github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added scope consistent check to resource set service

pull/820/merge
Justin Richer 2015-07-01 18:23:55 -04:00
parent 6703db234d
commit d7af4b2cf9
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
View File

@ -19,6 +19,7 @@ package org.mitre.uma.service.impl;
import java.util.Collection;
import org.mitre.uma.model.Policy;
import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.repository.ResourceSetRepository;
import org.mitre.uma.service.ResourceSetService;
@ -48,6 +49,10 @@ public class DefaultResourceSetService implements ResourceSetService {
throw new IllegalArgumentException("Can't save a new resource set with an ID already set to it.");
}
if (!checkScopeConsistency(rs)) {
throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
}
ResourceSet saved = repository.save(rs);
return saved;
@ -69,6 +74,10 @@ public class DefaultResourceSetService implements ResourceSetService {
}
if (!checkScopeConsistency(newRs)) {
throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
}
newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates
@ -93,6 +102,14 @@ public class DefaultResourceSetService implements ResourceSetService {
return repository.getAllForOwnerAndClient(owner, clientId);
}
private boolean checkScopeConsistency(ResourceSet rs) {
for (Policy policy : rs.getPolicies()) {
if (!rs.getScopes().containsAll(policy.getScopes())) {
return false;
}
}
// we've checked everything, we're good
return true;
}
}