From b8a54869953080a2b516363647bbdb1e2517e40d Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Fri, 26 Jun 2015 17:17:51 -0400
Subject: [PATCH] made required claims sets stick in the database

---
 .../org/mitre/uma/model/RequiredClaimSet.java | 22 ++++++++++-
 .../db/tables/hsql_database_tables.sql        |  3 +-
 .../service/impl/MatchAllClaimsProcessor.java |  1 +
 .../web/PermissionRegistrationEndpoint.java   |  2 +-
 .../web/ResourceSetRegistrationEndpoint.java  | 37 ++++++++++++++++---
 5 files changed, 56 insertions(+), 9 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
index e00f278f3..8553c7958 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/RequiredClaimSet.java
@@ -20,6 +20,7 @@ package org.mitre.uma.model;
 import java.util.Collection;
 import java.util.Set;
 
+import javax.persistence.Basic;
 import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
@@ -45,6 +46,7 @@ import javax.persistence.Table;
 public class RequiredClaimSet {
 
 	private Long id;
+	private String name;
 	private Collection<Claim> claimsRequired;
 	private Set<String> scopes;
 	
@@ -65,13 +67,29 @@ public class RequiredClaimSet {
 		this.id = id;
 	}
 	
+	/**
+	 * @return the name
+	 */
+	@Basic
+	@Column(name = "name")
+	public String getName() {
+		return name;
+	}
+
+	/**
+	 * @param name the name to set
+	 */
+	public void setName(String name) {
+		this.name = name;
+	}
+
 	/**
 	 * @return the claimsRequired
 	 */
 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
 	@JoinTable(
-			name = "claim_to_permission_ticket",
-			joinColumns = @JoinColumn(name = "permission_ticket_id"),
+			name = "claim_to_claim_set",
+			joinColumns = @JoinColumn(name = "required_claim_set_id"),
 			inverseJoinColumns = @JoinColumn(name = "claim_id")
 	)
 	public Collection<Claim> getClaimsRequired() {
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
index 87cae376a..0efd36295 100644
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@@ -327,7 +327,8 @@ CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
 
 CREATE TABLE IF NOT EXISTS required_claim_set (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	resource_set_id BIGINT NOT NULL
+	name VARCHAR(1024),
+	resource_set_id BIGINT
 );
 
 CREATE TABLE IF NOT EXISTS required_claim_set_scope (
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
index 54106cb5e..f640ed9c6 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsProcessor.java
@@ -47,6 +47,7 @@ public class MatchAllClaimsProcessor implements ClaimsProcessingService {
 				// we found something that's satisfied the claims, let's go with it!
 				return unmatched;
 			} else {
+				// otherwise add it to the stack to send back
 				allUnmatched.addAll(unmatched);
 			}
 		}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
index e63fd7858..456a4add0 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
@@ -97,7 +97,7 @@ public class PermissionRegistrationEndpoint {
 				if (rsid == null || scopes == null || scopes.isEmpty()){
 					// missing information
 					m.addAttribute("code", HttpStatus.BAD_REQUEST);
-					m.addAttribute("errorMessage", "Missing required component of resource registration request.");
+					m.addAttribute("errorMessage", "Missing required component of permission registration request.");
 					return JsonErrorView.VIEWNAME;
 				}
 				
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
index 914170140..584abecf3 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
@@ -28,6 +28,8 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
+import org.mitre.uma.model.Claim;
+import org.mitre.uma.model.RequiredClaimSet;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
@@ -36,22 +38,19 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.common.base.Strings;
+import com.google.common.collect.Sets;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
@@ -121,7 +120,35 @@ public class ResourceSetRegistrationEndpoint {
 			m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
 			return JsonErrorView.VIEWNAME;
 		}
-				
+
+		////
+		//// TEMP
+		////
+		
+		Set<Claim> claims = new HashSet<>();
+		Claim e = new Claim();
+		e.setIssuer(Sets.newHashSet("https://healthauth.org/"));
+		e.setName("email");
+		e.setValue("alice@healthauth.org");
+		claims.add(e);
+		
+		/* TODO: claims need to be multi-typed
+		Claim ev = new Claim();
+		ev.setIssuer(Sets.newHashSet("https://healthauth.org/"));
+		e.setName("email_verified");
+		ev.setValue(true);
+		claims.add(e);
+		*/
+		RequiredClaimSet reqired = new RequiredClaimSet();
+		reqired.setScopes(rs.getScopes());
+		reqired.setClaimsRequired(claims);
+		
+		rs.setRequiredClaimSets(Sets.newHashSet(reqired));
+		////
+		//// END TEMP
+		////
+		
+		
 		ResourceSet saved = resourceSetService.saveNew(rs);
 		
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);