From af798705b428feafcdfeb708bde0af79f0faecce Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 29 Jun 2015 20:10:13 -0400 Subject: [PATCH] made claim values any JSON type, closes #853 --- .../convert/JsonElementStringConverter.java | 58 +++++++++++++++++++ .../main/java/org/mitre/uma/model/Claim.java | 12 +++- .../uma/web/ClaimsCollectionEndpoint.java | 17 +++--- .../web/ResourceSetRegistrationEndpoint.java | 8 +-- 4 files changed, 81 insertions(+), 14 deletions(-) create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java new file mode 100644 index 000000000..a2918bddc --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java @@ -0,0 +1,58 @@ +/******************************************************************************* + * Copyright 2015 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *******************************************************************************/ + +package org.mitre.oauth2.model.convert; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +import com.google.common.base.Strings; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +/** + * @author jricher + * + */ +@Converter +public class JsonElementStringConverter implements AttributeConverter { + + private JsonParser parser = new JsonParser(); + + @Override + public String convertToDatabaseColumn(JsonElement attribute) { + if (attribute != null) { + return attribute.toString(); + } else { + return null; + } + } + + /* (non-Javadoc) + * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) + */ + @Override + public JsonElement convertToEntityAttribute(String dbData) { + if (!Strings.isNullOrEmpty(dbData)) { + return parser.parse(dbData); + } else { + return null; + } + } + +} diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java index 2a2beac98..fd88af6a0 100644 --- a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java +++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java @@ -22,6 +22,7 @@ import java.util.Set; import javax.persistence.Basic; import javax.persistence.CollectionTable; import javax.persistence.Column; +import javax.persistence.Convert; import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.FetchType; @@ -31,6 +32,10 @@ import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.Table; +import org.mitre.oauth2.model.convert.JsonElementStringConverter; + +import com.google.gson.JsonElement; + /** * @author jricher * @@ -43,7 +48,7 @@ public class Claim { private String name; private String friendlyName; private String claimType; - private String value; + private JsonElement value; private Set claimTokenFormat; private Set issuer; @@ -150,13 +155,14 @@ public class Claim { */ @Basic @Column(name = "claim_value") - public String getValue() { + @Convert(converter = JsonElementStringConverter.class) + public JsonElement getValue() { return value; } /** * @param value the value to set */ - public void setValue(String value) { + public void setValue(JsonElement value) { this.value = value; } } diff --git a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java index 5eab049b1..324a09804 100644 --- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java +++ b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java @@ -24,7 +24,6 @@ import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.model.OIDCAuthenticationToken; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.view.HttpCodeView; -import org.mitre.openid.connect.view.JsonErrorView; import org.mitre.uma.model.Claim; import org.mitre.uma.model.PermissionTicket; import org.mitre.uma.service.PermissionService; @@ -42,6 +41,8 @@ import org.springframework.web.util.UriComponentsBuilder; import com.google.common.base.Strings; import com.google.common.collect.Sets; +import com.google.gson.JsonElement; +import com.google.gson.JsonPrimitive; /** * @@ -90,11 +91,13 @@ public class ClaimsCollectionEndpoint { String issuer = auth.getIssuer(); UserInfo userInfo = auth.getUserInfo(); - claimsSupplied.add(mkClaim(issuer, "sub", auth.getSub())); - claimsSupplied.add(mkClaim(issuer, "email", userInfo.getEmail())); - claimsSupplied.add(mkClaim(issuer, "phone_number", auth.getUserInfo().getPhoneNumber())); - claimsSupplied.add(mkClaim(issuer, "preferred_username", auth.getUserInfo().getPreferredUsername())); - claimsSupplied.add(mkClaim(issuer, "profile", auth.getUserInfo().getProfile())); + claimsSupplied.add(mkClaim(issuer, "sub", new JsonPrimitive(auth.getSub()))); + claimsSupplied.add(mkClaim(issuer, "email", new JsonPrimitive(userInfo.getEmail()))); + claimsSupplied.add(mkClaim(issuer, "email_verified", new JsonPrimitive(userInfo.getEmailVerified()))); + claimsSupplied.add(mkClaim(issuer, "phone_number", new JsonPrimitive(auth.getUserInfo().getPhoneNumber()))); + claimsSupplied.add(mkClaim(issuer, "phone_number_verified", new JsonPrimitive(auth.getUserInfo().getPhoneNumberVerified()))); + claimsSupplied.add(mkClaim(issuer, "preferred_username", new JsonPrimitive(auth.getUserInfo().getPreferredUsername()))); + claimsSupplied.add(mkClaim(issuer, "profile", new JsonPrimitive(auth.getUserInfo().getProfile()))); ticket.setClaimsSupplied(claimsSupplied); @@ -120,7 +123,7 @@ public class ClaimsCollectionEndpoint { } - private Claim mkClaim(String issuer, String name, String value) { + private Claim mkClaim(String issuer, String name, JsonElement value) { Claim c = new Claim(); c.setIssuer(Sets.newHashSet(issuer)); c.setName(name); diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java index 50a04028a..aae0c413c 100644 --- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java +++ b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java @@ -55,6 +55,7 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import com.google.gson.JsonPrimitive; import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope; import static org.mitre.util.JsonUtils.getAsLong; @@ -129,16 +130,15 @@ public class ResourceSetRegistrationEndpoint { Claim e = new Claim(); e.setIssuer(Sets.newHashSet("https://healthauth.org/")); e.setName("email"); - e.setValue("alice@healthauth.org"); + e.setValue(new JsonPrimitive("alice@healthauth.org")); claims.add(e); - /* TODO: claims need to be multi-typed Claim ev = new Claim(); ev.setIssuer(Sets.newHashSet("https://healthauth.org/")); e.setName("email_verified"); - ev.setValue(true); + ev.setValue(new JsonPrimitive(true)); claims.add(e); - */ + Policy reqired = new Policy(); reqired.setScopes(rs.getScopes()); reqired.setClaimsRequired(claims);