github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

removed structured scopes

pull/1187/head
Justin Richer 2017-01-17 17:06:04 -05:00
parent 524794fe2e
commit b17a7f43ae
21 changed files with 39 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
View File

@ -53,9 +53,6 @@ public class SystemScope {
private String icon; // class of the icon to display on the auth page private String icon; // class of the icon to display on the auth page
private boolean defaultScope = false; // is this a default scope for newly-registered clients? private boolean defaultScope = false; // is this a default scope for newly-registered clients?
private boolean restricted = false; // is this scope restricted to admin-only registration access? private boolean restricted = false; // is this scope restricted to admin-only registration access?
private boolean structured = false; // is this a default scope for newly-registered clients?
private String structuredParamDescription;
private String structuredValue;
/** /**
* Make a blank system scope with no value * Make a blank system scope with no value
@ -162,52 +159,6 @@ public class SystemScope {
this.restricted = restricted; this.restricted = restricted;
} }
/**
* @return the isStructured status
*/
@Basic
@Column(name = "structured")
public boolean isStructured() {
return structured;
}
/**
* @param structured the structured to set
*/
public void setStructured(boolean structured) {
this.structured = structured;
}
@Basic
@Column(name = "structured_param_description")
public String getStructuredParamDescription() {
return structuredParamDescription;
}
/**
* @param isStructured the isStructured to set
*/
public void setStructuredParamDescription(String d) {
this.structuredParamDescription = d;
}
/**
* @return the structuredValue
*/
@Transient // we don't save the value of a system scope separately
public String getStructuredValue() {
return structuredValue;
}
/**
* @param structuredValue the structuredValue to set
*/
public void setStructuredValue(String structuredValue) {
this.structuredValue = structuredValue;
}
/* (non-Javadoc) /* (non-Javadoc)
* @see java.lang.Object#hashCode() * @see java.lang.Object#hashCode()
*/ */
@ -221,13 +172,6 @@ public class SystemScope {
result = prime * result + ((icon == null) ? 0 : icon.hashCode()); result = prime * result + ((icon == null) ? 0 : icon.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode()); result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + (restricted ? 1231 : 1237); result = prime * result + (restricted ? 1231 : 1237);
result = prime * result + (structured ? 1231 : 1237);
result = prime
* result
+ ((structuredParamDescription == null) ? 0
: structuredParamDescription.hashCode());
result = prime * result
+ ((structuredValue == null) ? 0 : structuredValue.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode()); result = prime * result + ((value == null) ? 0 : value.hashCode());
return result; return result;
} }
@ -274,24 +218,6 @@ public class SystemScope {
if (restricted != other.restricted) { if (restricted != other.restricted) {
return false; return false;
} }
if (structured != other.structured) {
return false;
}
if (structuredParamDescription == null) {
if (other.structuredParamDescription != null) {
return false;
}
} else if (!structuredParamDescription
.equals(other.structuredParamDescription)) {
return false;
}
if (structuredValue == null) {
if (other.structuredValue != null) {
return false;
}
} else if (!structuredValue.equals(other.structuredValue)) {
return false;
}
if (value == null) { if (value == null) {
if (other.value != null) { if (other.value != null) {
return false; return false;
@ -309,10 +235,7 @@ public class SystemScope {
public String toString() { public String toString() {
return "SystemScope [id=" + id + ", value=" + value + ", description=" return "SystemScope [id=" + id + ", value=" + value + ", description="
+ description + ", icon=" + icon + ", defaultScope=" + description + ", icon=" + icon + ", defaultScope="
+ defaultScope + ", restricted=" + restricted + ", structured=" + defaultScope + ", restricted=" + restricted + "]";
+ structured + ", structuredParamDescription="
+ structuredParamDescription + ", structuredValue="
+ structuredValue + "]";
} }
} }

7
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
View File

@ -96,12 +96,7 @@ public interface SystemScopeService {
public Set<String> toStrings(Set<SystemScope> scope); public Set<String> toStrings(Set<SystemScope> scope);
/** /**
* Test whether the scopes in both sets are compatible, with special * Test whether the scopes in both sets are compatible. All scopes in "actual" must exist in "expected".
* processing for structured scopes. All scopes in "actual" must exist in
* "expected". If a scope in "expected" is structured and has a value, it
* must be matched exactly by its corresponding scope in "actual". If a
* scope in "expected" is structured but has no value, it may be matched by
* a scope with or without a value in "actual".
*/ */
public boolean scopesMatch(Set<String> expected, Set<String> actual); public boolean scopesMatch(Set<String> expected, Set<String> actual);

5
openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
View File

@ -10,7 +10,8 @@ CREATE TABLE IF NOT EXISTS access_token (
refresh_token_id BIGINT, refresh_token_id BIGINT,
client_id BIGINT, client_id BIGINT,
auth_holder_id BIGINT, auth_holder_id BIGINT,
approved_site_id BIGINT approved_site_id BIGINT,
UNIQUE(token_value)
); );
CREATE TABLE IF NOT EXISTS access_token_permissions ( CREATE TABLE IF NOT EXISTS access_token_permissions (
@ -235,8 +236,6 @@ CREATE TABLE IF NOT EXISTS system_scope (
icon VARCHAR(256), icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL, restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL, default_scope BOOLEAN DEFAULT false NOT NULL,
structured BOOLEAN DEFAULT false NOT NULL,
structured_param_description VARCHAR(256),
UNIQUE (scope) UNIQUE (scope)
); );

4
openid-connect-server-webapp/src/main/resources/db/hsql/loading_temp_tables.sql
View File

@ -69,7 +69,5 @@ CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP (
description VARCHAR(4096), description VARCHAR(4096),
icon VARCHAR(256), icon VARCHAR(256),
restricted BOOLEAN, restricted BOOLEAN,
default_scope BOOLEAN, default_scope BOOLEAN
structured BOOLEAN,
structured_param_description VARCHAR(256)
); );

18
openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql
View File

@ -10,23 +10,23 @@ START TRANSACTION;
-- Insert scope information into the temporary tables. -- Insert scope information into the temporary tables.
-- --
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('openid', 'log in using your identity', 'user', false, true, false, null), ('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true, false, null), ('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true, false, null), ('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true, false, null), ('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true, false, null), ('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false, false, null); ('offline_access', 'offline access', 'time', false, false);
-- --
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
-- --
MERGE INTO system_scope MERGE INTO system_scope
USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope, structured, structured_param_description) USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
ON vals.scope = system_scope.scope ON vals.scope = system_scope.scope
WHEN NOT MATCHED THEN WHEN NOT MATCHED THEN
INSERT (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description); INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
COMMIT; COMMIT;

2
openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml
View File

@ -52,7 +52,7 @@
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<bean id="oauthRequestValidator" class="org.mitre.oauth2.token.StructuredScopeAwareOAuth2RequestValidator" /> <bean id="oauthRequestValidator" class="org.mitre.oauth2.token.ScopeServiceAwareOAuth2RequestValidator" />
<!-- Error page handler. --> <!-- Error page handler. -->
<mvc:view-controller path="/error" view-name="error" /> <mvc:view-controller path="/error" view-name="error" />

4
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp
View File

@ -218,10 +218,6 @@
</span> </span>
</c:if> </c:if>
<c:if test="${ scope.structured }">
<input name="scopeparam_${ fn:escapeXml(scope.value) }" type="text" value="${ fn:escapeXml(scope.structuredValue) }" placeholder="${ fn:escapeXml(scope.structuredParamDescription) }">
</c:if>
</label> </label>
</c:forEach> </c:forEach>

3
openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json
View File

@ -306,9 +306,6 @@
"icon": "Icon", "icon": "Icon",
"new": "New Scope", "new": "New Scope",
"select-icon": "Select an icon", "select-icon": "Select an icon",
"structured": "is a structured scope",
"structured-help": "Is the scope structured with structured values like <code>base:extension</code>?",
"structured-param-help": "Human-readable description of the structured parameter",
"subject-type": "Subject Type", "subject-type": "Subject Type",
"value": "Scope value", "value": "Scope value",
"value-help": "Single string with no spaces", "value-help": "Single string with no spaces",

21
openid-connect-server-webapp/src/main/webapp/resources/js/scope.js
View File

@ -23,10 +23,7 @@ var SystemScopeModel = Backbone.Model.extend({
icon:null, icon:null,
value:null, value:null,
defaultScope:false, defaultScope:false,
restricted:false, restricted:false
structured:false,
structuredParamDescription:null,
structuredValue:null
}, },
urlRoot: 'api/scopes' urlRoot: 'api/scopes'
@ -267,8 +264,7 @@ var SystemScopeFormView = Backbone.View.extend({
events:{ events:{
'click .btn-save':'saveScope', 'click .btn-save':'saveScope',
'click .btn-cancel': function() {app.navigate('admin/scope', {trigger: true}); }, 'click .btn-cancel': function() {app.navigate('admin/scope', {trigger: true}); },
'click .btn-icon':'selectIcon', 'click .btn-icon':'selectIcon'
'change #isStructured input':'toggleStructuredParamDescription'
}, },
load:function(callback) { load:function(callback) {
@ -290,14 +286,6 @@ var SystemScopeFormView = Backbone.View.extend({
}, },
toggleStructuredParamDescription:function(e) {
if ($('#isStructured input', this.el).is(':checked')) {
$('#structuredParamDescription', this.el).show();
} else {
$('#structuredParamDescription', this.el).hide();
}
},
saveScope:function(e) { saveScope:function(e) {
e.preventDefault(); e.preventDefault();
@ -313,9 +301,7 @@ var SystemScopeFormView = Backbone.View.extend({
description:$('#description textarea').val(), description:$('#description textarea').val(),
icon:$('#iconDisplay input').val(), icon:$('#iconDisplay input').val(),
defaultScope:$('#defaultScope input').is(':checked'), defaultScope:$('#defaultScope input').is(':checked'),
restricted:$('#restricted input').is(':checked'), restricted:$('#restricted input').is(':checked')
structured:$('#isStructured input').is(':checked'),
structuredParamDescription:$('#structuredParamDescription input').val()
}); });
if (valid) { if (valid) {
@ -356,7 +342,6 @@ var SystemScopeFormView = Backbone.View.extend({
$("#iconSelector .modal-body", this.el).append(this.iconTemplate({items:items})); $("#iconSelector .modal-body", this.el).append(this.iconTemplate({items:items}));
}, this); }, this);
this.toggleStructuredParamDescription();
$(this.el).i18n(); $(this.el).i18n();
return this; return this;
} }

13
openid-connect-server-webapp/src/main/webapp/resources/template/scope.html
View File

@ -155,19 +155,6 @@
</div> </div>
</div> </div>
<div class="control-group">
<div class="controls" id="isStructured">
<label class="checkbox">
<input type="checkbox" <%-structured ? 'checked' : '' %>> <span data-i18n="scope.system-scope-form.structured">is a structured scope</span>
</label>
<p class="help-block" data-i18n="[html]scope.system-scope-form.structured-help">Is the scope structured with structured values like <code>base:extension</code>?</p>
</div>
<div class="controls" id="structuredParamDescription">
<input type="text" value="<%-structuredParamDescription ? structuredParamDescription : '' %>">
<p class="help-block" data-i18n="scope.system-scope-form.structured-param-help">Human-readable description of the structured parameter</p>
</div>
</div>
<div class="well well-small"> <div class="well well-small">
<button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> <span data-i18n="common.save">Save</span></button> &nbsp; <button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> <span data-i18n="common.save">Save</span></button> &nbsp;
<button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> <span data-i18n="common.cancel">Cancel</span></button> <button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> <span data-i18n="common.cancel">Cancel</span></button>

41
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
View File

@ -76,20 +76,11 @@ public class DefaultSystemScopeService implements SystemScopeService {
if (Strings.isNullOrEmpty(input)) { if (Strings.isNullOrEmpty(input)) {
return null; return null;
} else { } else {
List<String> parts = parseStructuredScopeValue(input);
String base = parts.get(0); // the first part is the base
// get the real scope if it's available // get the real scope if it's available
SystemScope s = getByValue(base); SystemScope s = getByValue(input);
if (s == null) { if (s == null) {
// make a fake one otherwise // make a fake one otherwise
s = new SystemScope(base); s = new SystemScope(input);
if (parts.size() > 1) {
s.setStructured(true);
}
}
if (s.isStructured() && parts.size() > 1) {
s.setStructuredValue(parts.get(1));
} }
return s; return s;
@ -103,11 +94,7 @@ public class DefaultSystemScopeService implements SystemScopeService {
if (input == null) { if (input == null) {
return null; return null;
} else { } else {
if (input.isStructured() && !Strings.isNullOrEmpty(input.getStructuredValue())) { return input.getValue();
return Joiner.on(":").join(input.getValue(), input.getStructuredValue());
} else {
return input.getValue();
}
} }
} }
}; };
@ -181,11 +168,6 @@ public class DefaultSystemScopeService implements SystemScopeService {
} }
} }
// parse a structured scope string into its components
private List<String> parseStructuredScopeValue(String value) {
return Lists.newArrayList(Splitter.on(":").split(value));
}
/* (non-Javadoc) /* (non-Javadoc)
* @see org.mitre.oauth2.service.SystemScopeService#scopesMatch(java.util.Set, java.util.Set) * @see org.mitre.oauth2.service.SystemScopeService#scopesMatch(java.util.Set, java.util.Set)
*/ */
@ -198,22 +180,7 @@ public class DefaultSystemScopeService implements SystemScopeService {
for (SystemScope actScope : act) { for (SystemScope actScope : act) {
// first check to see if there's an exact match // first check to see if there's an exact match
if (!ex.contains(actScope)) { if (!ex.contains(actScope)) {
// we didn't find an exact match return false;
if (actScope.isStructured() && !Strings.isNullOrEmpty(actScope.getStructuredValue())) {
// if we didn't get an exact match but the actual scope is structured, we need to check further
// first, find the "base" scope for this
SystemScope base = getByValue(actScope.getValue());
if (!ex.contains(base)) {
// if the expected doesn't contain the base scope, fail
return false;
} else {
// we did find an exact match, need to check the rest
}
} else {
// the scope wasn't structured, fail now
return false;
}
} else { } else {
// if we did find an exact match, we need to check the rest // if we did find an exact match, we need to check the rest
} }

4
openid-connect-server/src/main/java/org/mitre/oauth2/token/StructuredScopeAwareOAuth2RequestValidator.java → openid-connect-server/src/main/java/org/mitre/oauth2/token/ScopeServiceAwareOAuth2RequestValidator.java
View File

@ -32,12 +32,12 @@ import org.springframework.security.oauth2.provider.TokenRequest;
/** /**
* *
* Validates the scopes on a request by comparing them against a client's * Validates the scopes on a request by comparing them against a client's
* allowed scopes, but allow structured scopes to function. * allowed scopes, but allow custom scopes to function through the system scopes
* *
* @author jricher * @author jricher
* *
*/ */
public class StructuredScopeAwareOAuth2RequestValidator implements OAuth2RequestValidator { public class ScopeServiceAwareOAuth2RequestValidator implements OAuth2RequestValidator {
@Autowired @Autowired
private SystemScopeService scopeService; private SystemScopeService scopeService;

4
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
View File

@ -817,9 +817,9 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
} else if (name.equals("defaultScope")) { } else if (name.equals("defaultScope")) {
scope.setDefaultScope(reader.nextBoolean()); scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals("structured")) { } else if (name.equals("structured")) {
scope.setStructured(reader.nextBoolean()); logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("structuredParameter")) { } else if (name.equals("structuredParameter")) {
scope.setStructuredParamDescription(reader.nextString()); logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("icon")) { } else if (name.equals("icon")) {
scope.setIcon(reader.nextString()); scope.setIcon(reader.nextString());
} else { } else {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

@ -808,9 +808,9 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
} else if (name.equals(ICON)) { } else if (name.equals(ICON)) {
scope.setIcon(reader.nextString()); scope.setIcon(reader.nextString());
} else if (name.equals(STRUCTURED)) { } else if (name.equals(STRUCTURED)) {
scope.setStructured(reader.nextBoolean()); logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals(STRUCTURED_PARAMETER)) { } else if (name.equals(STRUCTURED_PARAMETER)) {
scope.setStructuredParamDescription(reader.nextString()); logger.warn("Found a structured scope, ignoring structure");
} else { } else {
logger.debug("found unexpected entry"); logger.debug("found unexpected entry");
reader.skipValue(); reader.skipValue();

8
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java
View File

@ -80,8 +80,6 @@ import com.nimbusds.jwt.JWTParser;
public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements MITREidDataService { public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements MITREidDataService {
private static final String DEFAULT_SCOPE = "defaultScope"; private static final String DEFAULT_SCOPE = "defaultScope";
private static final String STRUCTURED_PARAMETER = "structuredParameter";
private static final String STRUCTURED = "structured";
private static final String RESTRICTED = "restricted"; private static final String RESTRICTED = "restricted";
private static final String ICON = "icon"; private static final String ICON = "icon";
private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered"; private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered";
@ -525,8 +523,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
writer.name(ICON).value(sysScope.getIcon()); writer.name(ICON).value(sysScope.getIcon());
writer.name(VALUE).value(sysScope.getValue()); writer.name(VALUE).value(sysScope.getValue());
writer.name(RESTRICTED).value(sysScope.isRestricted()); writer.name(RESTRICTED).value(sysScope.isRestricted());
writer.name(STRUCTURED).value(sysScope.isStructured());
writer.name(STRUCTURED_PARAMETER).value(sysScope.getStructuredParamDescription());
writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope()); writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope());
writer.endObject(); writer.endObject();
logger.debug("Wrote system scope {}", sysScope.getId()); logger.debug("Wrote system scope {}", sysScope.getId());
@ -1180,10 +1176,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
scope.setDefaultScope(reader.nextBoolean()); scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals(ICON)) { } else if (name.equals(ICON)) {
scope.setIcon(reader.nextString()); scope.setIcon(reader.nextString());
} else if (name.equals(STRUCTURED)) {
scope.setStructured(reader.nextBoolean());
} else if (name.equals(STRUCTURED_PARAMETER)) {
scope.setStructuredParamDescription(reader.nextString());
} else { } else {
logger.debug("found unexpected entry"); logger.debug("found unexpected entry");
reader.skipValue(); reader.skipValue();

10
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -204,15 +204,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
//Make sure this scope is allowed for the given client //Make sure this scope is allowed for the given client
if (systemScopes.scopesMatch(client.getScope(), approveSet)) { if (systemScopes.scopesMatch(client.getScope(), approveSet)) {
// If it's structured, assign the user-specified parameter allowedScopes.add(scope);
SystemScope systemScope = systemScopes.getByValue(scope);
if (systemScope != null && systemScope.isStructured()){
String paramValue = approvalParams.get("scopeparam_" + scope);
allowedScopes.add(scope + ":"+paramValue);
// .. and if it's unstructured, we're all set
} else {
allowedScopes.add(scope);
}
} }
} }

54
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
View File

@ -52,8 +52,6 @@ public class TestDefaultSystemScopeService {
private SystemScope defaultScope2; private SystemScope defaultScope2;
private SystemScope dynScope1; private SystemScope dynScope1;
private SystemScope restrictedScope1; private SystemScope restrictedScope1;
private SystemScope structuredScope1;
private SystemScope structuredScope1Value;
private String defaultDynScope1String = "defaultDynScope1"; private String defaultDynScope1String = "defaultDynScope1";
private String defaultDynScope2String = "defaultDynScope2"; private String defaultDynScope2String = "defaultDynScope2";
@ -61,8 +59,6 @@ public class TestDefaultSystemScopeService {
private String defaultScope2String = "defaultScope2"; private String defaultScope2String = "defaultScope2";
private String dynScope1String = "dynScope1"; private String dynScope1String = "dynScope1";
private String restrictedScope1String = "restrictedScope1"; private String restrictedScope1String = "restrictedScope1";
private String structuredScope1String = "structuredScope1";
private String structuredValue = "structuredValue";
private Set<SystemScope> allScopes; private Set<SystemScope> allScopes;
private Set<String> allScopeStrings; private Set<String> allScopeStrings;
@ -105,20 +101,11 @@ public class TestDefaultSystemScopeService {
restrictedScope1.setRestricted(true); restrictedScope1.setRestricted(true);
// structuredScope1 : structured scope allScopes = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1);
structuredScope1 = new SystemScope(structuredScope1String); allScopeStrings = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String);
structuredScope1.setStructured(true);
// structuredScope1Value : structured scope with value allScopesWithValue = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1);
structuredScope1Value = new SystemScope(structuredScope1String); allScopeStringsWithValue = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String);
structuredScope1Value.setStructured(true);
structuredScope1Value.setStructuredValue(structuredValue);
allScopes = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1, structuredScope1);
allScopeStrings = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String, structuredScope1String);
allScopesWithValue = Sets.newHashSet(defaultDynScope1, defaultDynScope2, defaultScope1, defaultScope2, dynScope1, restrictedScope1, structuredScope1, structuredScope1Value);
allScopeStringsWithValue = Sets.newHashSet(defaultDynScope1String, defaultDynScope2String, defaultScope1String, defaultScope2String, dynScope1String, restrictedScope1String, structuredScope1String, structuredScope1String + ":" + structuredValue);
Mockito.when(repository.getByValue(defaultDynScope1String)).thenReturn(defaultDynScope1); Mockito.when(repository.getByValue(defaultDynScope1String)).thenReturn(defaultDynScope1);
Mockito.when(repository.getByValue(defaultDynScope2String)).thenReturn(defaultDynScope2); Mockito.when(repository.getByValue(defaultDynScope2String)).thenReturn(defaultDynScope2);
@ -126,16 +113,6 @@ public class TestDefaultSystemScopeService {
Mockito.when(repository.getByValue(defaultScope2String)).thenReturn(defaultScope2); Mockito.when(repository.getByValue(defaultScope2String)).thenReturn(defaultScope2);
Mockito.when(repository.getByValue(dynScope1String)).thenReturn(dynScope1); Mockito.when(repository.getByValue(dynScope1String)).thenReturn(dynScope1);
Mockito.when(repository.getByValue(restrictedScope1String)).thenReturn(restrictedScope1); Mockito.when(repository.getByValue(restrictedScope1String)).thenReturn(restrictedScope1);
// we re-use this value so we've got to use thenAnswer instead
Mockito.when(repository.getByValue(structuredScope1String)).thenAnswer(new Answer<SystemScope>() {
@Override
public SystemScope answer(InvocationOnMock invocation) throws Throwable {
SystemScope s = new SystemScope(structuredScope1String);
s.setStructured(true);
return s;
}
});
Mockito.when(repository.getAll()).thenReturn(allScopes); Mockito.when(repository.getAll()).thenReturn(allScopes);
} }
@ -157,7 +134,7 @@ public class TestDefaultSystemScopeService {
@Test @Test
public void getUnrestricted() { public void getUnrestricted() {
Set<SystemScope> unrestricted = Sets.newHashSet(defaultDynScope1, defaultDynScope2, dynScope1, structuredScope1); Set<SystemScope> unrestricted = Sets.newHashSet(defaultDynScope1, defaultDynScope2, dynScope1);
assertThat(service.getUnrestricted(), equalTo(unrestricted)); assertThat(service.getUnrestricted(), equalTo(unrestricted));
} }
@ -210,25 +187,4 @@ public class TestDefaultSystemScopeService {
assertThat(service.scopesMatch(expected, actualBad), is(false)); assertThat(service.scopesMatch(expected, actualBad), is(false));
} }
@Test
public void scopesMatch_structured() {
Set<String> expected = Sets.newHashSet("foo", "bar", "baz");
Set<String> actualGood = Sets.newHashSet("foo:value", "baz", "bar");
Set<String> actualBad = Sets.newHashSet("foo:value", "bar:value");
// note: we have to use "thenAnswer" here to mimic the repository not serializing the structuredValue field
Mockito.when(repository.getByValue("foo")).thenAnswer(new Answer<SystemScope>() {
@Override
public SystemScope answer(InvocationOnMock invocation) throws Throwable {
SystemScope foo = new SystemScope("foo");
foo.setStructured(true);
return foo;
}
});
assertThat(service.scopesMatch(expected, actualGood), is(true));
assertThat(service.scopesMatch(expected, actualBad), is(false));
}
} }

10
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
View File

@ -782,8 +782,6 @@ public class TestMITREidDataService_1_1 {
scope3.setRestricted(false); scope3.setRestricted(false);
scope3.setDefaultScope(true); scope3.setDefaultScope(true);
scope3.setIcon("road"); scope3.setIcon("road");
scope3.setStructured(true);
scope3.setStructuredParamDescription("Structured Parameter");
String configJson = "{" + String configJson = "{" +
"\"" + MITREidDataService.CLIENTS + "\": [], " + "\"" + MITREidDataService.CLIENTS + "\": [], " +
@ -797,7 +795,7 @@ public class TestMITREidDataService_1_1 {
"{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"allowDynReg\":false,\"defaultScope\":false}," + "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"allowDynReg\":false,\"defaultScope\":false}," +
"{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"allowDynReg\":true,\"defaultScope\":false}," + "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"allowDynReg\":true,\"defaultScope\":false}," +
"{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"allowDynReg\":true,\"defaultScope\":true,\"structured\":true,\"structuredParameter\":\"Structured Parameter\"}" + "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"allowDynReg\":true,\"defaultScope\":true}" +
" ]" + " ]" +
"}"; "}";
@ -817,24 +815,18 @@ public class TestMITREidDataService_1_1 {
assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon()));
assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope()));
assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted()));
assertThat(savedScopes.get(0).isStructured(), equalTo(scope1.isStructured()));
assertThat(savedScopes.get(0).getStructuredParamDescription(), equalTo(scope1.getStructuredParamDescription()));
assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue()));
assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription()));
assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon()));
assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope()));
assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted()));
assertThat(savedScopes.get(1).isStructured(), equalTo(scope2.isStructured()));
assertThat(savedScopes.get(1).getStructuredParamDescription(), equalTo(scope2.getStructuredParamDescription()));
assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue()));
assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription()));
assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon()));
assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope()));
assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted()));
assertThat(savedScopes.get(2).isStructured(), equalTo(scope3.isStructured()));
assertThat(savedScopes.get(2).getStructuredParamDescription(), equalTo(scope3.getStructuredParamDescription()));
} }

10
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
View File

@ -797,8 +797,6 @@ public class TestMITREidDataService_1_2 {
scope3.setRestricted(false); scope3.setRestricted(false);
scope3.setDefaultScope(true); scope3.setDefaultScope(true);
scope3.setIcon("road"); scope3.setIcon("road");
scope3.setStructured(true);
scope3.setStructuredParamDescription("Structured Parameter");
String configJson = "{" + String configJson = "{" +
"\"" + MITREidDataService.CLIENTS + "\": [], " + "\"" + MITREidDataService.CLIENTS + "\": [], " +
@ -812,7 +810,7 @@ public class TestMITREidDataService_1_2 {
"{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," + "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," +
"{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," + "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," +
"{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true,\"structured\":true,\"structuredParameter\":\"Structured Parameter\"}" + "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true}" +
" ]" + " ]" +
"}"; "}";
@ -832,24 +830,18 @@ public class TestMITREidDataService_1_2 {
assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon()));
assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope()));
assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted()));
assertThat(savedScopes.get(0).isStructured(), equalTo(scope1.isStructured()));
assertThat(savedScopes.get(0).getStructuredParamDescription(), equalTo(scope1.getStructuredParamDescription()));
assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue()));
assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription()));
assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon()));
assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope()));
assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted()));
assertThat(savedScopes.get(1).isStructured(), equalTo(scope2.isStructured()));
assertThat(savedScopes.get(1).getStructuredParamDescription(), equalTo(scope2.getStructuredParamDescription()));
assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue()));
assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription()));
assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon()));
assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope()));
assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted()));
assertThat(savedScopes.get(2).isStructured(), equalTo(scope3.isStructured()));
assertThat(savedScopes.get(2).getStructuredParamDescription(), equalTo(scope3.getStructuredParamDescription()));
} }

10
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java
View File

@ -1669,8 +1669,6 @@ public class TestMITREidDataService_1_3 {
scope3.setRestricted(false); scope3.setRestricted(false);
scope3.setDefaultScope(true); scope3.setDefaultScope(true);
scope3.setIcon("road"); scope3.setIcon("road");
scope3.setStructured(true);
scope3.setStructuredParamDescription("Structured Parameter");
String configJson = "{" + String configJson = "{" +
"\"" + MITREidDataService.CLIENTS + "\": [], " + "\"" + MITREidDataService.CLIENTS + "\": [], " +
@ -1684,7 +1682,7 @@ public class TestMITREidDataService_1_3 {
"{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," + "{\"id\":1,\"description\":\"Scope 1\",\"icon\":\"glass\",\"value\":\"scope1\",\"restricted\":true,\"defaultScope\":false}," +
"{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," + "{\"id\":2,\"description\":\"Scope 2\",\"icon\":\"ball\",\"value\":\"scope2\",\"restricted\":false,\"defaultScope\":false}," +
"{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true,\"structured\":true,\"structuredParameter\":\"Structured Parameter\"}" + "{\"id\":3,\"description\":\"Scope 3\",\"icon\":\"road\",\"value\":\"scope3\",\"restricted\":false,\"defaultScope\":true}" +
" ]" + " ]" +
"}"; "}";
@ -1704,24 +1702,18 @@ public class TestMITREidDataService_1_3 {
assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon())); assertThat(savedScopes.get(0).getIcon(), equalTo(scope1.getIcon()));
assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope())); assertThat(savedScopes.get(0).isDefaultScope(), equalTo(scope1.isDefaultScope()));
assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted())); assertThat(savedScopes.get(0).isRestricted(), equalTo(scope1.isRestricted()));
assertThat(savedScopes.get(0).isStructured(), equalTo(scope1.isStructured()));
assertThat(savedScopes.get(0).getStructuredParamDescription(), equalTo(scope1.getStructuredParamDescription()));
assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue())); assertThat(savedScopes.get(1).getValue(), equalTo(scope2.getValue()));
assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription())); assertThat(savedScopes.get(1).getDescription(), equalTo(scope2.getDescription()));
assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon())); assertThat(savedScopes.get(1).getIcon(), equalTo(scope2.getIcon()));
assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope())); assertThat(savedScopes.get(1).isDefaultScope(), equalTo(scope2.isDefaultScope()));
assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted())); assertThat(savedScopes.get(1).isRestricted(), equalTo(scope2.isRestricted()));
assertThat(savedScopes.get(1).isStructured(), equalTo(scope2.isStructured()));
assertThat(savedScopes.get(1).getStructuredParamDescription(), equalTo(scope2.getStructuredParamDescription()));
assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue())); assertThat(savedScopes.get(2).getValue(), equalTo(scope3.getValue()));
assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription())); assertThat(savedScopes.get(2).getDescription(), equalTo(scope3.getDescription()));
assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon())); assertThat(savedScopes.get(2).getIcon(), equalTo(scope3.getIcon()));
assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope())); assertThat(savedScopes.get(2).isDefaultScope(), equalTo(scope3.isDefaultScope()));
assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted())); assertThat(savedScopes.get(2).isRestricted(), equalTo(scope3.isRestricted()));
assertThat(savedScopes.get(2).isStructured(), equalTo(scope3.isStructured()));
assertThat(savedScopes.get(2).getStructuredParamDescription(), equalTo(scope3.getStructuredParamDescription()));
} }

6
uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

@ -726,8 +726,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
writer.name(ICON).value(sysScope.getIcon()); writer.name(ICON).value(sysScope.getIcon());
writer.name(VALUE).value(sysScope.getValue()); writer.name(VALUE).value(sysScope.getValue());
writer.name(RESTRICTED).value(sysScope.isRestricted()); writer.name(RESTRICTED).value(sysScope.isRestricted());
writer.name(STRUCTURED).value(sysScope.isStructured());
writer.name(STRUCTURED_PARAMETER).value(sysScope.getStructuredParamDescription());
writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope()); writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope());
writer.endObject(); writer.endObject();
logger.debug("Wrote system scope {}", sysScope.getId()); logger.debug("Wrote system scope {}", sysScope.getId());
@ -1710,9 +1708,9 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
} else if (name.equals(ICON)) { } else if (name.equals(ICON)) {
scope.setIcon(reader.nextString()); scope.setIcon(reader.nextString());
} else if (name.equals(STRUCTURED)) { } else if (name.equals(STRUCTURED)) {
scope.setStructured(reader.nextBoolean()); logger.debug("Found a structured scope, ignoring structure");
} else if (name.equals(STRUCTURED_PARAMETER)) { } else if (name.equals(STRUCTURED_PARAMETER)) {
scope.setStructuredParamDescription(reader.nextString()); logger.debug("Found a structured scope, ignoring structure");
} else { } else {
logger.debug("found unexpected entry"); logger.debug("found unexpected entry");
reader.skipValue(); reader.skipValue();