diff --git a/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java b/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java
index 55102bf..8a750b4 100644
--- a/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java
+++ b/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java
@@ -10,6 +10,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementRef;
@@ -44,7 +46,7 @@ public class ContainerConfiguration {
@XmlElement
@NotNull
String hostname;
-
+
@XmlElement
@NotNull
Integer port;
@@ -59,6 +61,9 @@ public class ContainerConfiguration {
@XmlElement(name ="secure-port")
Integer securePort;
+ @XmlElement
+ boolean authorizeChildrenContext = false;
+
@XmlElement
@NotNull
String infrastructure;
@@ -243,6 +248,15 @@ public class ContainerConfiguration {
return this;
}
+ public boolean authorizeChildrenContext() {
+ return authorizeChildrenContext;
+ }
+
+ public ContainerConfiguration authorizeChildrenContext(boolean authorizeChildrenContext) {
+ this.authorizeChildrenContext = authorizeChildrenContext;
+ return this;
+ }
+
/**
* Returns the VOs in which the container initially operates.
* @return the VOs
@@ -418,14 +432,32 @@ public class ContainerConfiguration {
public int hashCode() {
final int prime = 31;
int result = 1;
+ result = prime * result
+ + ((allowedContext == null) ? 0 : allowedContext.hashCode());
result = prime * result + ((apps == null) ? 0 : apps.hashCode());
- result = prime * result + ((hostname == null) ? 0 : hostname.hashCode());
- result = prime * result + ((infrastructure == null) ? 0 : infrastructure.hashCode());
+ result = prime
+ * result
+ + ((authenticationEnpoint == null) ? 0 : authenticationEnpoint
+ .hashCode());
+ result = prime * result + (authorizeChildrenContext ? 1231 : 1237);
+ result = prime * result
+ + ((hostname == null) ? 0 : hostname.hashCode());
+ result = prime * result
+ + ((infrastructure == null) ? 0 : infrastructure.hashCode());
result = prime * result + ((mode == null) ? 0 : mode.hashCode());
- result = prime * result + ((persistenceManager == null) ? 0 : persistenceManager.hashCode());
+ result = prime
+ * result
+ + ((persistenceManager == null) ? 0 : persistenceManager
+ .hashCode());
result = prime * result + ((port == null) ? 0 : port.hashCode());
- result = prime * result + ((properties == null) ? 0 : properties.hashCode());
- result = prime * result + (int) (publicationFrequency ^ (publicationFrequency >>> 32));
+ result = prime * result
+ + ((properties == null) ? 0 : properties.hashCode());
+ result = prime * result
+ + ((proxyAddress == null) ? 0 : proxyAddress.hashCode());
+ result = prime * result
+ + (int) (publicationFrequency ^ (publicationFrequency >>> 32));
+ result = prime * result
+ + ((securePort == null) ? 0 : securePort.hashCode());
result = prime * result + ((site == null) ? 0 : site.hashCode());
result = prime * result + ((tokens == null) ? 0 : tokens.hashCode());
return result;
@@ -440,11 +472,23 @@ public class ContainerConfiguration {
if (getClass() != obj.getClass())
return false;
ContainerConfiguration other = (ContainerConfiguration) obj;
+ if (allowedContext == null) {
+ if (other.allowedContext != null)
+ return false;
+ } else if (!allowedContext.equals(other.allowedContext))
+ return false;
if (apps == null) {
if (other.apps != null)
return false;
} else if (!apps.equals(other.apps))
return false;
+ if (authenticationEnpoint == null) {
+ if (other.authenticationEnpoint != null)
+ return false;
+ } else if (!authenticationEnpoint.equals(other.authenticationEnpoint))
+ return false;
+ if (authorizeChildrenContext != other.authorizeChildrenContext)
+ return false;
if (hostname == null) {
if (other.hostname != null)
return false;
@@ -467,18 +511,23 @@ public class ContainerConfiguration {
return false;
} else if (!port.equals(other.port))
return false;
- if (securePort == null) {
- if (other.securePort != null)
- return false;
- } else if (!securePort.equals(other.securePort))
- return false;
if (properties == null) {
if (other.properties != null)
return false;
} else if (!properties.equals(other.properties))
return false;
+ if (proxyAddress == null) {
+ if (other.proxyAddress != null)
+ return false;
+ } else if (!proxyAddress.equals(other.proxyAddress))
+ return false;
if (publicationFrequency != other.publicationFrequency)
return false;
+ if (securePort == null) {
+ if (other.securePort != null)
+ return false;
+ } else if (!securePort.equals(other.securePort))
+ return false;
if (site == null) {
if (other.site != null)
return false;
@@ -489,12 +538,9 @@ public class ContainerConfiguration {
return false;
} else if (!tokens.equals(other.tokens))
return false;
-
return true;
}
-
-
diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
index 3965044..520f28d 100644
--- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
+++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
@@ -26,7 +26,10 @@ import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.scope.impl.ScopeBean.Type;
import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.application.ApplicationContext;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
@@ -98,8 +101,12 @@ public class RequestValidator extends RequestHandler {
log.warn("rejecting unscoped call to {}",context.name());
invalid_request_error.fire("call is unscoped");
}
-
- if (!context.container().configuration().allowedContexts().contains(scope)) {
+
+ ScopeBean bean = new ScopeBean(scope);
+
+ ContainerConfiguration conf = context.container().configuration();
+ if (!conf.allowedContexts().contains(scope) &&
+ !(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
log.warn("rejecting call to {} in invalid context {}, allowed context are {}",context.name(),scope,context.container().configuration().allowedContexts());
invalid_request_error.fire(context.name()+" cannot be called in scope "+scope);
}
diff --git a/src/test/java/test/container/ConfigurationTest.java b/src/test/java/test/container/ConfigurationTest.java
index 1721a0e..551dce8 100644
--- a/src/test/java/test/container/ConfigurationTest.java
+++ b/src/test/java/test/container/ConfigurationTest.java
@@ -30,8 +30,8 @@ public class ConfigurationTest {
+ "8080"
+ "8484"
+ "gcube"
- + // spaces are intentional!
- "token1" + "token2" + "" + appXml + ""
+ + "true "
+ +"token1" + "token2" + "" + appXml + ""
+ "it" + "rome" + "41.9000"
+ "12.5000" + "" + ""
+ "" + "30"
@@ -58,7 +58,7 @@ public class ConfigurationTest {
.startTokens(Arrays.asList("token1", "token2"))
.site(new Site().country("it").location("rome").latitude("41.9000").longitude("12.5000"))
.property("prop1", "val1").property("prop2", "val2").publicationFrequency(30)
- .app(sampleAppConfiguration())
+ .app(sampleAppConfiguration()).authorizeChildrenContext(true)
.persistence(new DefaultPersistence("target"));
}