From efdc5eb4b131b00476c0af50aab48043acafc4c3 Mon Sep 17 00:00:00 2001
From: Massimiliano Assante <massimiliano.assante@isti.cnr.it>
Date: Thu, 26 Mar 2020 08:52:37 +0000
Subject: [PATCH] git-svn-id:
 https://svn.d4science.research-infrastructures.eu/gcube/trunk/portal/threadlocal-vars-cleaner@183892
 82a268e6-3cf1-43bd-a215-b396298e98cf

---
 .classpath                                     |  3 ++-
 pom.xml                                        |  4 ++--
 .../threadlocalexec/SmartGearsPortalValve.java | 18 +++++++++++++++++-
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/.classpath b/.classpath
index 4214a97..c40c8e2 100644
--- a/.classpath
+++ b/.classpath
@@ -17,10 +17,11 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
diff --git a/pom.xml b/pom.xml
index b8eb95a..5936649 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,14 +10,14 @@
 
 	<groupId>org.gcube.portal</groupId>
 	<artifactId>threadlocal-vars-cleaner</artifactId>
-	<version>2.1.0-SNAPSHOT</version>
+	<version>2.1.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>threadlocal-vars-cleaner</name>
 	<url>http://maven.apache.org</url>
 	<description>This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool</description>
 	<properties>
-		<java-version>1.7</java-version>
+		<java-version>1.8</java-version>
 		<distroDirectory>${project.basedir}/distro</distroDirectory>
 		<webappDirectory>${project.build.directory}/${project.build.finalName}</webappDirectory>
 		<distroDirectory>distro</distroDirectory>
diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index eb1422e..c916f06 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -18,6 +18,7 @@ import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -46,7 +47,7 @@ public class SmartGearsPortalValve extends ValveBase  {
 				PortalContext context = PortalContext.getConfiguration();
 				String scope = context.getCurrentScope(request);
 				String username = getCurrentUsername(request);
-				if (scope != null && username != null) {
+				if (scope != null && username != null && validateContext(scope)) {
 					String userToken = null;
 					try {
 						ScopeProvider.instance.set(scope);
@@ -68,6 +69,21 @@ public class SmartGearsPortalValve extends ValveBase  {
 		}
 		getNext().invoke(req, resp);
 	}
+	
+	/**
+	 * 
+	 * @param context
+	 * @return true if is the context is syntactically valid
+	 */
+	private static boolean validateContext(String context) {
+		String separator = "/";			
+		if (!context.matches("\\S+"))
+			return false;
+		String[] components=context.split(separator);
+		if (components.length<2 || components.length>4) 
+			return false;
+		return true;
+	}
 
 	/**
 	 *