added appropriate filterered and transformative actions to scope service

openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java

@@ -27,4 +27,8 @@ public interface SystemScopeService {
 	
 	public SystemScope save(SystemScope scope);
 	
+	public Set<SystemScope> fromStrings(Set<String> scope);
+	
+	public Set<String> toStrings(Set<SystemScope> scope);
+
 }

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java

@@ -3,6 +3,7 @@
  */
 package org.mitre.oauth2.service.impl;
 
+import java.util.HashSet;
 import java.util.Set;
 
 import javax.annotation.Nullable;
@@ -13,7 +14,10 @@ import org.mitre.oauth2.service.SystemScopeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import com.google.common.base.Function;
 import com.google.common.base.Predicate;
+import com.google.common.base.Predicates;
+import com.google.common.collect.Collections2;
 import com.google.common.collect.Sets;
 
 /**
@@ -43,7 +47,23 @@ public class DefaultSystemScopeService implements SystemScopeService {
         }
 	};
 	
+	private Function<String, SystemScope> stringToSystemScope = new Function<String, SystemScope>() {
+		@Override
+        public SystemScope apply(@Nullable String input) {
+	        return getByValue(input);
+        }
+	};
 	
+	private Function<SystemScope, String> systemScopeToString = new Function<SystemScope, String>() {
+		@Override
+        public String apply(@Nullable SystemScope input) {
+			if (input == null) {
+				return null;
+			} else {
+				return input.getValue();
+			}
+        }
+	};
 	
 	/* (non-Javadoc)
 	 * @see org.mitre.oauth2.service.SystemScopeService#getAll()
@@ -102,6 +122,30 @@ public class DefaultSystemScopeService implements SystemScopeService {
     	return repository.save(scope);
     }
 
+	/* (non-Javadoc)
+	 * @see org.mitre.oauth2.service.SystemScopeService#fromStrings(java.util.Set)
+	 */
+    @Override
+    public Set<SystemScope> fromStrings(Set<String> scope) {
+    	if (scope == null) {
+    		return null;
+    	} else {
+    		return new HashSet<SystemScope>(Collections2.filter(Collections2.transform(scope, stringToSystemScope), Predicates.notNull()));
+    	}
+    }
+
+	/* (non-Javadoc)
+	 * @see org.mitre.oauth2.service.SystemScopeService#toStrings(java.util.Set)
+	 */
+    @Override
+    public Set<String> toStrings(Set<SystemScope> scope) {
+    	if (scope == null) {
+    		return null;
+    	} else {
+    		return new HashSet<String>(Collections2.filter(Collections2.transform(scope, systemScopeToString), Predicates.notNull()));
+    	}
+    }
+
 	
 	
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -12,8 +12,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
+import org.mitre.oauth2.service.SystemScopeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.AuthenticationException;
@@ -45,6 +47,9 @@ public class ClientDynamicRegistrationEndpoint {
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
 
+	@Autowired
+	private SystemScopeService scopeService;
+	
 	/**
 	 * Bind utility data types to their classes
 	 * @param binder
@@ -254,12 +259,22 @@ public class ClientDynamicRegistrationEndpoint {
 		client.setRequireAuthTime(requireAuthTime == null ? false : requireAuthTime.booleanValue());
 		client.setDefaultACR(defaultAcr);
 
-		if (scope != null) {
-			// TODO: check against some kind of scope service for scope validity
-			client.setScope(scope);
-		} else {
-			client.setScope(Sets.newHashSet("openid", "phone", "address", "profile", "email")); // provision all scopes
+		// set of scopes that are OK for clients to dynamically register for
+		Set<SystemScope> dynScopes = scopeService.getDynReg();
+		
+		// scopes that the client is asking for
+		Set<SystemScope> requestedScopes = scopeService.fromStrings(scope);
+		if (requestedScopes == null) {
+			requestedScopes = scopeService.getDefaults();
 		}
+		
+		// the scopes that the client can have must be a subset of the dynamically allowed scopes
+		Set<SystemScope> allowedScopes = Sets.intersection(dynScopes, requestedScopes);
+
+		client.setScope(scopeService.toStrings(allowedScopes));
+		
+		
+		
 		if (grantType != null) {
 			// TODO: check against some kind of grant type service for validity
 			client.setAuthorizedGrantTypes(grantType);
@@ -450,8 +465,16 @@ public class ClientDynamicRegistrationEndpoint {
 			client.setDefaultACR(Strings.emptyToNull(defaultAcr));
 		}
 		if (params.containsKey("scope")) {
-			// TODO: check against some kind of scope service for scope validity
-			client.setScope(scope);
+			// set of scopes that are OK for clients to dynamically register for
+			Set<SystemScope> dynScopes = scopeService.getDynReg();
+			
+			// scopes that the client is asking for
+			Set<SystemScope> requestedScopes = scopeService.fromStrings(scope);
+
+			// the scopes that the client can have must be a subset of the dynamically allowed scopes
+			Set<SystemScope> allowedScopes = Sets.intersection(dynScopes, requestedScopes);
+
+			client.setScope(scopeService.toStrings(allowedScopes));
 		}
 		if (params.containsKey("grant_type")) {
 			// TODO: check against some kind of grant type service for validity