From f634c525efc033ebabb108e6997a716e5eaa997d Mon Sep 17 00:00:00 2001
From: Massimiliano Assante <massimiliano.assante@isti.cnr.it>
Date: Wed, 3 Feb 2021 18:19:53 +0100
Subject: [PATCH] Now the workspace creation is done with the UMA Token

---
 ...se.wst.common.project.facet.core.prefs.xml |  7 +++++
 ....eclipse.wst.common.project.facet.core.xml |  1 +
 .../WorkspaceCreateAccountThread.java         | 27 ++++++++++++++++++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 .settings/org.eclipse.wst.common.project.facet.core.prefs.xml

diff --git a/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
new file mode 100644
index 0000000..cc81385
--- /dev/null
+++ b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
@@ -0,0 +1,7 @@
+<root>
+  <facet id="jst.jaxrs">
+    <node name="libprov">
+      <attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
+    </node>
+  </facet>
+</root>
diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
index a2e86a5..79af1c2 100644
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -5,4 +5,5 @@
   <installed facet="liferay.hook" version="6.0"/>
   <installed facet="wst.jsdt.web" version="1.0"/>
   <installed facet="java" version="1.8"/>
+  <installed facet="jst.jaxrs" version="2.0"/>
 </faceted-project>
diff --git a/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java b/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java
index e7bf766..0a12d77 100644
--- a/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java
+++ b/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java
@@ -3,10 +3,14 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
+
 import static org.gcube.common.authorization.client.Constants.authorizationService;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.dsl.StorageHubClient;
+import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.UserManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@@ -30,7 +34,9 @@ public class WorkspaceCreateAccountThread implements Runnable {
 
 	@Override
 	public void run() {
+
 		getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
+
 	}
 	public static void getWS(String currentUsername, String context) {
 		String username = currentUsername;
@@ -38,6 +44,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
 		SecurityTokenProvider.instance.set(authorizationToken);
 		ScopeProvider.instance.set(context);
 		String previousToken = authorizationToken;
+		String previousUMAToken = UmaJWTProvider.instance.get();
 		try {					
 			//get the super user
 			String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
@@ -52,6 +59,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
 			}
 			else {
 				GCubeUser theAdmin = users.get(0);
+				_log.debug("Using admin user: " + theAdmin.getUsername() + " to trigger ws creation for new user: " + username);
 				String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
 				List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);			
 				List<String> rolesString = new ArrayList<String>();
@@ -59,10 +67,27 @@ public class WorkspaceCreateAccountThread implements Runnable {
 					rolesString.add(gCubeRole.getRoleName());
 				}
 				authorizationService().setTokenRoles(theAdminToken, rolesString);
+				_log.debug("setTokenRoles performed on context: " + infraContext + " with token" + theAdminToken + " ("+rolesString+")");
 				SecurityTokenProvider.instance.set(theAdminToken);
+				OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
+				_log.info("\n\n\n*** new authorizationService PortalClient UMA-Token In ThreadLocal done  ****\n\n");
 				StorageHubClient shc = new StorageHubClient();
-				shc.createUserAccount(currentUsername);
+				try {
+					shc.createUserAccount(currentUsername);
+				}
+				catch (UserNotAuthorizedException e) {
+					_log.error("shub.createUserAccount failed for "+username + " trying with super mega admin ...");
+					theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, "lucio.lelii");
+					SecurityTokenProvider.instance.set(theAdminToken);
+					 shc = new StorageHubClient();
+					 shc.createUserAccount(currentUsername);
+					SecurityTokenProvider.instance.set(previousToken);
+					UmaJWTProvider.instance.set(previousUMAToken);
+					_log.info("shub.createUserAccount performed for "+username + " with super mega admin (Hopefully)");
+				}
+				_log.debug("shub.createUserAccount completed for "+username);
 				SecurityTokenProvider.instance.set(previousToken);
+				UmaJWTProvider.instance.set(previousUMAToken);
 			}
 		}
 		catch (Exception e) {