diff --git a/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
index 52081b686..2475d8358 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
@@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
-CREATE TABLE IF NOT EXISTS access_token_permissions (
- access_token_id BIGINT NOT NULL,
- permission_id BIGINT NOT NULL
-);
-
CREATE TABLE IF NOT EXISTS address (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
formatted VARCHAR(256),
@@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
-CREATE TABLE IF NOT EXISTS resource_set (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- name VARCHAR(1024) NOT NULL,
- uri VARCHAR(1024),
- icon_uri VARCHAR(1024),
- rs_type VARCHAR(256),
- owner VARCHAR(256) NOT NULL,
- client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- ticket VARCHAR(256) NOT NULL,
- permission_id BIGINT NOT NULL,
- expiration TIMESTAMP
-);
-
-CREATE TABLE IF NOT EXISTS permission (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- name VARCHAR(256),
- friendly_name VARCHAR(1024),
- claim_type VARCHAR(1024),
- claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
- policy_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
- permission_ticket_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- name VARCHAR(1024),
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
- owner_id BIGINT NOT NULL,
- claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
- owner_id BIGINT NOT NULL,
- issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
- id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
- issuer VARCHAR(1024),
- registered_client VARCHAR(8192)
-);
-
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
device_code VARCHAR(1024),
diff --git a/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
index 08d774c73..6641c04a6 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@@ -13,11 +13,6 @@ CREATE TABLE IF NOT EXISTS access_token (
approved_site_id BIGINT
);
-CREATE TABLE IF NOT EXISTS access_token_permissions (
- access_token_id BIGINT NOT NULL,
- permission_id BIGINT NOT NULL
-);
-
CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
@@ -87,7 +82,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
- authenticated BOOLEAN,
+ authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@@ -283,83 +278,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
-CREATE TABLE IF NOT EXISTS resource_set (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- name VARCHAR(1024) NOT NULL,
- uri VARCHAR(1024),
- icon_uri VARCHAR(1024),
- rs_type VARCHAR(256),
- owner VARCHAR(256) NOT NULL,
- client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- ticket VARCHAR(256) NOT NULL,
- permission_id BIGINT NOT NULL,
- expiration TIMESTAMP NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- name VARCHAR(256),
- friendly_name VARCHAR(1024),
- claim_type VARCHAR(1024),
- claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
- policy_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
- permission_ticket_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- name VARCHAR(1024),
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
- owner_id BIGINT NOT NULL,
- claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
- owner_id BIGINT NOT NULL,
- issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
- id BIGINT AUTO_INCREMENT PRIMARY KEY,
- issuer VARCHAR(1024),
- registered_client VARCHAR(8192)
-);
-
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),
diff --git a/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql b/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
index 27a77d0f1..74c8c8ffe 100644
--- a/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
+++ b/perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
@@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
-CREATE TABLE IF NOT EXISTS access_token_permissions (
- access_token_id BIGINT NOT NULL,
- permission_id BIGINT NOT NULL
-);
-
CREATE TABLE IF NOT EXISTS address (
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
@@ -88,7 +83,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGSERIAL PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
- authenticated BOOLEAN,
+ authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
-CREATE TABLE IF NOT EXISTS resource_set (
- id BIGSERIAL PRIMARY KEY,
- name VARCHAR(1024) NOT NULL,
- uri VARCHAR(1024),
- icon_uri VARCHAR(1024),
- rs_type VARCHAR(256),
- owner VARCHAR(256) NOT NULL,
- client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
- id BIGSERIAL PRIMARY KEY,
- ticket VARCHAR(256) NOT NULL,
- permission_id BIGINT NOT NULL,
- expiration TIMESTAMP
-);
-
-CREATE TABLE IF NOT EXISTS permission (
- id BIGSERIAL PRIMARY KEY,
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
- id BIGSERIAL PRIMARY KEY,
- name VARCHAR(256),
- friendly_name VARCHAR(1024),
- claim_type VARCHAR(1024),
- claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
- policy_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
- permission_ticket_id BIGINT NOT NULL,
- claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
- id BIGSERIAL PRIMARY KEY,
- name VARCHAR(1024),
- resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
- owner_id BIGINT NOT NULL,
- scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
- owner_id BIGINT NOT NULL,
- claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
- owner_id BIGINT NOT NULL,
- issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
- id BIGSERIAL PRIMARY KEY,
- issuer VARCHAR(1024),
- registered_client VARCHAR(8192)
-);
-
CREATE TABLE IF NOT EXISTS device_code (
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
@@ -381,4 +299,3 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
param VARCHAR(2048),
val VARCHAR(2048)
);
-
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
index 1ceefc1be..4e47c2574 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
@@ -20,20 +20,29 @@
*/
package cz.muni.ics.oauth2.model;
-import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_APPROVED_SITE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_CLIENT;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_DATE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_NAME;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_ALL;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_CLIENT;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_NAME;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import cz.muni.ics.openid.connect.model.ApprovedSite;
-import cz.muni.ics.uma.model.Permission;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
@@ -44,11 +53,9 @@ import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@@ -96,9 +103,6 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
@NamedQuery(name = QUERY_BY_APPROVED_SITE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
- @NamedQuery(name = QUERY_BY_RESOURCE_SET,
- query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
- "WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2AccessTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
@@ -160,12 +164,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@CascadeOnDelete
private Set<String> scope;
- @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
- @JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
- inverseJoinColumns = @JoinColumn(name = "permission_id"))
- @CascadeOnDelete
- private Set<Permission> permissions;
-
@ManyToOne
@JoinColumn(name = "approved_site_id")
private ApprovedSite approvedSite;
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java
index 4ddbaf5b1..c9a0cb028 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java
@@ -22,7 +22,6 @@ import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.openid.connect.model.ApprovedSite;
-import cz.muni.ics.uma.model.ResourceSet;
import java.util.List;
import java.util.Set;
@@ -68,8 +67,6 @@ public interface OAuth2TokenRepository {
Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
- Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
-
/**
* removes duplicate access tokens.
*
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index ce64890dd..36a8f647d 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -26,7 +26,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.repository.OAuth2TokenRepository;
import cz.muni.ics.openid.connect.model.ApprovedSite;
-import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.util.jpa.JpaUtil;
import java.text.ParseException;
import java.util.ArrayList;
@@ -222,13 +221,6 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
}
- @Override
- public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs) {
- TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId());
- return new LinkedHashSet<>(query.getResultList());
- }
-
@Override
@Transactional(value="defaultTransactionManager")
public void clearDuplicateAccessTokens() {
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
index e18bd1257..3ee84c1b0 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
@@ -19,11 +19,11 @@ import static com.google.common.collect.Maps.newLinkedHashMap;
import com.google.common.base.Joiner;
import com.google.common.collect.Sets;
+import com.google.common.collect.Sets;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
-import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.util.Map;
import java.util.Set;
@@ -46,26 +46,9 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
result.put(ACTIVE, true);
- if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) {
- Set<Object> permissions = Sets.newHashSet();
-
- for (Permission perm : accessToken.getPermissions()) {
- Map<String, Object> o = newLinkedHashMap();
- o.put("resource_set_id", perm.getResourceSet().getId().toString());
- Set<String> scopes = Sets.newHashSet(perm.getScopes());
- o.put("scopes", scopes);
- permissions.add(o);
- }
-
- result.put("permissions", permissions);
-
- } else {
- Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
-
- result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
-
- }
+ Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
+ result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
if (accessToken.getExpiration() != null) {
try {
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index 6cca58027..a668754a1 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -36,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
-import cz.muni.ics.uma.model.ResourceSet;
-import cz.muni.ics.uma.service.ResourceSetService;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.ArrayList;
@@ -83,9 +81,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
@Autowired
private SystemScopeService scopeService;
- @Autowired
- private ResourceSetService resourceSetService;
-
@Autowired
private ConfigurationPropertiesBean config;
@@ -354,12 +349,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
whitelistedSiteService.remove(whitelistedSite);
}
- // clear out resource sets registered for this client
- Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client);
- for (ResourceSet rs : resourceSets) {
- resourceSetService.remove(rs);
- }
-
// take care of the client itself
clientRepository.deleteClient(client);
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java
index 43f0c3672..f70d89557 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java
@@ -30,9 +30,6 @@ import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.openid.connect.service.UserInfoService;
import cz.muni.ics.openid.connect.view.HttpCodeView;
import cz.muni.ics.openid.connect.view.JsonEntityView;
-import cz.muni.ics.uma.model.ResourceSet;
-import cz.muni.ics.uma.service.ResourceSetService;
-import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -68,9 +65,6 @@ public class IntrospectionEndpoint {
@Autowired
private UserInfoService userInfoService;
- @Autowired
- private ResourceSetService resourceSetService;
-
public IntrospectionEndpoint() {
}
@@ -101,15 +95,6 @@ public class IntrospectionEndpoint {
String ownerId = o2a.getUserAuthentication().getName();
authScopes.addAll(authClient.getScope());
-
- // UMA style clients also get a subset of scopes of all the resource sets they've registered
- Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId);
-
- // collect all the scopes
- for (ResourceSet rs : resourceSets) {
- authScopes.addAll(rs.getScopes());
- }
-
} else {
// the client authenticated directly, make sure it's got the right access
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DummyResourceSetService.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DummyResourceSetService.java
deleted file mode 100644
index 2d711252d..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DummyResourceSetService.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.openid.connect.service.impl;
-
-import cz.muni.ics.oauth2.model.ClientDetailsEntity;
-import cz.muni.ics.uma.model.ResourceSet;
-import cz.muni.ics.uma.service.ResourceSetService;
-import java.util.Collection;
-import java.util.Collections;
-import org.springframework.stereotype.Service;
-
-/**
- * Dummy resource set service that doesn't do anything; acts as a stub for the
- * introspection service when the UMA functionality is disabled.
- *
- * @author jricher
- *
- */
-@Service
-public class DummyResourceSetService implements ResourceSetService {
-
- @Override
- public ResourceSet saveNew(ResourceSet rs) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public ResourceSet getById(Long id) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void remove(ResourceSet rs) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Collection<ResourceSet> getAllForOwner(String owner) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId) {
- return Collections.emptySet();
- }
-
- @Override
- public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
- return Collections.emptySet();
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Claim.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Claim.java
deleted file mode 100644
index f12eedc48..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Claim.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import com.google.gson.JsonElement;
-import cz.muni.ics.oauth2.model.convert.JsonElementStringConverter;
-import java.util.Set;
-import javax.persistence.Basic;
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.Convert;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.Table;
-
-/**
- * @author jricher
- */
-@Entity
-@Table(name = "claim")
-public class Claim {
-
- private Long id;
- private String name;
- private String friendlyName;
- private String claimType;
- private JsonElement value;
- private Set<String> claimTokenFormat;
- private Set<String> issuer;
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @Basic
- @Column(name = "name")
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
-
- @Basic
- @Column(name = "friendly_name")
- public String getFriendlyName() {
- return friendlyName;
- }
-
- public void setFriendlyName(String friendlyName) {
- this.friendlyName = friendlyName;
- }
-
- @Basic
- @Column(name = "claim_type")
- public String getClaimType() {
- return claimType;
- }
-
- public void setClaimType(String claimType) {
- this.claimType = claimType;
- }
-
- @ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "claim_token_format")
- @CollectionTable(name = "claim_token_format", joinColumns = @JoinColumn(name = "owner_id"))
- public Set<String> getClaimTokenFormat() {
- return claimTokenFormat;
- }
-
- public void setClaimTokenFormat(Set<String> claimTokenFormat) {
- this.claimTokenFormat = claimTokenFormat;
- }
-
- @ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "issuer")
- @CollectionTable(name = "claim_issuer", joinColumns = @JoinColumn(name = "owner_id"))
- public Set<String> getIssuer() {
- return issuer;
- }
-
- public void setIssuer(Set<String> issuer) {
- this.issuer = issuer;
- }
-
- @Basic
- @Column(name = "claim_value")
- @Convert(converter = JsonElementStringConverter.class)
- public JsonElement getValue() {
- return value;
- }
-
- public void setValue(JsonElement value) {
- this.value = value;
- }
-
- @Override
- public String toString() {
- return "Claim [id=" + id + ", name=" + name + ", friendlyName=" + friendlyName + ", claimType=" + claimType + ", value=" + value + ", claimTokenFormat=" + claimTokenFormat + ", issuer=" + issuer + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((claimTokenFormat == null) ? 0 : claimTokenFormat.hashCode());
- result = prime * result + ((claimType == null) ? 0 : claimType.hashCode());
- result = prime * result + ((friendlyName == null) ? 0 : friendlyName.hashCode());
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- result = prime * result + ((issuer == null) ? 0 : issuer.hashCode());
- result = prime * result + ((name == null) ? 0 : name.hashCode());
- result = prime * result + ((value == null) ? 0 : value.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- Claim other = (Claim) obj;
- if (claimTokenFormat == null) {
- if (other.claimTokenFormat != null) {
- return false;
- }
- } else if (!claimTokenFormat.equals(other.claimTokenFormat)) {
- return false;
- }
- if (claimType == null) {
- if (other.claimType != null) {
- return false;
- }
- } else if (!claimType.equals(other.claimType)) {
- return false;
- }
- if (friendlyName == null) {
- if (other.friendlyName != null) {
- return false;
- }
- } else if (!friendlyName.equals(other.friendlyName)) {
- return false;
- }
- if (id == null) {
- if (other.id != null) {
- return false;
- }
- } else if (!id.equals(other.id)) {
- return false;
- }
- if (issuer == null) {
- if (other.issuer != null) {
- return false;
- }
- } else if (!issuer.equals(other.issuer)) {
- return false;
- }
- if (name == null) {
- if (other.name != null) {
- return false;
- }
- } else if (!name.equals(other.name)) {
- return false;
- }
- if (value == null) {
- return other.value == null;
- } else return value.equals(other.value);
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ClaimProcessingResult.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ClaimProcessingResult.java
deleted file mode 100644
index 190034aaf..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ClaimProcessingResult.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import java.util.Collection;
-
-/**
- * Data shuttle to return results of the claims processing service.
- *
- * @author jricher
- */
-public class ClaimProcessingResult {
-
- private boolean satisfied;
- private Collection<Claim> unmatched;
- private Policy matched;
-
- public ClaimProcessingResult(Collection<Claim> unmatched) {
- this.satisfied = false;
- this.unmatched = unmatched;
- this.matched = null;
- }
-
- public ClaimProcessingResult(Policy matched) {
- this.satisfied = true;
- this.matched = matched;
- this.unmatched = null;
- }
-
- public boolean isSatisfied() {
- return satisfied;
- }
-
- public void setSatisfied(boolean satisfied) {
- this.satisfied = satisfied;
- }
-
- public Collection<Claim> getUnmatched() {
- return unmatched;
- }
-
- public void setUnmatched(Collection<Claim> unmatched) {
- this.unmatched = unmatched;
- }
-
- public Policy getMatched() {
- return matched;
- }
-
- public void setMatched(Policy matched) {
- this.matched = matched;
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Permission.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Permission.java
deleted file mode 100644
index 57e371bbe..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Permission.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import java.util.Set;
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.ManyToOne;
-import javax.persistence.Table;
-
-/**
- * @author jricher
- */
-@Entity
-@Table(name = "permission")
-public class Permission {
-
- private Long id;
- private ResourceSet resourceSet;
- private Set<String> scopes;
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @ManyToOne(fetch = FetchType.EAGER)
- @JoinColumn(name = "resource_set_id")
- public ResourceSet getResourceSet() {
- return resourceSet;
- }
-
- public void setResourceSet(ResourceSet resourceSet) {
- this.resourceSet = resourceSet;
- }
-
- @ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "scope")
- @CollectionTable(name = "permission_scope", joinColumns = @JoinColumn(name = "owner_id"))
- public Set<String> getScopes() {
- return scopes;
- }
-
- public void setScopes(Set<String> scopes) {
- this.scopes = scopes;
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/PermissionTicket.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/PermissionTicket.java
deleted file mode 100644
index 39856f156..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/PermissionTicket.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import java.util.Collection;
-import java.util.Date;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
-import javax.persistence.OneToOne;
-import javax.persistence.Table;
-import javax.persistence.Temporal;
-import javax.persistence.TemporalType;
-
-/**
- *
- * An UMA permission, used in the protection API.
- *
- * @author jricher
- *
- */
-@Entity
-@Table(name = "permission_ticket")
-@NamedQueries({
- @NamedQuery(name = PermissionTicket.QUERY_TICKET, query = "select p from PermissionTicket p where p.ticket = :" + PermissionTicket.PARAM_TICKET),
- @NamedQuery(name = PermissionTicket.QUERY_ALL, query = "select p from PermissionTicket p"),
- @NamedQuery(name = PermissionTicket.QUERY_BY_RESOURCE_SET, query = "select p from PermissionTicket p where p.permission.resourceSet.id = :" + PermissionTicket.PARAM_RESOURCE_SET_ID)
-})
-public class PermissionTicket {
-
- public static final String QUERY_TICKET = "PermissionTicket.queryByTicket";
- public static final String QUERY_ALL = "PermissionTicket.queryAll";
- public static final String QUERY_BY_RESOURCE_SET = "PermissionTicket.queryByResourceSet";
-
- public static final String PARAM_TICKET = "ticket";
- public static final String PARAM_RESOURCE_SET_ID = "rsid";
-
- private Long id;
- private Permission permission;
- private String ticket;
- private Date expiration;
- private Collection<Claim> claimsSupplied;
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @OneToOne(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
- @JoinColumn(name = "permission_id")
- public Permission getPermission() {
- return permission;
- }
-
- public void setPermission(Permission permission) {
- this.permission = permission;
- }
-
- @Basic
- @Column(name = "ticket")
- public String getTicket() {
- return ticket;
- }
-
- public void setTicket(String ticket) {
- this.ticket = ticket;
- }
-
- @Basic
- @Temporal(TemporalType.TIMESTAMP)
- @Column(name = "expiration")
- public Date getExpiration() {
- return expiration;
- }
-
- public void setExpiration(Date expiration) {
- this.expiration = expiration;
- }
-
- @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
- @JoinTable(name = "claim_to_permission_ticket", joinColumns = @JoinColumn(name = "permission_ticket_id"),
- inverseJoinColumns = @JoinColumn(name = "claim_id"))
- public Collection<Claim> getClaimsSupplied() {
- return claimsSupplied;
- }
-
- public void setClaimsSupplied(Collection<Claim> claimsSupplied) {
- this.claimsSupplied = claimsSupplied;
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Policy.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Policy.java
deleted file mode 100644
index e1c8a20c3..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Policy.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import java.util.Collection;
-import java.util.Set;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
-
-/**
- * A set of claims required to fulfill a given permission.
- *
- * @author jricher
- */
-@Entity
-@Table(name = "policy")
-public class Policy {
-
- private Long id;
- private String name;
- private Collection<Claim> claimsRequired;
- private Set<String> scopes;
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @Basic
- @Column(name = "name")
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
- @JoinTable(name = "claim_to_policy", joinColumns = @JoinColumn(name = "policy_id"),
- inverseJoinColumns = @JoinColumn(name = "claim_id"))
- public Collection<Claim> getClaimsRequired() {
- return claimsRequired;
- }
-
- public void setClaimsRequired(Collection<Claim> claimsRequired) {
- this.claimsRequired = claimsRequired;
- }
-
- @ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "scope")
- @CollectionTable(name = "policy_scope", joinColumns = @JoinColumn(name = "owner_id"))
- public Set<String> getScopes() {
- return scopes;
- }
-
- public void setScopes(Set<String> scopes) {
- this.scopes = scopes;
- }
-
- @Override
- public String toString() {
- return "Policy [id=" + id + ", name=" + name + ", claimsRequired=" + claimsRequired + ", scopes=" + scopes + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((claimsRequired == null) ? 0 : claimsRequired.hashCode());
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- result = prime * result + ((name == null) ? 0 : name.hashCode());
- result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- Policy other = (Policy) obj;
- if (claimsRequired == null) {
- if (other.claimsRequired != null) {
- return false;
- }
- } else if (!claimsRequired.equals(other.claimsRequired)) {
- return false;
- }
- if (id == null) {
- if (other.id != null) {
- return false;
- }
- } else if (!id.equals(other.id)) {
- return false;
- }
- if (name == null) {
- if (other.name != null) {
- return false;
- }
- } else if (!name.equals(other.name)) {
- return false;
- }
- if (scopes == null) {
- return other.scopes == null;
- } else return scopes.equals(other.scopes);
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ResourceSet.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ResourceSet.java
deleted file mode 100644
index c8ab96aa7..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ResourceSet.java
+++ /dev/null
@@ -1,255 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package cz.muni.ics.uma.model;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
-
-@Entity
-@Table(name = "resource_set")
-@NamedQueries ({
- @NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
- @NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
- @NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
- @NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
-})
-public class ResourceSet {
-
- public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner";
- public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient";
- public static final String QUERY_BY_CLIENT = "ResourceSet.queryByClient";
- public static final String QUERY_ALL = "ResourceSet.queryAll";
-
- public static final String PARAM_OWNER = "owner";
- public static final String PARAM_CLIENTID = "clientId";
-
- private Long id;
- private String name;
- private String uri;
- private String type;
- private Set<String> scopes = new HashSet<>();
- private String iconUri;
- private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
- private String clientId; // client id of the protected resource that registered this resource set via OAuth token
-
- private Collection<Policy> policies = new HashSet<>();
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @Basic
- @Column(name = "name")
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- @Basic
- @Column(name = "uri")
- public String getUri() {
- return uri;
- }
-
- public void setUri(String uri) {
- this.uri = uri;
- }
-
- @Basic
- @Column(name = "rs_type")
- public String getType() {
- return type;
- }
-
- public void setType(String type) {
- this.type = type;
- }
-
- @ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "scope")
- @CollectionTable(name = "resource_set_scope", joinColumns = @JoinColumn(name = "owner_id"))
- public Set<String> getScopes() {
- return scopes;
- }
-
- public void setScopes(Set<String> scopes) {
- this.scopes = scopes;
- }
-
- @Basic
- @Column(name = "icon_uri")
- public String getIconUri() {
- return iconUri;
- }
-
- public void setIconUri(String iconUri) {
- this.iconUri = iconUri;
- }
-
- @Basic
- @Column(name = "owner")
- public String getOwner() {
- return owner;
- }
-
- public void setOwner(String owner) {
- this.owner = owner;
- }
-
- @Basic
- @Column(name = "client_id")
- public String getClientId() {
- return clientId;
- }
-
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
- @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
- @JoinColumn(name = "resource_set_id")
- public Collection<Policy> getPolicies() {
- return policies;
- }
-
- public void setPolicies(Collection<Policy> policies) {
- this.policies = policies;
- }
-
- @Override
- public String toString() {
- return "ResourceSet [id=" + id + ", name=" + name + ", uri=" + uri + ", type=" + type + ", scopes=" + scopes + ", iconUri=" + iconUri + ", owner=" + owner + ", clientId=" + clientId + ", policies=" + policies + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((clientId == null) ? 0 : clientId.hashCode());
- result = prime * result + ((iconUri == null) ? 0 : iconUri.hashCode());
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- result = prime * result + ((name == null) ? 0 : name.hashCode());
- result = prime * result + ((owner == null) ? 0 : owner.hashCode());
- result = prime * result + ((policies == null) ? 0 : policies.hashCode());
- result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
- result = prime * result + ((type == null) ? 0 : type.hashCode());
- result = prime * result + ((uri == null) ? 0 : uri.hashCode());
- return result;
- }
-
- /* (non-Javadoc)
- * @see java.lang.Object#equals(java.lang.Object)
- */
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- ResourceSet other = (ResourceSet) obj;
- if (clientId == null) {
- if (other.clientId != null) {
- return false;
- }
- } else if (!clientId.equals(other.clientId)) {
- return false;
- }
- if (iconUri == null) {
- if (other.iconUri != null) {
- return false;
- }
- } else if (!iconUri.equals(other.iconUri)) {
- return false;
- }
- if (id == null) {
- if (other.id != null) {
- return false;
- }
- } else if (!id.equals(other.id)) {
- return false;
- }
- if (name == null) {
- if (other.name != null) {
- return false;
- }
- } else if (!name.equals(other.name)) {
- return false;
- }
- if (owner == null) {
- if (other.owner != null) {
- return false;
- }
- } else if (!owner.equals(other.owner)) {
- return false;
- }
- if (policies == null) {
- if (other.policies != null) {
- return false;
- }
- } else if (!policies.equals(other.policies)) {
- return false;
- }
- if (scopes == null) {
- if (other.scopes != null) {
- return false;
- }
- } else if (!scopes.equals(other.scopes)) {
- return false;
- }
- if (type == null) {
- if (other.type != null) {
- return false;
- }
- } else if (!type.equals(other.type)) {
- return false;
- }
- if (uri == null) {
- return other.uri == null;
- } else return uri.equals(other.uri);
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/SavedRegisteredClient.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/SavedRegisteredClient.java
deleted file mode 100644
index 26c2c5d3f..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/SavedRegisteredClient.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model;
-
-import cz.muni.ics.oauth2.model.RegisteredClient;
-import cz.muni.ics.uma.model.convert.RegisteredClientStringConverter;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Convert;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-/**
- * @author jricher
- */
-@Entity
-@Table(name = "saved_registered_client")
-public class SavedRegisteredClient {
-
- private Long id;
- private String issuer;
- private RegisteredClient registeredClient;
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @Basic
- @Column(name = "issuer")
- public String getIssuer() {
- return issuer;
- }
-
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- @Basic
- @Column(name = "registered_client")
- @Convert(converter = RegisteredClientStringConverter.class)
- public RegisteredClient getRegisteredClient() {
- return registeredClient;
- }
-
- public void setRegisteredClient(RegisteredClient registeredClient) {
- this.registeredClient = registeredClient;
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/convert/RegisteredClientStringConverter.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/convert/RegisteredClientStringConverter.java
deleted file mode 100644
index 238f70b56..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/model/convert/RegisteredClientStringConverter.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.model.convert;
-
-import cz.muni.ics.oauth2.model.RegisteredClient;
-import cz.muni.ics.openid.connect.ClientDetailsEntityJsonProcessor;
-import javax.persistence.AttributeConverter;
-import javax.persistence.Converter;
-import org.springframework.util.StringUtils;
-
-/**
- * @author jricher
- */
-@Converter
-public class RegisteredClientStringConverter implements AttributeConverter<RegisteredClient, String>{
-
- @Override
- public String convertToDatabaseColumn(RegisteredClient attribute) {
- return attribute == null || attribute.getSource() == null ? null : attribute.getSource().toString();
- }
-
- @Override
- public RegisteredClient convertToEntityAttribute(String dbData) {
- return StringUtils.isEmpty(dbData) ? null : ClientDetailsEntityJsonProcessor.parseRegistered(dbData);
- }
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/PermissionRepository.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/PermissionRepository.java
deleted file mode 100644
index 07dca1de6..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/PermissionRepository.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.repository;
-
-import cz.muni.ics.uma.model.Permission;
-import cz.muni.ics.uma.model.PermissionTicket;
-import cz.muni.ics.uma.model.ResourceSet;
-import java.util.Collection;
-
-/**
- * @author jricher
- */
-public interface PermissionRepository {
-
- PermissionTicket save(PermissionTicket p);
-
- PermissionTicket getByTicket(String ticket);
-
- Collection<PermissionTicket> getAll();
-
- Permission saveRawPermission(Permission p);
-
- Permission getById(Long permissionId);
-
- Collection<PermissionTicket> getPermissionTicketsForResourceSet(ResourceSet rs);
-
- void remove(PermissionTicket ticket);
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/ResourceSetRepository.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/ResourceSetRepository.java
deleted file mode 100644
index a7786ed7c..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/ResourceSetRepository.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.repository;
-
-import cz.muni.ics.uma.model.ResourceSet;
-import java.util.Collection;
-
-/**
- * @author jricher
- */
-public interface ResourceSetRepository {
-
- ResourceSet save(ResourceSet rs);
-
- ResourceSet getById(Long id);
-
- void remove(ResourceSet rs);
-
- Collection<ResourceSet> getAllForOwner(String owner);
-
- Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId);
-
- Collection<ResourceSet> getAll();
-
- Collection<ResourceSet> getAllForClient(String clientId);
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ClaimsProcessingService.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ClaimsProcessingService.java
deleted file mode 100644
index 40b092b88..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ClaimsProcessingService.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.service;
-
-import cz.muni.ics.uma.model.ClaimProcessingResult;
-import cz.muni.ics.uma.model.PermissionTicket;
-import cz.muni.ics.uma.model.ResourceSet;
-
-/**
- * Processes claims presented during an UMA transaction.
- *
- * @author jricher
- */
-public interface ClaimsProcessingService {
-
- /**
- *
- * Determine whether or not the claims that have been supplied are
- * sufficient to fulfill the requirements given by the claims that
- * are required.
- *
- * @param rs the required claims to check against
- * @param ticket the supplied claims to test
- * @return the result of the claims processing action
- */
- ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket);
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/PermissionService.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/PermissionService.java
deleted file mode 100644
index da26b3c29..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/PermissionService.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.service;
-
-import cz.muni.ics.uma.model.PermissionTicket;
-import cz.muni.ics.uma.model.ResourceSet;
-import java.util.Set;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
-
-
-/**
- * @author jricher
- */
-public interface PermissionService {
-
- /**
- * @param resourceSet the resource set to create the permission on
- * @param scopes the set of scopes that this permission is for
- * @return the created (and stored) permission object, with ticket
- * @throws InsufficientScopeException if the scopes in scopes don't match those in resourceSet.getScopes
- */
- PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes);
-
- /**
- * Read the permission associated with the given ticket.
- *
- * @param the ticket value to search on
- * @return the permission object, or null if none is found
- */
- PermissionTicket getByTicket(String ticket);
-
- /**
- * Save the updated permission ticket to the database. Does not create a new ticket.
- *
- * @param ticket
- * @return
- */
- PermissionTicket updateTicket(PermissionTicket ticket);
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ResourceSetService.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ResourceSetService.java
deleted file mode 100644
index db966efa4..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ResourceSetService.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package cz.muni.ics.uma.service;
-
-import cz.muni.ics.oauth2.model.ClientDetailsEntity;
-import cz.muni.ics.uma.model.ResourceSet;
-import java.util.Collection;
-
-/**
- * Manage registered resource sets at this authorization server.
- *
- * @author jricher
- */
-public interface ResourceSetService {
-
- ResourceSet saveNew(ResourceSet rs);
-
- ResourceSet getById(Long id);
-
- ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
-
- void remove(ResourceSet rs);
-
- Collection<ResourceSet> getAllForOwner(String owner);
-
- Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId);
-
- Collection<ResourceSet> getAllForClient(ClientDetailsEntity client);
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/SavedRegisteredClientService.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/SavedRegisteredClientService.java
deleted file mode 100644
index 55630fcb5..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/SavedRegisteredClientService.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.service;
-
-import cz.muni.ics.oauth2.model.RegisteredClient;
-import cz.muni.ics.uma.model.SavedRegisteredClient;
-import java.util.Collection;
-
-/**
- * @author jricher
- */
-public interface SavedRegisteredClientService {
-
- /**
- * Get a list of all the registered clients that we know about.
- *
- * @return
- */
- Collection<SavedRegisteredClient> getAll();
-
- /**
- * @param issuer
- * @param client
- */
- void save(String issuer, RegisteredClient client);
-
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/UmaTokenService.java b/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/UmaTokenService.java
deleted file mode 100644
index 1113899b3..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/uma/service/UmaTokenService.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package cz.muni.ics.uma.service;
-
-import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
-import cz.muni.ics.uma.model.PermissionTicket;
-import cz.muni.ics.uma.model.Policy;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-
-/**
- * Service to create special tokens for UMA.
- *
- * @author jricher
- *
- */
-public interface UmaTokenService {
-
- /**
- * Create the RPT from the given authentication and ticket.
- */
- OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy);
-
-}
diff --git a/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java b/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
index 8607baa00..1b7d9210f 100644
--- a/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
+++ b/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
@@ -29,7 +29,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
-import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
@@ -52,7 +51,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessToken() throws ParseException {
// given
- OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
+ OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@@ -77,50 +76,11 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected)));
}
- @Test
- public void shouldAssembleExpectedResultForAccessToken_withPermissions() throws ParseException {
-
- // given
- OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
- permissions(permission(1L, "foo", "bar")),
- "Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
-
- UserInfo userInfo = userInfo("sub");
-
- Set<String> authScopes = scopes("foo", "bar", "baz");
-
- // when
- Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo, authScopes);
-
-
- // then
- Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
- .put("sub", "sub")
- .put("exp", 123L)
- .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
- .put("permissions", new ImmutableSet.Builder<>()
- .add(new ImmutableMap.Builder<String, Object>()
- .put("resource_set_id", "1") // note that the resource ID comes out as a string
- .put("scopes", new ImmutableSet.Builder<>()
- .add("bar")
- .add("foo")
- .build())
- .build())
- .build())
- // note that scopes are not included if permissions are included
- .put("active", Boolean.TRUE)
- .put("user_id", "name")
- .put("client_id", "clientId")
- .put("token_type", "Bearer")
- .build();
- assertThat(result, is(equalTo(expected)));
- }
-
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException {
// given
- OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
+ OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
Set<String> authScopes = scopes("foo", "bar", "baz");
@@ -147,7 +107,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() {
// given
- OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer",
+ OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@@ -173,7 +133,7 @@ public class TestDefaultIntrospectionResultAssembler {
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
- OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
+ OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
@@ -305,11 +265,10 @@ public class TestDefaultIntrospectionResultAssembler {
return userInfo;
}
- private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, Set<Permission> permissions, String tokenType, OAuth2Authentication authentication) {
+ private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) {
OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS);
given(accessToken.getExpiration()).willReturn(exp);
given(accessToken.getScope()).willReturn(scopes);
- given(accessToken.getPermissions()).willReturn(permissions);
given(accessToken.getTokenType()).willReturn(tokenType);
given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
return accessToken;
@@ -342,15 +301,4 @@ public class TestDefaultIntrospectionResultAssembler {
private Set<String> scopes(String... scopes) {
return newHashSet(scopes);
}
-
- private Set<Permission> permissions(Permission... permissions) {
- return newHashSet(permissions);
- }
-
- private Permission permission(Long resourceSetId, String... scopes) {
- Permission permission = mock(Permission.class, RETURNS_DEEP_STUBS);
- given(permission.getResourceSet().getId()).willReturn(resourceSetId);
- given(permission.getScopes()).willReturn(scopes(scopes));
- return permission;
- }
}
diff --git a/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java b/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
index 655992121..8acdd4f2b 100644
--- a/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
+++ b/perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
@@ -36,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
-import cz.muni.ics.uma.model.ResourceSet;
-import cz.muni.ics.uma.service.ResourceSetService;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
@@ -79,9 +77,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
@Mock
private SystemScopeService scopeService;
- @Mock
- private ResourceSetService resourceSetService;
-
@Mock
private ConfigurationPropertiesBean config;
@@ -267,8 +262,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
WhitelistedSite site = Mockito.mock(WhitelistedSite.class);
Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site);
- Mockito.when(resourceSetService.getAllForClient(client)).thenReturn(new HashSet<ResourceSet>());
-
service.deleteClient(client);
Mockito.verify(tokenRepository).clearTokensForClient(client);