made required claims sets stick in the database
Justin Richer
parent
667c766273
commit
b8a5486995
|
|
@ -20,6 +20,7 @@ package org.mitre.uma.model;
|
|||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.persistence.Basic;
|
||||
import javax.persistence.CascadeType;
|
||||
import javax.persistence.CollectionTable;
|
||||
import javax.persistence.Column;
|
||||
|
|
@ -45,6 +46,7 @@ import javax.persistence.Table;
|
|||
public class RequiredClaimSet {
|
||||
|
||||
private Long id;
|
||||
private String name;
|
||||
private Collection<Claim> claimsRequired;
|
||||
private Set<String> scopes;
|
||||
|
||||
|
|
@ -65,13 +67,29 @@ public class RequiredClaimSet {
|
|||
this.id = id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the name
|
||||
*/
|
||||
@Basic
|
||||
@Column(name = "name")
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param name the name to set
|
||||
*/
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the claimsRequired
|
||||
*/
|
||||
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
|
||||
@JoinTable(
|
||||
name = "claim_to_permission_ticket",
|
||||
joinColumns = @JoinColumn(name = "permission_ticket_id"),
|
||||
name = "claim_to_claim_set",
|
||||
joinColumns = @JoinColumn(name = "required_claim_set_id"),
|
||||
inverseJoinColumns = @JoinColumn(name = "claim_id")
|
||||
)
|
||||
public Collection<Claim> getClaimsRequired() {
|
||||
|
|
|
|||
|
|
@ -327,7 +327,8 @@ CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
|
|||
|
||||
CREATE TABLE IF NOT EXISTS required_claim_set (
|
||||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
|
||||
resource_set_id BIGINT NOT NULL
|
||||
name VARCHAR(1024),
|
||||
resource_set_id BIGINT
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS required_claim_set_scope (
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ public class MatchAllClaimsProcessor implements ClaimsProcessingService {
|
|||
// we found something that's satisfied the claims, let's go with it!
|
||||
return unmatched;
|
||||
} else {
|
||||
// otherwise add it to the stack to send back
|
||||
allUnmatched.addAll(unmatched);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ public class PermissionRegistrationEndpoint {
|
|||
if (rsid == null || scopes == null || scopes.isEmpty()){
|
||||
// missing information
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
m.addAttribute("errorMessage", "Missing required component of resource registration request.");
|
||||
m.addAttribute("errorMessage", "Missing required component of permission registration request.");
|
||||
return JsonErrorView.VIEWNAME;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,8 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
|||
import org.mitre.openid.connect.view.HttpCodeView;
|
||||
import org.mitre.openid.connect.view.JsonEntityView;
|
||||
import org.mitre.openid.connect.view.JsonErrorView;
|
||||
import org.mitre.uma.model.Claim;
|
||||
import org.mitre.uma.model.RequiredClaimSet;
|
||||
import org.mitre.uma.model.ResourceSet;
|
||||
import org.mitre.uma.service.ResourceSetService;
|
||||
import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
|
||||
|
|
@ -36,22 +38,19 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.MimeTypeUtils;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.collect.Sets;
|
||||
import com.google.gson.JsonElement;
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParseException;
|
||||
|
|
@ -121,7 +120,35 @@ public class ResourceSetRegistrationEndpoint {
|
|||
m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
|
||||
return JsonErrorView.VIEWNAME;
|
||||
}
|
||||
|
||||
|
||||
////
|
||||
//// TEMP
|
||||
////
|
||||
|
||||
Set<Claim> claims = new HashSet<>();
|
||||
Claim e = new Claim();
|
||||
e.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
||||
e.setName("email");
|
||||
e.setValue("alice@healthauth.org");
|
||||
claims.add(e);
|
||||
|
||||
/* TODO: claims need to be multi-typed
|
||||
Claim ev = new Claim();
|
||||
ev.setIssuer(Sets.newHashSet("https://healthauth.org/"));
|
||||
e.setName("email_verified");
|
||||
ev.setValue(true);
|
||||
claims.add(e);
|
||||
*/
|
||||
RequiredClaimSet reqired = new RequiredClaimSet();
|
||||
reqired.setScopes(rs.getScopes());
|
||||
reqired.setClaimsRequired(claims);
|
||||
|
||||
rs.setRequiredClaimSets(Sets.newHashSet(reqired));
|
||||
////
|
||||
//// END TEMP
|
||||
////
|
||||
|
||||
|
||||
ResourceSet saved = resourceSetService.saveNew(rs);
|
||||
|
||||
m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);
|
||||
|
|
|
|||
Loading…
Reference in New Issue