porting to Smartgears4 part 1

.classpath

@@ -27,7 +27,6 @@
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">

pom.xml

@@ -31,7 +31,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-smartgears-bom</artifactId>
-				<version>2.1.0</version>
+				<version>3.0.0-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>

src/main/java/org/gcube/datatransfer/resolver/applicationprofile/ApplicationProfileReader.java

@@ -4,18 +4,21 @@ import static org.gcube.resources.discovery.icclient.ICFactory.client;
 
 import java.io.StringReader;
 import java.util.List;
+import java.util.concurrent.Callable;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.apache.log4j.Logger;
 import org.gcube.common.resources.gcore.utils.XPathHelper;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.AuthorizedTasks;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.datatransfer.resolver.applicationprofile.GcubeQuery.FIELD_TYPE;
 import org.gcube.datatransfer.resolver.util.ScopeUtil;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.Query;
 import org.gcube.resources.discovery.client.queries.impl.QueryBox;
+import org.gcube.smartgears.ContextProvider;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 
@@ -80,16 +83,20 @@ public class ApplicationProfileReader {
 	 */
 	private ApplicationProfile readProfileFromInfrastrucure() {
 
-			String originalScope =  ScopeProvider.instance.get();
+		
-			ApplicationProfile appProf = new ApplicationProfile();
-			String queryString = GcubeQuery.getGcubeGenericResource(secondaryType, FIELD_TYPE.APP_ID, appId);
 
 		try {
 
-				originalScope = ScopeProvider.instance.get();
 			String discoveryScope = useRootScope?ScopeUtil.getInfrastructureNameFromScope(scope):scope;
-				ScopeProvider.instance.set(discoveryScope);
+
+			Secret secret = ContextProvider.get().container().configuration().authorizationProvider().getSecretForContext(discoveryScope);
+			
+			return AuthorizedTasks.executeSafely(new Callable<ApplicationProfile>() {
+
+				public ApplicationProfile call() throws Exception{
 					logger.info("Trying to fetch Generic Resource in the scope: "+discoveryScope+", SecondaryType: " + secondaryType + ", AppId: " +  appId);
+					ApplicationProfile appProf = new ApplicationProfile();
+					String queryString = GcubeQuery.getGcubeGenericResource(secondaryType, FIELD_TYPE.APP_ID, appId);
 					Query q = new QueryBox(queryString);
 					DiscoveryClient<String> client = client();
 					List<String> appProfile = client.submit(q);
@@ -146,21 +153,14 @@ public class ApplicationProfileReader {
 								throw new ApplicationProfileNotFoundException("Your ApplicationProfile URL was not found in the profile for Scope: " + scope.toString() +", consider adding <EndPoint><URL> element in <Body>");
 						}
 						else throw new ApplicationProfileNotFoundException("ApplicationProfile with SecondaryType: " + secondaryType + ", AppId: " +  appId +" in the scope: "+discoveryScope +" does not contain "+RESOURCE_PROFILE_BODY_END_POINT_URL +" property, please add it");
-
+					}
 					return appProf;
 				}
+			},secret);
 			
-		} catch (Exception e) {
+		} catch (Throwable e) {
 			logger.error("Error while trying to fetch applicationProfile profile from the infrastructure", e);
 			return null;
-		}finally{
-			if(originalScope!=null && !originalScope.isEmpty()){
-				ScopeProvider.instance.set(originalScope);
-				logger.info("scope provider set to orginal scope: "+originalScope);
-			}else{
-				ScopeProvider.instance.reset();
-				logger.info("scope provider reset");
-			}
 		}
 
 	}

src/main/java/org/gcube/datatransfer/resolver/caches/LoadingMapOfScopeCache.java

@@ -9,6 +9,7 @@ import java.util.concurrent.TimeUnit;
 
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.security.ContextBean;
 import org.gcube.datatransfer.resolver.catalogue.resource.GetAllInfrastructureScopes;
 import org.gcube.datatransfer.resolver.init.UriResolverSmartGearManagerInit;
 import org.slf4j.Logger;
@@ -31,28 +32,28 @@ import com.google.common.cache.RemovalNotification;
 public class LoadingMapOfScopeCache {
 
 	private static Logger logger = LoggerFactory.getLogger(LoadingMapOfScopeCache.class);
-	private static LoadingCache<String, ScopeBean> scopeNamesToFullScopes;
+	private static LoadingCache<String, ContextBean> scopeNamesToFullScopes;
 
 	static{
 
-		CacheLoader<String, ScopeBean> loader = new CacheLoader<String, ScopeBean>(){
+		CacheLoader<String, ContextBean> loader = new CacheLoader<String, ContextBean>(){
 
 			@Override
-			public ScopeBean load(String scopeName)
+			public ContextBean load(String scopeName)
 				throws Exception {
 
 				logger.info("Loading the cache for scope: {}",scopeName);
-				ScopeBean fullScope = loadFullScopeforScopeName(scopeName);
+				ContextBean fullScope = loadFullScopeforScopeName(scopeName);
 				logger.info("Returning {} for the Scope name: {}",ScopeBean.class.getSimpleName(), scopeName);
 				return fullScope;
 			}
 
 		};
 
-		RemovalListener<String, ScopeBean> removalListener = new RemovalListener<String, ScopeBean>() {
+		RemovalListener<String, ContextBean> removalListener = new RemovalListener<String, ContextBean>() {
 
 			@Override
-			public void onRemoval(RemovalNotification<String, ScopeBean> arg0) {
+			public void onRemoval(RemovalNotification<String, ContextBean> arg0) {
 
 				logger.debug("cache expired");
 				//prePopulateCache();
@@ -82,7 +83,7 @@ public class LoadingMapOfScopeCache {
 			Map<String, String> map = GetAllInfrastructureScopes.loadMapOfScopeNameToFullScope(UriResolverSmartGearManagerInit.getRootContextScope());
 			
 			for (String scopeName : map.keySet()) {
-				scopeNamesToFullScopes.asMap().put(scopeName, new ScopeBean(map.get(scopeName)));
+				scopeNamesToFullScopes.asMap().put(scopeName, new ContextBean(map.get(scopeName)));
 			}
 			
 			logger.info("Cache populated with: "+scopeNamesToFullScopes.asMap().toString());
@@ -102,7 +103,7 @@ public class LoadingMapOfScopeCache {
 	 * @return the scope bean
 	 * @throws ExecutionException the execution exception
 	 */
-	public static ScopeBean get(String scopeName) throws ExecutionException{
+	public static ContextBean get(String scopeName) throws ExecutionException{
 
 		return scopeNamesToFullScopes.get(scopeName);
 	}
@@ -114,9 +115,9 @@ public class LoadingMapOfScopeCache {
 	 * @param scopeName the scope name
 	 * @return the scope bean
 	 */
-	protected static ScopeBean loadFullScopeforScopeName(String scopeName){
+	protected static ContextBean loadFullScopeforScopeName(String scopeName){
 
-		ScopeBean fullScope = scopeNamesToFullScopes.getIfPresent(scopeName);
+		ContextBean fullScope = scopeNamesToFullScopes.getIfPresent(scopeName);
 
 		//THIS CHECK SHOULD NOT BE NEEDED
 		if(fullScope==null){
@@ -133,7 +134,7 @@ public class LoadingMapOfScopeCache {
 	 *
 	 * @return the cache
 	 */
-	public LoadingCache<String, ScopeBean> getCache(){
+	public LoadingCache<String, ContextBean> getCache(){
 		return scopeNamesToFullScopes;
 	}
 

src/main/java/org/gcube/datatransfer/resolver/catalogue/endpoint/CatalogueServiceEndpointReader.java

@@ -11,10 +11,11 @@ import java.util.List;
 import java.util.Map;
 
 import org.gcube.common.resources.gcore.ServiceEndpoint;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
 import org.gcube.datacatalogue.ckanutillibrary.server.DataCatalogueImpl;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
+import org.glassfish.jersey.message.filtering.spi.ScopeProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -53,7 +54,7 @@ public class CatalogueServiceEndpointReader {
 	 */
 	public static List<ServiceEndpoint> getConfigurationFromISFORCatalogueUrl() throws Exception{
 
-		logger.info("Searching SE "+RUNTIME_CATALOGUE_RESOURCE_NAME+" configurations in the scope: "+ScopeProvider.instance.get());
+		logger.info("Searching SE "+RUNTIME_CATALOGUE_RESOURCE_NAME+" configurations in the scope: "+SecretManagerProvider.instance.get().getContext());
 
 		SimpleQuery query = queryFor(ServiceEndpoint.class);
 		query.addCondition("$resource/Profile/Name/text() eq '"+ RUNTIME_CATALOGUE_RESOURCE_NAME +"'");
@@ -90,7 +91,7 @@ public class CatalogueServiceEndpointReader {
 	 * @return the catalogue url
 	 */
 	public static String getCatalogueUrl() {
-		String scope = ScopeProvider.instance.get();
+		String scope = SecretManagerProvider.instance.get().getContext();
 		logger.debug("Getting Catalogue URL for scope: "+scope +" read from CacheCkanDataCatalogue");
 		String catalogueURLForScope = cacheCkanDataCatalogue.get(scope);
 
@@ -99,7 +100,7 @@ public class CatalogueServiceEndpointReader {
 
 			try{
 				logger.debug("Instancing again the scope provider with scope value: "+scope);
-				ScopeProvider.instance.set(scope);
+				
 				DataCatalogueImpl utilCKAN = new DataCatalogueImpl(scope);
 				catalogueURLForScope = utilCKAN.getCatalogueUrl();
 				if(catalogueURLForScope==null)
@@ -124,7 +125,7 @@ public class CatalogueServiceEndpointReader {
 	 * @throws Exception
 	 */
 	public static DataCatalogueImpl getDataCatalogueImpl() throws Exception {
-		String scope = ScopeProvider.instance.get();
+		String scope = SecretManagerProvider.instance.get().getContext();
 		return new DataCatalogueImpl(scope);
 	}
 

src/main/java/org/gcube/datatransfer/resolver/catalogue/resource/ApplicationProfileReaderForCatalogueResolver.java

@@ -15,7 +15,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.apache.log4j.Logger;
 import org.gcube.common.resources.gcore.utils.XPathHelper;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
 import org.gcube.datatransfer.resolver.applicationprofile.ApplicationProfileNotFoundException;
 import org.gcube.datatransfer.resolver.applicationprofile.GcubeQuery;
 import org.gcube.datatransfer.resolver.applicationprofile.GcubeQuery.FIELD_TYPE;
@@ -85,13 +85,13 @@ public class ApplicationProfileReaderForCatalogueResolver {
 		String queryString = GcubeQuery.getGcubeGenericResource(secondaryType, FIELD_TYPE.RESOURCE_NAME, resourceName);
 
 		try {
-			logger.info("Trying to fetch ApplicationProfile in the scope: "+ScopeProvider.instance.get()+", SecondaryType: " + secondaryType + ", ResourceName: " +  resourceName);
+			logger.info("Trying to fetch ApplicationProfile in the scope: "+SecretManagerProvider.instance.get().getContext()+", SecondaryType: " + secondaryType + ", ResourceName: " +  resourceName);
 			Query q = new QueryBox(queryString);
 			DiscoveryClient<String> client = client();
 			List<String> appProfile = client.submit(q);
 
 			if (appProfile == null || appProfile.size() == 0)
-				throw new ApplicationProfileNotFoundException("ApplicationProfile with SecondaryType: " + secondaryType + ", ResourceName: " +  resourceName +" is not registered in the scope: "+ScopeProvider.instance.get());
+				throw new ApplicationProfileNotFoundException("ApplicationProfile with SecondaryType: " + secondaryType + ", ResourceName: " +  resourceName +" is not registered in the scope: "+SecretManagerProvider.instance.get().getContext());
 			else {
 				try{
 					String elem = appProfile.get(0);

src/main/java/org/gcube/datatransfer/resolver/catalogue/resource/CkanCatalogueConfigurationsReader.java

@@ -17,7 +17,7 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.gcube.common.resources.gcore.utils.XPathHelper;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
 import org.gcube.datacatalogue.ckanutillibrary.server.DataCatalogueImpl;
 import org.gcube.datacatalogue.ckanutillibrary.server.DataCatalogueRunningCluster.ACCESS_LEVEL_TO_CATALOGUE_PORTLET;
 import org.gcube.datatransfer.resolver.applicationprofile.ApplicationProfileNotFoundException;
@@ -60,7 +60,7 @@ public class CkanCatalogueConfigurationsReader {
 	 */
 	public static GatewayCKANCatalogueReference loadCatalogueEndPoints() throws Exception{
 		GatewayCKANCatalogueReference links = new GatewayCKANCatalogueReference();
-		links.setScope(ScopeProvider.instance.get());
+		links.setScope(SecretManagerProvider.instance.get().getContext());
 
 		DataCatalogueImpl catalogueImpl = CatalogueServiceEndpointReader.getDataCatalogueImpl();
 
@@ -95,7 +95,7 @@ public class CkanCatalogueConfigurationsReader {
 			String ckanPortletURL = catalogueImpl.getCatalogueUrl();
 			links.setCkanURL(ckanPortletURL);
 		}catch(Exception e){
-			logger.warn("Erron on getting CKAN Porlet URL for scope: "+ScopeProvider.instance.get(), e);
+			logger.warn("Erron on getting CKAN Porlet URL for scope: {} ",SecretManagerProvider.instance.get().getContext(), e);
 		}
 
 		return links;
@@ -134,7 +134,7 @@ public class CkanCatalogueConfigurationsReader {
 	 */
 	protected static String getPortletUrlForScopeFromIS() throws Exception {
 
-		String scope = ScopeProvider.instance.get();
+		String scope = SecretManagerProvider.instance.get().getContext();
 		logger.debug("Trying to fetch applicationProfile profile from the infrastructure for " +
 			APPLICATION_PROFILE_NAME + " scope: " + scope);
 		try {
@@ -178,7 +178,7 @@ public class CkanCatalogueConfigurationsReader {
 	 *
 	 * @param args the arguments
 	 */
-	public static void main(String[] args) {
+	/*public static void main(String[] args) {
 
 		ScopeProvider.instance.set("/gcube/devsec/devVRE");
 		try {
@@ -189,5 +189,5 @@ public class CkanCatalogueConfigurationsReader {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
-	}
+	}*/
 }

src/main/java/org/gcube/datatransfer/resolver/catalogue/resource/GetAllInfrastructureScopes.java

@@ -3,17 +3,13 @@ import static org.gcube.resources.discovery.icclient.ICFactory.client;
 
 import java.io.StringReader;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.gcube.common.resources.gcore.utils.XPathHelper;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
-import org.gcube.common.scope.impl.ScopeBean;
-import org.gcube.common.scope.impl.ScopeBean.Type;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.Query;
 import org.gcube.resources.discovery.client.queries.impl.QueryBox;
@@ -45,12 +41,10 @@ public class GetAllInfrastructureScopes {
 	 * @return the map of binding between (VRE_NAME, FULL_SCOPE_OF_VRE_NAME)
 	 * @throws Exception the exception
 	 */
-	public static Map<String, String> loadMapOfScopeNameToFullScope(String rootScope) throws Exception{
+	/*public static Map<String, String> loadMapOfScopeNameToFullScope(String rootScope) throws Exception{
 
-		String originalScope = 	ScopeProvider.instance.get();
 		
 		try{
-			ScopeBean scopeBean = null;
 			Map<String, String> scopeNameToFullScopeMap = new HashMap<String,String>();
 			ScopeProvider.instance.set(rootScope);
 			String secondaryType = Type.INFRASTRUCTURE.name();
@@ -91,7 +85,7 @@ public class GetAllInfrastructureScopes {
 			for (String vreName : vreNameFullScope.keySet()) {
 				System.out.println("VRE Name: "+vreName + " has scope: "+vreNameFullScope.get(vreName));
 			}*/
-
+/*
 			logger.info("Total VRE is: "+scopeNameToFullScopeMap.size());
 			return scopeNameToFullScopeMap;
 
@@ -104,7 +98,7 @@ public class GetAllInfrastructureScopes {
 			}else
 				ScopeProvider.instance.reset();
 		}
-	}
+	}*/
 
 
 	/**
@@ -121,7 +115,7 @@ public class GetAllInfrastructureScopes {
 		List<String> listResourceName = new ArrayList<String>();
 
 		try {
-			logger.info("Trying to fetch GenericResource in the scope: "+ScopeProvider.instance.get()+", SecondaryType: " + secondaryType);
+			logger.info("Trying to fetch GenericResource in the scope: {} , SecondaryType: {} ",SecretManagerProvider.instance.get().getContext(), secondaryType);
 			Query q = new QueryBox(queryString);
 			DiscoveryClient<String> client = client();
 			List<String> listGenericResources = client.submit(q);
@@ -129,7 +123,7 @@ public class GetAllInfrastructureScopes {
 			logger.info("# of GenericResource returned are: "+listGenericResources.size());
 
 			if (listGenericResources == null || listGenericResources.size() == 0)
-				throw new Exception("GenericResource with SecondaryType: " + secondaryType + ", is not registered in the scope: "+ScopeProvider.instance.get());
+				throw new Exception("GenericResource with SecondaryType: " + secondaryType + ", is not registered in the scope: "+SecretManagerProvider.instance.get().getContext());
 			else {
 
 
@@ -146,7 +140,7 @@ public class GetAllInfrastructureScopes {
 								listResourceName.add(resourceNames.get(0));
 
 						}catch(Exception e){
-							throw new Exception("Error during parsing the generic resource: "+genericResource + " in the scope: "+ScopeProvider.instance.get());
+							throw new Exception("Error during parsing the generic resource: "+genericResource + " in the scope: "+SecretManagerProvider.instance.get().getContext());
 						}
 					}
 
@@ -175,7 +169,7 @@ public class GetAllInfrastructureScopes {
 		List<String> listOfVOScopes = new ArrayList<String>();
 
 		try {
-			logger.info("Trying to fetch GenericResource in the scope: "+ScopeProvider.instance.get()+", SecondaryType: " + secondaryType);
+			logger.info("Trying to fetch GenericResource in the scope: {}, SecondaryType: {} ",SecretManagerProvider.instance.get().getContext(), secondaryType);
 			Query q = new QueryBox(queryString);
 			DiscoveryClient<String> client = client();
 			List<String> listGenericResources = client.submit(q);
@@ -183,7 +177,7 @@ public class GetAllInfrastructureScopes {
 			logger.info("# of GenericResource returned searching for secondaryType= "+secondaryType+" is/are: "+listGenericResources.size());
 
 			if (listGenericResources == null || listGenericResources.size() == 0)
-				throw new Exception("GenericResource with SecondaryType: " + secondaryType + ", is not registered in the scope: "+ScopeProvider.instance.get());
+				throw new Exception("GenericResource with SecondaryType: " + secondaryType + ", is not registered in the scope: "+SecretManagerProvider.instance.get().getContext());
 			else {
 
 
@@ -205,7 +199,7 @@ public class GetAllInfrastructureScopes {
 							}
 
 						}catch(Exception e){
-							throw new Exception("Error during parsing the generic resource: "+genericResource + " in the scope: "+ScopeProvider.instance.get());
+							throw new Exception("Error during parsing the generic resource: "+genericResource + " in the scope: "+SecretManagerProvider.instance.get().getContext());
 						}
 					}
 

src/main/java/org/gcube/datatransfer/resolver/catalogue/resource/UpdateApplicationProfileCatalogueResolver.java

@@ -8,6 +8,7 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.StringWriter;
 import java.util.List;
+import java.util.Map;
 
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -20,11 +21,18 @@ import org.gcube.common.resources.gcore.GenericResource;
 import org.gcube.common.resources.gcore.Resource;
 import org.gcube.common.resources.gcore.Resources;
 import org.gcube.common.resources.gcore.utils.XPathHelper;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.AuthorizedTasks;
+import org.gcube.common.security.Owner;
+import org.gcube.common.security.secrets.CredentialSecret;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.datatransfer.resolver.applicationprofile.ApplicationProfileNotFoundException;
 import org.gcube.datatransfer.resolver.util.ScopeUtil;
 import org.gcube.informationsystem.publisher.RegistryPublisherFactory;
 import org.gcube.informationsystem.publisher.ScopedPublisher;
+import org.gcube.informationsystem.publisher.exception.RegistryNotFoundException;
+import org.gcube.smartgears.ContextProvider;
+import org.gcube.smartgears.context.application.ApplicationContext;
+import org.glassfish.jersey.message.filtering.spi.ScopeProvider;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -51,7 +59,7 @@ public class UpdateApplicationProfileCatalogueResolver {
 	 */
 	public static boolean validateEndPoint(String scopeToInstanceResolver, String VRE, String fullScope) throws ApplicationProfileNotFoundException {
 
-		String originalScope = ScopeProvider.instance.get();
+		//String originalScope = ScopeProvider.instance.get();
 		logger.info("Checking if the VRE_NAME: "+VRE+" exists into Application Profile: "+ApplicationProfileReaderForCatalogueResolver.RESOURCE_NAME+" using scope: "+scopeToInstanceResolver);
 		ApplicationProfileReaderForCatalogueResolver appPrCatResolver = new ApplicationProfileReaderForCatalogueResolver(scopeToInstanceResolver, true);
 		Element root = appPrCatResolver.getRootDocument();
@@ -86,25 +94,25 @@ public class UpdateApplicationProfileCatalogueResolver {
 			logger.debug("Updated resource: \n"+result.getWriter().toString());
 
 			String discoveryScope = useRootScope?ScopeUtil.getInfrastructureNameFromScope(scopeToInstanceResolver):scopeToInstanceResolver;
-			ScopeProvider.instance.set(discoveryScope);
 
+			ApplicationContext ctx = ContextProvider.get();
+			Secret secret = ctx.container().configuration().authorizationProvider().getSecretForContext(discoveryScope);
+
+			AuthorizedTasks.executeSafely(() -> {
 				ScopedPublisher rp=RegistryPublisherFactory.scopedPublisher();
 				Resource resource = toResource(result);
+				try {
 					rp.update(resource);
+				}catch(RegistryNotFoundException e) {
+					throw new RuntimeException(e);
+				}
+			}, secret);
 			logger.info("Application Profile: "+ApplicationProfileReaderForCatalogueResolver.RESOURCE_NAME+" updated on IS successfully using scope: "+discoveryScope);
 			return true;
 		}
 		catch (Exception e) {
 			logger.error("Error ", e);
 			throw new ApplicationProfileNotFoundException("Error during parsing application profile with resource name: " +ApplicationProfileReaderForCatalogueResolver.RESOURCE_NAME + " in the scope: " + scopeToInstanceResolver);
-		}finally{
-			if(originalScope!=null){
-				ScopeProvider.instance.set(originalScope);
-				logger.info("scope provider set to orginal scope: "+originalScope);
-			}else{
-				ScopeProvider.instance.reset();
-				logger.info("scope provider reset");
-			}
 		}
 	}
 

src/main/java/org/gcube/datatransfer/resolver/gis/GeoRuntimeReader.java

@@ -8,16 +8,19 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
 
 import java.util.Iterator;
 import java.util.List;
+import java.util.concurrent.Callable;
 
 import org.gcube.common.encryption.StringEncrypter;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.Property;
 import org.gcube.common.resources.gcore.utils.Group;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.AuthorizedTasks;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.datatransfer.resolver.gis.entity.ServerParameters;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
+import org.gcube.smartgears.ContextProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -53,14 +56,16 @@ public class GeoRuntimeReader {
 	 * @throws Exception the exception
 	 */
 	private ServerParameters getParameters(String scope, GEO_SERVICE geoservice) throws Exception{
-		String originalScope =  ScopeProvider.instance.get();
+		
-		ServerParameters parameters = new ServerParameters();
 		try{
 
 			boolean isGeoserver = geoservice.equals(GEO_SERVICE.GEOSERVER);
 			String resourceName = isGeoserver ? GEOSERVER_RESOURCE_NAME : GEONETWORK_RESOURCE_NAME;
-			ScopeProvider.instance.set(scope);
+			Secret secret = ContextProvider.get().container().configuration().authorizationProvider().getSecretForContext(scope);
 			
+			return AuthorizedTasks.executeSafely(new Callable<ServerParameters>() {
+				public ServerParameters call() throws Exception{
+					ServerParameters parameters = new ServerParameters();
 					SimpleQuery query = queryFor(ServiceEndpoint.class);
 					query.addCondition("$resource/Profile/Name/string() eq '"+resourceName+"'");
 
@@ -101,21 +106,15 @@ public class GeoRuntimeReader {
 							}
 						}
 					}
-
-		}catch (Exception e) {
-			logger.error("Sorry, an error occurred on reading parameters in Runtime Resources",e);
-		}finally{
-			if(originalScope!=null){
-				ScopeProvider.instance.set(originalScope);
-				logger.info("scope provider set to orginal scope: "+originalScope);
-			}else{
-				ScopeProvider.instance.reset();
-				logger.info("scope provider reset");
-			}
-		}
-
 					return parameters;
 				}
+			}, secret);
+		}catch (Throwable e) {
+			logger.error("Sorry, an error occurred on reading parameters in Runtime Resources",e);
+			return new ServerParameters();
+		}
+
+	}
 
 	/**
 	 * Retrieve gis parameters.

src/main/java/org/gcube/datatransfer/resolver/gis/GeonetworkInstance.java

@@ -1,7 +1,11 @@
 package org.gcube.datatransfer.resolver.gis;
 
-import org.gcube.common.scope.api.ScopeProvider;
+import java.util.concurrent.Callable;
+
+import org.gcube.common.security.AuthorizedTasks;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.datatransfer.resolver.gis.exception.GeonetworkInstanceException;
+import org.gcube.smartgears.ContextProvider;
 import org.gcube.spatial.data.geonetwork.GeoNetwork;
 import org.gcube.spatial.data.geonetwork.GeoNetworkPublisher;
 import org.gcube.spatial.data.geonetwork.LoginLevel;
@@ -48,31 +52,25 @@ public class GeonetworkInstance {
 		this.scope = scope;
 		this.level = level;
 		this.type = type;
-		String originalScope =  ScopeProvider.instance.get();
+		Secret secret = ContextProvider.get().container().configuration().authorizationProvider().getSecretForContext(this.scope);
 		logger.debug("Instancing  GeonetworkInstance with scope: "+scope + ", authenticate: "+authenticate +", login level: "+level);
 		try {
-			ScopeProvider.instance.set(scope);
+			AuthorizedTasks.executeSafely( new Callable<Void>() {
-			logger.info("setting scope "+scope);
+				public Void call() throws Exception {
 					createInstanceGeonetworkPublisher(authenticate, level);
-			this.config = geonetworkPublisher.getConfiguration();
+					config = geonetworkPublisher.getConfiguration();
-			this.version = this.config.getGeoNetworkVersion();
+					version = config.getGeoNetworkVersion();
-			this.endPoint = this.config.getGeoNetworkEndpoint();
+					endPoint = config.getGeoNetworkEndpoint();
-			if(this.type!=null){
+					if(type!=null)
-				this.account=config.getScopeConfiguration().getAccounts().get(this.type);
+						account=config.getScopeConfiguration().getAccounts().get(type);
+					return null;
 				}
+			}, secret );
 			//logger.info("Admin: "+config.getAdminAccount().getUser()+", Pwd: "+config.getAdminAccount().getPassword());
-		} catch (Exception e) {
+		} catch (Throwable e) {
 			String message = "Sorry, an error occurred in instancing geonetwork";
 			logger.warn(message, e);
 			throw new GeonetworkInstanceException(message);
-		}finally{
-			if(originalScope!=null){
-				ScopeProvider.instance.set(originalScope);
-				logger.info("scope provider set to orginal scope: "+originalScope);
-			}else{
-				ScopeProvider.instance.reset();
-				logger.info("scope provider reset");
-			}
 		}
 	}
 

src/main/java/org/gcube/datatransfer/resolver/requesthandler/RequestHandler.java

@@ -19,10 +19,10 @@ import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.ext.Provider;
 
-import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
-import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.datatransfer.resolver.ConstantsResolver;
 import org.gcube.datatransfer.resolver.UriResolverServices;
+import org.gcube.smartgears.ContextProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -62,11 +62,9 @@ public class RequestHandler implements ContainerRequestFilter, ContainerResponse
     public void filter(ContainerRequestContext reqContext) throws IOException {
     	log.info(RequestHandler.class.getSimpleName() +" Request called");
     	
-    	if(SecurityTokenProvider.instance.get()==null)
+    	if(SecretManagerProvider.instance.get()==null)
-    		SecurityTokenProvider.instance.set(context.getInitParameter(ROOT_APP_TOKEN));
+    		SecretManagerProvider.instance.set(ContextProvider.get().container().configuration().authorizationProvider().getSecretForContext(context.getInitParameter(ROOT_APP_TOKEN)));
 
-    	if(ScopeProvider.instance.get()==null)
-    		ScopeProvider.instance.set(context.getInitParameter(ROOT_SCOPE));
     	
     	log.info("Token and Scope Provider set called");
 
@@ -172,8 +170,7 @@ public class RequestHandler implements ContainerRequestFilter, ContainerResponse
 	public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
 			throws IOException {
 		log.info(RequestHandler.class.getSimpleName() +" Response called");
-		SecurityTokenProvider.instance.reset();
+		SecretManagerProvider.instance.reset();
-		ScopeProvider.instance.reset();
 		log.info("Token and Scope Provider reset called");
 
 	}

src/main/java/org/gcube/datatransfer/resolver/services/AnalyticsCreateResolver.java

@@ -3,7 +3,6 @@
  */
 package org.gcube.datatransfer.resolver.services;
 
-import static org.gcube.common.authorization.client.Constants.authorizationService;
 import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
 import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
 
@@ -16,6 +15,7 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.Callable;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
@@ -29,16 +29,17 @@ import javax.ws.rs.core.Response;
 import javax.xml.bind.JAXBException;
 
 import org.apache.commons.io.IOUtils;
-import org.gcube.common.authorization.library.AuthorizationEntry;
-import org.gcube.common.authorization.library.provider.ClientInfo;
-import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.encryption.StringEncrypter;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.Property;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.AuthorizedTasks;
-import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.security.ContextBean;
-import org.gcube.common.scope.impl.ScopeBean.Type;
+import org.gcube.common.security.ContextBean.Type;
+import org.gcube.common.security.Owner;
+import org.gcube.common.security.providers.SecretManagerProvider;
+import org.gcube.common.security.secrets.GCubeSecret;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.common.storagehub.model.Metadata;
 import org.gcube.data.analysis.dminvocation.ActionType;
 import org.gcube.data.analysis.dminvocation.DataMinerInvocationManager;
@@ -49,7 +50,7 @@ import org.gcube.datatransfer.resolver.util.ScopeUtil;
 import org.gcube.datatransfer.resolver.util.Util;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
-import org.gcube.storagehub.ApplicationMode;
+import org.gcube.smartgears.ContextProvider;
 import org.gcube.storagehub.StorageHubManagement;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -104,7 +105,7 @@ public class AnalyticsCreateResolver {
 		try {
 			logger.info("body is: " + body);
 
-			DataMinerInvocation jsonRequest = null;
+			final DataMinerInvocation jsonRequest;
 			try {
 
 				jsonRequest = DataMinerInvocationManager.getInstance().unmarshalingJSON(IOUtils.toInputStream(body),
@@ -119,7 +120,7 @@ public class AnalyticsCreateResolver {
 			logger.debug("The body contains the request: " + jsonRequest.toString());
 
 
-			String scope = ScopeProvider.instance.get();
+			String scope = SecretManagerProvider.instance.get().getContext();
 			// logger.info("SecurityTokenProvider contextToken: "+contextToken);
 			logger.info("ScopeProvider has scope: " + scope);
 
@@ -139,7 +140,7 @@ public class AnalyticsCreateResolver {
 						helpURI);
 			}
 
-			ScopeBean scopeBean = new ScopeBean(scope);
+			ContextBean scopeBean = new ContextBean(scope);
 			if (scopeBean.is(Type.INFRASTRUCTURE) || scopeBean.is(Type.VO)) {
 				logger.error(Type.INFRASTRUCTURE + "or " + Type.VO + " scope detected, you must set a scope of VRE");
 				throw ExceptionManager.unauthorizedException(req,
@@ -157,42 +158,39 @@ public class AnalyticsCreateResolver {
 				if (jsonRequest.getActionType() == null)
 					jsonRequest.setActionType(ActionType.RUN);
 
-				File tempInvocationFile = null;
 				try {
 
-					String contextToken = SecurityTokenProvider.instance.get();
 					String xmlRequest = DataMinerInvocationManager.getInstance().marshalingXML(jsonRequest, true, true);
 					String uniqueName = createDMInvocationFileName(jsonRequest.getOperatorId());
-					tempInvocationFile = createTempFile(uniqueName, ".xml", xmlRequest.getBytes());
-					logger.info("Created StorageHubClient Instance, uploading file: " + tempInvocationFile.getName());
 					
-					AuthorizationEntry entry = authorizationService().get(contextToken);
+					
+
 					// retrieve the info of the token owner
-					ClientInfo clientInfo = entry.getClientInfo();
+					Owner clientInfo = SecretManagerProvider.instance.get().getOwner();
 					String owner = clientInfo.getId(); // IS THIS THE USERNAME?
 
-					String infra = ScopeUtil.getInfrastructureNameFromScope(ScopeProvider.instance.get());
+					String infra = ScopeUtil.getInfrastructureNameFromScope(scope);
 					String theAppToken = readApplicationTokenFromSE(req, infra);
 
 					logger.info("By using infra scope: " + infra + " and the Application Token: "
 							+ theAppToken.substring(0, theAppToken.length() / 2) + "... of "
 							+ ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + " to instance the "
 							+ StorageHubManagement.class.getSimpleName());
-					ScopeProvider.instance.set(infra);
-					ApplicationMode applicationMode = new ApplicationMode(theAppToken);
-					applicationMode.start();
 
+					publicLinkToDMInvFile = AuthorizedTasks.executeSafely(new Callable<String>() {
+						public String call() throws Exception{
 							StorageHubManagement storageHubManagement = new StorageHubManagement();
 							Metadata metadata = new Metadata();
 							Map<String, Object> theMap = new HashMap<String, Object>();
 							theMap.put("owner", owner);
 							metadata.setMap(theMap);
 							URL thePublicLink = null;
+							File tempInvocationFile = createTempFile(uniqueName, ".xml", xmlRequest.getBytes());
 							try {
 								
+								logger.info("Created StorageHubClient Instance, uploading file: " + tempInvocationFile.getName());
 								logger.info("Saving dataminer-invocation file for the user: " + owner);
-						thePublicLink = storageHubManagement.persistFile(new FileInputStream(tempInvocationFile),
+								thePublicLink = storageHubManagement.persistFile(new FileInputStream(tempInvocationFile), tempInvocationFile.getName(), "application/xml", metadata);
-								tempInvocationFile.getName(), "application/xml", metadata);
 								logger.info("Saved dataminer-invocation file at: " + thePublicLink);
 							} catch (Exception e) {
 								logger.error("Error when storing your 'dataminer-invocation':", e);
@@ -201,22 +199,7 @@ public class AnalyticsCreateResolver {
 										req, "Error when storing your 'dataminer-invocation' request with "
 												+ jsonRequest + ". \nPlease contact the support",
 												this.getClass(), helpURI);
-					}
-
-					publicLinkToDMInvFile = thePublicLink != null ? thePublicLink.toString() : null;
-				} catch (Exception e) {
-
-					if (e instanceof InternalServerException) {
-						// error during storing the file via StorageHubManagent
-						throw e;
-					}
-					logger.error("Error on creating 'dataminer-invocation:", e);
-					throw ExceptionManager.badRequestException(req,
-							"Error on creating your 'dataminer-invocation' request with " + jsonRequest
-									+ ". \nPlease contact the support",
-							this.getClass(), helpURI);
 							} finally {
-					// No needed to reset the scope, it is provided by TokenSetter
 								try {
 									// DELETING THE TEMP FILE
 									if (tempInvocationFile != null && tempInvocationFile.exists())
@@ -226,6 +209,26 @@ public class AnalyticsCreateResolver {
 								}
 							}
 
+							return thePublicLink != null ? thePublicLink.toString() : null;
+
+						}
+					}, new GCubeSecret(theAppToken));
+
+
+
+				} catch (Throwable e) {
+
+					if (e instanceof InternalServerException) {
+						// error during storing the file via StorageHubManagent
+						throw new WebApplicationException(e);
+					}
+					logger.error("Error on creating 'dataminer-invocation:", e);
+					throw ExceptionManager.badRequestException(req,
+							"Error on creating your 'dataminer-invocation' request with " + jsonRequest
+							+ ". \nPlease contact the support",
+							this.getClass(), helpURI);
+				} 
+
 				if (publicLinkToDMInvFile == null) {
 					logger.error("Error on creating the public link to file");
 					throw ExceptionManager.badRequestException(req,
@@ -272,13 +275,15 @@ public class AnalyticsCreateResolver {
 	 */
 	private static String readApplicationTokenFromSE(HttpServletRequest req, String scope) {
 
-		String callerScope = null;
-		String gCubeAppToken = null;
 		try {
-			callerScope = ScopeProvider.instance.get();
+			Secret secret = ContextProvider.get().container().configuration().authorizationProvider().getSecretForContext(scope);
-			ScopeProvider.instance.set(scope);
+			return AuthorizedTasks.executeSafely(new Callable<String>() {
+				public String call() throws Exception{
+
+					String gCubeAppToken = null;
+
 					logger.info("Searching SE " + ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + " configurations in the scope: "
-					+ ScopeProvider.instance.get());
+							+ scope);
 
 					SimpleQuery query = queryFor(ServiceEndpoint.class);
 					query.addCondition("$resource/Profile/Name/text() eq '" + ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + "'");
@@ -291,7 +296,7 @@ public class AnalyticsCreateResolver {
 
 					if (toReturn.size() == 0) {
 						String errorMessage = "No " + ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + " registered in the scope: "
-						+ ScopeProvider.instance.get();
+								+ scope;
 						logger.error(errorMessage);
 						throw ExceptionManager.internalErrorException(req, errorMessage, AnalyticsCreateResolver.class,
 								helpURI);
@@ -319,32 +324,26 @@ public class AnalyticsCreateResolver {
 								+ ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + " SE: "
 								+ decryptedPassword.substring(0, decryptedPassword.length() / 2) + "....");
 						return decryptedPassword;
-			}
+					} else {
-
 						String errorMessage = "No " + GCUBE_TOKEN + " as Property saved in the "
 								+ ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME + " SE registered in the scope: "
-					+ ScopeProvider.instance.get();
+								+ scope;
 						logger.error(errorMessage);
-			throw ExceptionManager.internalErrorException(req, errorMessage, AnalyticsCreateResolver.class, helpURI);
+						throw new Exception(errorMessage);
+					}
 					
-		} catch (Exception e) {
+				}
+			}, secret);
+			
+		} catch (Throwable e) {
 			String errorMessage = "Error occurred on reading the " + ANALYTICS_RESOLVER_SERVICE_ENDPOINT_NAME
-					+ " SE registered in the scope: " + ScopeProvider.instance.get();
+					+ " SE registered in the scope: " + scope;
 			logger.error(errorMessage, e);
 			throw ExceptionManager.internalErrorException(req, errorMessage, AnalyticsCreateResolver.class, helpURI);
 
-		} finally {
-			if (callerScope != null) {
-				logger.info("Setting to the callerScope scope: " + callerScope);
-				ScopeProvider.instance.set(callerScope);
-			} else {
-				logger.info("Reset scope");
-				ScopeProvider.instance.reset();
 		} 
 	}
 
-	}
-
 	/**
 	 * Creates the temp file.
 	 *

src/main/java/org/gcube/datatransfer/resolver/services/AnalyticsGetResolver.java

@@ -15,6 +15,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
 import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.security.ContextBean;
 import org.gcube.datatransfer.resolver.applicationprofile.ApplicationProfileReader;
 import org.gcube.datatransfer.resolver.caches.LoadingMapOfScopeCache;
 import org.gcube.datatransfer.resolver.services.error.ExceptionManager;
@@ -70,7 +71,7 @@ public class AnalyticsGetResolver {
 						this.getClass(), helpURI);
 			}
 
-			ScopeBean fullScopeBean = null;
+			ContextBean fullScopeBean = null;
 
 			// CHECKING IF THE INPUT VRE NAME IS REGISTRED IN THE INFRASTRUCTURE...
 			try {

src/main/java/org/gcube/datatransfer/resolver/services/OatResolver.java

@@ -13,9 +13,9 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
-import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.UserInfo;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.security.providers.SecretManagerProvider;
+import org.gcube.common.security.secrets.Secret;
 import org.gcube.datatransfer.resolver.services.error.ExceptionManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,13 +50,14 @@ public class OatResolver {
 
 		try {
 			
-			String scope = ScopeProvider.instance.get();
+			Secret currentSecret =  SecretManagerProvider.instance.get();
-			LOG.info("ScopeProvider has scope: " + scope);
+			
-			String username = AuthorizationProvider.instance.get().getClient().getId();
+			LOG.info("ScopeProvider has scope: {} ", currentSecret.getContext());
-			UserInfo userInfo = new UserInfo(username, new ArrayList<>());
+			
-			String userToken = authorizationService().generateUserToken(userInfo, scope);
+			UserInfo userInfo = new UserInfo(currentSecret.getOwner().getId(), new ArrayList<>());
+			String userToken = authorizationService().generateUserToken(userInfo, currentSecret.getContext());
 			String msgToken = userToken.substring(0, 10) + "_MASKED_TOKEN";
-			LOG.info("returning legacy token {} for user {}", msgToken, username);
+			LOG.info("returning legacy token {} for user {}", msgToken, currentSecret.getOwner().getId());
 			return Response.ok(userToken).build();
 		} catch (Exception e) {
 			LOG.error("Exception:", e);