Merge pull request 'Make valid tokens that come without resource_access to be granted for minimal privileges on context identified by audience' (!1) from m.lettere/common-smartgears:master into minimal_privilege

Reviewed-on: #1

src/main/java/org/gcube/smartgears/utils/GcubeJwt.java

@@ -14,6 +14,8 @@ import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class GcubeJwt {
 
+	protected final static List<String> MINIMAL_ROLES = List.of("Member");
+
 	@JsonProperty("aud")
 	private String context;
 		
@@ -33,7 +35,7 @@ public class GcubeJwt {
 	private String email;
 
 	public List<String> getRoles(){
-		return contextAccess.get(this.context).roles;
+		return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
 	}
 	
 	public String getContext() {