From 2cfaa1c1d7b66850d710f8ef970caf9b6cdebb8b Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Mon, 29 Jun 2015 11:15:45 -0400
Subject: [PATCH] renamed RequiredClaimSet to Policy

---
 .../uma/model/{RequiredClaimSet.java => Policy.java} | 10 +++++-----
 .../main/java/org/mitre/uma/model/ResourceSet.java   | 12 ++++++------
 .../mitre/uma/service/ClaimsProcessingService.java   |  4 ++--
 .../resources/db/tables/hsql_database_tables.sql     |  8 ++++----
 .../uma/service/impl/MatchAllClaimsProcessor.java    |  8 ++++----
 .../mitre/uma/web/AuthorizationRequestEndpoint.java  |  6 ++++--
 .../src/main/java/org/mitre/uma/web/ClaimsAPI.java   |  6 +++---
 .../uma/web/ResourceSetRegistrationEndpoint.java     |  6 +++---
 8 files changed, 31 insertions(+), 29 deletions(-)
 rename openid-connect-common/src/main/java/org/mitre/uma/model/{RequiredClaimSet.java => Policy.java} (93%)

diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
similarity index 93%
rename from openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
rename to openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
index 8553c7958..286fb578a 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
@@ -42,8 +42,8 @@ import javax.persistence.Table;
  *
  */
 @Entity
-@Table(name = "required_claim_set")
-public class RequiredClaimSet {
+@Table(name = "policy")
+public class Policy {
 
 	private Long id;
 	private String name;
@@ -88,8 +88,8 @@ public class RequiredClaimSet {
 	 */
 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
 	@JoinTable(
-			name = "claim_to_claim_set",
-			joinColumns = @JoinColumn(name = "required_claim_set_id"),
+			name = "claim_to_policy",
+			joinColumns = @JoinColumn(name = "policy_id"),
 			inverseJoinColumns = @JoinColumn(name = "claim_id")
 	)
 	public Collection<Claim> getClaimsRequired() {
@@ -109,7 +109,7 @@ public class RequiredClaimSet {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "scope")
 	@CollectionTable(
-		name = "resource_set_scope",
+		name = "policy_scope",
 		joinColumns = @JoinColumn(name = "owner_id")
 	)
 	public Set<String> getScopes() {
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
index 8b4ca00aa..bb4c68036 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
@@ -59,7 +59,7 @@ public class ResourceSet {
 	private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
 	private String clientId; // client id of the protected resource that registered this resource set via OAuth token
 	
-	private Collection<RequiredClaimSet> requiredClaimSets;
+	private Collection<Policy> policies;
 	
 	/**
 	 * @return the id
@@ -199,15 +199,15 @@ public class ResourceSet {
 	 */
 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
 	@JoinColumn(name = "resource_set_id")
-	public Collection<RequiredClaimSet> getRequiredClaimSets() {
-		return requiredClaimSets;
+	public Collection<Policy> getPolicies() {
+		return policies;
 	}
 
 	/**
-	 * @param claimsRequired the claimsRequired to set
+	 * @param policies the claimsRequired to set
 	 */
-	public void setRequiredClaimSets(Collection<RequiredClaimSet> claimsRequired) {
-		this.requiredClaimSets = claimsRequired;
+	public void setPolicies(Collection<Policy> policies) {
+		this.policies = policies;
 	}
 	
 	
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
index 0130f673f..dab522327 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
@@ -20,7 +20,7 @@ package org.mitre.uma.service;
 import java.util.Collection;
 
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 
 /**
  * 
@@ -41,6 +41,6 @@ public interface ClaimsProcessingService {
 	 * @param claimsSupplied the supplied claims to test
 	 * @return the unmatched claims (if any), an empty set if the claims are satisfied, never null
 	 */
-	public Collection<Claim> claimsAreSatisfied(Collection<RequiredClaimSet> claimsRequired, Collection<Claim> claimsSupplied);
+	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied);
 
 }
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
index 0efd36295..6040fcfda 100644
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@@ -315,8 +315,8 @@ CREATE TABLE IF NOT EXISTS claim (
 	claim_value VARCHAR(1024),
 );
 
-CREATE TABLE IF NOT EXISTS claim_to_claim_set (
-	required_claim_set_id BIGINT NOT NULL,
+CREATE TABLE IF NOT EXISTS claim_to_policy (
+	policy_id BIGINT NOT NULL,
 	claim_id BIGINT NOT NULL
 );
 
@@ -325,13 +325,13 @@ CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
 	claim_id BIGINT NOT NULL
 );
 
-CREATE TABLE IF NOT EXISTS required_claim_set (
+CREATE TABLE IF NOT EXISTS policy (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	name VARCHAR(1024),
 	resource_set_id BIGINT
 );
 
-CREATE TABLE IF NOT EXISTS required_claim_set_scope (
+CREATE TABLE IF NOT EXISTS policy_scope (
 	owner_id BIGINT NOT NULL,
 	scope VARCHAR(256) NOT NULL
 );
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
index f640ed9c6..0ed4e0fad 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
@@ -21,7 +21,7 @@ import java.util.Collection;
 import java.util.HashSet;
 
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.service.ClaimsProcessingService;
 import org.springframework.stereotype.Service;
 
@@ -39,10 +39,10 @@ public class MatchAllClaimsProcessor implements ClaimsProcessingService {
 	 * @see org.mitre.uma.service.ClaimsProcessingService#claimsAreSatisfied(java.util.Collection, java.util.Collection)
 	 */
 	@Override
-	public Collection<Claim> claimsAreSatisfied(Collection<RequiredClaimSet> claimsRequired, Collection<Claim> claimsSupplied) {
+	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied) {
 		Collection<Claim> allUnmatched = new HashSet<>();
-		for (RequiredClaimSet requiredClaimSet : claimsRequired) {
-			Collection<Claim> unmatched = checkIndividualClaims(requiredClaimSet.getClaimsRequired(), claimsSupplied);
+		for (Policy policy : claimsRequired) {
+			Collection<Claim> unmatched = checkIndividualClaims(policy.getClaimsRequired(), claimsSupplied);
 			if (unmatched.isEmpty()) {
 				// we found something that's satisfied the claims, let's go with it!
 				return unmatched;
diff --git a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
index dd4b4f91c..279ae64ac 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
@@ -131,7 +131,7 @@ public class AuthorizationRequestEndpoint {
 					
 					ResourceSet rs = ticket.getPermission().getResourceSet();
 					
-					if (rs.getRequiredClaimSets() == null || rs.getRequiredClaimSets().isEmpty()) {
+					if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) {
 						// the required claims are empty, this resource has no way to be authorized
 						
 						m.addAttribute(JsonErrorView.ERROR, "not_authorized");
@@ -141,7 +141,9 @@ public class AuthorizationRequestEndpoint {
 					} else {
 						// claims weren't empty or missing, we need to check against what we have
 						
-						Collection<Claim> claimsUnmatched = claimsProcessingService.claimsAreSatisfied(rs.getRequiredClaimSets(), ticket.getClaimsSupplied());
+						Collection<Claim> claimsUnmatched = claimsProcessingService.claimsAreSatisfied(rs.getPolicies(), ticket.getClaimsSupplied());
+						
+						// we need to downscope this based on the required set that was matched if it was matched
 						
 						if (claimsUnmatched.isEmpty()) {
 							// if the unmatched claims come back empty, by function contract that means we're happy and can issue a token
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java b/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java
index b8d4692b3..f7341b23d 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java
@@ -26,7 +26,7 @@ import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.openid.connect.web.RootController;
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.slf4j.Logger;
@@ -98,7 +98,7 @@ public class ClaimsAPI {
 			return HttpCodeView.VIEWNAME;
 		}
 				
-		m.addAttribute(JsonEntityView.ENTITY, rs.getRequiredClaimSets());
+		m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
 		
 		return JsonEntityView.VIEWNAME;
 	}
@@ -126,7 +126,7 @@ public class ClaimsAPI {
 
 		resourceSetService.update(rs, rs);
 
-		m.addAttribute(JsonEntityView.ENTITY, rs.getRequiredClaimSets());
+		m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
 		
 		return JsonEntityView.VIEWNAME;
 	}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
index 584abecf3..50a04028a 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
@@ -29,7 +29,7 @@ import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.RequiredClaimSet;
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
@@ -139,11 +139,11 @@ public class ResourceSetRegistrationEndpoint {
 		ev.setValue(true);
 		claims.add(e);
 		*/
-		RequiredClaimSet reqired = new RequiredClaimSet();
+		Policy reqired = new Policy();
 		reqired.setScopes(rs.getScopes());
 		reqired.setClaimsRequired(claims);
 		
-		rs.setRequiredClaimSets(Sets.newHashSet(reqired));
+		rs.setPolicies(Sets.newHashSet(reqired));
 		////
 		//// END TEMP
 		////