added client_id to resource sets

2015-03-10 12:38:13 -04:00 · 2015-03-10 12:38:13 -04:00 · 627bcaee43
parent e5e4c15058
commit 627bcaee43
7 changed files with 61 additions and 13 deletions
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
@ -34,12 +34,18 @@ import javax.persistence.Table;

@Entity
@Table(name = "resource_set")
-@NamedQueries (
-	@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :owner")
-)
+@NamedQueries ({
+		@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
+		@NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID)
+})
 public class ResourceSet {

 	public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner";
+	public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient";
+
+	public static final String PARAM_OWNER = "owner";
+	public static final String PARAM_CLIENTID = "clientId";
+
 	
 	private Long id;
 	private String name;
@ -48,7 +54,8 @@ public class ResourceSet {
 	private Set<String> scopes;
 	private String iconUri;
 	
-	private String owner; // username of the person responsible for the reigistration (either directly or via OAuth token)
+	private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
+	private String clientId; // client id of the protected resource that registered this resource set via OAuth token
 	
 	/**
 	 * @return the id
@ -166,6 +173,22 @@ public class ResourceSet {
 	public void setOwner(String owner) {
 		this.owner = owner;
 	}
+
+	/**
+	 * @return the clientId
+	 */
+	@Basic
+	@Column(name = "client_id")
+	public String getClientId() {
+		return clientId;
+	}
+
+	/**
+	 * @param clientId the clientId to set
+	 */
+	public void setClientId(String clientId) {
+		this.clientId = clientId;
+	}
 	
 	
 	
--- a/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java
@ -35,4 +35,6 @@ public interface ResourceSetRepository {

 	public Collection<ResourceSet> getAllForOwner(String owner);

+	public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId);
+
 }
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java
@ -39,4 +39,6 @@ public interface ResourceSetService {

 	public Collection<ResourceSet> getAllForOwner(String owner);

+	public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId);
+
 }
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@ -225,7 +225,8 @@ CREATE TABLE IF NOT EXISTS resource_set (
 	uri VARCHAR(1024),
 	icon_uri VARCHAR(1024),
 	rs_type VARCHAR(256),
-	owner VARCHAR(256) NOT NULL
+	owner VARCHAR(256) NOT NULL,
+	client_id VARCHAR(256)
 );

 CREATE TABLE IF NOT EXISTS resource_set_scope (
--- a/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
@ -67,7 +67,15 @@ public class JpaResourceSetRepository implements ResourceSetRepository {
 	@Override
 	public Collection<ResourceSet> getAllForOwner(String owner) {
 		TypedQuery<ResourceSet> query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER, ResourceSet.class);
-		query.setParameter("owner", owner);
+		query.setParameter(ResourceSet.PARAM_OWNER, owner);
+		return query.getResultList();
+	}
+
+	@Override
+	public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId) {
+		TypedQuery<ResourceSet> query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER_AND_CLIENT, ResourceSet.class);
+		query.setParameter(ResourceSet.PARAM_OWNER, owner);
+		query.setParameter(ResourceSet.PARAM_CLIENTID, clientId);
 		return query.getResultList();
 	}

--- a/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
+++ b/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
@ -34,7 +34,7 @@ import org.springframework.stereotype.Service;
@Service
 public class DefaultResourceSetService implements ResourceSetService {

-	private static Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class);
+	private static final Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class);
 	
 	@Autowired
 	private ResourceSetRepository repository;
@ -68,6 +68,7 @@ public class DefaultResourceSetService implements ResourceSetService {
 		}
 		
 		newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
+		newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates
 		
 		ResourceSet saved = repository.save(newRs);
 		
@ -84,6 +85,11 @@ public class DefaultResourceSetService implements ResourceSetService {
 	public Collection<ResourceSet> getAllForOwner(String owner) {
 		return repository.getAllForOwner(owner);
 	}
+
+	@Override
+	public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId) {
+		return repository.getAllForOwnerAndClient(owner, clientId);
+	}
 	
 	
 	
--- a/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
@ -17,11 +17,6 @@
 package org.mitre.uma.web;


-import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
-import static org.mitre.util.JsonUtils.getAsLong;
-import static org.mitre.util.JsonUtils.getAsString;
-import static org.mitre.util.JsonUtils.getAsStringSet;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
@ -41,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.MimeTypeUtils;
@ -55,6 +51,11 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;

+import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
+import static org.mitre.util.JsonUtils.getAsLong;
+import static org.mitre.util.JsonUtils.getAsString;
+import static org.mitre.util.JsonUtils.getAsStringSet;
+
@Controller
@RequestMapping("/" + ResourceSetRegistrationEndpoint.URL)
@PreAuthorize("hasRole('ROLE_USER')")
@ -90,7 +91,12 @@ public class ResourceSetRegistrationEndpoint {
 			return JsonErrorView.VIEWNAME;
 		}
 		
-		rs.setOwner(auth.getName());
+		if (auth instanceof OAuth2Authentication) {
+			// if it's an OAuth mediated call, it's on behalf of a client, so store that
+			OAuth2Authentication o2a = (OAuth2Authentication) auth;
+			rs.setClientId(o2a.getOAuth2Request().getClientId());
+		}
+		rs.setOwner(auth.getName()); // the username is going to be in the auth object
 		
 		ResourceSet saved = resourceSetService.saveNew(rs);