From 435599de5eb6d73f050fb43aefa840105c2249f3 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 10 Mar 2021 17:59:10 +0100
Subject: [PATCH] Check context on doSync

---
 .../ws/thredds/engine/impl/Security.java      | 61 ++++++++++---------
 .../thredds/engine/impl/SynchEngineImpl.java  | 12 +++-
 2 files changed, 42 insertions(+), 31 deletions(-)

diff --git a/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/Security.java b/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/Security.java
index 82840a2..6212533 100644
--- a/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/Security.java
+++ b/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/Security.java
@@ -13,40 +13,45 @@ import lombok.extern.slf4j.Slf4j;
 public class Security {
 
 	public static String getCurrentScope(){
-	try{
-		String token=SecurityTokenProvider.instance.get();
-		log.debug("Token is : "+token);
-		if(token==null) throw new Exception("Security Token is null");
-		AuthorizationEntry entry = authorizationService().get(token);
-		return entry.getContext();
-	}catch(Exception e ){
-		log.debug("Unable to resolve token, checking scope provider..",e);
-		return ScopeProvider.instance.get();
+		try{
+			String token=SecurityTokenProvider.instance.get();
+			log.debug("Token is : "+token);
+			if(token==null) throw new Exception("Security Token is null");
+			AuthorizationEntry entry = authorizationService().get(token);
+			return entry.getContext();
+		}catch(Exception e ){
+			log.debug("Unable to resolve token, checking scope provider..",e);
+			return ScopeProvider.instance.get();
+		}
 	}
-}
 
-	
-	public static String getContext(String token) throws ObjectNotFound, Exception {
-		log.debug("Resolving token {} ",token);
-		AuthorizationEntry entry = authorizationService().get(token);
-		return entry.getContext();
+
+	public static String getContext(String token) {
+		try{
+			log.debug("Resolving token {} ",token);
+			AuthorizationEntry entry = authorizationService().get(token);
+			return entry.getContext();
+		}catch(Exception e) {
+			log.warn("Unable to resolve "+token,e);
+			return null;
+		}
 	}
-	
+
 	public static String getToken() {
 		return SecurityTokenProvider.instance.get();
 	}
-	
 
-public static String getCurrentCaller(){
-	try{
-		String token=SecurityTokenProvider.instance.get();
-		log.debug("Token is : "+token);
-		if(token==null) throw new Exception("Security Token is null");
-		AuthorizationEntry entry = authorizationService().get(token);
-		return entry.getClientInfo().getId();
-	}catch(Exception e ){
-		log.debug("Unable to resolve token, checking scope provider..",e);
-		return "Unidentified data-transfer user";
+
+	public static String getCurrentCaller(){
+		try{
+			String token=SecurityTokenProvider.instance.get();
+			log.debug("Token is : "+token);
+			if(token==null) throw new Exception("Security Token is null");
+			AuthorizationEntry entry = authorizationService().get(token);
+			return entry.getClientInfo().getId();
+		}catch(Exception e ){
+			log.debug("Unable to resolve token, checking scope provider..",e);
+			return "Unidentified data-transfer user";
+		}
 	}
 }
-}
diff --git a/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/SynchEngineImpl.java b/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/SynchEngineImpl.java
index f78dcf2..fc5b448 100644
--- a/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/SynchEngineImpl.java
+++ b/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/SynchEngineImpl.java
@@ -11,6 +11,7 @@ import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.data.transfer.model.plugins.thredds.DataSetScan;
 import org.gcube.data.transfer.model.plugins.thredds.ThreddsCatalog;
 import org.gcube.data.transfer.model.plugins.thredds.ThreddsInfo;
@@ -139,9 +140,14 @@ public class SynchEngineImpl implements SyncEngine{
 			if(manager.isLocked()) throw new WorkspaceLockedException("Folder "+folderId+"is locked by an external process.");
 			if(!manager.isRoot()) throw new WorkspaceFolderNotRootException("Unable to launch synch operation. Folder "+folderId+" is not root configuration");
 			
-			//TODO check context
-			//TODO set operating context
-//			if(manager.getSynchConfiguration().get)
+			String callerContext=Security.getCurrentScope();
+			log.debug("Checking context. Caller is {} ",callerContext);
+			
+			String configurationContext=Security.getContext(manager.getSynchConfiguration().getTargetToken());
+			
+			if(!callerContext.equals(configurationContext)) 
+				throw new  WorkspaceInteractionException("Cannot sync folder from context "+callerContext+". Expected context is "+configurationContext);
+				
 			
 			Process toLaunch=new Process(folderId,completionCallback);
 			localProcesses.put(folderId, toLaunch);