reverted changes related to UMA server

openid-connect-server-webapp/src/main/resources/db/clients.sql

@@ -11,9 +11,7 @@ START TRANSACTION;
 -- 
 
 INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
-	('client', 'secret', 'Test Client', false, null, 3600, 600, true),
-	('rs', 'secret', 'Test UMA RS', false, null, null, 600, false),
-	('c', 'secret', 'Test UMA Client', false, null, null, 600, false);
+	('client', 'secret', 'Test Client', false, null, 3600, 600, true);
 
 INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
 	('client', 'openid'),
@@ -21,9 +19,7 @@ INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
 	('client', 'email'),
 	('client', 'address'),
 	('client', 'phone'),
-	('client', 'offline_access'),
-	('rs', 'uma_protection'),
-	('c', 'uma_authorization');
+	('client', 'offline_access');
 
 INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
 	('client', 'http://localhost/'),
@@ -33,11 +29,7 @@ INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
 	('client', 'authorization_code'),
 	('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
 	('client', 'implicit'),
-	('client', 'refresh_token'),
-	('rs', 'authorization_code'),
-	('rs', 'implicit'),
-	('c', 'authorization_code'),
-	('c', 'implicit');
+	('client', 'refresh_token');
 	
 --
 -- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.

openid-connect-server-webapp/src/main/resources/db/scopes.sql

@@ -16,9 +16,7 @@ INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_sco
   ('email', 'email address', 'envelope', false, true, false, null),
   ('address', 'physical address', 'home', false, true, false, null),
   ('phone', 'telephone number', 'bell', false, true, false, null),
-  ('offline_access', 'offline access', 'time', false, false, false, null),
-  ('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null),
-  ('uma_authorization', 'request access to protected resources', 'share', false, false, false, null);
+  ('offline_access', 'offline access', 'time', false, false, false, null);
   
 --
 -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

@@ -119,24 +119,6 @@
 		<security:intercept-url pattern="/resource/**" access="permitAll"/>
 	</security:http>
 
-	<security:http pattern="/#{T(org.mitre.uma.web.ResourceSetRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
-	</security:http>
-
-	<security:http pattern="/#{T(org.mitre.uma.web.PermissionRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
-	</security:http>
-	
-	<security:http pattern="/#{T(org.mitre.uma.web.AuthorizationRequestEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
-	</security:http>
-
 	<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
@@ -154,7 +136,7 @@
 			create-session="stateless"
 			authentication-manager-ref="clientAuthenticationManager">
 		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
-		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
+<!-- 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> -->
 		<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
 		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
 		<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />

openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag

@@ -14,7 +14,6 @@
 <li><a href="manage/#user/approved" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.approved_sites"/></a></li>
 <li><a href="manage/#user/tokens" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.active_tokens"/></a></li>
 <li><a href="manage/#user/profile" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.profile_information"/></a></li>
-<li><a href="manage/#user/policy" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.resource_policies"/></a></li>
 <li class="divider"></li>
 <li class="nav-header"><spring:message code="sidebar.developer.title"/></li>
 <li><a href="manage/#dev/dynreg" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.developer.client_registration"/></a><li>

openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag

@@ -30,7 +30,6 @@
 	<script type="text/javascript" src="resources/js/dynreg.js"></script>
 	<script type="text/javascript" src="resources/js/rsreg.js"></script>
 	<script type="text/javascript" src="resources/js/token.js"></script>
-	<script type="text/javascript" src="resources/js/policy.js"></script>
 	<script type="text/javascript" src="resources/js/admin.js"></script>
 </c:if>
 <script type="text/javascript" src="resources/js/lib/retina.js"></script>

openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml

@@ -29,97 +29,6 @@
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">
 
-
-	<!-- Support for external OIDC logins for claims gathering -->
-
-	<mvc:view-controller path="/external_login" view-name="external_login" />
-	
-	<security:http pattern="/external_login**" use-expressions="true" entry-point-ref="http403EntryPoint">
-		<security:intercept-url pattern="/external_login**" access="permitAll"/>	
-	</security:http>
-
-	<security:http disable-url-rewriting="true" use-expressions="true"
-			auto-config="false" entry-point-ref="externalAuthenticationEntryPoint"
-			pattern="/#{T(org.mitre.uma.web.ClaimsCollectionEndpoint).URL}**"> 
-
-		<security:logout logout-url="/logout" />
-		<security:expression-handler ref="oauthWebExpressionHandler" />
-	</security:http>	
-
-	<bean id="externalAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
-		<property name="loginFormUrl" value="/openid_connect_login" />
-	</bean>
-
-	<security:authentication-manager id="externalAuthenticationManager">
-		<security:authentication-provider ref="externalAuthenticationProvider" />
-	</security:authentication-manager>
-
-	<bean id="externalAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
-		<property name="authoritiesMapper">
-			<bean class="org.mitre.uma.util.ExternalLoginAuthoritiesMapper" />
-		</property>
-	</bean>
-
-	<bean id="externalAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
-		<property name="authenticationManager" ref="externalAuthenticationManager" />
-
-		<property name="issuerService" ref="hybridIssuerService" />
-		<property name="serverConfigurationService" ref="dynamicServerConfigurationService" />
-		<property name="clientConfigurationService" ref="dynamicClientConfigurationService" />
-		<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
-		<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
-		
-	</bean>
-
-	<bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
-		<property name="loginPageUrl" value="external_login" />
-	</bean>
-
-	<bean class="org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService" id="dynamicServerConfigurationService" />
-
-	<bean class="org.mitre.openid.connect.client.service.impl.DynamicRegistrationClientConfigurationService" id="dynamicClientConfigurationService">
-		<property name="template">
-			<bean class="org.mitre.oauth2.model.RegisteredClient">
-				<property name="clientName" value="HealthAuth Authorization Server" />
-				<property name="scope">
-					<set value-type="java.lang.String">
-						<value>openid</value>
-						<value>profile</value>
-						<value>email</value>
-						<value>phone</value>
-						<value>address</value>
-					</set>
-				</property>
-				<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
-				<property name="redirectUris">
-					<set>
-						<value>#{configBean.issuer + "openid_connect_login"}</value>
-					</set>
-				</property>
-			</bean>
-		</property>
-		<!-- 
-			Registered Client Service. Uncomment this to save dynamically registered clients out to a
-			file on disk (indicated by the filename property) or replace this with another implementation
-			of RegisteredClientService. This defaults to an in-memory implementation of RegisteredClientService
-			which will forget and re-register all clients on restart.
-		-->
-		<!--
-		<property name="registeredClientService">
-			<bean class="org.mitre.openid.connect.client.service.impl.JsonFileRegisteredClientService">
-				<constructor-arg name="filename" value="/tmp/simple-web-app-clients.json" />
-			</bean>
-		</property>
-		 -->
-	</bean>
-
-	<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService" />
-
-	<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
-
-
-	<!-- Standard configuration -->
-
 	<security:authentication-manager alias="authenticationManager">
 		<security:authentication-provider>
 			<security:jdbc-user-service data-source-ref="dataSource"/>
@@ -127,16 +36,14 @@
 	</security:authentication-manager>
 		
 	<mvc:view-controller path="/login" view-name="login" />
-	
-	
+
 	<security:http pattern="/login**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/login**" access="permitAll"/>	
 	</security:http>
-
+	
 	<security:http disable-url-rewriting="true" use-expressions="true"> 
 		<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
 		<security:intercept-url pattern="/**" access="permitAll" />
-		<security:custom-filter before="PRE_AUTH_FILTER" ref="externalAuthenticationFilter" />
 		<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
 		<security:logout logout-url="/logout" />
 		<security:anonymous />

openid-connect-server-webapp/src/main/webapp/resources/js/admin.js

@@ -503,8 +503,6 @@ var AppRouter = Backbone.Router.extend({
         "user/approved":"approvedSites",
         "user/tokens":"tokens",
         "user/profile":"profile",
-        "user/policy":"policy",
-        "user/policy/:rsid":"editPolicy",
         
         "dev/dynreg":"dynReg",
         "dev/dynreg/new":"newDynReg",
@@ -536,7 +534,6 @@ var AppRouter = Backbone.Router.extend({
         this.clientStats = new StatsModel(); 
         this.accessTokensList = new AccessTokenCollection();
         this.refreshTokensList = new RefreshTokenCollection();
-        this.resourceSetList = new ResourceSetCollection();
                 
         this.breadCrumbView = new BreadCrumbView({
             collection:new Backbone.Collection()
@@ -1071,62 +1068,13 @@ var AppRouter = Backbone.Router.extend({
     
         this.updateSidebar('user/profile');
         
-    	var view = new UserProfileView({model: getUserInfo()});
-    	$('#content').html(view.render().el);
+    	this.userProfileView = new UserProfileView({model: getUserInfo()});
+    	$('#content').html(this.userProfileView.render().el);
     	
     	setPageTitle($.t('admin.user-profile.show'));
     	
     },
     
-    policy:function() {
-    	this.breadCrumbView.collection.reset();
-    	this.breadCrumbView.collection.add([
-	        {text:$.t('admin.home'), href:""},
-	        {text:$.t('policy.resource-sets'), href:"manage/#user/policy"}
-    	]);
-    	
-    	this.updateSidebar('user/policy');
-    	
-    	var view = new ResourceSetListView({model: this.resourceSetList, clientList: this.clientList, systemScopeList: this.systemScopeList});
-
-    	view.load(function() {
-    		$('#content').html(view.render().el);
-    		setPageTitle($.t('policy.resource-sets'));
-    	});
-    	
-    },
-    
-    editPolicy:function(rsid) {
-    	this.breadCrumbView.collection.reset();
-    	this.breadCrumbView.collection.add([
-	        {text:$.t('admin.home'), href:""},
-	        {text:$.t('policy.resource-sets'), href:"manage/#user/policy"},
-	        {text:$.t('policy.edit-policy'), href:"manage/#user/policy/" + rsid}
-    	]);
-    	
-    	this.updateSidebar('user/policy');
-    	
-    	var rs = this.resourceSetList.get(rsid);
-    	if (rs == null) {
-    		// need to load it directly
-    		var claims = new ClaimCollection();
-    	} else {
-    		// the resource set is loaded, preload the claims
-    		var claims = new ClaimCollection(rs.get('claimsRequired'));
-    		claims.isFetched = true;
-    	}
-    	// set the URL for the collection
-    	claims.url = 'api/claims/' + rsid;
-    	
-    	var view = new ClaimListView({model: claims, rs: rs});
-    	
-    	view.load(function() {
-    		$('#content').html(view.render().el);
-    		setPageTitle($.t('policy.edit-policy'));
-    	});
-    	
-    },
-    
     updateSidebar:function(item) {
     	$('.sidebar-nav li.active').removeClass('active');
     	
@@ -1154,8 +1102,7 @@ $(function () {
     		$.get('resources/template/whitelist.html', _load),
     		$.get('resources/template/dynreg.html', _load),
     		$.get('resources/template/rsreg.html', _load),
-    		$.get('resources/template/token.html', _load),
-    		$.get('resources/template/policy.html', _load)
+    		$.get('resources/template/token.html', _load)
     		).done(function() {
     		    $.ajaxSetup({cache:false});
     		    app = new AppRouter();

openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json

@@ -17,8 +17,7 @@
             "show": "View User Profile",
             "text": "Your user profile has the following information:",
             "value": "Claim value:"
-        },
-        "policies": "Manage Protected Resource Policies"
+        }
     },
     "client": {
         "client-form": {
@@ -338,29 +337,6 @@
         "whitelist-table": {
             "no-sites": "There are no whitelisted sites. Use the <strong>whitelist</strong> button on the client management page to create one."
         }
-    },
-    "policy" : {
-    	"resource-sets": "Resource Sets",
-    	"edit-policy": "Edit Policy",
-    	"required-claims": "Required Claims",
-    	"policy-table": {
-    		"confirm": "Are you sure you want to delete this resource set?",
-    		"delete": "Delete",
-    		"edit": "Edit Policies",
-    		"email-address": "email address",
-    		"required-claims": "Users that you share this resource will with need to be able to present the following claims in order to access the resource.",
-    		"no-resource-sets": "There are no resource sets registered. Introduce a protected to this authorization server to let it register some.",
-    		"no-required-claims": "There are no required claims for this resource set: This resource set is inaccessible by others.",
-    		"share-email": "Share with email address",
-    		"shared-with": "Shared with:",
-    		"shared-nobody": "NOBODY",
-    		"shared-nobody-tooltip": "This resource is not accessible by anyone else, edit the policies and share it with someone.",
-    		"issuers": "Issuers",
-    		"claim": "Claim",
-    		"value": "Value"
-    	},
-    	"webfinger-error": "Error",
-    	"webfinger-error-description": "The server was unable to find an identity provider for <code>__email__</code>."
     },
 	"copyright": "Powered by <a href=\"https://github.com/mitreid-connect/\">MITREid Connect <span class=\"label\">{0}</span></a> <span class=\"pull-right\">&copy; 2015 The MITRE Corporation and MIT KIT.</span>.",
 	"about": {
@@ -420,8 +396,7 @@
 			"title": "Personal",
 			"approved_sites": "Manage Approved Sites",
 			"active_tokens": "Manage Active Tokens",
-			"profile_information": "View Profile Information",
-			"resource_policies": "Manage Protected Resource Policies"
+			"profile_information": "View Profile Information"
 		},
 		"developer": {
 			"title": "Developer",

pom.xml

@@ -510,11 +510,6 @@
 				<version>3.9</version>
 			</dependency>
 
-			<dependency>
-				<groupId>org.mitre</groupId>
-				<artifactId>openid-connect-client</artifactId>
-				<version>${project.version}</version>
-			</dependency>
 		</dependencies>
 	</dependencyManagement>
 
@@ -573,4 +568,4 @@
 		</profile>
 	</profiles>
 
-</project>
+</project>