diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java index 9f3a35934..467b9877a 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java @@ -34,12 +34,18 @@ import javax.persistence.Table; @Entity @Table(name = "resource_set") -@NamedQueries ( - @NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :owner") -) +@NamedQueries ({ + @NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER), + @NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID) +}) public class ResourceSet { public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner"; + public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient"; + + public static final String PARAM_OWNER = "owner"; + public static final String PARAM_CLIENTID = "clientId"; + private Long id; private String name; @@ -48,7 +54,8 @@ public class ResourceSet { private Set scopes; private String iconUri; - private String owner; // username of the person responsible for the reigistration (either directly or via OAuth token) + private String owner; // username of the person responsible for the registration (either directly or via OAuth token) + private String clientId; // client id of the protected resource that registered this resource set via OAuth token /** * @return the id @@ -166,6 +173,22 @@ public class ResourceSet { public void setOwner(String owner) { this.owner = owner; } + + /** + * @return the clientId + */ + @Basic + @Column(name = "client_id") + public String getClientId() { + return clientId; + } + + /** + * @param clientId the clientId to set + */ + public void setClientId(String clientId) { + this.clientId = clientId; + } diff --git a/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java b/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java index 0da5c513d..774c13c45 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java @@ -35,4 +35,6 @@ public interface ResourceSetRepository { public Collection getAllForOwner(String owner); + public Collection getAllForOwnerAndClient(String owner, String clientId); + } diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java index 3a7a4ee54..e05d7881e 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java @@ -39,4 +39,6 @@ public interface ResourceSetService { public Collection getAllForOwner(String owner); + public Collection getAllForOwnerAndClient(String owner, String authClientId); + } diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql index 1ec18d7b9..f160ffe55 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql @@ -225,7 +225,8 @@ CREATE TABLE IF NOT EXISTS resource_set ( uri VARCHAR(1024), icon_uri VARCHAR(1024), rs_type VARCHAR(256), - owner VARCHAR(256) NOT NULL + owner VARCHAR(256) NOT NULL, + client_id VARCHAR(256) ); CREATE TABLE IF NOT EXISTS resource_set_scope ( diff --git a/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java b/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java index 6265903d6..ecef95c18 100644 --- a/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java @@ -67,7 +67,15 @@ public class JpaResourceSetRepository implements ResourceSetRepository { @Override public Collection getAllForOwner(String owner) { TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER, ResourceSet.class); - query.setParameter("owner", owner); + query.setParameter(ResourceSet.PARAM_OWNER, owner); + return query.getResultList(); + } + + @Override + public Collection getAllForOwnerAndClient(String owner, String clientId) { + TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER_AND_CLIENT, ResourceSet.class); + query.setParameter(ResourceSet.PARAM_OWNER, owner); + query.setParameter(ResourceSet.PARAM_CLIENTID, clientId); return query.getResultList(); } diff --git a/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java index eafe8d412..0353026bf 100644 --- a/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java +++ b/openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java @@ -34,7 +34,7 @@ import org.springframework.stereotype.Service; @Service public class DefaultResourceSetService implements ResourceSetService { - private static Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class); + private static final Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class); @Autowired private ResourceSetRepository repository; @@ -68,6 +68,7 @@ public class DefaultResourceSetService implements ResourceSetService { } newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates + newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates ResourceSet saved = repository.save(newRs); @@ -84,6 +85,11 @@ public class DefaultResourceSetService implements ResourceSetService { public Collection getAllForOwner(String owner) { return repository.getAllForOwner(owner); } + + @Override + public Collection getAllForOwnerAndClient(String owner, String clientId) { + return repository.getAllForOwnerAndClient(owner, clientId); + } diff --git a/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java index f57a00ba1..f3a080d33 100644 --- a/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java @@ -17,11 +17,6 @@ package org.mitre.uma.web; -import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; -import static org.mitre.util.JsonUtils.getAsLong; -import static org.mitre.util.JsonUtils.getAsString; -import static org.mitre.util.JsonUtils.getAsStringSet; - import java.util.Collection; import java.util.HashSet; import java.util.Set; @@ -41,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.MimeTypeUtils; @@ -55,6 +51,11 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; +import static org.mitre.util.JsonUtils.getAsLong; +import static org.mitre.util.JsonUtils.getAsString; +import static org.mitre.util.JsonUtils.getAsStringSet; + @Controller @RequestMapping("/" + ResourceSetRegistrationEndpoint.URL) @PreAuthorize("hasRole('ROLE_USER')") @@ -90,7 +91,12 @@ public class ResourceSetRegistrationEndpoint { return JsonErrorView.VIEWNAME; } - rs.setOwner(auth.getName()); + if (auth instanceof OAuth2Authentication) { + // if it's an OAuth mediated call, it's on behalf of a client, so store that + OAuth2Authentication o2a = (OAuth2Authentication) auth; + rs.setClientId(o2a.getOAuth2Request().getClientId()); + } + rs.setOwner(auth.getName()); // the username is going to be in the auth object ResourceSet saved = resourceSetService.saveNew(rs);