renamed RequiredClaimSet to Policy

2015-06-29 11:15:45 -04:00 · 2015-06-29 11:15:45 -04:00 · 2cfaa1c1d7
parent b8a5486995
commit 2cfaa1c1d7
8 changed files with 31 additions and 29 deletions
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
@ -42,8 +42,8 @@ import javax.persistence.Table;
 *
 */
@Entity
-@Table(name = "required_claim_set")
-public class RequiredClaimSet {
+@Table(name = "policy")
+public class Policy {

 	private Long id;
 	private String name;
@ -88,8 +88,8 @@ public class RequiredClaimSet {
 	 */
 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
 	@JoinTable(
-			name = "claim_to_claim_set",
-			joinColumns = @JoinColumn(name = "required_claim_set_id"),
+			name = "claim_to_policy",
+			joinColumns = @JoinColumn(name = "policy_id"),
 			inverseJoinColumns = @JoinColumn(name = "claim_id")
 	)
 	public Collection<Claim> getClaimsRequired() {
@ -109,7 +109,7 @@ public class RequiredClaimSet {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "scope")
 	@CollectionTable(
-		name = "resource_set_scope",
+		name = "policy_scope",
 		joinColumns = @JoinColumn(name = "owner_id")
 	)
 	public Set<String> getScopes() {
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
@ -59,7 +59,7 @@ public class ResourceSet {
 	private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
 	private String clientId; // client id of the protected resource that registered this resource set via OAuth token
 	
-	private Collection<RequiredClaimSet> requiredClaimSets;
+	private Collection<Policy> policies;
 	
 	/**
 	 * @return the id
@ -199,15 +199,15 @@ public class ResourceSet {
 	 */
 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
 	@JoinColumn(name = "resource_set_id")
-	public Collection<RequiredClaimSet> getRequiredClaimSets() {
-		return requiredClaimSets;
+	public Collection<Policy> getPolicies() {
+		return policies;
 	}

 	/**
-	 * @param claimsRequired the claimsRequired to set
+	 * @param policies the claimsRequired to set
 	 */
-	public void setRequiredClaimSets(Collection<RequiredClaimSet> claimsRequired) {
-		this.requiredClaimSets = claimsRequired;
+	public void setPolicies(Collection<Policy> policies) {
+		this.policies = policies;
 	}
 	
 	
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
@ -20,7 +20,7 @@ package org.mitre.uma.service;
 import java.util.Collection;

 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;

 /**
 * 
@ -41,6 +41,6 @@ public interface ClaimsProcessingService {
 	 * @param claimsSupplied the supplied claims to test
 	 * @return the unmatched claims (if any), an empty set if the claims are satisfied, never null
 	 */
-	public Collection<Claim> claimsAreSatisfied(Collection<RequiredClaimSet> claimsRequired, Collection<Claim> claimsSupplied);
+	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied);

 }
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@ -315,8 +315,8 @@ CREATE TABLE IF NOT EXISTS claim (
 	claim_value VARCHAR(1024),
 );

-CREATE TABLE IF NOT EXISTS claim_to_claim_set (
-	required_claim_set_id BIGINT NOT NULL,
+CREATE TABLE IF NOT EXISTS claim_to_policy (
+	policy_id BIGINT NOT NULL,
 	claim_id BIGINT NOT NULL
 );

@ -325,13 +325,13 @@ CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
 	claim_id BIGINT NOT NULL
 );

-CREATE TABLE IF NOT EXISTS required_claim_set (
+CREATE TABLE IF NOT EXISTS policy (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	name VARCHAR(1024),
 	resource_set_id BIGINT
 );

-CREATE TABLE IF NOT EXISTS required_claim_set_scope (
+CREATE TABLE IF NOT EXISTS policy_scope (
 	owner_id BIGINT NOT NULL,
 	scope VARCHAR(256) NOT NULL
 );
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
@ -21,7 +21,7 @@ import java.util.Collection;
 import java.util.HashSet;

 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.service.ClaimsProcessingService;
 import org.springframework.stereotype.Service;

@ -39,10 +39,10 @@ public class MatchAllClaimsProcessor implements ClaimsProcessingService {
 	 * @see org.mitre.uma.service.ClaimsProcessingService#claimsAreSatisfied(java.util.Collection, java.util.Collection)
 	 */
 	@Override
-	public Collection<Claim> claimsAreSatisfied(Collection<RequiredClaimSet> claimsRequired, Collection<Claim> claimsSupplied) {
+	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied) {
 		Collection<Claim> allUnmatched = new HashSet<>();
-		for (RequiredClaimSet requiredClaimSet : claimsRequired) {
-			Collection<Claim> unmatched = checkIndividualClaims(requiredClaimSet.getClaimsRequired(), claimsSupplied);
+		for (Policy policy : claimsRequired) {
+			Collection<Claim> unmatched = checkIndividualClaims(policy.getClaimsRequired(), claimsSupplied);
 			if (unmatched.isEmpty()) {
 				// we found something that's satisfied the claims, let's go with it!
 				return unmatched;
--- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
@ -131,7 +131,7 @@ public class AuthorizationRequestEndpoint {
 					
 					ResourceSet rs = ticket.getPermission().getResourceSet();
 					
-					if (rs.getRequiredClaimSets() == null || rs.getRequiredClaimSets().isEmpty()) {
+					if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) {
 						// the required claims are empty, this resource has no way to be authorized
 						
 						m.addAttribute(JsonErrorView.ERROR, "not_authorized");
@ -141,7 +141,9 @@ public class AuthorizationRequestEndpoint {
 					} else {
 						// claims weren't empty or missing, we need to check against what we have
 						
-						Collection<Claim> claimsUnmatched = claimsProcessingService.claimsAreSatisfied(rs.getRequiredClaimSets(), ticket.getClaimsSupplied());
+						Collection<Claim> claimsUnmatched = claimsProcessingService.claimsAreSatisfied(rs.getPolicies(), ticket.getClaimsSupplied());
+						
+						// we need to downscope this based on the required set that was matched if it was matched
 						
 						if (claimsUnmatched.isEmpty()) {
 							// if the unmatched claims come back empty, by function contract that means we're happy and can issue a token
--- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java
@ -26,7 +26,7 @@ import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.openid.connect.web.RootController;
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.slf4j.Logger;
@ -98,7 +98,7 @@ public class ClaimsAPI {
 			return HttpCodeView.VIEWNAME;
 		}
 				
-		m.addAttribute(JsonEntityView.ENTITY, rs.getRequiredClaimSets());
+		m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
 		
 		return JsonEntityView.VIEWNAME;
 	}
@ -126,7 +126,7 @@ public class ClaimsAPI {

 		resourceSetService.update(rs, rs);

-		m.addAttribute(JsonEntityView.ENTITY, rs.getRequiredClaimSets());
+		m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
 		
 		return JsonEntityView.VIEWNAME;
 	}
--- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
@ -29,7 +29,7 @@ import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
@ -139,11 +139,11 @@ public class ResourceSetRegistrationEndpoint {
 		ev.setValue(true);
 		claims.add(e);
 		*/
-		RequiredClaimSet reqired = new RequiredClaimSet();
+		Policy reqired = new Policy();
 		reqired.setScopes(rs.getScopes());
 		reqired.setClaimsRequired(claims);
 		
-		rs.setRequiredClaimSets(Sets.newHashSet(reqired));
+		rs.setPolicies(Sets.newHashSet(reqired));
 		////
 		//// END TEMP
 		////