made claim values any JSON type, closes #853
Justin Richer
parent
b0935086c2
commit
af798705b4
|
|
@ -0,0 +1,58 @@
|
||||||
|
/*******************************************************************************
|
||||||
|
* Copyright 2015 The MITRE Corporation
|
||||||
|
* and the MIT Kerberos and Internet Trust Consortium
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*******************************************************************************/
|
||||||
|
|
||||||
|
package org.mitre.oauth2.model.convert;
|
||||||
|
|
||||||
|
import javax.persistence.AttributeConverter;
|
||||||
|
import javax.persistence.Converter;
|
||||||
|
|
||||||
|
import com.google.common.base.Strings;
|
||||||
|
import com.google.gson.JsonElement;
|
||||||
|
import com.google.gson.JsonObject;
|
||||||
|
import com.google.gson.JsonParser;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author jricher
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@Converter
|
||||||
|
public class JsonElementStringConverter implements AttributeConverter<JsonElement, String> {
|
||||||
|
|
||||||
|
private JsonParser parser = new JsonParser();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String convertToDatabaseColumn(JsonElement attribute) {
|
||||||
|
if (attribute != null) {
|
||||||
|
return attribute.toString();
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* (non-Javadoc)
|
||||||
|
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public JsonElement convertToEntityAttribute(String dbData) {
|
||||||
|
if (!Strings.isNullOrEmpty(dbData)) {
|
||||||
|
return parser.parse(dbData);
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -22,6 +22,7 @@ import java.util.Set;
|
||||||
import javax.persistence.Basic;
|
import javax.persistence.Basic;
|
||||||
import javax.persistence.CollectionTable;
|
import javax.persistence.CollectionTable;
|
||||||
import javax.persistence.Column;
|
import javax.persistence.Column;
|
||||||
|
import javax.persistence.Convert;
|
||||||
import javax.persistence.ElementCollection;
|
import javax.persistence.ElementCollection;
|
||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
import javax.persistence.FetchType;
|
import javax.persistence.FetchType;
|
||||||
|
|
@ -31,6 +32,10 @@ import javax.persistence.Id;
|
||||||
import javax.persistence.JoinColumn;
|
import javax.persistence.JoinColumn;
|
||||||
import javax.persistence.Table;
|
import javax.persistence.Table;
|
||||||
|
|
||||||
|
import org.mitre.oauth2.model.convert.JsonElementStringConverter;
|
||||||
|
|
||||||
|
import com.google.gson.JsonElement;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
|
|
@ -43,7 +48,7 @@ public class Claim {
|
||||||
private String name;
|
private String name;
|
||||||
private String friendlyName;
|
private String friendlyName;
|
||||||
private String claimType;
|
private String claimType;
|
||||||
private String value;
|
private JsonElement value;
|
||||||
private Set<String> claimTokenFormat;
|
private Set<String> claimTokenFormat;
|
||||||
private Set<String> issuer;
|
private Set<String> issuer;
|
||||||
|
|
||||||
|
|
@ -150,13 +155,14 @@ public class Claim {
|
||||||
*/
|
*/
|
||||||
@Basic
|
@Basic
|
||||||
@Column(name = "claim_value")
|
@Column(name = "claim_value")
|
||||||
public String getValue() {
|
@Convert(converter = JsonElementStringConverter.class)
|
||||||
|
public JsonElement getValue() {
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* @param value the value to set
|
* @param value the value to set
|
||||||
*/
|
*/
|
||||||
public void setValue(String value) {
|
public void setValue(JsonElement value) {
|
||||||
this.value = value;
|
this.value = value;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
import org.mitre.openid.connect.model.UserInfo;
|
||||||
import org.mitre.openid.connect.view.HttpCodeView;
|
import org.mitre.openid.connect.view.HttpCodeView;
|
||||||
import org.mitre.openid.connect.view.JsonErrorView;
|
|
||||||
import org.mitre.uma.model.Claim;
|
import org.mitre.uma.model.Claim;
|
||||||
import org.mitre.uma.model.PermissionTicket;
|
import org.mitre.uma.model.PermissionTicket;
|
||||||
import org.mitre.uma.service.PermissionService;
|
import org.mitre.uma.service.PermissionService;
|
||||||
|
|
@ -42,6 +41,8 @@ import org.springframework.web.util.UriComponentsBuilder;
|
||||||
|
|
||||||
import com.google.common.base.Strings;
|
import com.google.common.base.Strings;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
|
import com.google.gson.JsonElement;
|
||||||
|
import com.google.gson.JsonPrimitive;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
|
@ -90,11 +91,13 @@ public class ClaimsCollectionEndpoint {
|
||||||
String issuer = auth.getIssuer();
|
String issuer = auth.getIssuer();
|
||||||
UserInfo userInfo = auth.getUserInfo();
|
UserInfo userInfo = auth.getUserInfo();
|
||||||
|
|
||||||
claimsSupplied.add(mkClaim(issuer, "sub", auth.getSub()));
|
claimsSupplied.add(mkClaim(issuer, "sub", new JsonPrimitive(auth.getSub())));
|
||||||
claimsSupplied.add(mkClaim(issuer, "email", userInfo.getEmail()));
|
claimsSupplied.add(mkClaim(issuer, "email", new JsonPrimitive(userInfo.getEmail())));
|
||||||
claimsSupplied.add(mkClaim(issuer, "phone_number", auth.getUserInfo().getPhoneNumber()));
|
claimsSupplied.add(mkClaim(issuer, "email_verified", new JsonPrimitive(userInfo.getEmailVerified())));
|
||||||
claimsSupplied.add(mkClaim(issuer, "preferred_username", auth.getUserInfo().getPreferredUsername()));
|
claimsSupplied.add(mkClaim(issuer, "phone_number", new JsonPrimitive(auth.getUserInfo().getPhoneNumber())));
|
||||||
claimsSupplied.add(mkClaim(issuer, "profile", auth.getUserInfo().getProfile()));
|
claimsSupplied.add(mkClaim(issuer, "phone_number_verified", new JsonPrimitive(auth.getUserInfo().getPhoneNumberVerified())));
|
||||||
|
claimsSupplied.add(mkClaim(issuer, "preferred_username", new JsonPrimitive(auth.getUserInfo().getPreferredUsername())));
|
||||||
|
claimsSupplied.add(mkClaim(issuer, "profile", new JsonPrimitive(auth.getUserInfo().getProfile())));
|
||||||
|
|
||||||
ticket.setClaimsSupplied(claimsSupplied);
|
ticket.setClaimsSupplied(claimsSupplied);
|
||||||
|
|
||||||
|
|
@ -120,7 +123,7 @@ public class ClaimsCollectionEndpoint {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private Claim mkClaim(String issuer, String name, String value) {
|
private Claim mkClaim(String issuer, String name, JsonElement value) {
|
||||||
Claim c = new Claim();
|
Claim c = new Claim();
|
||||||
c.setIssuer(Sets.newHashSet(issuer));
|
c.setIssuer(Sets.newHashSet(issuer));
|
||||||
c.setName(name);
|
c.setName(name);
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@ import com.google.gson.JsonElement;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import com.google.gson.JsonParseException;
|
import com.google.gson.JsonParseException;
|
||||||
import com.google.gson.JsonParser;
|
import com.google.gson.JsonParser;
|
||||||
|
import com.google.gson.JsonPrimitive;
|
||||||
|
|
||||||
import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
|
import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
|
||||||
import static org.mitre.util.JsonUtils.getAsLong;
|
import static org.mitre.util.JsonUtils.getAsLong;
|
||||||
|
|
@ -129,16 +130,15 @@ public class ResourceSetRegistrationEndpoint {
|
||||||
Claim e = new Claim();
|
Claim e = new Claim();
|
||||||
e.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
e.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
||||||
e.setName("email");
|
e.setName("email");
|
||||||
e.setValue("alice@healthauth.org");
|
e.setValue(new JsonPrimitive("alice@healthauth.org"));
|
||||||
claims.add(e);
|
claims.add(e);
|
||||||
|
|
||||||
/* TODO: claims need to be multi-typed
|
|
||||||
Claim ev = new Claim();
|
Claim ev = new Claim();
|
||||||
ev.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
ev.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
||||||
e.setName("email_verified");
|
e.setName("email_verified");
|
||||||
ev.setValue(true);
|
ev.setValue(new JsonPrimitive(true));
|
||||||
claims.add(e);
|
claims.add(e);
|
||||||
*/
|
|
||||||
Policy reqired = new Policy();
|
Policy reqired = new Policy();
|
||||||
reqired.setScopes(rs.getScopes());
|
reqired.setScopes(rs.getScopes());
|
||||||
reqired.setClaimsRequired(claims);
|
reqired.setClaimsRequired(claims);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue