Merge pull request '1.0.0' (#6) from 1.0.0 into master

Reviewed-on: #6
3 years ago · 5ee6f5e5bc
parent eded8fcba1 17145a9433
commit 5ee6f5e5bc
3 changed files with 21 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 ## [v1.0.0] 
 Integration with new IAM
 Security Fixes
+Fixes [#21537]


 ## [v0.2.5]
--- a/pom.xml
+++ b/pom.xml
@ -51,6 +51,10 @@
 			<artifactId>storagehub-client-library</artifactId>
 		</dependency>

+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>authorization-client</artifactId>
+		</dependency>

 		<dependency>
 			<groupId>org.gcube.data.transfer</groupId>
--- a/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/security/Security.java
+++ b/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/security/Security.java
@ -1,12 +1,14 @@
 package org.gcube.usecases.ws.thredds.engine.impl.security;

 import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
+import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.provider.AuthorizationProvider;
 import org.gcube.common.authorization.library.provider.ClientInfo;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.UmaJWTProvider;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.usecases.ws.thredds.model.SynchFolderConfiguration;
+import static org.gcube.common.authorization.client.Constants.authorizationService;

 import lombok.extern.slf4j.Slf4j;

@ -35,12 +37,21 @@ public class Security {
 	
 	
 	public static void set(User toSet) {
+		//cleanup everything
+		resetUser();
 		log.debug("Setting User {} ",toSet);
 		if(toSet.getUma_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());
 		if(toSet.getGcube_token()!=null)SecurityTokenProvider.instance.set(toSet.getGcube_token());
-		if(ScopeProvider.instance.get()==null)ScopeProvider.instance.set(toSet.getContext());
+		if(toSet.getContext()!=null)ScopeProvider.instance.set(toSet.getContext());
+	}
+
+
+	public static void resetUser(){
+		log.debug("Resetting user");
+		SecurityTokenProvider.instance.reset();
+		UmaJWTProvider.instance.reset();
+		ScopeProvider.instance.reset();
 	}
-	
 	public static void checkOperator(SynchFolderConfiguration config) throws SecurityException{
 		User current=getCurrent();
 		log.debug("Checking if current user {} can synch {} ",getCurrent(), config);
@ -61,10 +72,9 @@ public class Security {
 		log.debug("Checking context of gcube-token {}...",token.substring(0,6));
 		User caller=getCurrent();		
 		try {
-			SecurityTokenProvider.instance.reset();
-			UmaJWTProvider.instance.reset();
-			SecurityTokenProvider.instance.set(token);
-			return ScopeProvider.instance.get();
+			resetUser();
+			AuthorizationEntry entry = authorizationService().get(token);
+			return entry.getContext();
 		}finally {
 			log.debug("Resetting user "+caller);
 			set(caller);