diff --git a/pom.xml b/pom.xml
index e13802a..0079729 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
test
-
+
org.gcube.common
keycloak-client
diff --git a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
index 21c2ad5..006d8fb 100644
--- a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
+++ b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
@@ -14,12 +14,16 @@ import javax.ws.rs.core.MediaType;
import lombok.extern.slf4j.Slf4j;
+//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+//import org.gcube.common.keycloak.model.ModelUtils;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.resources.gcore.*;
import org.gcube.common.resources.gcore.utils.Group;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.resources.discovery.client.api.DiscoveryClient;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
-import org.gcube.resources.discovery.client.queries.impl.XQuery;
+//import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.common.encryption.StringEncrypter;
@Slf4j
@@ -64,16 +68,35 @@ public class ServiceEndpointResource {
if(Objects.nonNull(endpoints)) {
log.debug("retrieved resources are "+endpoints.size());
if (isDecrypt) {
- List ses = new ArrayList<>(endpoints.size());
- for (ServiceEndpoint resource : endpoints) {
- ses.add(decryptResource(resource));
+ if (isRoleEnabled()){
+ List ses = new ArrayList<>(endpoints.size());
+ for (ServiceEndpoint resource : endpoints) {
+ ses.add(decryptResource(resource));
+ }
+ return ses;
+ }else{
+ log.info("user not enabled to see the resource free to air, sorry");
}
- return ses;
}
}
return endpoints;
}
+ private boolean isRoleEnabled(){
+ String at= AccessTokenProvider.instance.get();
+ try{
+ if (ModelUtils.getAccessTokenFrom(at).getRealmAccess().getRoles().contains("service-endpoint-key" )) {
+ log.info("The client is authorized to see the resource as 'free-to-air'");
+ return true;
+ }
+ }catch (Exception e){
+ log.error("token not retrieved properly: "+e.getMessage());
+ e.printStackTrace();
+ }
+ log.info("user not authorized, sorry");
+ return false;
+ }
+
// @GET
// @Path("/{category}/{name}/{ap}")
// @Produces(MediaType.TEXT_XML)