#22042 Implemented the public access

CHANGELOG.md

@@ -12,6 +12,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 [#20595] Porting and using the model view provided by geoportal-common
 [#21946] Show layers of a concessione automatically on map according to zoom level
 [#21976] Access policies checked on server-side
+[#22042] Implemented the public access
 
 ## [v1.2.0-SNAPSHOT] - 2021-07-19
 

pom.xml

@@ -179,6 +179,11 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>keycloak-client</artifactId>
+			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
+		</dependency>
 		<dependency>
 			<groupId>com.liferay.portal</groupId>
 			<artifactId>portal-service</artifactId>

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/ApplicationProfileNotFoundException.java

@@ -1,20 +1,20 @@
-package org.gcube.portlets.user.geoportaldataviewer.server;
-
-/**
- * The Class ApplicationProfileException.
- *
- * @author Francesco Mangiacrapa francesco.mangiacrapa{@literal @}isti.cnr.it
- * Sep 6, 2016
- */
-@SuppressWarnings("serial")
-public class ApplicationProfileNotFoundException extends Exception {
-
- 	/**
- 	 * Instantiates a new application profile exception.
- 	 *
- 	 * @param message the message
- 	 */
- 	public ApplicationProfileNotFoundException(String message) {
-	    super(message);
-	  }
-}
+//package org.gcube.portlets.user.geoportaldataviewer.server;
+//
+///**
+// * The Class ApplicationProfileException.
+// *
+// * @author Francesco Mangiacrapa francesco.mangiacrapa{@literal @}isti.cnr.it
+// * Sep 6, 2016
+// */
+//@SuppressWarnings("serial")
+//public class ApplicationProfileNotFoundException extends Exception {
+//
+// 	/**
+// 	 * Instantiates a new application profile exception.
+// 	 *
+// 	 * @param message the message
+// 	 */
+// 	public ApplicationProfileNotFoundException(String message) {
+//	    super(message);
+//	  }
+//}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/ConcessioniMongoService.java

@@ -1,49 +0,0 @@
-package org.gcube.portlets.user.geoportaldataviewer.server;
-
-import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
-import org.gcube.application.geoportal.common.model.legacy.Concessione;
-import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
-
-
-/**
- * The Class ConcessioniMongoService.
- *
- * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
- * 
- * Sep 9, 2021
- */
-public class ConcessioniMongoService {
-	
-	
-	/**
-	 * Instantiates a new concessioni mongo service, interface for client statefulMongoConcessioni.
-	 */
-	public ConcessioniMongoService() {
-	}
-	
-
-	/**
-	 * Gets the item by id.
-	 *
-	 * @param request the request
-	 * @param mongoItemId the mongo item id
-	 * @return the item by id
-	 * @throws Exception the exception
-	 */
-	Concessione getItemById(HttpServletRequest request, String mongoItemId) throws Exception{
-		SessionUtil.getCurrentContext(request, true);
-		SessionUtil.getCurrentToken(request, true);
-		//Obtain the client
-		ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
-		//Returning item by Id
-		return concessioniManager.getById(mongoItemId);
-	}
-
-	
-	
-	
-}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/ConcessioniMongoService2.java

@@ -0,0 +1,163 @@
+//package org.gcube.portlets.user.geoportaldataviewer.server;
+//
+//import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
+//
+//import javax.servlet.http.HttpServletRequest;
+//
+//import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
+//import org.gcube.application.geoportal.common.model.legacy.Concessione;
+//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+//import org.gcube.common.keycloak.KeycloakClientFactory;
+//import org.gcube.common.keycloak.model.TokenResponse;
+//import org.gcube.common.scope.api.ScopeProvider;
+//import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
+//import org.slf4j.Logger;
+//import org.slf4j.LoggerFactory;
+//
+//
+///**
+// * The Class ConcessioniMongoServiceIdentityProxy.
+// *
+// * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+// * 
+// * Sep 23, 2021
+// */
+//public class ConcessioniMongoService2 {
+//
+//	private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoService2.class);
+//
+//	/**
+//	 * Instantiates a new concessioni mongo service, interface for client
+//	 * statefulMongoConcessioni.
+//	 */
+//	public ConcessioniMongoService2() {
+//	}
+//
+//	/**
+//	 * Gets the item by id.
+//	 *
+//	 * @param request     the request
+//	 * @param mongoItemId the mongo item id
+//	 * @return the item by id
+//	 * @throws Exception the exception
+//	 */
+//	public Concessione getItemById(HttpServletRequest request, String mongoItemId) throws Exception {
+//		LOG.info("called getItemById: " + mongoItemId);
+//		SessionUtil.getCurrentContext(request, true);
+//		SessionUtil.getCurrentToken(request, true);
+//		// Obtain the client
+//		ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
+//		// Returning item by Id
+//		return concessioniManager.getById(mongoItemId);
+//	}
+//	
+//	/**
+//	 * Gets the item by id.
+//	 *
+//	 * @param request     the request
+//	 * @param mongoItemId the mongo item id
+//	 * @return the item by id
+//	 * @throws Exception the exception
+//	 */
+//	public Concessione getItemById(String mongoItemId) throws Exception {
+//		LOG.info("called getItemById: " + mongoItemId);
+//		ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
+//		// Returning item by Id
+//		return concessioniManager.getById(mongoItemId);
+//	}
+//
+//	/**
+//	 * Iam client get item by.
+//	 *
+//	 * @param scope        the scope
+//	 * @param mongoItemId  the mongo item id
+//	 * @param clientId     the client id
+//	 * @param clientSecret the secret
+//	 * @return the concessione
+//	 * @throws Exception the exception
+//	 */
+//	public Concessione iamClientGetItemBy(String scope, String mongoItemId, String clientId, String clientSecret)
+//			throws Exception {
+//		LOG.info("called IAM Client getItemById: " + mongoItemId);
+//
+//		ScopeProvider.instance.set(scope);
+//
+//		if (clientId == null) {
+//			throw new Exception("Invalid parameter 'clientId'");
+//		}
+//
+//		if (clientSecret == null) {
+//			throw new Exception("Invalid parameter 'secret'");
+//		}
+//
+//		String umaAcessToken = null;
+//		try {
+//
+//			LOG.info("Querying KeycloakClientFactory to get UMA token..");
+//			TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientId, clientSecret, scope, null);
+//			umaAcessToken = tr.getAccessToken();
+//			if (umaAcessToken != null && !umaAcessToken.isEmpty()) {
+//				LOG.info("UMA Access Token read correctly");
+//			} else {
+//				LOG.error("UMA Access Token NOT RETRIEVED!!!");
+//				throw new Exception("UMA Access Token is null or empty");
+//			}
+//		} catch (Exception e2) {
+//			throw new Exception("Error occurred on reading UMA access token:", e2);
+//		}
+//
+//		String previousUMAToken = null;
+//		try {
+//
+//			try {
+//				// Here the previousUMAToken should be null
+//				previousUMAToken = AccessTokenProvider.instance.get();
+//			} catch (Exception e) {
+//				// catching excpetion to be sure
+//				// silent
+//			}
+//
+//			LOG.debug("JWT token: " + umaAcessToken.substring(0, 20) + "_MASKED_TOKEN_");
+//			LOG.info("Setting clientId '" + clientId + "' identity by JWT token in the "
+//					+ AccessTokenProvider.class.getSimpleName());
+//			AccessTokenProvider.instance.set(umaAcessToken);
+//			ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
+//			// Returning item by Id
+//			return concessioniManager.getById(mongoItemId);
+//
+//		} catch (Exception e) {
+//			LOG.error(e.getMessage(), e);
+//			throw new Exception(e.getMessage());
+//		} finally {
+//			try {
+//				AccessTokenProvider.instance.set(previousUMAToken);
+//				LOG.info("Done reset to prevoius UMA token into " + AccessTokenProvider.class.getSimpleName());
+//			} catch (Exception e) {
+//			}
+//		}
+//	}
+//
+//	/**
+//	 * To concessione.
+//	 *
+//	 * @param jsonString the json string
+//	 * @return the concessione
+//	 */
+//	public Concessione toConcessione(String jsonString) {
+//		LOG.info("toConcessione called");
+//		try {
+//			return org.gcube.application.geoportal.client.utils.Serialization.read(jsonString, Concessione.class);
+//		} catch (Exception e) {
+//			LOG.warn("Error on serializing: ", e);
+//			return null;
+//		}
+//	}
+//
+//	/*
+//	 * For testing public Concessione iamClientGetItemBy(HttpServletRequest request,
+//	 * String mongoItemId, String clientId, String secret) throws Exception { String
+//	 * scope = SessionUtil.getCurrentContext(request, true); return
+//	 * iamClientGetItemBy(scope, mongoItemId, clientId, secret); }
+//	 */
+//
+//}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java

@@ -26,7 +26,9 @@ import org.gcube.application.geoportalcommon.util.URLParserUtil;
 import org.gcube.portlets.user.geoportaldataviewer.client.GeoportalDataViewerService;
 import org.gcube.portlets.user.geoportaldataviewer.server.gis.FeatureParser;
 import org.gcube.portlets.user.geoportaldataviewer.server.gis.WMSUrlValidator;
-import org.gcube.portlets.user.geoportaldataviewer.server.util.CheckAccessPolicyUtil;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioneImageUtil;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioniMongoServiceIdentityProxy;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accesspolicy.GeoNACheckAccessPolicy;
 import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
 import org.gcube.portlets.user.geoportaldataviewer.shared.GeoNaSpatialQueryResult;
 import org.gcube.portlets.user.geoportaldataviewer.shared.gis.LayerObject;
@@ -142,8 +144,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 					maxWFSFeature);
 			LOG.debug("For layer name: " + layerObject.getLayerItem().getName() + " got features: " + features);
 			geoDAO.setFeatures(features);
-			
-			//Getting the concessioneId from WFS features
+
+			// Getting the concessioneId from WFS features
 			for (FeatureRow fRow : features) {
 				if (fRow.getMapProperties() != null) {
 					List<String> concessioneIds = fRow.getMapProperties().get("product_id");
@@ -216,15 +218,16 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 			String userName = null;
 			try {
 				userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
-			}catch (Exception e) {
+			} catch (Exception e) {
 				LOG.info("User not found in session, the userName for cecking policy will  be null");
 			}
 
 			if (itemType.equalsIgnoreCase("concessione")) {
 
 				LOG.info("Trying to get concessione for id " + itemId);
-				ConcessioniMongoService cms = new ConcessioniMongoService();
-				Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), itemId);
+				ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(
+						this.getThreadLocalRequest());
+				Concessione concessione = cms.getItemById(itemId);
 
 				BaseConcessioneDV baseConcessione = ConvertToDataViewModel.toBaseConcessione(concessione);
 				if (concessione != null) {
@@ -233,7 +236,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 					if (concessione.getPianteFineScavo() != null) {
 
 						for (LayerConcessione lc : concessione.getPianteFineScavo()) {
-							if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) {
+							if (GeoNACheckAccessPolicy.isAccessible(lc.getPolicy().name(), userName)) {
 								listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
 							}
 						}
@@ -242,7 +245,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 
 						if (lcPosizionamento != null) {
 
-							if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
+							if (GeoNACheckAccessPolicy.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
 
 								LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
 										.toLayerConcessione(lcPosizionamento, baseConcessione);
@@ -286,8 +289,9 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 		try {
 			LOG.info("Trying to get record for id " + mongoId);
 
-			ConcessioniMongoService cms = new ConcessioniMongoService();
-			Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
+			ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(
+					this.getThreadLocalRequest());
+			Concessione concessione = cms.getItemById(mongoId);
 
 			LOG.info("Got concessione for mongoId: " + mongoId);
 			if (concessione != null) {
@@ -297,11 +301,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 				try {
 					userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
 
-				}catch (Exception e) {
+				} catch (Exception e) {
 					LOG.info("User not found in session, so going to apply the acess policies");
 				}
 
-				// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING
+				// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT,
+				// A USER AUTHENTICATED CAN ACCESS EVERYTHING
 				// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
 				if (userName == null) {
 
@@ -309,9 +314,9 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 					LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
 					LayerConcessioneDV layerPosizionamento = concessionDV.getPosizionamentoScavo();
 					if (layerPosizionamento != null) {
-						if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
+						if (!GeoNACheckAccessPolicy.isAccessible(layerPosizionamento.getPolicy(), userName)) {
 							concessionDV.setPosizionamentoScavo(null);
-						}else {
+						} else {
 							LOG.info("Posizionamento di Scavo is not accessible by current user");
 						}
 					}
@@ -320,7 +325,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 					if (listLayersDV != null) {
 						List<LayerConcessioneDV> accessibleListLayersDV = new ArrayList<LayerConcessioneDV>();
 						for (LayerConcessioneDV layerDV : listLayersDV) {
-							if (CheckAccessPolicyUtil.isAccessible(layerDV.getPolicy(), userName)) {
+							if (GeoNACheckAccessPolicy.isAccessible(layerDV.getPolicy(), userName)) {
 								accessibleListLayersDV.add(layerDV);
 							}
 						}
@@ -329,14 +334,14 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 
 					AbstractRelazioneScavoDV abstractRS = concessionDV.getAbstractRelazioneScavo();
 					if (abstractRS != null) {
-						if (!CheckAccessPolicyUtil.isAccessible(abstractRS.getPolicy(), userName)) {
+						if (!GeoNACheckAccessPolicy.isAccessible(abstractRS.getPolicy(), userName)) {
 							concessionDV.setAbstractRelazioneScavo(null);
 						}
 					}
 
 					RelazioneScavoDV relazioneScavo = concessionDV.getRelazioneScavo();
 					if (relazioneScavo != null) {
-						if (!CheckAccessPolicyUtil.isAccessible(relazioneScavo.getPolicy(), userName)) {
+						if (!GeoNACheckAccessPolicy.isAccessible(relazioneScavo.getPolicy(), userName)) {
 							concessionDV.setRelazioneScavo(null);
 						}
 					}
@@ -348,7 +353,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 						// SHOWING ACESSIBLE IMAGES
 						for (UploadedImageDV uploadedImageDV : immagini) {
 
-							if (CheckAccessPolicyUtil.isAccessible(uploadedImageDV.getPolicy(), userName)) {
+							if (GeoNACheckAccessPolicy.isAccessible(uploadedImageDV.getPolicy(), userName)) {
 								accessibleListImages.add(uploadedImageDV);
 							}
 
@@ -495,7 +500,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
 
 			SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
 			GeoportalCommon gc = new GeoportalCommon();
-			return gc.getPublicLinksFor(item,true);
+			return gc.getPublicLinksFor(item, true);
 
 		} catch (Exception e) {
 			LOG.error("Error on getPublicLinksFor for: " + item, e);

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/TestModel.java

@@ -1,124 +0,0 @@
-//package org.gcube.portlets.user.geoportaldataviewer.server;
-//
-//import java.time.LocalDateTime;
-//import java.util.ArrayList;
-//import java.util.Arrays;
-//import java.util.List;
-//
-//import org.gcube.application.geoportal.common.model.legacy.AccessPolicy;
-//import org.gcube.application.geoportal.common.model.legacy.BBOX;
-//import org.gcube.application.geoportal.common.model.legacy.Concessione;
-//import org.gcube.application.geoportal.common.model.legacy.LayerConcessione;
-//import org.gcube.application.geoportal.common.model.legacy.PersistedContent;
-//import org.gcube.application.geoportal.common.model.legacy.RelazioneScavo;
-//import org.gcube.application.geoportal.common.model.legacy.UploadedImage;
-//import org.gcube.application.geoportal.common.model.legacy.WorkspaceContent;
-//
-//
-//public class TestModel {
-//
-//	public static Concessione prepareEmptyConcessione() {
-//		Concessione concessione = new Concessione();
-//
-//		// Generic fields
-//
-//		// Concessione fields
-//
-//		concessione.setNome("Italia, forse");
-//		concessione.setIntroduzione("This is my project");
-//		concessione.setDescrizioneContenuto("It contains this and that");
-//
-//		concessione.setAuthors(Arrays.asList(new String[] { "Some one", "Some, oneelse" }));
-//
-//		concessione.setContributore("Contrib 1");
-//		concessione.setTitolari(Arrays.asList(new String[] { "Some one", "Some, oneelse" }));
-//		concessione.setResponsabile("Someone");
-//		concessione.setEditore("Editore");
-//
-//		concessione.setFontiFinanziamento(Arrays.asList(new String[] { "Big pharma", "Pentagon" }));
-//
-//		concessione.setSoggetto(Arrays.asList(new String[] { "Research Excavation", "Archeology" }));
-//
-//		concessione
-//				.setRisorseCorrelate(Arrays.asList(new String[] { "https://google.com", "https://www.repubblica.it" }));
-//
-//		concessione.setDataInizioProgetto(LocalDateTime.now());
-//		concessione.setDataFineProgetto(LocalDateTime.now());
-//
-//		concessione.setLicenzaID("CC-BY");
-//
-//		concessione.setTitolareLicenza("Qualcun altro");
-//		concessione.setTitolareCopyright("Chiedilo in giro");
-//
-//		concessione.setParoleChiaveLibere(Arrays.asList(new String[] { "Robba", "Stuff" }));
-//		concessione.setParoleChiaveICCD(Arrays.asList(new String[] { "vattelapesca", "somthing something" }));
-//
-//		concessione.setLastUpdateTime(LocalDateTime.now());
-//		concessione.setCreationTime(LocalDateTime.now());
-//		concessione.setLastUpdateUser("fake user");
-//
-//		concessione.setCentroidLat(43.0); // N-S
-//		concessione.setCentroidLong(9.0); // E-W
-//
-//		return concessione;
-//	}
-//
-//	public static Concessione prepareConcessione() {
-//
-//		Concessione concessione = prepareEmptyConcessione();
-//
-//		// Attachments
-//
-//		// Relazione scavo
-//		RelazioneScavo relScavo = new RelazioneScavo();
-//
-//		relScavo.setAbstractSection("simple abstract section");
-//		relScavo.setResponsabili(concessione.getAuthors());
-//
-//		concessione.setRelazioneScavo(relScavo);
-//		// Immagini rappresentative
-//		ArrayList<UploadedImage> imgs = new ArrayList<>();
-//		for (int i = 0; i < 5; i++) {
-//			UploadedImage img = new UploadedImage();
-//			img.setTitolo("My image number " + i);
-//			img.setDidascalia("You can see my image number " + i);
-//			img.setFormat("TIFF");
-//			img.setCreationTime(LocalDateTime.now());
-//			img.setResponsabili(concessione.getAuthors());
-//			List<PersistedContent> actualContentList = new ArrayList<PersistedContent>(1);
-//			WorkspaceContent ws = new WorkspaceContent();
-//			ws.setLink("https://data.dev.d4science.org/shub/E_azRkaVhqTFExMzZvTG9pY0hwSFJNV2tVTHBEMGEycFVsQitvWjZvb29WZjkwRU84b1hXQnp0QjRuSGhrODJqQg==");
-//			actualContentList.add(ws);
-//			img.setActualContent(actualContentList);
-//			imgs.add(img);
-//		}
-//		concessione.setImmaginiRappresentative(imgs);
-//		// Posizionamento
-//		LayerConcessione posizionamento = new LayerConcessione();
-//		posizionamento.setValutazioneQualita("Secondo me si");
-//		posizionamento.setMetodoRaccoltaDati("Fattobbene");
-//		posizionamento.setScalaAcquisizione("1:10000");
-//		posizionamento.setAuthors(concessione.getAuthors());
-//		concessione.setPosizionamentoScavo(posizionamento);
-//
-//		// Piante fine scavo
-//		ArrayList<LayerConcessione> piante = new ArrayList<LayerConcessione>();
-//		for (int i = 0; i < 4; i++) {
-//			LayerConcessione pianta = new LayerConcessione();
-//			pianta.setValutazioneQualita("Secondo me si");
-//			pianta.setMetodoRaccoltaDati("Fattobbene");
-//			pianta.setScalaAcquisizione("1:10000");
-//			pianta.setAuthors(concessione.getAuthors());
-//			pianta.setPolicy(AccessPolicy.RESTRICTED);
-//			pianta.setLayerName("gna_conc_12:pos");
-//			pianta.setWmsLink(
-//					"https://geoserver1.dev.d4science.org/geoserver/gna_conc_12/wms?service=WMS&version=1.1.0&request=GetMap&layers=gna_conc_12:pos&styles=&bbox=8.62091913167495,40.62975046683799,8.621178639172953,40.630257904721645&width=392&height=768&srs=EPSG:4326&format=application/openlayers#toggle");
-//			
-//			pianta.setBbox(new BBOX(40.630257904721645,8.621178639172953,40.62975046683799,8.62091913167495));
-//			piante.add(pianta);
-//		}
-//		concessione.setPianteFineScavo(piante);
-//
-//		return concessione;
-//	}
-//}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/ConcessioneImageUtil.java

@@ -1,4 +1,4 @@
-package org.gcube.portlets.user.geoportaldataviewer.server;
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -50,8 +50,8 @@ public class ConcessioneImageUtil {
 			if (itemType.equalsIgnoreCase("concessione")) {
 
 				LOG.info("Trying to get concessione for id " + itemId);
-				ConcessioniMongoService cms = new ConcessioniMongoService();
-				Concessione concessione  = cms.getItemById(httpServletRequest, itemId);
+				ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(httpServletRequest);
+				Concessione concessione  = cms.getItemById(itemId);
 				if (concessione != null) {
 					LOG.info("For id " + itemId + ", got concessione " + concessione.getNome() + " from service");
 					List<UploadedImage> images = concessione.getImmaginiRappresentative();

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/ConcessioniMongoService.java

@@ -0,0 +1,66 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
+
+import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
+
+import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
+import org.gcube.application.geoportal.common.model.legacy.Concessione;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class ConcessioniMongoService.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ * Sep 23, 2021
+ */
+public class ConcessioniMongoService {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoService.class);
+
+	/**
+	 * Instantiates a new concessioni mongo service.
+	 */
+	protected ConcessioniMongoService() {
+	}
+
+	/**
+	 * Gets the item by id.
+	 *
+	 * @param mongoItemId the mongo item id
+	 * @return the item by id
+	 * @throws Exception the exception
+	 */
+	protected Concessione getItemById(String mongoItemId) throws Exception {
+		LOG.info("called getItemById: " + mongoItemId);
+		ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
+		// Returning item by Id
+		return concessioniManager.getById(mongoItemId);
+	}
+
+	
+	/**
+	 * To concessione.
+	 *
+	 * @param jsonString the json string
+	 * @return the concessione
+	 */
+	protected Concessione toConcessione(String jsonString) {
+		LOG.info("toConcessione called");
+		try {
+			return org.gcube.application.geoportal.client.utils.Serialization.read(jsonString, Concessione.class);
+		} catch (Exception e) {
+			LOG.warn("Error on serializing: ", e);
+			return null;
+		}
+	}
+
+	/*
+	 * For testing public Concessione iamClientGetItemBy(HttpServletRequest request,
+	 * String mongoItemId, String clientId, String secret) throws Exception { String
+	 * scope = SessionUtil.getCurrentContext(request, true); return
+	 * iamClientGetItemBy(scope, mongoItemId, clientId, secret); }
+	 */
+
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/ConcessioniMongoServiceIdentityProxy.java

@@ -0,0 +1,77 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.gcube.application.geoportal.common.model.legacy.Concessione;
+import org.gcube.common.portal.PortalContext;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.GcubeIdentity;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientIdentity;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.UserIdentity;
+import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class ConcessioniMongoServiceIdentityProxy.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ * Sep 23, 2021
+ */
+public class ConcessioniMongoServiceIdentityProxy {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoServiceIdentityProxy.class);
+	
+	private GcubeIdentity gCubeIdentity;
+
+
+	/**
+	 * Instantiates a new concessioni mongo service proxy.
+	 *
+	 * @param request the request
+	 * @throws Exception the exception
+	 */
+	public ConcessioniMongoServiceIdentityProxy(HttpServletRequest request) throws Exception {
+		SessionUtil.getCurrentContext(request, true);
+		PortalContext pContext = PortalContext.getConfiguration();
+		String username = null;
+		try {
+			username = pContext.getCurrentUser(request).getUsername();
+		}catch (Exception e) {
+			LOG.info("Username not detected in session");
+		}
+		if (username != null) {
+			LOG.info("User detected, using its identity");
+			gCubeIdentity = new UserIdentity();
+		} else {
+			LOG.info("User not detected, using IAM Client identity");
+			gCubeIdentity = new IAMClientIdentity();
+		}
+		
+		gCubeIdentity.setIdentity(request);
+	}
+
+
+	/**
+	 * Gets the item by id.
+	 *
+	 * @param mongoItemId the mongo item id
+	 * @return the item by id
+	 * @throws Exception the exception
+	 */
+	public Concessione getItemById(String mongoItemId) throws Exception {
+
+		try {
+			// Obtain the client
+			ConcessioniMongoService concessioniManager = new ConcessioniMongoService();
+			// Returning item by Id
+			return concessioniManager.getItemById(mongoItemId);
+		}catch(Exception e) {
+			LOG.error("Error on reading itemById: "+mongoItemId, e);
+			throw(e);
+		}finally {
+			gCubeIdentity.resetIdentity();
+		}
+	}
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/IAMClientCredentialsReader.java

@@ -0,0 +1,82 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
+
+import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
+import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
+
+import java.util.Collection;
+import java.util.List;
+
+import org.gcube.common.encryption.StringEncrypter;
+import org.gcube.common.resources.gcore.ServiceEndpoint;
+import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
+import org.gcube.resources.discovery.client.api.DiscoveryClient;
+import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class IAMClientCredentialsReader.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ *         Sep 23, 2021
+ */
+public class IAMClientCredentialsReader {
+
+	private static Logger LOG = LoggerFactory.getLogger(IAMClientCredentialsReader.class);
+
+	private static final String SE_PROFILE_NAME = "geoportal-data-viewer-app";
+	private static final String SE_CATEGORY_NAME = "SystemClient";
+
+	/**
+	 * Gets the credentials.
+	 *
+	 * @return the credentials
+	 * @throws Exception the exception
+	 */
+	public static IAMClientCredentials getCredentials() throws Exception {
+
+		LOG.info("Searching SE in the scope: " + ScopeProvider.instance.get() + " with profile name: " + SE_PROFILE_NAME
+				+ " and category name: " + SE_CATEGORY_NAME);
+
+		SimpleQuery query = queryFor(ServiceEndpoint.class);
+		query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
+		query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
+
+		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
+		List<ServiceEndpoint> resources = client.submit(query);
+
+		if (resources.size() > 0)
+			LOG.info("The query returned " + resources.size() + " ServiceEndpoint/s");
+		else
+			throw new RuntimeException("ServiceEndpoint not found. Searching for profile name: " + SE_PROFILE_NAME
+					+ " and category name: " + SE_CATEGORY_NAME + "in the scope: " + ScopeProvider.instance.get());
+
+		ServiceEndpoint se = resources.get(0);
+		Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
+		String clientId = null;
+		String secredPwd = null;
+		for (AccessPoint accessPoint : theAccessPoints) {
+			clientId = accessPoint.username();
+			secredPwd = accessPoint.password();
+			LOG.debug("Found clientId: " + clientId + " and encrypted secret: " + secredPwd);
+			// decrypting the pwd
+			try {
+				if (secredPwd != null) {
+					secredPwd = StringEncrypter.getEncrypter().decrypt(secredPwd);
+					LOG.debug("Secret decrypted is: " + secredPwd.substring(0, secredPwd.length() / 2)
+							+ "_MASKED_TOKEN_");
+				}
+			} catch (Exception e) {
+				throw new RuntimeException("Error on decrypting the pwd: ", e);
+			}
+		}
+
+		LOG.info("Returning keycloack credentials read from SE");
+		return new IAMClientCredentials(clientId, secredPwd);
+
+	}
+
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accessidentities/GcubeIdentity.java

@@ -0,0 +1,28 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
+
+import javax.servlet.http.HttpServletRequest;
+
+
+/**
+ * The Interface GcubeIdentity.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ * Sep 23, 2021
+ */
+public interface GcubeIdentity {
+	
+	/**
+	 * Sets the identity.
+	 *
+	 * @param httpRequest the new identity
+	 * @throws Exception the exception
+	 */
+	public void setIdentity(HttpServletRequest httpRequest) throws Exception;
+	
+	/**
+	 * Reset identity.
+	 */
+	public void resetIdentity();
+
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accessidentities/IAMClientCredentials.java

@@ -0,0 +1,91 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
+
+import java.io.Serializable;
+
+
+/**
+ * The Class IAMClientCredentials.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ * Sep 23, 2021
+ */
+public class IAMClientCredentials implements Serializable {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 7242909633989611318L;
+	private String clientId;
+	private String clientSecret;
+
+	/**
+	 * Instantiates a new IAM client credentials.
+	 */
+	public IAMClientCredentials() {
+	}
+
+	/**
+	 * Instantiates a new IAM client credentials.
+	 *
+	 * @param clientId the client id
+	 * @param clientSecret the client secret
+	 */
+	public IAMClientCredentials(String clientId, String clientSecret) {
+		this.clientId = clientId;
+		this.clientSecret = clientSecret;
+	}
+
+	/**
+	 * Gets the client id.
+	 *
+	 * @return the client id
+	 */
+	public String getClientId() {
+		return clientId;
+	}
+
+	/**
+	 * Gets the client secret.
+	 *
+	 * @return the client secret
+	 */
+	public String getClientSecret() {
+		return clientSecret;
+	}
+
+	/**
+	 * Sets the client id.
+	 *
+	 * @param clientId the new client id
+	 */
+	public void setClientId(String clientId) {
+		this.clientId = clientId;
+	}
+
+	/**
+	 * Sets the client secret.
+	 *
+	 * @param clientSecret the new client secret
+	 */
+	public void setClientSecret(String clientSecret) {
+		this.clientSecret = clientSecret;
+	}
+
+	/**
+	 * To string.
+	 *
+	 * @return the string
+	 */
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		builder.append("IAMClientCredentials [clientId=");
+		builder.append(clientId);
+		builder.append(", clientSecret=");
+		builder.append(clientSecret);
+		builder.append("]");
+		return builder.toString();
+	}
+
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accessidentities/IAMClientIdentity.java

@@ -0,0 +1,83 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.keycloak.KeycloakClientFactory;
+import org.gcube.common.keycloak.model.TokenResponse;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.IAMClientCredentialsReader;
+import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class IAMClientIdentity implements GcubeIdentity {
+
+	private static final Logger LOG = LoggerFactory.getLogger(IAMClientIdentity.class);
+
+	private String previousUMAToken = null;
+
+	@Override
+	public void setIdentity(HttpServletRequest httpRequest) throws Exception {
+		LOG.info("setIdentity called");
+		String currentScope = SessionUtil.getCurrentContext(httpRequest, true);
+		IAMClientCredentials credentials  = SessionUtil.getIAMClientCredentials(httpRequest);
+		try {
+			if(credentials==null) {
+				credentials = IAMClientCredentialsReader.getCredentials();
+				SessionUtil.setIAMClientCredentials(httpRequest,credentials);
+			}
+		} catch (Exception e) {
+			LOG.error("Error on discovering IAM Client credentials", e);
+			throw new Exception("IAM Client discovery failed");
+		}
+
+		LOG.trace("Read credentials: " + credentials);
+		String umaAcessToken = null;
+		String clientId = credentials.getClientId();
+		String clientSecret = credentials.getClientSecret();
+		try {
+
+			LOG.info("Querying KeycloakClientFactory to get UMA token..");
+			TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientId, clientSecret, currentScope,
+					null);
+			umaAcessToken = tr.getAccessToken();
+			if (umaAcessToken != null && !umaAcessToken.isEmpty()) {
+				LOG.info("UMA Access Token read correctly");
+			} else {
+				LOG.error("UMA Access Token NOT RETRIEVED!!!");
+				throw new Exception("UMA Access Token is null or empty");
+			}
+		} catch (Exception e2) {
+			throw new Exception("Error occurred on reading UMA access token:", e2);
+		}
+
+		try {
+
+			try {
+				// Here the previousUMAToken should be null
+				previousUMAToken = AccessTokenProvider.instance.get();
+			} catch (Exception e) {
+				// catching excpetion to be sure
+				// silent
+			}
+
+			LOG.debug("JWT token: " + umaAcessToken.substring(0, 20) + "_MASKED_TOKEN_");
+			LOG.info("Setting clientId '" + clientId + "' identity by JWT token in the "
+					+ AccessTokenProvider.class.getSimpleName());
+			AccessTokenProvider.instance.set(umaAcessToken);
+		} catch (Exception e) {
+			LOG.error(e.getMessage(), e);
+			throw new Exception(e.getMessage());
+		}
+
+	}
+
+	@Override
+	public void resetIdentity() {
+		LOG.info("resetIdentity called");
+		AccessTokenProvider.instance.set(previousUMAToken);
+		LOG.info("resetIdentity to previous AccessToken");
+
+	}
+
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accessidentities/UserIdentity.java

@@ -0,0 +1,28 @@
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class UserIdentity implements GcubeIdentity {
+
+	private static final Logger LOG = LoggerFactory.getLogger(UserIdentity.class);
+
+	public UserIdentity() {
+	}
+
+	@Override
+	public void setIdentity(HttpServletRequest httpRequest) throws Exception {
+		LOG.info("setIdentity called");
+		SessionUtil.getCurrentToken(httpRequest, true);
+
+	}
+
+	@Override
+	public void resetIdentity() {
+		LOG.info("resetIdentity called, doing nothing");
+		// doing nothing
+	}
+}

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accesspolicy/GeoNACheckAccessPolicy.java

@@ -1,18 +1,18 @@
-package org.gcube.portlets.user.geoportaldataviewer.server.util;
+package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accesspolicy;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * The Class CheckAccessPolicyUtil.
+ * The Class GeoNACheckAccessPolicy.
  *
  * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
  * 
  * Sep 9, 2021
  */
-public class CheckAccessPolicyUtil {
+public class GeoNACheckAccessPolicy {
 	
-	private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class);
+	private static final Logger LOG = LoggerFactory.getLogger(GeoNACheckAccessPolicy.class);
 	/**
 	 * The Enum ACCESS_POLICY.
 	 *

src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/util/SessionUtil.java

@@ -14,7 +14,8 @@ import org.gcube.application.geoportalcommon.shared.products.model.UploadedImage
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
-import org.gcube.portlets.user.geoportaldataviewer.server.ConcessioneImageUtil;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioneImageUtil;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
 import org.gcube.portlets.user.urlshortener.UrlShortener;
 import org.gcube.vomanagement.usermanagement.GroupManager;
 import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
@@ -39,9 +40,11 @@ public class SessionUtil {
 	/** The log. */
 	private static Logger LOG = LoggerFactory.getLogger(SessionUtil.class);
 
-	public static final String URL_SHORTENER_SERVICE = "URL_SHORTENER_SERVICE";
+	private static final String URL_SHORTENER_SERVICE = "URL_SHORTENER_SERVICE";
 
-	public static final String CACHE_IMAGE_PREVIEW_FOR_CONCESSIONE = "MAP_IMAGE_PREVIEW_FOR_CONCESSIONE";
+	private static final String CACHE_IMAGE_PREVIEW_FOR_CONCESSIONE = "MAP_IMAGE_PREVIEW_FOR_CONCESSIONE";
+
+	private static final String IAM_CLIENT_CREDENTIALS = "IAM_CLIENT_CREDENTIALS";
 
 	/**
 	 * Checks if is into portal.
@@ -222,4 +225,35 @@ public class SessionUtil {
 
 		return lUI.get(0);
 	}
+
+	/**
+	 * Gets the IAM client credentials.
+	 *
+	 * @param httpRequest the http request
+	 * @return the IAM client credentials
+	 */
+	public static IAMClientCredentials getIAMClientCredentials(HttpServletRequest httpRequest) {
+		HttpSession session = httpRequest.getSession();
+		try {
+			return (IAMClientCredentials) session.getAttribute(IAM_CLIENT_CREDENTIALS);
+		} catch (Exception e) {
+			LOG.warn("Error occurred when reading " + IAM_CLIENT_CREDENTIALS + " from session");
+			return null;
+		}
+	}
+
+	/**
+	 * Sets the IAM client credentials.
+	 *
+	 * @param httpRequest the http request
+	 * @param iamCC the iam CC
+	 */
+	public static void setIAMClientCredentials(HttpServletRequest httpRequest, IAMClientCredentials iamCC) {
+		HttpSession session = httpRequest.getSession();
+		try {
+			session.setAttribute(IAM_CLIENT_CREDENTIALS, iamCC);
+		} catch (Exception e) {
+			LOG.warn("Error occurred when setting " + IAM_CLIENT_CREDENTIALS + " into session");
+		}
+	}
 }

src/test/java/org/gcube/portlets/user/geoportaldataviewer/ConcessioneReader.java

@@ -0,0 +1,60 @@
+package org.gcube.portlets.user.geoportaldataviewer;
+
+import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
+
+import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
+import org.gcube.application.geoportal.common.model.legacy.Concessione;
+import org.gcube.application.geoportalcommon.ConvertToDataViewModel;
+import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.scope.api.ScopeProvider;
+
+public class ConcessioneReader {
+
+	private static final String YOUR_TOKEN = "";
+
+	public static String SCOPE = "/gcube/devsec/devVRE";
+	public static String mongoConcessioneID = "6102c07002ad3d05b5f81ddc";
+
+	//@Before
+	public void setEnviroment() {
+		ScopeProvider.instance.set(SCOPE);
+		SecurityTokenProvider.instance.set(YOUR_TOKEN);
+
+	}
+
+	//@Test
+	public void readConcessione() throws Exception {
+		System.out.println("getConcessioneForId " + mongoConcessioneID + "called");
+
+		ConcessioneDV concessionDV = null;
+
+		if (mongoConcessioneID == null)
+			throw new Exception("Invalid parameter. The Id is null");
+
+		try {
+			System.out.println("Trying to get record for id " + mongoConcessioneID);
+			ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
+			Concessione concessione = concessioniManager.getById(mongoConcessioneID);
+			System.out.println("For id " + mongoConcessioneID + ", got concessione " + concessione);
+			System.out.println("Immagini Rappresentative are: " + concessione.getImmaginiRappresentative());
+			System.out.println("Relazione scavo: " + concessione.getRelazioneScavo());
+			System.out.println("Pianta Fine scavo: " + concessione.getPianteFineScavo());
+			System.out.println("Posizionamento scavo: " + concessione.getPosizionamentoScavo());
+
+			if (concessione != null) {
+				concessionDV = ConvertToDataViewModel.toConcessione(concessione);
+			}
+
+			if (concessionDV == null)
+				throw new Exception("Concessione not retrieved");
+
+			System.out.println("Got concessione: " + concessionDV);
+
+		} catch (Exception e) {
+			String erroMsg = Concessione.class.getSimpleName() + " with id " + mongoConcessioneID + " not available";
+			throw new Exception(erroMsg);
+		}
+	}
+
+}

src/test/java/org/gcube/portlets/user/geoportaldataviewer/GetConcessione.java

@@ -1,67 +0,0 @@
-package org.gcube.portlets.user.geoportaldataviewer;
-
-import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
-
-import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
-import org.gcube.application.geoportal.common.model.legacy.Concessione;
-import org.gcube.application.geoportalcommon.ConvertToDataViewModel;
-import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
-import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
-import org.gcube.common.scope.api.ScopeProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class GetConcessione {
-	
-	private static final Logger LOG = LoggerFactory.getLogger(GetConcessione.class);
-
-	private static final String YOUR_TOKEN = "";
-	
-	public static String SCOPE = "/gcube/devsec/devVRE";
-	public static String concessioneId = "6102c07002ad3d05b5f81ddc";
-	
-	public static ConcessioneDV getConcessioneForId(String mongoID) throws Exception{
-		LOG.info("getConcessioneForId "+mongoID+ "called");
-		
-		ConcessioneDV concessionDV = null;
-			
-		if(mongoID==null)
-			throw new Exception("Invalid parameter. The Id is null");
-		
-		try {
-			LOG.info("Trying to get record for id "+mongoID);
-			ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
-			Concessione concessione = concessioniManager.getById(mongoID);
-			LOG.info("For id "+mongoID+", got concessione "+concessione);
-			LOG.info("Immagini Rappresentative are: "+concessione.getImmaginiRappresentative());
-			LOG.info("Relazione scavo: "+concessione.getRelazioneScavo());
-			LOG.info("Pianta Fine scavo: "+concessione.getPianteFineScavo());
-			LOG.info("Posizionamento scavo: "+concessione.getPosizionamentoScavo());
-			
-			if(concessione !=null) {
-				concessionDV = ConvertToDataViewModel.toConcessione(concessione);
-			}
-			
-			if(concessionDV==null)
-				throw new Exception("Concessione not retrieved");
-			
-			return concessionDV;
-			
-		}catch (Exception e) {
-			String erroMsg = Concessione.class.getSimpleName() +" with id "+mongoID+" not available";
-			LOG.error(erroMsg,e);
-			throw new Exception(erroMsg);
-		}
-		
-	}
-	
-	public static void main(String[] args) throws Exception {
-		ScopeProvider.instance.set(SCOPE);
-		SecurityTokenProvider.instance.set(YOUR_TOKEN);
-		LOG.info("Trying to get record for id "+concessioneId);
-		ConcessioneDV concessione = getConcessioneForId(concessioneId);
-		LOG.info("Got record for id "+concessione);
-	}
-
-
-}

src/test/java/org/gcube/portlets/user/geoportaldataviewer/IAMClient.java

@@ -0,0 +1,40 @@
+package org.gcube.portlets.user.geoportaldataviewer;
+
+import java.util.List;
+
+import org.gcube.application.geoportal.common.model.legacy.Concessione;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.IAMClientCredentialsReader;
+import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
+import org.junit.Test;
+
+public class IAMClient {
+
+	private static final String SCOPE = "/gcube/devsec/devVRE";
+	private static final String MONGO_ITEM_ID = "614af6a502ad3d6128abd43f";
+
+	@Test
+	public void readCredentials() {
+		System.out.println("called readCredentials test");
+		ScopeProvider.instance.set(SCOPE);
+		IAMClientCredentials credentials = null;
+		try {
+			credentials = IAMClientCredentialsReader.getCredentials();
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+
+		System.out.println("Read credentials: " + credentials);
+		Concessione concessione;
+		try {
+//			concessione = new ConcessioniMongoServiceIdentityProxy();
+
+			// System.out.println("Get concessione: " + concessione);
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
+
+}

src/test/java/org/gcube/portlets/user/geoportaldataviewer/Shortener.java

@@ -7,9 +7,11 @@ import java.util.Arrays;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.portlets.user.urlshortener.UrlShortener;
 
-public class TestShortener {
+public class Shortener {
 
-	public static void main(String[] args) {
+	//@Test
+	public void availableInTheScope() {
+		System.out.println("called availableInTheScope test");
 		try {
 			String toShort = "https://next.d4science.org/group/nextnext/geona-data-viewer";
 			String[] splitted = toShort.split("\\?");
@@ -27,12 +29,12 @@ public class TestShortener {
 				System.out.println("encodedQuery is: "+encodedQuery);
 				link = String.format("%s?%s", splitted[0], encodedQuery);
 			}
-			ScopeProvider.instance.set("/gcube/devNext/NextNext");
+			ScopeProvider.instance.set("/gcube/devsec/devVRE");
 			UrlShortener shortener = new UrlShortener();
 			System.out.println(shortener.shorten(link));
 		} catch (Exception e) {
 			e.printStackTrace();
 		}		
-		
 	}
+
 }