github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: 💡 Removed UMA package (not used) 

Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:

```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```
pull/1580/head
Dominik Frantisek Bucik 2021-11-24 11:46:12 +01:00
parent a44556577c
commit e721d7abe9
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
27 changed files with 23 additions and 1741 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
View File

@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
formatted VARCHAR(256),
@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
device_code VARCHAR(1024),

84
perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
View File

@ -13,11 +13,6 @@ CREATE TABLE IF NOT EXISTS access_token (
approved_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
@ -87,7 +82,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
authenticated BOOLEAN,
authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@ -283,83 +278,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),

85
perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
View File

@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
@ -88,7 +83,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGSERIAL PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
authenticated BOOLEAN,
authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
@ -381,4 +299,3 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
param VARCHAR(2048),
val VARCHAR(2048)
);

28
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -20,20 +20,29 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_APPROVED_SITE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_DATE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_NAME;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_NAME;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.Permission;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
@ -44,11 +53,9 @@ import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@ -96,9 +103,6 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
@NamedQuery(name = QUERY_BY_APPROVED_SITE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
@NamedQuery(name = QUERY_BY_RESOURCE_SET,
query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
"WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2AccessTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
@ -160,12 +164,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@CascadeOnDelete
private Set<String> scope;
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
@CascadeOnDelete
private Set<Permission> permissions;
@ManyToOne
@JoinColumn(name = "approved_site_id")
private ApprovedSite approvedSite;

3
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java
View File

@ -22,7 +22,6 @@ import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.List;
import java.util.Set;
@ -68,8 +67,6 @@ public interface OAuth2TokenRepository {
Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
/**
* removes duplicate access tokens.
*

8
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
View File

@ -26,7 +26,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.repository.OAuth2TokenRepository;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.util.jpa.JpaUtil;
import java.text.ParseException;
import java.util.ArrayList;
@ -222,13 +221,6 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
}
@Override
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId());
return new LinkedHashSet<>(query.getResultList());
}
@Override
@Transactional(value="defaultTransactionManager")
public void clearDuplicateAccessTokens() {

23
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
View File

@ -19,11 +19,11 @@ import static com.google.common.collect.Maps.newLinkedHashMap;
import com.google.common.base.Joiner;
import com.google.common.collect.Sets;
import com.google.common.collect.Sets;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.util.Map;
import java.util.Set;
@ -46,26 +46,9 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
result.put(ACTIVE, true);
if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) {
Set<Object> permissions = Sets.newHashSet();
for (Permission perm : accessToken.getPermissions()) {
Map<String, Object> o = newLinkedHashMap();
o.put("resource_set_id", perm.getResourceSet().getId().toString());
Set<String> scopes = Sets.newHashSet(perm.getScopes());
o.put("scopes", scopes);
permissions.add(o);
}
result.put("permissions", permissions);
} else {
Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
}
Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
if (accessToken.getExpiration() != null) {
try {

11
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -36,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.ArrayList;
@ -83,9 +81,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
@Autowired
private SystemScopeService scopeService;
@Autowired
private ResourceSetService resourceSetService;
@Autowired
private ConfigurationPropertiesBean config;
@ -354,12 +349,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
whitelistedSiteService.remove(whitelistedSite);
}
// clear out resource sets registered for this client
Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client);
for (ResourceSet rs : resourceSets) {
resourceSetService.remove(rs);
}
// take care of the client itself
clientRepository.deleteClient(client);
}

15
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java
View File

@ -30,9 +30,6 @@ import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.openid.connect.service.UserInfoService;
import cz.muni.ics.openid.connect.view.HttpCodeView;
import cz.muni.ics.openid.connect.view.JsonEntityView;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@ -68,9 +65,6 @@ public class IntrospectionEndpoint {
@Autowired
private UserInfoService userInfoService;
@Autowired
private ResourceSetService resourceSetService;
public IntrospectionEndpoint() {
}
@ -101,15 +95,6 @@ public class IntrospectionEndpoint {
String ownerId = o2a.getUserAuthentication().getName();
authScopes.addAll(authClient.getScope());
// UMA style clients also get a subset of scopes of all the resource sets they've registered
Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId);
// collect all the scopes
for (ResourceSet rs : resourceSets) {
authScopes.addAll(rs.getScopes());
}
} else {
// the client authenticated directly, make sure it's got the right access

71
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DummyResourceSetService.java
View File

@ -1,71 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.openid.connect.service.impl;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.Collection;
import java.util.Collections;
import org.springframework.stereotype.Service;
/**
* Dummy resource set service that doesn't do anything; acts as a stub for the
* introspection service when the UMA functionality is disabled.
*
* @author jricher
*
*/
@Service
public class DummyResourceSetService implements ResourceSetService {
@Override
public ResourceSet saveNew(ResourceSet rs) {
throw new UnsupportedOperationException();
}
@Override
public ResourceSet getById(Long id) {
throw new UnsupportedOperationException();
}
@Override
public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) {
throw new UnsupportedOperationException();
}
@Override
public void remove(ResourceSet rs) {
throw new UnsupportedOperationException();
}
@Override
public Collection<ResourceSet> getAllForOwner(String owner) {
throw new UnsupportedOperationException();
}
@Override
public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId) {
return Collections.emptySet();
}
@Override
public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
return Collections.emptySet();
}
}

203
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Claim.java
View File

@ -1,203 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import com.google.gson.JsonElement;
import cz.muni.ics.oauth2.model.convert.JsonElementStringConverter;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "claim")
public class Claim {
private Long id;
private String name;
private String friendlyName;
private String claimType;
private JsonElement value;
private Set<String> claimTokenFormat;
private Set<String> issuer;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Basic
@Column(name = "friendly_name")
public String getFriendlyName() {
return friendlyName;
}
public void setFriendlyName(String friendlyName) {
this.friendlyName = friendlyName;
}
@Basic
@Column(name = "claim_type")
public String getClaimType() {
return claimType;
}
public void setClaimType(String claimType) {
this.claimType = claimType;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "claim_token_format")
@CollectionTable(name = "claim_token_format", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getClaimTokenFormat() {
return claimTokenFormat;
}
public void setClaimTokenFormat(Set<String> claimTokenFormat) {
this.claimTokenFormat = claimTokenFormat;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "issuer")
@CollectionTable(name = "claim_issuer", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getIssuer() {
return issuer;
}
public void setIssuer(Set<String> issuer) {
this.issuer = issuer;
}
@Basic
@Column(name = "claim_value")
@Convert(converter = JsonElementStringConverter.class)
public JsonElement getValue() {
return value;
}
public void setValue(JsonElement value) {
this.value = value;
}
@Override
public String toString() {
return "Claim [id=" + id + ", name=" + name + ", friendlyName=" + friendlyName + ", claimType=" + claimType + ", value=" + value + ", claimTokenFormat=" + claimTokenFormat + ", issuer=" + issuer + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((claimTokenFormat == null) ? 0 : claimTokenFormat.hashCode());
result = prime * result + ((claimType == null) ? 0 : claimType.hashCode());
result = prime * result + ((friendlyName == null) ? 0 : friendlyName.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((issuer == null) ? 0 : issuer.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
Claim other = (Claim) obj;
if (claimTokenFormat == null) {
if (other.claimTokenFormat != null) {
return false;
}
} else if (!claimTokenFormat.equals(other.claimTokenFormat)) {
return false;
}
if (claimType == null) {
if (other.claimType != null) {
return false;
}
} else if (!claimType.equals(other.claimType)) {
return false;
}
if (friendlyName == null) {
if (other.friendlyName != null) {
return false;
}
} else if (!friendlyName.equals(other.friendlyName)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (issuer == null) {
if (other.issuer != null) {
return false;
}
} else if (!issuer.equals(other.issuer)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (value == null) {
return other.value == null;
} else return value.equals(other.value);
}
}

68
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ClaimProcessingResult.java
View File

@ -1,68 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
/**
* Data shuttle to return results of the claims processing service.
*
* @author jricher
*/
public class ClaimProcessingResult {
private boolean satisfied;
private Collection<Claim> unmatched;
private Policy matched;
public ClaimProcessingResult(Collection<Claim> unmatched) {
this.satisfied = false;
this.unmatched = unmatched;
this.matched = null;
}
public ClaimProcessingResult(Policy matched) {
this.satisfied = true;
this.matched = matched;
this.unmatched = null;
}
public boolean isSatisfied() {
return satisfied;
}
public void setSatisfied(boolean satisfied) {
this.satisfied = satisfied;
}
public Collection<Claim> getUnmatched() {
return unmatched;
}
public void setUnmatched(Collection<Claim> unmatched) {
this.unmatched = unmatched;
}
public Policy getMatched() {
return matched;
}
public void setMatched(Policy matched) {
this.matched = matched;
}
}

75
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Permission.java
View File

@ -1,75 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Set;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "permission")
public class Permission {
private Long id;
private ResourceSet resourceSet;
private Set<String> scopes;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "resource_set_id")
public ResourceSet getResourceSet() {
return resourceSet;
}
public void setResourceSet(ResourceSet resourceSet) {
this.resourceSet = resourceSet;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "permission_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
}

121
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/PermissionTicket.java
View File

@ -1,121 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
/**
*
* An UMA permission, used in the protection API.
*
* @author jricher
*
*/
@Entity
@Table(name = "permission_ticket")
@NamedQueries({
@NamedQuery(name = PermissionTicket.QUERY_TICKET, query = "select p from PermissionTicket p where p.ticket = :" + PermissionTicket.PARAM_TICKET),
@NamedQuery(name = PermissionTicket.QUERY_ALL, query = "select p from PermissionTicket p"),
@NamedQuery(name = PermissionTicket.QUERY_BY_RESOURCE_SET, query = "select p from PermissionTicket p where p.permission.resourceSet.id = :" + PermissionTicket.PARAM_RESOURCE_SET_ID)
})
public class PermissionTicket {
public static final String QUERY_TICKET = "PermissionTicket.queryByTicket";
public static final String QUERY_ALL = "PermissionTicket.queryAll";
public static final String QUERY_BY_RESOURCE_SET = "PermissionTicket.queryByResourceSet";
public static final String PARAM_TICKET = "ticket";
public static final String PARAM_RESOURCE_SET_ID = "rsid";
private Long id;
private Permission permission;
private String ticket;
private Date expiration;
private Collection<Claim> claimsSupplied;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@OneToOne(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinColumn(name = "permission_id")
public Permission getPermission() {
return permission;
}
public void setPermission(Permission permission) {
this.permission = permission;
}
@Basic
@Column(name = "ticket")
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
@Basic
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinTable(name = "claim_to_permission_ticket", joinColumns = @JoinColumn(name = "permission_ticket_id"),
inverseJoinColumns = @JoinColumn(name = "claim_id"))
public Collection<Claim> getClaimsSupplied() {
return claimsSupplied;
}
public void setClaimsSupplied(Collection<Claim> claimsSupplied) {
this.claimsSupplied = claimsSupplied;
}
}

147
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Policy.java
View File

@ -1,147 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.OneToMany;
import javax.persistence.Table;
/**
* A set of claims required to fulfill a given permission.
*
* @author jricher
*/
@Entity
@Table(name = "policy")
public class Policy {
private Long id;
private String name;
private Collection<Claim> claimsRequired;
private Set<String> scopes;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinTable(name = "claim_to_policy", joinColumns = @JoinColumn(name = "policy_id"),
inverseJoinColumns = @JoinColumn(name = "claim_id"))
public Collection<Claim> getClaimsRequired() {
return claimsRequired;
}
public void setClaimsRequired(Collection<Claim> claimsRequired) {
this.claimsRequired = claimsRequired;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "policy_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
@Override
public String toString() {
return "Policy [id=" + id + ", name=" + name + ", claimsRequired=" + claimsRequired + ", scopes=" + scopes + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((claimsRequired == null) ? 0 : claimsRequired.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
Policy other = (Policy) obj;
if (claimsRequired == null) {
if (other.claimsRequired != null) {
return false;
}
} else if (!claimsRequired.equals(other.claimsRequired)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (scopes == null) {
return other.scopes == null;
} else return scopes.equals(other.scopes);
}
}

255
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ResourceSet.java
View File

@ -1,255 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
@Entity
@Table(name = "resource_set")
@NamedQueries ({
@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
@NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
@NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
@NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
})
public class ResourceSet {
public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner";
public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient";
public static final String QUERY_BY_CLIENT = "ResourceSet.queryByClient";
public static final String QUERY_ALL = "ResourceSet.queryAll";
public static final String PARAM_OWNER = "owner";
public static final String PARAM_CLIENTID = "clientId";
private Long id;
private String name;
private String uri;
private String type;
private Set<String> scopes = new HashSet<>();
private String iconUri;
private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
private String clientId; // client id of the protected resource that registered this resource set via OAuth token
private Collection<Policy> policies = new HashSet<>();
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Basic
@Column(name = "uri")
public String getUri() {
return uri;
}
public void setUri(String uri) {
this.uri = uri;
}
@Basic
@Column(name = "rs_type")
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "resource_set_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
@Basic
@Column(name = "icon_uri")
public String getIconUri() {
return iconUri;
}
public void setIconUri(String iconUri) {
this.iconUri = iconUri;
}
@Basic
@Column(name = "owner")
public String getOwner() {
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinColumn(name = "resource_set_id")
public Collection<Policy> getPolicies() {
return policies;
}
public void setPolicies(Collection<Policy> policies) {
this.policies = policies;
}
@Override
public String toString() {
return "ResourceSet [id=" + id + ", name=" + name + ", uri=" + uri + ", type=" + type + ", scopes=" + scopes + ", iconUri=" + iconUri + ", owner=" + owner + ", clientId=" + clientId + ", policies=" + policies + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((clientId == null) ? 0 : clientId.hashCode());
result = prime * result + ((iconUri == null) ? 0 : iconUri.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((owner == null) ? 0 : owner.hashCode());
result = prime * result + ((policies == null) ? 0 : policies.hashCode());
result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
result = prime * result + ((type == null) ? 0 : type.hashCode());
result = prime * result + ((uri == null) ? 0 : uri.hashCode());
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
ResourceSet other = (ResourceSet) obj;
if (clientId == null) {
if (other.clientId != null) {
return false;
}
} else if (!clientId.equals(other.clientId)) {
return false;
}
if (iconUri == null) {
if (other.iconUri != null) {
return false;
}
} else if (!iconUri.equals(other.iconUri)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (owner == null) {
if (other.owner != null) {
return false;
}
} else if (!owner.equals(other.owner)) {
return false;
}
if (policies == null) {
if (other.policies != null) {
return false;
}
} else if (!policies.equals(other.policies)) {
return false;
}
if (scopes == null) {
if (other.scopes != null) {
return false;
}
} else if (!scopes.equals(other.scopes)) {
return false;
}
if (type == null) {
if (other.type != null) {
return false;
}
} else if (!type.equals(other.type)) {
return false;
}
if (uri == null) {
return other.uri == null;
} else return uri.equals(other.uri);
}
}

73
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/SavedRegisteredClient.java
View File

@ -1,73 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.uma.model.convert.RegisteredClientStringConverter;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "saved_registered_client")
public class SavedRegisteredClient {
private Long id;
private String issuer;
private RegisteredClient registeredClient;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "issuer")
public String getIssuer() {
return issuer;
}
public void setIssuer(String issuer) {
this.issuer = issuer;
}
@Basic
@Column(name = "registered_client")
@Convert(converter = RegisteredClientStringConverter.class)
public RegisteredClient getRegisteredClient() {
return registeredClient;
}
public void setRegisteredClient(RegisteredClient registeredClient) {
this.registeredClient = registeredClient;
}
}

41
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/convert/RegisteredClientStringConverter.java
View File

@ -1,41 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model.convert;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.openid.connect.ClientDetailsEntityJsonProcessor;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import org.springframework.util.StringUtils;
/**
* @author jricher
*/
@Converter
public class RegisteredClientStringConverter implements AttributeConverter<RegisteredClient, String>{
@Override
public String convertToDatabaseColumn(RegisteredClient attribute) {
return attribute == null || attribute.getSource() == null ? null : attribute.getSource().toString();
}
@Override
public RegisteredClient convertToEntityAttribute(String dbData) {
return StringUtils.isEmpty(dbData) ? null : ClientDetailsEntityJsonProcessor.parseRegistered(dbData);
}
}

43
perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/PermissionRepository.java
View File

@ -1,43 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.repository;
import cz.muni.ics.uma.model.Permission;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* @author jricher
*/
public interface PermissionRepository {
PermissionTicket save(PermissionTicket p);
PermissionTicket getByTicket(String ticket);
Collection<PermissionTicket> getAll();
Permission saveRawPermission(Permission p);
Permission getById(Long permissionId);
Collection<PermissionTicket> getPermissionTicketsForResourceSet(ResourceSet rs);
void remove(PermissionTicket ticket);
}

41
perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/ResourceSetRepository.java
View File

@ -1,41 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.repository;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* @author jricher
*/
public interface ResourceSetRepository {
ResourceSet save(ResourceSet rs);
ResourceSet getById(Long id);
void remove(ResourceSet rs);
Collection<ResourceSet> getAllForOwner(String owner);
Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId);
Collection<ResourceSet> getAll();
Collection<ResourceSet> getAllForClient(String clientId);
}

42
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ClaimsProcessingService.java
View File

@ -1,42 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.uma.model.ClaimProcessingResult;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
/**
* Processes claims presented during an UMA transaction.
*
* @author jricher
*/
public interface ClaimsProcessingService {
/**
*
* Determine whether or not the claims that have been supplied are
* sufficient to fulfill the requirements given by the claims that
* are required.
*
* @param rs the required claims to check against
* @param ticket the supplied claims to test
* @return the result of the claims processing action
*/
ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket);
}

54
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/PermissionService.java
View File

@ -1,54 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Set;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
/**
* @author jricher
*/
public interface PermissionService {
/**
* @param resourceSet the resource set to create the permission on
* @param scopes the set of scopes that this permission is for
* @return the created (and stored) permission object, with ticket
* @throws InsufficientScopeException if the scopes in scopes don't match those in resourceSet.getScopes
*/
PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes);
/**
* Read the permission associated with the given ticket.
*
* @param the ticket value to search on
* @return the permission object, or null if none is found
*/
PermissionTicket getByTicket(String ticket);
/**
* Save the updated permission ticket to the database. Does not create a new ticket.
*
* @param ticket
* @return
*/
PermissionTicket updateTicket(PermissionTicket ticket);
}

43
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ResourceSetService.java
View File

@ -1,43 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* Manage registered resource sets at this authorization server.
*
* @author jricher
*/
public interface ResourceSetService {
ResourceSet saveNew(ResourceSet rs);
ResourceSet getById(Long id);
ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
void remove(ResourceSet rs);
Collection<ResourceSet> getAllForOwner(String owner);
Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId);
Collection<ResourceSet> getAllForClient(ClientDetailsEntity client);
}

42
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/SavedRegisteredClientService.java
View File

@ -1,42 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.uma.model.SavedRegisteredClient;
import java.util.Collection;
/**
* @author jricher
*/
public interface SavedRegisteredClientService {
/**
* Get a list of all the registered clients that we know about.
*
* @return
*/
Collection<SavedRegisteredClient> getAll();
/**
* @param issuer
* @param client
*/
void save(String issuer, RegisteredClient client);
}

37
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/UmaTokenService.java
View File

@ -1,37 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.Policy;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
/**
* Service to create special tokens for UMA.
*
* @author jricher
*
*/
public interface UmaTokenService {
/**
* Create the RPT from the given authentication and ticket.
*/
OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy);
}

62
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
View File

@ -29,7 +29,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
@ -52,7 +51,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessToken() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -77,50 +76,11 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForAccessToken_withPermissions() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
permissions(permission(1L, "foo", "bar")),
"Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo, authScopes);
// then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub")
.put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("permissions", new ImmutableSet.Builder<>()
.add(new ImmutableMap.Builder<String, Object>()
.put("resource_set_id", "1") // note that the resource ID comes out as a string
.put("scopes", new ImmutableSet.Builder<>()
.add("bar")
.add("foo")
.build())
.build())
.build())
// note that scopes are not included if permissions are included
.put("active", Boolean.TRUE)
.put("user_id", "name")
.put("client_id", "clientId")
.put("token_type", "Bearer")
.build();
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
Set<String> authScopes = scopes("foo", "bar", "baz");
@ -147,7 +107,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() {
// given
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -173,7 +133,7 @@ public class TestDefaultIntrospectionResultAssembler {
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
@ -305,11 +265,10 @@ public class TestDefaultIntrospectionResultAssembler {
return userInfo;
}
private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, Set<Permission> permissions, String tokenType, OAuth2Authentication authentication) {
private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) {
OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS);
given(accessToken.getExpiration()).willReturn(exp);
given(accessToken.getScope()).willReturn(scopes);
given(accessToken.getPermissions()).willReturn(permissions);
given(accessToken.getTokenType()).willReturn(tokenType);
given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
return accessToken;
@ -342,15 +301,4 @@ public class TestDefaultIntrospectionResultAssembler {
private Set<String> scopes(String... scopes) {
return newHashSet(scopes);
}
private Set<Permission> permissions(Permission... permissions) {
return newHashSet(permissions);
}
private Permission permission(Long resourceSetId, String... scopes) {
Permission permission = mock(Permission.class, RETURNS_DEEP_STUBS);
given(permission.getResourceSet().getId()).willReturn(resourceSetId);
given(permission.getScopes()).willReturn(scopes(scopes));
return permission;
}
}

7
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
View File

@ -36,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
@ -79,9 +77,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
@Mock
private SystemScopeService scopeService;
@Mock
private ResourceSetService resourceSetService;
@Mock
private ConfigurationPropertiesBean config;
@ -267,8 +262,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
WhitelistedSite site = Mockito.mock(WhitelistedSite.class);
Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site);
Mockito.when(resourceSetService.getAllForClient(client)).thenReturn(new HashSet<ResourceSet>());
service.deleteClient(client);
Mockito.verify(tokenRepository).clearTokensForClient(client);