+The projects leading to this software have received funding from a series of European Union programmes including:
+
+- the Sixth Framework Programme for Research and Technological Development
+    - DILIGENT (grant no. 004260).
+- the Seventh Framework Programme for research, technological development and demonstration 
+    - D4Science (grant no. 212488);
+    - D4Science-II (grant no.239019);
+    - ENVRI (grant no. 283465);
+    - iMarine(grant no. 283644);
+    - EUBrazilOpenBio (grant no. 288754).
+- the H2020 research and innovation programme 
+    - SoBigData (grant no. 654024);
+    - PARTHENOS (grant no. 654119);
+    - EGIEngage (grant no. 654142);
+    - ENVRIplus (grant no. 654182);
+    - BlueBRIDGE (grant no. 675680);
+    - PerformFish (grant no. 727610);
+    - AGINFRAplus (grant no. 731001);
+    - DESIRA (grant no. 818194);
+    - ARIADNEplus (grant no. 823914);
+    - RISIS2 (grant no. 824091);
+
+

distro/LICENSE

@@ -1,4 +0,0 @@
-gCube System - License
-------------------------------------------------------------
-
-${gcube.license}

distro/README

@@ -1,70 +0,0 @@
-The gCube System - ${name}
---------------------------------------------------
- 
-${description}
- 
- 
-${gcube.description}
- 
-${gcube.funding}
- 
- 
-Version
---------------------------------------------------
- 
-${version} (${buildDate})
- 
-Please see the file named "changelog.xml" in this directory for the release notes.
- 
- 
-Authors
---------------------------------------------------
- 
-* Fabio Simeoni (fabio.simeoni@fao.org), FAO of the UN, Italy
-* Luca Frosini (luca.frosini@isti.cnr.it), CNR, Italy
-* Lucio Lelii (lucio.lelii@isti.cnr.it), CNT, Italy
- 
- 
-Maintainers
------------
- 
-* Luca Frosini (luca.frosini@isti.cnr.it), CNR, Italy
-* Lucio Lelii (lucio.lelii@isti.cnr.it), CNT, Italy
- 
- 
-Download information
---------------------------------------------------
- 
-Source code is available from SVN: 
-    ${scm.url}
- 
-Binaries can be downloaded from the gCube website: 
-   ${gcube.website}
- 
- 
-Installation
---------------------------------------------------
- 
-Installation documentation is available on-line in the gCube Wiki:
-    ${gcube.wikiRoot}/Smartgears
- 
- 
-Documentation 
---------------------------------------------------
- 
-Documentation is available on-line in the gCube Wiki:
-    ${gcube.wikiRoot}/Smartgears
- 
- 
-Support 
---------------------------------------------------
- 
-Bugs and support requests can be reported in the gCube issue tracking tool:
-    ${gcube.issueTracking}
- 
- 
-Licensing
---------------------------------------------------
- 
-This software is licensed under the terms you may find in the file named "LICENSE" in this directory.
-

distro/changelog.xml

@@ -1,68 +0,0 @@
-<ReleaseNotes>
-    <Changeset component="common-smartgears-2.1.9" date="2019-03-21">
-		<Change>Support oauth2 protocol accepting token in the auhtorization header field</Change>
-	</Changeset> 
-    <Changeset component="common-smartgears-2.1.7" date="2017-01-16">
-		<Change>Added Proxy Address to Application Configuration</Change>
-		<Change>Added protocol to Container Configuration (http by default)</Change> 
-		<Change>Changed the logs in accounting handler to log error or success and eventually error code</Change>     
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.5" date="2017-07-18">
-		<Change>Added ThreadLocal InnerMethodName to set method name from application</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.4" date="2017-05-30">
-		<Change>Validation handler for application split in 2 different handlers: 
-			- ContextRetriever that set Token and Scope 
-			- RequestValidation that does all the required checks  
-		</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.3" date="2017-05-12">
-		<Change>Added gcube bom dependency</Change>
-		<Change>Search for handlers in the root classpath</Change>	
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.2" date="2017-03-22">
-		<Change>Modified the Authorization filter to accept also children 
-		scope when authorizeChildrenContext is enabled on ContianerConfiguration</Change>
-		<Change>Shutdown of Accounting thread added</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.1" date="2017-01-25">
-		<Change>Minor issue on filter exclusion fixed</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-2.1.0" date="2016-10-24">
-		<Change>proxy configuration added</Change>
-		<Change>solved a bug in events registration for ProfileManager</Change>
-		<Change>added a scheduler for period update of GCoreEnpoints</Change>
-		<Change>Exclude modified to support exclude for sub-group of handlers</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-2.0.0" date="2016-03-10">
-		<Change>integration with Authorization 2.0</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.6" date="2015-12-22">
-		<Change>Added flush of accounting data</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.5" date="2015-12-22">
-		<Change>Changed accounting version</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.4" date="2015-10-06">
-		<Change>Transparent accounting added on service calls</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.3" date="2015-07-27">
-		<Change>Authorization token control added</Change>
-		<Change>Added support to HTTP Basic authorization</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.2" date="2015-04-27">
-		<Change>Fixed available space information on ghn profile</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.2.1" date="2014-02-13">
-		<Change>scopes can be removed from container</Change>
-		<Change>node profile set to static</Change>
-		<Change>internal adjustments for move to Java 7</Change>
-		<Change>wildcard allowed in exclude directives</Change>
-		<Change>domain corrected derived in gHN profile</Change>
-		<Change>cleaner shutdown</Change>
-		<Change>further improvement in shutdown handling</Change>
-	</Changeset>
-	<Changeset component="common-smartgears-1.0.0" date="2013-10-24">
-		<Change>First Release</Change>
-	</Changeset>
-</ReleaseNotes>

distro/descriptor.xml

@@ -1,31 +0,0 @@
-<assembly
-	xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-	<id>servicearchive</id>
-	<formats>
-		<format>tar.gz</format>
-	</formats>
-	<baseDirectory>/</baseDirectory>
-	<fileSets>
-		<fileSet>
-			<directory>${distroDirectory}</directory>
-			<outputDirectory>${file.separator}</outputDirectory>
-			<useDefaultExcludes>true</useDefaultExcludes>
-			<includes>
-				<include>README</include>
-				<include>LICENSE</include>
-				<include>changelog.xml</include>
-				<include>profile.xml</include>
-			</includes>
-			<fileMode>755</fileMode>
-			<filtered>true</filtered>
-		</fileSet>
-	</fileSets>
-	<files>
-		<file>
-			<source>target${file.separator}${build.finalName}.${project.packaging}</source>
-			<outputDirectory>${file.separator}${artifactId}</outputDirectory>
-		</file>
-	</files>
-</assembly>

pom.xml

@@ -11,7 +11,7 @@
 
 	<groupId>org.gcube.core</groupId>
 	<artifactId>common-smartgears</artifactId>
-	<version>2.1.10</version>
+	<version>3.1.6</version>
 	<name>SmartGears</name>
 
 	<dependencyManagement>
@@ -19,7 +19,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-bom</artifactId>
-				<version>LATEST</version>
+				<version>2.1.0</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -34,13 +34,29 @@
 	</properties>
 
 	<scm>
-		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/commmon-smartgears.git</connection>
-		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/commmon-smartgears.git</developerConnection>
-		<url>https://code-repo.d4science.org/gCubeSystem/commmon-smartgears</url>
+		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/common-smartgears.git</connection>
+		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/common-smartgears.git</developerConnection>
+		<url>https://code-repo.d4science.org/gCubeSystem/common-smartgears</url>
 	</scm>
 
 	<dependencies>
 
+		<!-- gCube Jackson -->
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>gcube-jackson-databind</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>gcube-jackson-annotations</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>gcube-jackson-core</artifactId>
+		</dependency>
+		<!-- END gCube Jackson -->
+
+
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>authorization-client</artifactId>
@@ -79,7 +95,7 @@
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-validator</artifactId>
-			<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
+			<version>[1.0.0,2.0.0-SNAPSHOT)</version>
 		</dependency>
 
 		<dependency>
@@ -90,7 +106,7 @@
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-events</artifactId>
-			<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
+			<version>[1.0.0,2.0.0-SNAPSHOT)</version>
 		</dependency>
 
 		<dependency>
@@ -99,6 +115,14 @@
 			<version>3.0.1</version>
 			<scope>provided</scope>
 		</dependency>
+		
+		<!-- Added to support Java 11 JDK -->
+		<dependency>
+   			<groupId>javax.xml.bind</groupId>
+   			<artifactId>jaxb-api</artifactId>
+   			<scope>provided</scope>
+		</dependency>
+		<!-- END Added to support Java 11 JDK -->
 
 
 		<!-- ***************** test ******************* -->
@@ -165,7 +189,6 @@
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>
-			<version>1.2.3</version>
 			<scope>runtime</scope>
 		</dependency>
 
@@ -181,29 +204,10 @@
 	<build>
 
 		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-assembly-plugin</artifactId>
-				<configuration>
-					<descriptors>
-						<descriptor>${distroDirectory}/descriptor.xml</descriptor>
-					</descriptors>
-				</configuration>
-				<executions>
-					<execution>
-						<id>servicearchive</id>
-						<phase>install</phase>
-						<goals>
-							<goal>single</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-
 			<!-- excludes probe package from jar -->
 			<plugin>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>2.3.2</version>
+				<!-- version>2.3.2</version -->
 				<executions>
 					<execution>
 						<id>default-jar</id>
@@ -224,7 +228,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-war-plugin</artifactId>
-				<version>2.4</version>
+				<!-- version>2.4</version -->
 				<configuration>
 					<primaryArtifact>false</primaryArtifact>
 					<classifier>probe</classifier>
@@ -247,7 +251,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>2.15</version>
+				<!-- version>2.15</version -->
 				<configuration>
 					<!-- tomcat annotation discovery won't work with the default manifest-only 
 						jar -->
@@ -286,4 +290,4 @@
 
 		</plugins>
 	</build>
-</project>
+</project>

src/main/java/org/gcube/smartgears/Bootstrap.java

@@ -90,7 +90,7 @@ public class Bootstrap implements ServletContainerInitializer {
 			 * using gcube facilities annotation based 
 			 * ( i.e org.gcube.common.validator.annotations)
 			 */
-			context.configuration().validate();
+			//context.configuration().validate();
 						
 		} catch (RuntimeException e) {
 

src/main/java/org/gcube/smartgears/configuration/Mode.java

@@ -8,5 +8,6 @@ package org.gcube.smartgears.configuration;
  */
 public enum Mode {
 	online,
-	offline
+	offline, 
+	root
 }

src/main/java/org/gcube/smartgears/configuration/application/BridgedApplicationConfiguration.java

@@ -15,7 +15,7 @@ import org.slf4j.LoggerFactory;
 /**
  * 
  * @author Fabio Simeoni
- * @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
+ * @author Luca Frosini (ISTI - CNR)
  */
 public class BridgedApplicationConfiguration implements ApplicationConfiguration {
 

src/main/java/org/gcube/smartgears/configuration/application/DefaultApplicationConfiguration.java

@@ -28,7 +28,7 @@ import org.gcube.smartgears.persistence.Persistence;
  * Includes the list of its client services.
  *  
  * @author Fabio Simeoni
- * @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
+ * @author Luca Frosini (ISTI - CNR)
  *
  */
 @XmlRootElement(name="application")

src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java

@@ -32,7 +32,7 @@ import org.gcube.smartgears.persistence.Persistence;
  * The configuration of the container.
  *  
  * @author Fabio Simeoni
- * @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
+ * @author Luca Frosini (ISTI - CNR)
  */
 @XmlRootElement(name="container")
 public class ContainerConfiguration {

src/main/java/org/gcube/smartgears/handlers/OfflineProfilePublisher.java

@@ -0,0 +1,24 @@
+package org.gcube.smartgears.handlers;
+
+import java.util.Collection;
+
+public class OfflineProfilePublisher implements ProfilePublisher {
+
+	@Override
+	public void addTo(Collection<String> tokens) {
+	}
+
+	@Override
+	public void addToAll() {
+	}
+
+	@Override
+	public void update() {
+	}
+
+	@Override
+	public void removeFrom(Collection<String> tokens) {
+	}
+
+	
+}

src/main/java/org/gcube/smartgears/handlers/ProfilePublisher.java

@@ -0,0 +1,23 @@
+package org.gcube.smartgears.handlers;
+
+import java.util.Collection;
+
+public interface ProfilePublisher {
+
+	/**
+	 * Adds for the first time the current resource profile of the application in one or more scopes.
+	 * @param scopes the scopes
+	 */
+	void addTo(Collection<String> tokens);
+
+	void addToAll();
+
+	void update();
+
+	/**
+	 * Removes the application from one or more scopes.
+	 * @param scopes the scopes
+	 */
+	void removeFrom(Collection<String> tokens);
+
+}

src/main/java/org/gcube/smartgears/handlers/application/lifecycle/ProfileBuilder.java

@@ -12,14 +12,12 @@ import org.gcube.common.resources.gcore.HostingNode;
 import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
 import org.gcube.smartgears.configuration.container.ContainerConfiguration;
 import org.gcube.smartgears.context.application.ApplicationContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public class ProfileBuilder {
 
 	private static List<String> servletExcludes = Arrays.asList("default","jsp");
 
-	private static final Logger log = LoggerFactory.getLogger(ProfileBuilder.class);
+	// private static final Logger log = LoggerFactory.getLogger(ProfileBuilder.class);
 	
 	private ApplicationContext context;
 

src/main/java/org/gcube/smartgears/handlers/application/lifecycle/ProfileManager.java

@@ -22,8 +22,11 @@ import org.gcube.common.events.Observes;
 import org.gcube.common.events.Observes.Kind;
 import org.gcube.common.resources.gcore.GCoreEndpoint;
 import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.context.Property;
 import org.gcube.smartgears.context.application.ApplicationContext;
+import org.gcube.smartgears.handlers.OfflineProfilePublisher;
+import org.gcube.smartgears.handlers.ProfilePublisher;
 import org.gcube.smartgears.handlers.application.ApplicationLifecycleEvent;
 import org.gcube.smartgears.handlers.application.ApplicationLifecycleHandler;
 import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
@@ -50,7 +53,7 @@ import org.slf4j.LoggerFactory;
  * 
  * @author Fabio Simeoni
  * @see ProfileBuilder
- * @see ProfilePublisher
+ * @see ProfilePublisherImpl
  */
 @XmlRootElement(name = profile_management)
 public class ProfileManager extends ApplicationLifecycleHandler {
@@ -90,8 +93,11 @@ public class ProfileManager extends ApplicationLifecycleHandler {
 
 		share(profile);
 
-		publisher = new ProfilePublisher(context);
-
+		publisher = context.container().configuration().mode()!=Mode.offline? 
+				new ProfilePublisherImpl(context):
+					new OfflineProfilePublisher();
+	
+		
 		registerObservers();
 	}
 

src/main/java/org/gcube/smartgears/handlers/application/lifecycle/ProfilePublisherImpl.java

@@ -12,7 +12,9 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.resources.gcore.GCoreEndpoint;
 import org.gcube.informationsystem.publisher.ScopedPublisher;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.context.application.ApplicationContext;
+import org.gcube.smartgears.handlers.ProfilePublisher;
 import org.gcube.smartgears.provider.ProviderFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -26,9 +28,9 @@ import org.slf4j.LoggerFactory;
  * @author Fabio Simeoni
  * 
  */
-public class ProfilePublisher {
+public class ProfilePublisherImpl implements ProfilePublisher {
 
-	private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
+	private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
 
 	//the underlying IS publisher
 	private final ScopedPublisher publisher;
@@ -41,7 +43,7 @@ public class ProfilePublisher {
 	 * Creates an instance for a given application.
 	 * @param context the context of the application
 	 */
-	public ProfilePublisher(ApplicationContext context) {
+	public ProfilePublisherImpl(ApplicationContext context) {
 		this.context = context;
 		this.publisher=ProviderFactory.provider().publisherFor(context);
 		this.authProxy = ProviderFactory.provider().authorizationProxy();
@@ -51,6 +53,7 @@ public class ProfilePublisher {
 	 * Adds for the first time the current resource profile of the application in one or more scopes.
 	 * @param scopes the scopes
 	 */
+	@Override
 	public void addTo(Collection<String> tokens) {
 
 		notEmpty("tokens",tokens);
@@ -78,32 +81,36 @@ public class ProfilePublisher {
 			SecurityTokenProvider.instance.set(previousToken);
 		}		
 		*/	
-				
+		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
 		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
+		
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)tokens.toArray()[0]); 
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.container().configuration().mode()!=Mode.root)  Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.create(profile, resolveScopesFromTokens(tokens));
 					
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		}  finally{
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.container().configuration().mode()!=Mode.root)  Thread.currentThread().setContextClassLoader(contextCL);
 		}
 		
 		sharePublished(profile);
 		log.debug("shared profile with scopes {}", profile.scopes().asCollection());
 	} 
 
+	@Override
 	public void addToAll() {
 		this.addTo(context.configuration().startTokens());
 	}
 
 
+	@Override
 	public void update() {
 
 
@@ -129,19 +136,23 @@ public class ProfilePublisher {
 		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
 		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
+				
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]); 
 
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.container().configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.update(profile);
 					
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		}  finally{
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.container().configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(contextCL);
 		}
 		
 		sharePublished(profile);
@@ -152,6 +163,7 @@ public class ProfilePublisher {
 	 * Removes the application from one or more scopes.
 	 * @param scopes the scopes
 	 */
+	@Override
 	public void removeFrom(Collection<String> tokens) {
 
 		GCoreEndpoint profile = context.profile(GCoreEndpoint.class);
@@ -178,18 +190,22 @@ public class ProfilePublisher {
 		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
 		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
+		
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)tokens.toArray()[0]); 
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.container().configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
 					
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		}  finally{
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.container().configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(contextCL);
 		}
 		log.debug("after remove application profile contains scopes {}",profile.scopes().asCollection());
 		sharePublished(profile);

src/main/java/org/gcube/smartgears/handlers/application/request/RequestAccounting.java

@@ -12,6 +12,7 @@ import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.context.application.ApplicationContext;
 import org.gcube.smartgears.handlers.application.RequestEvent;
 import org.gcube.smartgears.handlers.application.RequestHandler;
@@ -42,6 +43,7 @@ public class RequestAccounting extends RequestHandler {
 			calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length());
 			if (calledMethod.isEmpty())
 				calledMethod = "/";
+			calledMethod= e.request().getMethod()+" "+calledMethod;
 		}
 		InnerMethodName.instance.set(calledMethod);
 		String caller = AuthorizationProvider.instance.get()!=null? AuthorizationProvider.instance.get().getClient().getId(): "UNKNOWN";		
@@ -71,8 +73,9 @@ public class RequestAccounting extends RequestHandler {
         	callerIp=e.request().getRemoteHost();
         
         boolean success = e.response().getStatus()<400;
-                
-		generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
+         
+        if (context.container().configuration().mode()!=Mode.offline)
+        	generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
 		
 		log.info("REQUEST SERVED ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} {}(CODE {}) IN {} millis", 
 				context.configuration().name(),context.configuration().serviceClass(), InnerMethodName.instance.get(),

src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java

@@ -6,19 +6,27 @@ import static org.gcube.smartgears.Constants.token_header;
 import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
 import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
 
-import javax.xml.bind.DatatypeConverter;
+import java.util.Base64;
+
 import javax.xml.bind.annotation.XmlRootElement;
 
+import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
 import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
+import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.authorization.library.utils.Caller;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;
 import org.gcube.smartgears.Constants;
 import org.gcube.smartgears.handlers.application.RequestEvent;
 import org.gcube.smartgears.handlers.application.RequestHandler;
 import org.gcube.smartgears.handlers.application.ResponseEvent;
+import org.gcube.smartgears.utils.GcubeJwt;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -40,42 +48,53 @@ public class RequestContextRetriever extends RequestHandler {
 	public void handleRequest(RequestEvent call) {
 		String token = call.request().getParameter(token_header)==null?	call.request().getHeader(token_header):call.request().getParameter(token_header);
 		String scope = call.request().getParameter(scope_header)==null?	call.request().getHeader(scope_header):call.request().getParameter(scope_header);
-
-		if (token==null && call.request().getHeader(Constants.authorization_header)!=null){
-
-			String authorization  = call.request().getHeader(Constants.authorization_header);
-
-			if (authorization.contains(BASIC_AUTH_PREFIX)) {
-				String base64Credentials = authorization.substring(BASIC_AUTH_PREFIX.length()).trim();
-				String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
-				// credentials = username:password
-				final String[] values = credentials.split(":",2);
-				token = values[1];
-			} else if (authorization.contains(BEARER_AUTH_PREFIX)) 
-				token = authorization.substring(BEARER_AUTH_PREFIX.length()).trim();
+		
+		String authHeader  = call.request().getHeader(Constants.authorization_header);
+		
+		log.trace("authorization header is {}",authHeader);
+		log.trace("token header is {}",token);
+		log.trace("scope header is {}",scope);
+		
+		String retrievedUser = null;
+		String accessToken = null;
+		if (authHeader!=null && !authHeader.isEmpty()) {
+			if (authHeader.startsWith(BEARER_AUTH_PREFIX))
+				accessToken = authHeader.substring(BEARER_AUTH_PREFIX.length()).trim();
+			else if (token==null && authHeader.startsWith(BASIC_AUTH_PREFIX)) {
+				String basicAuthToken = authHeader.substring(BASIC_AUTH_PREFIX.length()).trim();
+				String decodedAuth = new String(Base64.getDecoder().decode(basicAuthToken.getBytes()));
+				String[] splitAuth = decodedAuth.split(":");
+				token = splitAuth[1];
+				retrievedUser = splitAuth[0];
+			}
 		}
-
-		//Gives priority to the token
-		if (token!=null)
-			this.retreiveAndSetInfo(token, call);
+	
+		//Gives priority to the umaToken
+		if (accessToken!=null) {
+			this.retreiveAndSetInfoUmaToken(accessToken, token,  call);
+		} else if (token!=null)
+			this.retreiveAndSetInfoGcubeToken(token, retrievedUser, call);
 		else if (scope!=null)
 			ScopeProvider.instance.set(scope);
-
+		
 	}
 
 	@Override
 	public void handleResponse(ResponseEvent e) {
 		SecurityTokenProvider.instance.reset();
 		AuthorizationProvider.instance.reset();
+		AccessTokenProvider.instance.reset();
 		ScopeProvider.instance.reset();
 		log.debug("resetting all the Thread local for this call.");
 	}
 
-	private void retreiveAndSetInfo(String token, RequestEvent call){
-		log.info("retrieving context using token {} ", token);
+	private void retreiveAndSetInfoGcubeToken(String token, String retrievedUser, RequestEvent call){
+		log.trace("retrieving context using token {} ", token);
 		AuthorizationEntry authEntry = null;
 		try{
 			authEntry = authorizationService().get(token);	
+			if (retrievedUser != null && !authEntry.getClientInfo().getId().equals(retrievedUser))
+				throw new Exception("user and token owner are not the same");
 		}catch(ObjectNotFound onf){
 			log.warn("rejecting call to {}, invalid token {}",call.context().name(),token);
 			invalid_request_error.fire(call.context().name()+" invalid token : "+token);
@@ -89,4 +108,53 @@ public class RequestContextRetriever extends RequestHandler {
 		ScopeProvider.instance.set(authEntry.getContext());
 		log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), authEntry.getContext());
 	}
+	
+	private void retreiveAndSetInfoUmaToken(String accessToken, String gcubeToken, RequestEvent call){
+		log.debug("using UMA token for authorization");
+		log.trace("retrieving context using uma token {} ", accessToken);
+		
+		AccessTokenProvider.instance.set(accessToken);
+		parseAccessTokenAndSet(accessToken);
+		log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), ScopeProvider.instance.get());
+	}
+	
+	private void parseAccessTokenAndSet(String umaToken) {
+		
+		String realUmaTokenEncoded = umaToken.split("\\.")[1];
+		
+		String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
+	
+		ObjectMapper mapper = new ObjectMapper();
+		
+		GcubeJwt jwt = null;
+		try {
+			 jwt = mapper.readValue(realUmaToken, GcubeJwt.class);
+		}catch(Exception e){
+			log.error("error decoding uma token",e);
+			internal_server_error.fire("error parsing access token");
+		}
+		
+		ScopeBean scopeBean = null;
+		try { 
+			scopeBean = new ScopeBean(jwt.getContext());
+		}catch(Exception e){
+			log.error("error decoding uma token",e);
+			internal_server_error.fire("invalid context in access token");
+		}
+				
+		ClientInfo clientInfo;
+		if (!jwt.isExternalService())
+			clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
+		else 
+			clientInfo = new ExternalServiceInfo(jwt.getUsername(), "unknown", jwt.getRoles());
+		
+		log.info("caller type is {}",clientInfo.getType());
+		AuthorizationProvider.instance.set(new Caller(clientInfo, "token"));
+		
+		ScopeProvider.instance.set(scopeBean.toString());
+		
+	}
+	
+	
+	
 }

src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java

@@ -3,24 +3,27 @@ package org.gcube.smartgears.handlers.application.request;
 import static org.gcube.common.authorization.client.Constants.authorizationService;
 import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
 import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
-import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
 import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
 
-import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
 
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlRootElement;
 
-import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
-import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.PolicyUtils;
 import org.gcube.common.authorization.library.policies.Policy;
+import org.gcube.common.authorization.library.policies.User2ServicePolicy;
+import org.gcube.common.authorization.library.policies.UserEntity;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.ServiceIdentifier;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.scope.impl.ScopeBean;
 import org.gcube.common.scope.impl.ScopeBean.Type;
 import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.configuration.container.ContainerConfiguration;
 import org.gcube.smartgears.context.application.ApplicationContext;
 import org.gcube.smartgears.handlers.application.RequestEvent;
@@ -35,7 +38,7 @@ public class RequestValidator extends RequestHandler {
 	@XmlAttribute(required=false, name="oauth")
 	@Deprecated
 	boolean oauthCompatibility = false; 
-	
+
 	private static Logger log = LoggerFactory.getLogger(RequestValidator.class);
 
 	private ApplicationContext context;
@@ -44,25 +47,30 @@ public class RequestValidator extends RequestHandler {
 	public String getName() {
 		return Constants.request_validation;
 	}
-	
+
 	@Override
 	public void handleRequest(RequestEvent call) {
 
 		log.trace("executing request validator ON REQUEST");
 
+		log.trace("accessToken is null? {} \nGcubeToken is null ? {} \nscope rpvideris null? {}", 
+				AccessTokenProvider.instance.get()==null, 
+				SecurityTokenProvider.instance.get()==null, 
+				ScopeProvider.instance.get()==null);
+		
 		context = call.context();
 
 		validateAgainstLifecycle(call);
-		
+
 		rejectUnauthorizedCalls(call);
-		
-		validateScopeCall();
-		
-		if (SecurityTokenProvider.instance.get()!=null)
-			validatePolicy(SecurityTokenProvider.instance.get(), call);
+
+		if (context.container().configuration().mode()!=Mode.offline) {
+			validateScopeCall();
+			validatePolicy(ScopeProvider.instance.get(), call);
+		}
 
 	}
-	
+
 	private void validateAgainstLifecycle(RequestEvent call) {
 
 		switch(context.lifecycle().state()) {
@@ -81,16 +89,16 @@ public class RequestValidator extends RequestHandler {
 	}
 
 	private void validateScopeCall() {
-		
+
 		String scope = ScopeProvider.instance.get();
-		
+
 		if (scope == null) {
 			log.warn("rejecting unscoped call to {}",context.name());
 			invalid_request_error.fire("call is unscoped"); 
 		}
-		
+
 		ScopeBean bean = new ScopeBean(scope);
-		
+
 		ContainerConfiguration conf = context.container().configuration();
 		if (!conf.allowedContexts().contains(scope) && 
 				!(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
@@ -100,26 +108,13 @@ public class RequestValidator extends RequestHandler {
 	}
 
 	private void rejectUnauthorizedCalls(RequestEvent call){
-		
-		String token = SecurityTokenProvider.instance.get();
-		String scope = ScopeProvider.instance.get();
-		
-		if (token == null && scope==null){
-			log.warn("rejecting call to {}, authorization required",context.name(),token);
-			if (call.context().container().configuration().authenticationEnpoint()==null){
-					log.warn("rejecting call to {}, authorization required",context.name(),token);
-					RequestError.request_not_authorized_error.fire(context.name()+": authorization required");
-			}else {
-				log.info("authorization enpoint found on configuration, redirecting the call");
-				String recallLocation = String.format("http://%s:%d%s", call.context().container().configuration().hostname(), call.context().container().configuration().port(), call.uri());				
-				//call.response().setHeader("Allowed-Contexts", call.context().container().configuration().allowedContexts().toString());
-				try {
-					call.response().sendRedirect(context.container().configuration().authenticationEnpoint()+"?Recall-Location="+recallLocation);
-				} catch (IOException e) {
-					log.error("errror redirecting call",e );
-				}
-			}
 
+		String token = SecurityTokenProvider.instance.get();
+		String accessToken = AccessTokenProvider.instance.get();
+				
+		if (token == null && accessToken==null){
+			log.warn("rejecting call to {}, authorization required",context.name(),token);
+			RequestError.request_not_authorized_error.fire(context.name()+": authorization required");
 		} 
 	}
 
@@ -128,29 +123,47 @@ public class RequestValidator extends RequestHandler {
 		return getName();
 	}
 
-	private void validatePolicy(String token, RequestEvent call){
-		log.info("accessing policy validator with token {} ", token);
-		AuthorizationEntry authEntry = null;
-		try{
-			authEntry = authorizationService().get(token);	
-		}catch(ObjectNotFound onf){
-			log.warn("rejecting call to {}, invalid token {}",context.name(),token);
-			invalid_request_error.fire(context.name()+" invalid token : "+token);
-		}catch(Exception e){
-			log.error("error contacting authorization service",e);
-			internal_server_error.fire("error contacting authorization service");
-		}
+	private void validatePolicy(String scope, RequestEvent call){
+		log.info("accessing policy validator in scope {} ", scope);
 
 		ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
 
-		for (Policy policy: authEntry.getPolicies())
-			if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
-				log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(),authEntry.getClientInfo().getId());
-				invalid_request_error.fire("rejecting call to "+context.name()+": "+authEntry.getClientInfo().getId()+" is not allowed to contact the service");
-			}	
+		String previousToken = SecurityTokenProvider.instance.get();
+		try {
+			String serviceToken = context.configuration().startTokens().stream().findFirst().get();
+			SecurityTokenProvider.instance.set(serviceToken);
+			String callerId = AuthorizationProvider.instance.get().getClient().getId();
 
+			List<Policy> policies = Collections.emptyList();
+			try {
+				policies = authorizationService().getPolicies(scope);
+			}catch (Exception e) {
+				log.error("error contacting authorization services for policies"); 
+			}
+
+			for (Policy policy: policies) {
+				log.debug("policy: {}", policy.getPolicyAsString() );
+
+				if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
+					boolean toReject = false;
+					UserEntity entity = (((User2ServicePolicy) policy).getEntity());
+					if (entity.getIdentifier()!=null)
+						toReject = entity.getIdentifier().equals(callerId);
+					else if (entity.getExcludes().isEmpty()) 
+						toReject = true;
+					else toReject = !entity.getExcludes().contains(callerId);
+					if (toReject) {
+						log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId); 
+						RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
+					}
+				}	
+
+			}
+		}finally {
+			SecurityTokenProvider.instance.set(previousToken);
+		}
 	}
-	
-	
+
+
 
 }

src/main/java/org/gcube/smartgears/handlers/container/lifecycle/AccountingManager.java

@@ -14,7 +14,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
+ * @author Luca Frosini (ISTI - CNR)
  */
 @XmlRootElement(name = accounting_management)
 public class AccountingManager extends ContainerHandler {

src/main/java/org/gcube/smartgears/handlers/container/lifecycle/LinuxDistributionInfo.java

@@ -0,0 +1,93 @@
+package org.gcube.smartgears.handlers.container.lifecycle;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @author Luca Frosini (ISTI-CNR)
+ */
+public class LinuxDistributionInfo {
+
+	private static final Logger logger = LoggerFactory.getLogger(LinuxDistributionInfo.class);
+
+	public static final String LSB_RELEASE_COMMAND = "lsb_release -a";
+	public static final String OS_RELEASE_FILE_PATH = "/etc/os-release";
+
+	protected Map<String, String> info;
+
+	protected Map<String, String> getInfoViaLsbReleaseCommand() throws IOException {
+		logger.trace("Going to exec {}", LSB_RELEASE_COMMAND);
+		Process process = Runtime.getRuntime().exec(LSB_RELEASE_COMMAND);
+		BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
+		Map<String, String> map = parseBufferedReader(bufferedReader);
+		bufferedReader.close();
+		return map;
+	}
+
+	private Map<String, String> parseBufferedReader(BufferedReader bufferedReader) throws IOException {
+		Map<String, String> map = new HashMap<>();
+		String line = "";
+		while ((line = bufferedReader.readLine()) != null) {
+			String[] nameValue = parseLine(line);
+			map.put(nameValue[0], nameValue[1]);
+		}
+		return map;
+	}
+
+	private String[] parseLine(String line) {
+		String[] splitted = line.split("=");
+		if (splitted.length < 2) {
+			splitted = line.split(":");
+		}
+		String[] ret = new String[2];
+		ret[0] = splitted[0].trim();
+		ret[1] = splitted[1].trim().replace("\"", "");
+		return ret;
+	}
+
+	private Map<String, String> getInfoViaFile(File file) throws IOException {
+		logger.trace("Going to read file {}", file.getAbsolutePath());
+		BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
+		Map<String, String> map = parseBufferedReader(bufferedReader);
+		bufferedReader.close();
+		return map;
+
+	}
+
+	protected Map<String, String> getInfoViaOsReleaseFile() throws IOException {
+		File osReleaseFile = new File(OS_RELEASE_FILE_PATH);
+		return getInfoViaFile(osReleaseFile);
+	}
+
+	private Map<String, String> retriveInfo() {
+		try {
+			return getInfoViaLsbReleaseCommand();
+		} catch (IOException e) {
+			
+		}
+		
+		try {
+			return getInfoViaOsReleaseFile();
+		}catch (IOException e) {
+			
+		}
+		
+		return null;
+	}
+
+	public Map<String, String> getInfo() {
+		if (info == null) {
+			info = retriveInfo();
+		}
+		return info;
+	}
+
+}

src/main/java/org/gcube/smartgears/handlers/container/lifecycle/ProfileBuilder.java

@@ -32,7 +32,7 @@ import org.slf4j.LoggerFactory;
 
 /**
  * @author Fabio Simeoni
- * @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
+ * @author Luca Frosini (ISTI - CNR)
  *
  */
 public class ProfileBuilder {
@@ -282,6 +282,15 @@ public class ProfileBuilder {
 		*/
 
 		
+		String osVersion = System.getProperty("os.name");
+		if(osVersion.compareToIgnoreCase("Linux")==0) {
+			LinuxDistributionInfo linuxDistributionInfo = new LinuxDistributionInfo();
+			Map<String,String> info = linuxDistributionInfo.getInfo();
+			for(String key : info.keySet()) {
+				variables.add().keyAndValue(key, info.get(key));
+			}
+		}
+		
 		variables.add().keyAndValue("Java", System.getProperty("java.version"));
 		
 		SmartGearsConfiguration config = ProviderFactory.provider().smartgearsConfiguration();

src/main/java/org/gcube/smartgears/handlers/container/lifecycle/ProfileManager.java

@@ -23,8 +23,11 @@ import javax.xml.bind.annotation.XmlRootElement;
 
 import org.gcube.common.events.Observes;
 import org.gcube.common.resources.gcore.HostingNode;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.context.Property;
 import org.gcube.smartgears.context.container.ContainerContext;
+import org.gcube.smartgears.handlers.OfflineProfilePublisher;
+import org.gcube.smartgears.handlers.ProfilePublisher;
 import org.gcube.smartgears.handlers.container.ContainerHandler;
 import org.gcube.smartgears.handlers.container.ContainerLifecycleEvent.Start;
 import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
@@ -83,7 +86,9 @@ public class ProfileManager extends ContainerHandler {
 
 		share(profile);
 
-		publisher = new ProfilePublisher(context);
+		publisher = context.configuration().mode()!=Mode.offline? 
+				new ProfilePublisherImpl(context):
+					new OfflineProfilePublisher();
 
 		registerObservers();
 

src/main/java/org/gcube/smartgears/handlers/container/lifecycle/ProfilePublisherImpl.java

@@ -11,8 +11,10 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.resources.gcore.HostingNode;
 import org.gcube.informationsystem.publisher.ScopedPublisher;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.context.container.ContainerContext;
 import org.gcube.smartgears.handlers.ProfileEvents;
+import org.gcube.smartgears.handlers.ProfilePublisher;
 import org.gcube.smartgears.provider.ProviderFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,9 +27,9 @@ import org.slf4j.LoggerFactory;
  * @author Fabio Simeoni
  * 
  */
-public class ProfilePublisher {
+public class ProfilePublisherImpl implements ProfilePublisher {
 
-	private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
+	private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
 
 	//the underlying IS publisher
 	private final ScopedPublisher publisher;
@@ -40,7 +42,7 @@ public class ProfilePublisher {
 	 * Creates an instance for the container.
 	 * @param context the context of the application
 	 */
-	public ProfilePublisher(ContainerContext context) {
+	public ProfilePublisherImpl(ContainerContext context) {
 		this.context = context;
 		this.publisher=ProviderFactory.provider().publisherFor(context);
 		this.authProxy = ProviderFactory.provider().authorizationProxy();
@@ -88,18 +90,20 @@ public class ProfilePublisher {
 		}*/
 		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
-		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)tokens.toArray()[0]); 
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.configuration().mode()!=Mode.root)  
+				Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.create(profile, resolveScopesFromTokens(tokens));
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		} finally {
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.configuration().mode()!=Mode.root) 
+				Thread.currentThread().setContextClassLoader(contextCL);
 		}
 		
 		sharePublished(profile);
@@ -147,19 +151,21 @@ public class ProfilePublisher {
 		log.debug("[update] resource scopes are : {} ",profile.scopes().asCollection());
 		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
-		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]); 
 			
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.update(profile);
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		} finally {
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(contextCL);
 		}
 		
 		sharePublished(profile);
@@ -198,18 +204,20 @@ public class ProfilePublisher {
 		} */
 		
 		ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
-		
+		log.debug("using context {}",contextCL.getClass().getSimpleName());
 		String previousToken = SecurityTokenProvider.instance.get();
 		try{//This classloader set is needed for the jaxb context
 			if (previousToken==null)
 				SecurityTokenProvider.instance.set((String)tokens.toArray()[0]); 
-			Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
+			if (context.configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
 			profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
 		} catch (Exception e) {
 			rethrowUnchecked(e);
 		} finally {
 			SecurityTokenProvider.instance.set(previousToken);
-			Thread.currentThread().setContextClassLoader(contextCL);
+			if (context.configuration().mode()!=Mode.root)
+				Thread.currentThread().setContextClassLoader(contextCL);
 		} 
 		
 		log.debug("after remove container profile contains scopes {}",profile.scopes().asCollection());

src/main/java/org/gcube/smartgears/managers/ApplicationManager.java

@@ -13,10 +13,9 @@ import java.io.File;
 import java.io.FileOutputStream;
 import java.io.ObjectOutputStream;
 import java.util.Collection;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map.Entry;
-import java.util.Set;
+import java.util.stream.Collectors;
 
 import javax.servlet.FilterRegistration;
 import javax.servlet.ServletContext;
@@ -28,6 +27,7 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.events.Observes;
 import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.configuration.application.ApplicationExtensions;
 import org.gcube.smartgears.configuration.application.ApplicationHandlers;
 import org.gcube.smartgears.context.application.ApplicationContext;
@@ -71,21 +71,22 @@ public class ApplicationManager {
 		try {
 
 			context = provider().contextFor(container, application);
-			
+
 			for (Entry<String,? extends ServletRegistration> servlet : application.getServletRegistrations().entrySet())
 				log.trace("servlet {} :  {} {} ", application.getServletContextName(),servlet.getKey(), servlet.getValue().getMappings());
+
 			
 			
-			context.configuration().validate();
-			
-/*			if (context.configuration().secure() && 
+			/*			if (context.configuration().secure() && 
 					container.configuration().securePort()==null)
 				throw new IllegalStateException(
 						String.format("Application %s cannot be managed because is declared as secure without a secure connector port declared in the container", context.application().getContextPath()));
-*/
-
-			context.configuration().startTokens(generateTokensForApplication(container));
-
+			 */
+			
+			if (context.container().configuration().mode()!=Mode.offline) {
+				context.configuration().startTokens(generateTokensForApplication(container).stream().collect(Collectors.toSet()));
+				context.configuration().validate();
+			}	
 			saveApplicationState();
 
 			// make context available to application in case it is gcube-aware
@@ -128,8 +129,8 @@ public class ApplicationManager {
 			return context;
 
 		} catch (RuntimeException e) {
-			
-			
+
+
 
 			if (context != null) {
 				log.error("error starting application {}",context.name(), e);
@@ -142,13 +143,25 @@ public class ApplicationManager {
 
 	}
 
-	private Set<String> generateTokensForApplication(ContainerContext container){
+	private List<String> generateTokensForApplication(ContainerContext container){
 		log.info("generating token for app {}",context.configuration().name());
-		Set<String> tokens = new HashSet<String>();
-		AuthorizationProxy authProxy = provider().authorizationProxy();
-		for (String containerToken :container.configuration().startTokens())
-			tokens.add(generateApplicationToken(containerToken, authProxy));
-		return tokens;
+		
+		SecurityTokenProvider.instance.set(container.configuration().startTokens().get(0));
+		try {
+			AuthorizationProxy authProxy = provider().authorizationProxy();
+			try {
+				return authProxy.generateServiceToken(Utils.getServiceInfo(context), container.configuration().startTokens());
+			}catch (Exception e) {
+				log.error("error generating service token",e);
+				throw new RuntimeException(e);
+			}
+		} catch (Exception e) {
+			throw new RuntimeException("error contacting authorization service",e);
+		} finally{
+			SecurityTokenProvider.instance.reset();
+		}
+		
+		
 	}
 
 	private String generateApplicationToken(String containerToken, AuthorizationProxy authProxy){
@@ -161,7 +174,7 @@ public class ApplicationManager {
 		} finally{
 			SecurityTokenProvider.instance.reset();
 		}
-		
+
 	}
 
 
@@ -243,12 +256,12 @@ public class ApplicationManager {
 
 				extension.init(context);
 
-				
+
 				if (context.configuration().includes().isEmpty()) {
 					//register excludes for extension in case of includes they are excluded by default
 					context.configuration().excludes().addAll(extension.excludes());
 				}
-				
+
 				String mapping = extension.mapping();
 
 				application.addServlet(context.configuration().name() + "-" + extension.name(), extension)
@@ -315,6 +328,7 @@ public class ApplicationManager {
 				log.trace("app token created : {} ", appToken);
 				context.events().fire(appToken, ProfileEvents.addToContext);
 				context.events().fire(appToken, Constants.token_registered);
+				saveApplicationState();
 			}
 
 			@Observes(value = ContextEvents.REMOVE_TOKEN_FROM_APPLICATION, kind = critical)
@@ -325,8 +339,9 @@ public class ApplicationManager {
 				log.trace("app token removed : {} ", appToken);
 				context.events().fire(appToken, ProfileEvents.removeFromContext);
 				context.events().fire(appToken, Constants.token_removed);
+				saveApplicationState();
 			}
-			
+
 		};
 
 		context.container().events().subscribe(observer);

src/main/java/org/gcube/smartgears/managers/ContainerManager.java

@@ -10,7 +10,6 @@ import static org.gcube.smartgears.provider.ProviderFactory.provider;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.ObjectOutputStream;
-import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -22,6 +21,7 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
 import org.gcube.common.authorization.library.provider.ContainerInfo;
 import org.gcube.common.events.Observes;
 import org.gcube.common.events.Observes.Kind;
+import org.gcube.smartgears.configuration.Mode;
 import org.gcube.smartgears.configuration.container.ContainerHandlers;
 import org.gcube.smartgears.context.application.ApplicationContext;
 import org.gcube.smartgears.context.container.ContainerContext;
@@ -63,12 +63,10 @@ public class ContainerManager {
 		this.context = context;
 
 		try {
+			
 
-			// TODO Ask if is not enough that is already done in 
-			// Bootstrap.initialiseContainer() function;
-			context.configuration().validate();
-
-			validateContainer(context);
+			if (context.configuration().mode()!=Mode.offline)
+				validateContainer(context);
 
 			saveContainerState();
 
@@ -112,24 +110,30 @@ public class ContainerManager {
 	}
 
 	private void validateContainer(ContainerContext context) {
-		List<String> tokensToRemove = new ArrayList<String>();
+		//List<String> tokensToRemove = new ArrayList<String>();
+		context.configuration().validate();
 		Set<String> foundContexts= new HashSet<String>();
-
-		for (String token : context.configuration().startTokens()){
-			String tokenContext = resolveTokenForAdd(foundContexts, token);
-			if (tokenContext!=null){
-				log.info("the container will be started in context {}",tokenContext);
-				foundContexts.add(tokenContext);
-			} else
-				tokensToRemove.add(token);
-		}
+				
+		try {
+			List<AuthorizationEntry> entries = authProvider.get(context.configuration().startTokens());
+			
+			log.info("requesting auth on {} tokens returned {} entries", context.configuration().startTokens().size(),entries.size());
+			
+			for (AuthorizationEntry entry : entries ) {
+				log.info("the container will be started in context {}",entry.getContext());
+				foundContexts.add(entry.getContext());
+			}
+			 
+		} catch (Exception e) {
+			log.error("error contacting auth service on container",e);
+		}		
 
 		if (foundContexts.isEmpty()){
 			log.error("no valid starting token are specified, moving the container to failed");
 			throw new RuntimeException("no valid starting token are specified");
 		}
 		
-		context.configuration().startTokens().removeAll(tokensToRemove);
+		//context.configuration().startTokens().removeAll(tokensToRemove);
 		context.configuration().allowedContexts(foundContexts);
 	}
 

src/main/java/org/gcube/smartgears/managers/RequestManager.java

@@ -98,7 +98,7 @@ public class RequestManager implements Filter {
 				// dispatch to other filters for this servlet
 				chain.doFilter(request, response);
 			}catch(ServletException t){
-				log.error("error in doFilter",t.getRootCause());
+				log.error("error in doFilter",t);
 				handleError(httprequest,httpresponse,t.getRootCause());
 			}
 			
@@ -260,7 +260,8 @@ public class RequestManager implements Filter {
 					RequestException.class.cast(t).error():
 						application_error;
 
-			response.resetBuffer();		
+			if (!response.isCommitted())
+				response.resetBuffer();		
 			if (error == request_not_authorized_error){
 				response.setHeader("WWW-Authenticate", "Basic realm=\"Smartgears\"");
 				log.info("setting WWW-Authenticate to response header");

src/main/java/org/gcube/smartgears/utils/GcubeJwt.java

@@ -0,0 +1,86 @@
+package org.gcube.smartgears.utils;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.gcube.com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class GcubeJwt {
+
+	protected final static List<String> MINIMAL_ROLES = Arrays.asList("Member");
+
+	@JsonProperty("aud")
+	private String context;
+		
+	@JsonProperty("resource_access")
+	private Map<String, Roles> contextAccess = new HashMap<>();
+	
+	@JsonProperty("preferred_username")
+	private String username;
+	
+	@JsonProperty("given_name")
+	private String firstName;
+	
+	@JsonProperty("family_name")
+	private String lastName;
+	
+	@JsonProperty("clientId")
+	private String clientId;
+	
+	@JsonProperty("email")
+	private String email;
+
+	public List<String> getRoles(){
+		return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
+	}
+	
+	public String getContext() {
+		 try {
+			return  URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
+		 }catch (UnsupportedEncodingException e) {
+			return context;
+		}
+	}
+		
+	public String getUsername() {
+		return username;
+	}
+
+	public boolean isExternalService() {
+		 return clientId != null;
+	}
+	
+	public String getFirstName() {
+		return firstName;
+	}
+
+	public String getLastName() {
+		return lastName;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	@Override
+	public String toString() {
+		return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
+				+ ", firstName=" + firstName + ", lastName=" + lastName + ", email=" + email + "]";
+	}
+
+	public static class Roles {
+				
+		@JsonProperty("roles")
+		List<String> roles = new ArrayList<>();
+	
+	}
+	
+}

src/main/resources/META-INF/.gitignore

@@ -0,0 +1 @@
+/smartgears-config.xml