git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/common/common-smartgears/2.1@146240 82a268e6-3cf1-43bd-a215-b396298e98cf

src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java

@@ -10,6 +10,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlElementRef;
@@ -59,6 +61,9 @@ public class ContainerConfiguration {
 	@XmlElement(name ="secure-port")
 	Integer securePort;
 	
+	@XmlElement
+	boolean authorizeChildrenContext = false;
+	
 	@XmlElement
 	@NotNull
 	String infrastructure;
@@ -243,6 +248,15 @@ public class ContainerConfiguration {
 		return this;
 	}
 	
+	public boolean authorizeChildrenContext() {
+		return authorizeChildrenContext;
+	}
+
+	public ContainerConfiguration authorizeChildrenContext(boolean authorizeChildrenContext) {
+		this.authorizeChildrenContext = authorizeChildrenContext;
+		return this;
+	}
+
 	/**
 	 * Returns the VOs in which the container initially operates.
 	 * @return the VOs
@@ -418,14 +432,32 @@ public class ContainerConfiguration {
 	public int hashCode() {
 		final int prime = 31;
 		int result = 1;
+		result = prime * result
+				+ ((allowedContext == null) ? 0 : allowedContext.hashCode());
 		result = prime * result + ((apps == null) ? 0 : apps.hashCode());
-		result = prime * result + ((hostname == null) ? 0 : hostname.hashCode());
+		result = prime
-		result = prime * result + ((infrastructure == null) ? 0 : infrastructure.hashCode());
+				* result
+				+ ((authenticationEnpoint == null) ? 0 : authenticationEnpoint
+						.hashCode());
+		result = prime * result + (authorizeChildrenContext ? 1231 : 1237);
+		result = prime * result
+				+ ((hostname == null) ? 0 : hostname.hashCode());
+		result = prime * result
+				+ ((infrastructure == null) ? 0 : infrastructure.hashCode());
 		result = prime * result + ((mode == null) ? 0 : mode.hashCode());
-		result = prime * result + ((persistenceManager == null) ? 0 : persistenceManager.hashCode());
+		result = prime
+				* result
+				+ ((persistenceManager == null) ? 0 : persistenceManager
+						.hashCode());
 		result = prime * result + ((port == null) ? 0 : port.hashCode());
-		result = prime * result + ((properties == null) ? 0 : properties.hashCode());
+		result = prime * result
-		result = prime * result + (int) (publicationFrequency ^ (publicationFrequency >>> 32));
+				+ ((properties == null) ? 0 : properties.hashCode());
+		result = prime * result
+				+ ((proxyAddress == null) ? 0 : proxyAddress.hashCode());
+		result = prime * result
+				+ (int) (publicationFrequency ^ (publicationFrequency >>> 32));
+		result = prime * result
+				+ ((securePort == null) ? 0 : securePort.hashCode());
 		result = prime * result + ((site == null) ? 0 : site.hashCode());
 		result = prime * result + ((tokens == null) ? 0 : tokens.hashCode());
 		return result;
@@ -440,11 +472,23 @@ public class ContainerConfiguration {
 		if (getClass() != obj.getClass())
 			return false;
 		ContainerConfiguration other = (ContainerConfiguration) obj;
+		if (allowedContext == null) {
+			if (other.allowedContext != null)
+				return false;
+		} else if (!allowedContext.equals(other.allowedContext))
+			return false;
 		if (apps == null) {
 			if (other.apps != null)
 				return false;
 		} else if (!apps.equals(other.apps))
 			return false;
+		if (authenticationEnpoint == null) {
+			if (other.authenticationEnpoint != null)
+				return false;
+		} else if (!authenticationEnpoint.equals(other.authenticationEnpoint))
+			return false;
+		if (authorizeChildrenContext != other.authorizeChildrenContext)
+			return false;
 		if (hostname == null) {
 			if (other.hostname != null)
 				return false;
@@ -467,18 +511,23 @@ public class ContainerConfiguration {
 				return false;
 		} else if (!port.equals(other.port))
 			return false;
-		if (securePort == null) {
-			if (other.securePort != null)
-				return false;
-		} else if (!securePort.equals(other.securePort))
-			return false;
 		if (properties == null) {
 			if (other.properties != null)
 				return false;
 		} else if (!properties.equals(other.properties))
 			return false;
+		if (proxyAddress == null) {
+			if (other.proxyAddress != null)
+				return false;
+		} else if (!proxyAddress.equals(other.proxyAddress))
+			return false;
 		if (publicationFrequency != other.publicationFrequency)
 			return false;
+		if (securePort == null) {
+			if (other.securePort != null)
+				return false;
+		} else if (!securePort.equals(other.securePort))
+			return false;
 		if (site == null) {
 			if (other.site != null)
 				return false;
@@ -489,13 +538,10 @@ public class ContainerConfiguration {
 				return false;
 		} else if (!tokens.equals(other.tokens))
 			return false;
-		
 		return true;
 	}
 
 	
 
 		
-
-		
 }

src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java

@@ -26,7 +26,10 @@ import org.gcube.common.authorization.library.provider.ServiceIdentifier;
 import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.authorization.library.utils.Caller;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.scope.impl.ScopeBean.Type;
 import org.gcube.smartgears.Constants;
+import org.gcube.smartgears.configuration.container.ContainerConfiguration;
 import org.gcube.smartgears.context.application.ApplicationContext;
 import org.gcube.smartgears.handlers.application.RequestEvent;
 import org.gcube.smartgears.handlers.application.RequestHandler;
@@ -99,7 +102,11 @@ public class RequestValidator extends RequestHandler {
 			invalid_request_error.fire("call is unscoped"); 
 		}
 		
-		if (!context.container().configuration().allowedContexts().contains(scope)) {
+		ScopeBean bean = new ScopeBean(scope);
+		
+		ContainerConfiguration conf = context.container().configuration();
+		if (!conf.allowedContexts().contains(scope) && 
+				!(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
 			log.warn("rejecting call to {} in invalid context {}, allowed context are {}",context.name(),scope,context.container().configuration().allowedContexts());
 			invalid_request_error.fire(context.name()+" cannot be called in scope "+scope);
 		}

src/test/java/test/container/ConfigurationTest.java

@@ -30,8 +30,8 @@ public class ConfigurationTest {
 				+ "<port>8080</port>"
 				+ "<secure-port>8484</secure-port>"
 				+ "<infrastructure>gcube</infrastructure>"
-				+ // spaces are intentional!
+				+ "<authorizeChildrenContext>true</authorizeChildrenContext> "
-				"<token>token1</token>" + "<token>token2</token>" + "<persistence location='target'/>" + appXml + "<site>"
+				+"<token>token1</token>" + "<token>token2</token>" + "<persistence location='target'/>" + appXml + "<site>"
 				+ "<country>it</country>" + "<location>rome</location>" + "<latitude>41.9000</latitude>"
 				+ "<longitude>12.5000</longitude>" + "</site>" + "<property name='prop1' value='val1' />"
 				+ "<property name='prop2' value='val2' />" + "<publication-frequency>30</publication-frequency>"
@@ -58,7 +58,7 @@ public class ConfigurationTest {
 				.startTokens(Arrays.asList("token1", "token2"))
 				.site(new Site().country("it").location("rome").latitude("41.9000").longitude("12.5000"))
 				.property("prop1", "val1").property("prop2", "val2").publicationFrequency(30)
-				.app(sampleAppConfiguration())
+				.app(sampleAppConfiguration()).authorizeChildrenContext(true)
 				.persistence(new DefaultPersistence("target"));
 
 	}