introduced a claims processor result data shuttle

2015-06-29 11:55:27 -04:00 · 2015-06-29 11:55:27 -04:00 · de9f69e461
parent 2cfaa1c1d7
commit de9f69e461
4 changed files with 110 additions and 11 deletions
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java
@ -0,0 +1,96 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.uma.model;
+
+import java.util.Collection;
+
+/**
+ * Data shuttle to return results of the claims processing service.
+ * 
+ * @author jricher
+ *
+ */
+public class ClaimProcessingResult {
+
+	private boolean satisfied;
+	private Collection<Claim> unmatched;
+	private Policy matched;
+
+	/**
+	 * Create an unmatched result. isSatisfied is false.
+	 * @param unmatched
+	 */
+	public ClaimProcessingResult(Collection<Claim> unmatched) {
+		this.satisfied = false;
+		this.unmatched = unmatched;
+		this.matched = null;
+	}
+	
+	/**
+	 * Create a matched result. isSatisfied is true.
+	 * @param matched
+	 */
+	public ClaimProcessingResult(Policy matched) {
+		this.satisfied = true;
+		this.matched = matched;
+		this.unmatched = null;
+	}
+
+	/**
+	 * @return the satisfied
+	 */
+	public boolean isSatisfied() {
+		return satisfied;
+	}
+
+	/**
+	 * @param satisfied the satisfied to set
+	 */
+	public void setSatisfied(boolean satisfied) {
+		this.satisfied = satisfied;
+	}
+
+	/**
+	 * @return the unmatched
+	 */
+	public Collection<Claim> getUnmatched() {
+		return unmatched;
+	}
+
+	/**
+	 * @param unmatched the unmatched to set
+	 */
+	public void setUnmatched(Collection<Claim> unmatched) {
+		this.unmatched = unmatched;
+	}
+
+	/**
+	 * @return the matched
+	 */
+	public Policy getMatched() {
+		return matched;
+	}
+
+	/**
+	 * @param matched the matched to set
+	 */
+	public void setMatched(Policy matched) {
+		this.matched = matched;
+	}
+	
+}
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java
@ -20,6 +20,7 @@ package org.mitre.uma.service;
 import java.util.Collection;

 import org.mitre.uma.model.Claim;
+import org.mitre.uma.model.ClaimProcessingResult;
 import org.mitre.uma.model.Policy;

 /**
@ -39,8 +40,8 @@ public interface ClaimsProcessingService {
 	 * 
 	 * @param claimsRequired the required claims to check against
 	 * @param claimsSupplied the supplied claims to test
-	 * @return the unmatched claims (if any), an empty set if the claims are satisfied, never null
+	 * @return the result of the claims processing action
 	 */
-	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied);
+	public ClaimProcessingResult claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied);

 }
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
@ -21,6 +21,7 @@ import java.util.Collection;
 import java.util.HashSet;

 import org.mitre.uma.model.Claim;
+import org.mitre.uma.model.ClaimProcessingResult;
 import org.mitre.uma.model.Policy;
 import org.mitre.uma.service.ClaimsProcessingService;
 import org.springframework.stereotype.Service;
@ -32,20 +33,20 @@ import org.springframework.stereotype.Service;
 * @author jricher
 *
 */
-@Service("matchAllClaimsProcessor")
-public class MatchAllClaimsProcessor implements ClaimsProcessingService {
+@Service("matchAllClaimsOnAnyPolicy")
+public class MatchAllClaimsOnAnyPolicy implements ClaimsProcessingService {

 	/* (non-Javadoc)
 	 * @see org.mitre.uma.service.ClaimsProcessingService#claimsAreSatisfied(java.util.Collection, java.util.Collection)
 	 */
 	@Override
-	public Collection<Claim> claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied) {
+	public ClaimProcessingResult claimsAreSatisfied(Collection<Policy> claimsRequired, Collection<Claim> claimsSupplied) {
 		Collection<Claim> allUnmatched = new HashSet<>();
 		for (Policy policy : claimsRequired) {
 			Collection<Claim> unmatched = checkIndividualClaims(policy.getClaimsRequired(), claimsSupplied);
 			if (unmatched.isEmpty()) {
 				// we found something that's satisfied the claims, let's go with it!
-				return unmatched;
+				return new ClaimProcessingResult(policy);
 			} else {
 				// otherwise add it to the stack to send back
 				allUnmatched.addAll(unmatched);
@ -53,7 +54,7 @@ public class MatchAllClaimsProcessor implements ClaimsProcessingService {
 		}
 		
 		// otherwise, tell the caller that we'll need some set of these fulfilled somehow
-		return allUnmatched;
+		return new ClaimProcessingResult(allUnmatched);
 	}

 	private Collection<Claim> checkIndividualClaims(Collection<Claim> claimsRequired, Collection<Claim> claimsSupplied) {
--- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
@ -39,6 +39,7 @@ import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonEntityView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.uma.model.Claim;
+import org.mitre.uma.model.ClaimProcessingResult;
 import org.mitre.uma.model.PermissionTicket;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ClaimsProcessingService;
@ -141,12 +142,12 @@ public class AuthorizationRequestEndpoint {
 					} else {
 						// claims weren't empty or missing, we need to check against what we have
 						
-						Collection<Claim> claimsUnmatched = claimsProcessingService.claimsAreSatisfied(rs.getPolicies(), ticket.getClaimsSupplied());
+						ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs.getPolicies(), ticket.getClaimsSupplied());
 						
 						// we need to downscope this based on the required set that was matched if it was matched
 						
-						if (claimsUnmatched.isEmpty()) {
-							// if the unmatched claims come back empty, by function contract that means we're happy and can issue a token
+						if (result.isSatisfied()) {
+							// the service found what it was looking for, issue a token

 							OAuth2Authentication o2auth = (OAuth2Authentication) auth;
 							
@ -175,7 +176,7 @@ public class AuthorizationRequestEndpoint {
 							rpClaims.addProperty("redirect_user", true);
 							rpClaims.addProperty("ticket", ticketValue);
 							JsonArray req = new JsonArray();
-							for (Claim claim : claimsUnmatched) {
+							for (Claim claim : result.getUnmatched()) {
 								JsonObject c = new JsonObject();
 								c.addProperty("name", claim.getName());
 								c.addProperty("friendly_name", claim.getFriendlyName());