-
-
-
-
Log In
-
-
Enter your email address to log in
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json
deleted file mode 100644
index 69ff2e186..000000000
--- a/uma-server-webapp/src/main/webapp/resources/js/locale/en/uma.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "admin": {
- "policies": "Manage Protected Resource Policies"
- },
- "policy" : {
- "resource-sets": "Resource Sets",
- "edit-policies": "Edit Policies",
- "new-policy": "New Policy",
- "edit-policy": "Edit Policy",
- "loading-policies": "Policies",
- "loading-policy": "Policy",
- "loading-rs": "Resource Set",
- "rs-table": {
- "confirm": "Are you sure you want to delete this resource set?",
- "no-resource-sets": "There are no resource sets registered. Introduce a protected to this authorization server to let it register some.",
- "scopes": "Scopes",
- "shared-with": "Shared with:",
- "shared-nobody": "NOBODY",
- "shared-nobody-tooltip": "This resource is not accessible by anyone else, edit the policies and share it with someone.",
- "sharing": "Sharing Policies"
- },
- "policy-table": {
- "new": "Add New Policy",
- "return": "Return to list",
- "edit": "Edit Policy",
- "confirm": "Are you sure you want to delete this policy?",
- "delete": "Delete",
- "no-policies": "There are no policies for this resource set: This resource set is inaccessible by others.",
- "required-claims": "Required Claims",
- "required-claims-info": "Users that you share this resource will with need to be able to present the following claims in order to access the resource.",
- "remove": "Remove",
- "issuers": "Issuers",
- "claim": "Claim",
- "value": "Value"
- },
- "policy-form": {
- "email-address": "email address",
- "share-email": "Share with email address",
- "new": "New Policy",
- "edit": "Edit Policy",
- "claim-name": "claim name",
- "friendly-claim-name": "friendly claim name",
- "claim-value": "claim value",
- "value-type-text": "Text",
- "value-type-number": "Number",
- "clear-all": "Clear all claims",
- "clear-all-confirm": "Are you sure you want to clear all claims from this policy?"
- },
- "webfinger-error": "Error",
- "webfinger-error-description": "The server was unable to find an identity provider for
__email__.",
- "advanced-error": "Error",
- "advanced-error-description": "There was an error saving your advanced claim. Did you fill in all required fields?"
- },
- "sidebar": {
- "personal": {
- "resource_policies": "Manage Protected Resource Policies"
- }
- }
-}
\ No newline at end of file
diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json
deleted file mode 100644
index e2444c4ea..000000000
--- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "admin": {
- "policies": "管理受保护资源的政策"
- },
- "policy" : {
- "resource-sets": "资源集",
- "edit-policies": "编辑政策",
- "new-policy": "新建政策",
- "edit-policy": "编辑政策",
- "loading-policies": "政策",
- "loading-policy": "政策",
- "loading-rs": "资源集",
- "rs-table": {
- "confirm": "确定要删除该资源?",
- "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。",
- "scopes": "范围",
- "shared-with": "共享给:",
- "shared-nobody": "不共享",
- "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。",
- "sharing": "共享政策"
- },
- "policy-table": {
- "new": "新建政策",
- "return": "返回到列表",
- "edit": "编辑政策",
- "confirm": "确定要删除该政策?",
- "delete": "删除",
- "no-policies": "此资源集尚未有政策:别人无法访问此资源集。",
- "required-claims": "必须的声明",
- "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。",
- "remove": "移除",
- "issuers": "签发者",
- "claim": "声明项",
- "value": "值"
- },
- "policy-form": {
- "email-address": "email地址",
- "share-email": "连带email地址共享",
- "new": "新建政策",
- "edit": "编辑政策",
- "claim-name": "声明项名称",
- "friendly-claim-name": "声明的显示名",
- "claim-value": "声明的值",
- "value-type-text": "文本",
- "value-type-number": "数字",
- "clear-all": "清除全部声明",
- "clear-all-confirm": "您是否要从此政策中清除全部声明?"
- },
- "webfinger-error": "错误",
- "webfinger-error-description": "服务器无法找到
__email__的身份提供者。",
- "advanced-error": "错误",
- "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?"
- },
- "sidebar": {
- "personal": {
- "resource_policies": "管理受保护资源的政策"
- }
- }
-}
\ No newline at end of file
diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json
deleted file mode 100644
index e2444c4ea..000000000
--- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "admin": {
- "policies": "管理受保护资源的政策"
- },
- "policy" : {
- "resource-sets": "资源集",
- "edit-policies": "编辑政策",
- "new-policy": "新建政策",
- "edit-policy": "编辑政策",
- "loading-policies": "政策",
- "loading-policy": "政策",
- "loading-rs": "资源集",
- "rs-table": {
- "confirm": "确定要删除该资源?",
- "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。",
- "scopes": "范围",
- "shared-with": "共享给:",
- "shared-nobody": "不共享",
- "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。",
- "sharing": "共享政策"
- },
- "policy-table": {
- "new": "新建政策",
- "return": "返回到列表",
- "edit": "编辑政策",
- "confirm": "确定要删除该政策?",
- "delete": "删除",
- "no-policies": "此资源集尚未有政策:别人无法访问此资源集。",
- "required-claims": "必须的声明",
- "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。",
- "remove": "移除",
- "issuers": "签发者",
- "claim": "声明项",
- "value": "值"
- },
- "policy-form": {
- "email-address": "email地址",
- "share-email": "连带email地址共享",
- "new": "新建政策",
- "edit": "编辑政策",
- "claim-name": "声明项名称",
- "friendly-claim-name": "声明的显示名",
- "claim-value": "声明的值",
- "value-type-text": "文本",
- "value-type-number": "数字",
- "clear-all": "清除全部声明",
- "clear-all-confirm": "您是否要从此政策中清除全部声明?"
- },
- "webfinger-error": "错误",
- "webfinger-error-description": "服务器无法找到
__email__的身份提供者。",
- "advanced-error": "错误",
- "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?"
- },
- "sidebar": {
- "personal": {
- "resource_policies": "管理受保护资源的政策"
- }
- }
-}
\ No newline at end of file
diff --git a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json b/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json
deleted file mode 100644
index 523232832..000000000
--- a/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "admin": {
- "policies": "管理受保護資源的政策"
- },
- "policy" : {
- "resource-sets": "資源集",
- "edit-policies": "編輯政策",
- "new-policy": "新建政策",
- "edit-policy": "編輯政策",
- "loading-policies": "政策",
- "loading-policy": "政策",
- "loading-rs": "資源集",
- "rs-table": {
- "confirm": "確定要刪除該資源?",
- "no-resource-sets": "尚未有已注冊的資源集。您可在此授權伺服器中注冊一個。",
- "scopes": "范圍",
- "shared-with": "共享給:",
- "shared-nobody": "不共享",
- "shared-nobody-tooltip": "此資源別人無法訪問,請編輯政策使其與其他人共享。",
- "sharing": "共享政策"
- },
- "policy-table": {
- "new": "新建政策",
- "return": "返回到列表",
- "edit": "編輯政策",
- "confirm": "確定要刪除該政策?",
- "delete": "刪除",
- "no-policies": "此資源集尚未有政策:別人無法訪問此資源集。",
- "required-claims": "必須的聲明",
- "required-claims-info": "與您共享此資源的用戶必須具備以下聲明,才能訪問該資源。",
- "remove": "移除",
- "issuers": "簽發者",
- "claim": "聲明項",
- "value": "值"
- },
- "policy-form": {
- "email-address": "email地址",
- "share-email": "連帶email地址共享",
- "new": "新建政策",
- "edit": "編輯政策",
- "claim-name": "聲明項名稱",
- "friendly-claim-name": "聲明的顯示名",
- "claim-value": "聲明的值",
- "value-type-text": "文本",
- "value-type-number": "數字",
- "clear-all": "清除全部聲明",
- "clear-all-confirm": "您是否要從此政策中清除全部聲明?"
- },
- "webfinger-error": "錯誤",
- "webfinger-error-description": "伺服器無法找到
__email__的身份提供者。",
- "advanced-error": "錯誤",
- "advanced-error-description": "保存高級聲明時出錯。您是否填寫了全部必填項?"
- },
- "sidebar": {
- "personal": {
- "resource_policies": "管理受保護資源的政策"
- }
- }
-}
\ No newline at end of file
diff --git a/uma-server-webapp/src/main/webapp/resources/js/policy.js b/uma-server-webapp/src/main/webapp/resources/js/policy.js
deleted file mode 100644
index 6a3b6420c..000000000
--- a/uma-server-webapp/src/main/webapp/resources/js/policy.js
+++ /dev/null
@@ -1,786 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-var ResourceSetModel = Backbone.Model.extend({
- urlRoot: 'api/resourceset'
-});
-
-var ResourceSetCollection = Backbone.Collection.extend({
- model: ResourceSetModel,
- url: 'api/resourceset'
-});
-
-var PolicyModel = Backbone.Model.extend({
- urlRoot: function() {
- return 'api/resourceset/' + this.options.rsid + '/policy/';
- },
- initialize: function(model, options) {
- this.options = options;
- }
-});
-
-var PolicyCollection = Backbone.Collection.extend({
- model: PolicyModel,
- url: function() {
- return 'api/resourceset/' + this.options.rsid + '/policy/';
- },
- initialize: function(models, options) {
- this.options = options;
- }
-});
-
-var ResourceSetListView = Backbone.View.extend({
- tagName: 'span',
-
- initialize:function (options) {
- this.options = options;
- },
-
- load:function(callback) {
- if (this.model.isFetched &&
- this.options.clientList.isFetched &&
- this.options.systemScopeList.isFetched) {
- callback();
- return;
- }
-
- $('#loadingbox').sheet('show');
- $('#loading').html(
- '
' + $.t('policy.resource-sets') + ' ' +
- '
' + $.t('common.clients') + ' ' +
- '
' + $.t('common.scopes') + ' '
- );
-
- $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-resourcesets').addClass('label-success');}}),
- this.options.clientList.fetchIfNeeded({success:function(e) {$('#loading-clients').addClass('label-success');}}),
- this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}}))
- .done(function() {
- $('#loadingbox').sheet('hide');
- callback();
- });
- },
-
- events: {
- "click .refresh-table":"refreshTable"
- },
-
- render:function (eventName) {
- $(this.el).html($('#tmpl-resource-set-table').html());
-
- var _self = this;
-
- _.each(this.model.models, function (resourceSet) {
-
- // look up client
- var client = this.options.clientList.getByClientId(resourceSet.get('clientId'));
-
- // if there's no client ID, this is an error!
- if (client != null) {
- var view = new ResourceSetView({model: resourceSet, client: client, systemScopeList: _self.options.systemScopeList});
- view.parentView = _self;
- $('#resource-set-table', this.el).append(view.render().el);
- }
-
- }, this);
-
- this.togglePlaceholder();
- $(this.el).i18n();
- return this;
- },
-
- togglePlaceholder:function() {
- if (this.model.length > 0) {
- $('#resource-set-table', this.el).show();
- $('#resource-set-table-empty', this.el).hide();
- } else {
- $('#resource-set-table', this.el).hide();
- $('#resource-set-table-empty', this.el).show();
- }
- },
-
- refreshTable:function(e) {
- e.preventDefault();
- var _self = this;
- $('#loadingbox').sheet('show');
- $('#loading').html(
- '
' + $.t('policy.resource-sets') + ' ' +
- '
' + $.t('common.clients') + ' ' +
- '
' + $.t('common.scopes') + ' '
- );
-
- $.when(this.model.fetch({success:function(e) {$('#loading-resourcesets').addClass('label-success');}}),
- this.options.clientList.fetch({success:function(e) {$('#loading-clients').addClass('label-success');}}),
- this.options.systemScopeList.fetch({success:function(e) {$('#loading-scopes').addClass('label-success');}}))
- .done(function() {
- $('#loadingbox').sheet('hide');
- _self.render();
- });
- }
-
-
-});
-
-
-var ResourceSetView = Backbone.View.extend({
- tagName: 'tr',
-
- initialize:function(options) {
- this.options = options;
- if (!this.template) {
- this.template = _.template($('#tmpl-resource-set').html());
- }
-
- if (!this.scopeTemplate) {
- this.scopeTemplate = _.template($('#tmpl-scope-list').html());
- }
-
- if (!this.moreInfoTemplate) {
- this.moreInfoTemplate = _.template($('#tmpl-client-more-info-block').html());
- }
-
- this.model.bind('change', this.render, this);
- },
-
- render:function(eventName) {
-
- var json = {rs: this.model.toJSON(), client: this.options.client.toJSON()};
-
- this.$el.html(this.template(json));
-
- $('.scope-list', this.el).html(this.scopeTemplate({scopes: this.model.get('scopes'), systemScopes: this.options.systemScopeList}));
-
- $('.client-more-info-block', this.el).html(this.moreInfoTemplate({client: this.options.client.toJSON()}));
-
- $(this.el).i18n();
- return this;
- },
-
- events:{
- 'click .btn-edit': 'editPolicies',
- 'click .btn-delete': 'deleteResourceSet',
- 'click .toggleMoreInformation': 'toggleMoreInformation'
- },
-
- editPolicies:function(e) {
- e.preventDefault();
- app.navigate('user/policy/' + this.model.get('id'), {trigger: true});
- },
-
- deleteResourceSet:function(e) {
- e.preventDefault();
-
- if (confirm($.t('policy.rs-table.confirm'))) {
- var _self = this;
-
- this.model.destroy({
- dataType: false, processData: false,
- success:function () {
- _self.$el.fadeTo("fast", 0.00, function () { //fade
- $(this).slideUp("fast", function () { //slide up
- $(this).remove(); //then remove from the DOM
- _self.parentView.togglePlaceholder();
- });
- });
- },
- error:function (error, response) {
- console.log("An error occurred when deleting a resource set");
-
- //Pull out the response text.
- var responseJson = JSON.parse(response.responseText);
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html(responseJson.error);
- $('#modalAlert div.modal-body').html(responseJson.error_description);
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- }
- });
-
- _self.parentView.delegateEvents();
- }
-
- return false;
-
- },
-
- toggleMoreInformation:function(e) {
- e.preventDefault();
- if ($('.moreInformation', this.el).is(':visible')) {
- // hide it
- $('.moreInformation', this.el).hide('fast');
- $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-right');
- $('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted');
-
- } else {
- // show it
- $('.moreInformation', this.el).show('fast');
- $('.toggleMoreInformation i', this.el).attr('class', 'icon-chevron-down');
- $('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted');
- }
- },
-
-});
-
-var PolicyListView = Backbone.View.extend({
- tagName: 'span',
-
- initialize:function(options) {
- this.options = options;
- },
-
- load:function(callback) {
- if (this.model.isFetched &&
- this.options.rs.isFetched &&
- this.options.systemScopeList.isFetched) {
- callback();
- return;
- }
-
- $('#loadingbox').sheet('show');
- $('#loading').html(
- '
' + $.t('policy.loading-policies') + ' ' +
- '
' + $.t('policy.loading-rs') + ' ' +
- '
' + $.t("common.scopes") + ' '
- );
-
- $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-policies').addClass('label-success');}}),
- this.options.rs.fetchIfNeeded({success:function(e) {$('#loading-rs').addClass('label-success');}}),
- this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}}))
- .done(function() {
- $('#loadingbox').sheet('hide');
- callback();
- });
- },
-
- events:{
- 'click .btn-add':'addPolicy',
- 'click .btn-cancel':'cancel'
- },
-
- cancel:function(e) {
- e.preventDefault();
- app.navigate('user/policy', {trigger: true});
- },
-
- togglePlaceholder:function() {
- if (this.model.length > 0) {
- $('#policy-info', this.el).show();
- $('#policy-table', this.el).show();
- $('#policy-table-empty', this.el).hide();
- } else {
- $('#policy-info', this.el).hide();
- $('#policy-table', this.el).hide();
- $('#policy-table-empty', this.el).show();
- }
- },
-
- addPolicy:function(e) {
- e.preventDefault();
- app.navigate('user/policy/' + this.options.rs.get('id') +'/new', {trigger: true});
- },
-
- render:function (eventName) {
- $(this.el).html($('#tmpl-policy-table').html());
-
- var _self = this;
-
- _.each(this.model.models, function (policy) {
-
- var view = new PolicyView({model: policy, systemScopeList: _self.options.systemScopeList, rs: _self.options.rs});
- view.parentView = _self;
- $('#policy-table', this.el).append(view.render().el);
-
- }, this);
-
- this.togglePlaceholder();
- $(this.el).i18n();
- return this;
- }
-});
-
-
-var PolicyView = Backbone.View.extend({
- tagName: 'tr',
-
- initialize:function(options) {
- this.options = options;
-
- if (!this.template) {
- this.template = _.template($('#tmpl-policy').html());
- }
-
- if (!this.scopeTemplate) {
- this.scopeTemplate = _.template($('#tmpl-scope-list').html());
- }
-
-
- },
-
- events:{
- 'click .btn-edit':'editPolicy',
- 'click .btn-remove':'removePolicy'
- },
-
- editPolicy:function(e) {
- e.preventDefault();
- app.navigate('user/policy/' + this.options.rs.get("id") + '/' + this.model.get('id'), {trigger: true});
- },
-
- removePolicy:function(e) {
- e.preventDefault();
-
- if (confirm($.t('policy.policy-table.confirm'))) {
- var _self = this;
- this.model.destroy({
- dataType: false, processData: false,
- success:function () {
- _self.$el.fadeTo("fast", 0.00, function () { //fade
- $(this).slideUp("fast", function () { //slide up
- $(this).remove(); //then remove from the DOM
- _self.parentView.togglePlaceholder();
- });
- });
- },
- error:function (error, response) {
- console.log("An error occurred when deleting a client");
-
- //Pull out the response text.
- var responseJson = JSON.parse(response.responseText);
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html(responseJson.error);
- $('#modalAlert div.modal-body').html(responseJson.error_description);
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- }
- });
-
- _self.parentView.delegateEvents();
- }
- },
-
- render:function (eventName) {
- var json = this.model.toJSON();
-
- this.$el.html(this.template(json));
-
- $('.scope-list', this.el).html(this.scopeTemplate({scopes: this.model.get('scopes'), systemScopes: this.options.systemScopeList}));
-
- $(this.el).i18n();
- return this;
- }
-
-
-});
-
-
-var PolicyFormView = Backbone.View.extend({
- tagName: 'div',
-
- initialize:function(options) {
- this.options = options;
-
- if (!this.template) {
- this.template = _.template($('#tmpl-policy-form').html());
- }
-
- this.issuerCollection = new Backbone.Collection();
-
- },
-
- events:{
- 'click .btn-share': 'addWebfingerClaim',
- 'click .btn-share-advanced': 'addAdvancedClaim',
- 'click .btn-clear': 'clearAllClaims',
- 'click .btn-save': 'savePolicy',
- 'click .btn-cancel': 'cancel'
- },
-
- load:function(callback) {
- if (this.model.isFetched &&
- this.options.rs.isFetched &&
- this.options.systemScopeList.isFetched) {
- callback();
- return;
- }
-
- $('#loadingbox').sheet('show');
- $('#loading').html(
- '
' + $.t('policy.loading-policy') + ' ' +
- '
' + $.t('policy.loading-rs') + ' ' +
- '
' + $.t("common.scopes") + ' '
- );
-
- $.when(this.model.fetchIfNeeded({success:function(e) {$('#loading-policies').addClass('label-success');}}),
- this.options.rs.fetchIfNeeded({success:function(e) {$('#loading-rs').addClass('label-success');}}),
- this.options.systemScopeList.fetchIfNeeded({success:function(e) {$('#loading-scopes').addClass('label-success');}}))
- .done(function() {
- $('#loadingbox').sheet('hide');
- callback();
- });
- },
-
- addWebfingerClaim:function(e) {
- e.preventDefault();
-
- // post to the webfinger helper and get the response back
-
- var _self = this;
-
- var email = $('#email', this.el).val();
-
- $('#loadingbox').sheet('show');
- $('#loading').html(
- 'Looking up identity provider...'
- );
-
- var base = $('base').attr('href');
- $.getJSON(base + '/api/emailsearch?' + $.param({'identifier': email}), function(data) {
-
- // grab the current state of the scopes checkboxes just in case
- var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get();
-
- _self.model.set({
- scopes: scopes,
- claimsRequired: data
- }, {trigger: false});
-
- _self.render();
-
- $('#loadingbox').sheet('hide');
-
- }).error(function(jqXHR, textStatus, errorThrown) {
- console.log("An error occurred when doing a webfinger lookup", errorThrown);
-
- $('#loadingbox').sheet('hide');
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html($.t('policy.webfinger-error'));
- $('#modalAlert div.modal-body').html($.t('policy.webfinger-error-description', {email: email}));
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- });
-
- },
-
- addAdvancedClaim:function(e) {
- e.preventDefault();
-
- var name = $('#name', this.el).val();
- var friendly = $('#friendly-name', this.el).val();
- var rawValue = $('#value', this.el).val();
- var valueType = $('#value-type', this.el).val();
- var value = null;
- if (valueType == 'number') {
- value = Number(rawValue);
- } else if (valueType == 'boolean') {
- value = (rawValue.toLowerCase() == 'true');
- } else if (valueType == 'json') {
- value = JSON.parse(rawValue);
- } else {
- // treat it as a string, the default
- value = rawValue;
- }
-
- var issuers = this.issuerCollection.pluck('item');
-
- console.log(name, friendly, rawValue, valueType, value, issuers);
-
- if (!_.isEmpty(issuers)
- && name
- && value) {
- // we've got a valid claim, add it to our set
- // grab the current state of the scopes checkboxes just in case
- var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get();
-
- var claimsRequired = this.model.get('claimsRequired');
- if (!claimsRequired) {
- claimsRequired = [];
- }
- claimsRequired.push({
- name: name,
- friendlyName: friendly,
- value: value,
- issuer: issuers
- });
-
- this.model.set({
- scopes: scopes,
- claimsRequired: claimsRequired
- }, {trigger: false});
-
- $('#name', this.el).val('');
- $('#friendly-name', this.el).val('');
- $('#value', this.el).val('');
- $('#value-type', this.el).val('text');
-
- this.render();
-
- // re-select the advanced tab
- $('a[data-target="#policy-advanced-tab"]', this.el).tab('show')
-
- } else {
- // something is missing
- $('#loadingbox').sheet('hide');
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html($.t('policy.advanced-error'));
- $('#modalAlert div.modal-body').html($.t('policy.advanced-error-description'));
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- }
- },
-
- clearAllClaims:function(e) {
- e.preventDefault();
-
- if (confirm($.t('policy.policy-form.clear-all-confirm'))) {
-
- var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get();
-
- var claimsRequired = [];
-
- this.model.set({
- scopes: scopes,
- claimsRequired: claimsRequired
- }, {trigger: false});
-
- this.render();
- }
- },
-
- savePolicy:function(e) {
- e.preventDefault();
-
- // get all the scopes that are checked
- var scopes = $('#scopes input[type="checkbox"]:checked').map(function(idx, elem) { return $(elem).val(); }).get();
-
- var valid = this.model.set({
- scopes: scopes
- });
-
- if (valid) {
-
- var _self = this;
- this.model.save({}, {
- success:function() {
- app.systemScopeList.add(_self.model);
-
- // refresh the associated RS
- _self.options.rs.fetch({success: function() {
- app.navigate('user/policy/' + _self.options.rs.get('id'), {trigger: true});
- }});
-
- },
- error:function(error, response) {
-
- //Pull out the response text.
- var responseJson = JSON.parse(response.responseText);
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html(responseJson.error);
- $('#modalAlert div.modal-body').html(responseJson.error_description);
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- }
- });
- }
-
- return false;
-
- },
-
- cancel:function(e) {
- e.preventDefault();
- app.navigate('user/policy/' + this.options.rs.get('id'), {trigger: true});
- },
-
- render:function (eventName) {
- var json = this.model.toJSON();
- var rs = this.options.rs.toJSON();
-
- this.$el.html(this.template({policy: json, rs: rs}));
-
- // build and bind issuer view
- var issuerView = new ListWidgetView({
- placeholder: $.t('policy.policy-form.issuer-placeholder'),
- helpBlockText: $.t('policy.policy-form.issuer-help'),
- collection: this.issuerCollection});
- $("#issuers .controls",this.el).html(issuerView.render().el);
-
- $(this.el).i18n();
-
- return this;
- }
-});
-
-
-ui.routes.push({path: "user/policy", name: "policy", callback:
- function() {
-
- this.breadCrumbView.collection.reset();
- this.breadCrumbView.collection.add([
- {text:$.t('admin.home'), href:""},
- {text:$.t('policy.resource-sets'), href:"manage/#user/policy"}
- ]);
-
- this.updateSidebar('user/policy');
-
- var view = new ResourceSetListView({model: this.resourceSetList, clientList: this.clientList, systemScopeList: this.systemScopeList});
-
- view.load(function() {
- $('#content').html(view.render().el);
- setPageTitle($.t('policy.resource-sets'));
- });
-
- }
-});
-
-ui.routes.push({path: "user/policy/:rsid", name: "editPolicies", callback:
- function(rsid) {
-
- this.breadCrumbView.collection.reset();
- this.breadCrumbView.collection.add([
- {text:$.t('admin.home'), href:""},
- {text:$.t('policy.resource-sets'), href:"manage/#user/policy"},
- {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid}
- ]);
-
- this.updateSidebar('user/policy');
-
- var rs = this.resourceSetList.get(rsid);
- var policies = null;
- if (rs == null) {
- // need to load it directly
- policies = new PolicyCollection([], {rsid: rsid});
- rs = new ResourceSetModel({id: rsid});
- this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future
- } else {
- // the resource set is loaded, preload the claims
- policies = new PolicyCollection(rs.get('policies'), {rsid: rsid});
- policies.isFetched = true;
- }
-
- var view = new PolicyListView({model: policies, rs: rs, systemScopeList: this.systemScopeList});
-
- view.load(function() {
- $('#content').html(view.render().el);
- setPageTitle($.t('policy.edit-policy'));
- });
-
- }
-});
-
-ui.routes.push({path: "user/policy/:rsid/new", name: "newPolicy", callback:
- function(rsid) {
-
- this.breadCrumbView.collection.reset();
- this.breadCrumbView.collection.add([
- {text:$.t('admin.home'), href:""},
- {text:$.t('policy.resource-sets'), href:"manage/#user/policy"},
- {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid},
- {text:$.t('policy.new-policy'), href:"manage/#user/policy/" + rsid + "/new"}
- ]);
-
- this.updateSidebar('user/policy');
-
- var policy = policy = new PolicyModel({}, {rsid: rsid});
-
- var rs = this.resourceSetList.get(rsid);
- if (rs == null) {
- // need to load it directly
- rs = new ResourceSetModel({id: rsid});
- this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future
- }
-
- var view = new PolicyFormView({model: policy, rs: rs, systemScopeList: this.systemScopeList});
-
- view.load(function() {
- $('#content').html(view.render().el);
- setPageTitle($.t('policy.edit-policy'));
- });
- }
-});
-
-ui.routes.push({path: "user/policy/:rsid/:pid", name: "editPolicy", callback:
- function(rsid, pid) {
- this.breadCrumbView.collection.reset();
- this.breadCrumbView.collection.add([
- {text:$.t('admin.home'), href:""},
- {text:$.t('policy.resource-sets'), href:"manage/#user/policy"},
- {text:$.t('policy.edit-policies'), href:"manage/#user/policy/" + rsid},
- {text:$.t('policy.edit-policy'), href:"manage/#user/policy/" + rsid + "/" + pid}
- ]);
-
- this.updateSidebar('user/policy');
-
- var rs = this.resourceSetList.get(rsid);
- var policy = null;
- if (rs == null) {
- // need to load it directly
- policy = new PolicyModel({id: pid}, {rsid: rsid});
- rs = new ResourceSetModel({id: rsid});
- this.resourceSetList.add(rs); // it will be loaded below, don't need to load it again in the future
- } else {
- // the resource set is loaded, preload the claims
- _.each(rs.get('policies'), function(p) {
- if (p.id == pid) {
- policy = new PolicyModel(p, {rsid: rsid});
- policy.isFetched = true;
- }
- });
- if (policy == null) {
- // need to load it directly
- policy = new PolicyModel({id: pid}, {rsid: rsid});
- }
- }
-
- var view = new PolicyFormView({model: policy, rs: rs, systemScopeList: this.systemScopeList});
-
- view.load(function() {
- $('#content').html(view.render().el);
- setPageTitle($.t('policy.edit-policy'));
- });
-
-
- }
-});
-
-ui.templates.push('resources/template/policy.html');
-
-ui.init.push(function(app) {
- app.resourceSetList = new ResourceSetCollection();
-});
diff --git a/uma-server-webapp/src/main/webapp/resources/template/policy.html b/uma-server-webapp/src/main/webapp/resources/template/policy.html
deleted file mode 100644
index 576da1b1a..000000000
--- a/uma-server-webapp/src/main/webapp/resources/template/policy.html
+++ /dev/null
@@ -1,255 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/uma-server/pom.xml b/uma-server/pom.xml
deleted file mode 100644
index 2373d34c1..000000000
--- a/uma-server/pom.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-
-
-
- 4.0.0
-
- org.mitre
- openid-connect-parent
- 1.3.4-SNAPSHOT
- ..
-
- uma-server
- UMA Server Library
- User Managed Access (UMA) extension of the MITREid Connect server
-
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
-
- ${java-version}
- ${java-version}
-
-
-
-
-
-
- org.mitre
- openid-connect-server
-
-
- org.mitre
- openid-connect-client
-
-
-
\ No newline at end of file
diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java
deleted file mode 100644
index 6d7a65d98..000000000
--- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.repository.impl;
-
-import java.util.Collection;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-
-import org.mitre.uma.model.Permission;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.PermissionRepository;
-import org.mitre.util.jpa.JpaUtil;
-import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * @author jricher
- *
- */
-@Repository
-public class JpaPermissionRepository implements PermissionRepository {
-
- @PersistenceContext(unitName="defaultPersistenceUnit")
- private EntityManager em;
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public PermissionTicket save(PermissionTicket p) {
- return JpaUtil.saveOrUpdate(em, p);
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#getByTicket(java.lang.String)
- */
- @Override
- public PermissionTicket getByTicket(String ticket) {
- TypedQuery
query = em.createNamedQuery(PermissionTicket.QUERY_TICKET, PermissionTicket.class);
- query.setParameter(PermissionTicket.PARAM_TICKET, ticket);
- return JpaUtil.getSingleResult(query.getResultList());
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#getAll()
- */
- @Override
- public Collection getAll() {
- TypedQuery query = em.createNamedQuery(PermissionTicket.QUERY_ALL, PermissionTicket.class);
- return query.getResultList();
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#saveRawPermission(org.mitre.uma.model.Permission)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public Permission saveRawPermission(Permission p) {
- return JpaUtil.saveOrUpdate(em, p);
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#getById(java.lang.Long)
- */
- @Override
- public Permission getById(Long permissionId) {
- return em.find(Permission.class, permissionId);
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#getPermissionTicketsForResourceSet(org.mitre.uma.model.ResourceSet)
- */
- @Override
- public Collection getPermissionTicketsForResourceSet(ResourceSet rs) {
- TypedQuery query = em.createNamedQuery(PermissionTicket.QUERY_BY_RESOURCE_SET, PermissionTicket.class);
- query.setParameter(PermissionTicket.PARAM_RESOURCE_SET_ID, rs.getId());
- return query.getResultList();
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.PermissionRepository#remove(org.mitre.uma.model.PermissionTicket)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public void remove(PermissionTicket ticket) {
- PermissionTicket found = getByTicket(ticket.getTicket());
- if (found != null) {
- em.remove(found);
- }
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
deleted file mode 100644
index 7c41a989f..000000000
--- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.repository.impl;
-
-import java.util.Collection;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.ResourceSetRepository;
-import org.mitre.util.jpa.JpaUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * @author jricher
- *
- */
-@Repository
-public class JpaResourceSetRepository implements ResourceSetRepository {
-
- @PersistenceContext(unitName="defaultPersistenceUnit")
- private EntityManager em;
- private static Logger logger = LoggerFactory.getLogger(JpaResourceSetRepository.class);
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public ResourceSet save(ResourceSet rs) {
- return JpaUtil.saveOrUpdate(em, rs);
- }
-
- @Override
- public ResourceSet getById(Long id) {
- return em.find(ResourceSet.class, id);
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public void remove(ResourceSet rs) {
- ResourceSet found = getById(rs.getId());
- if (found != null) {
- em.remove(found);
- } else {
- logger.info("Tried to remove unknown resource set: " + rs.getId());
- }
- }
-
- @Override
- public Collection getAllForOwner(String owner) {
- TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER, ResourceSet.class);
- query.setParameter(ResourceSet.PARAM_OWNER, owner);
- return query.getResultList();
- }
-
- @Override
- public Collection getAllForOwnerAndClient(String owner, String clientId) {
- TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_OWNER_AND_CLIENT, ResourceSet.class);
- query.setParameter(ResourceSet.PARAM_OWNER, owner);
- query.setParameter(ResourceSet.PARAM_CLIENTID, clientId);
- return query.getResultList();
- }
-
- @Override
- public Collection getAll() {
- TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_ALL, ResourceSet.class);
- return query.getResultList();
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.repository.ResourceSetRepository#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity)
- */
- @Override
- public Collection getAllForClient(String clientId) {
- TypedQuery query = em.createNamedQuery(ResourceSet.QUERY_BY_CLIENT, ResourceSet.class);
- query.setParameter(ResourceSet.PARAM_CLIENTID, clientId);
- return query.getResultList();
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
deleted file mode 100644
index 8b9c379e4..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import java.sql.Date;
-import java.util.Set;
-import java.util.UUID;
-
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mitre.uma.model.Permission;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.PermissionRepository;
-import org.mitre.uma.service.PermissionService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
-import org.springframework.stereotype.Service;
-
-/**
- * @author jricher
- *
- */
-@Service
-public class DefaultPermissionService implements PermissionService {
-
- @Autowired
- private PermissionRepository repository;
-
- @Autowired
- private SystemScopeService scopeService;
-
- private Long permissionExpirationSeconds = 60L * 60L; // 1 hr
-
- /* (non-Javadoc)
- * @see org.mitre.uma.service.PermissionService#create(org.mitre.uma.model.ResourceSet, java.util.Set)
- */
- @Override
- public PermissionTicket createTicket(ResourceSet resourceSet, Set scopes) {
-
- // check to ensure that the scopes requested are a subset of those in the resource set
-
- if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) {
- throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission.");
- }
-
- Permission perm = new Permission();
- perm.setResourceSet(resourceSet);
- perm.setScopes(scopes);
-
- PermissionTicket ticket = new PermissionTicket();
- ticket.setPermission(perm);
- ticket.setTicket(UUID.randomUUID().toString());
- ticket.setExpiration(new Date(System.currentTimeMillis() + permissionExpirationSeconds * 1000L));
-
- return repository.save(ticket);
-
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.service.PermissionService#getByTicket(java.lang.String)
- */
- @Override
- public PermissionTicket getByTicket(String ticket) {
- return repository.getByTicket(ticket);
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.service.PermissionService#updateTicket(org.mitre.uma.model.PermissionTicket)
- */
- @Override
- public PermissionTicket updateTicket(PermissionTicket ticket) {
- if (ticket.getId() != null) {
- return repository.save(ticket);
- } else {
- return null;
- }
-
- }
-
-
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
deleted file mode 100644
index a5c3e5ec4..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import java.util.Collection;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.repository.OAuth2TokenRepository;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.Policy;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.PermissionRepository;
-import org.mitre.uma.repository.ResourceSetRepository;
-import org.mitre.uma.service.ResourceSetService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Primary;
-import org.springframework.stereotype.Service;
-
-/**
- * @author jricher
- *
- */
-@Service
-@Primary
-public class DefaultResourceSetService implements ResourceSetService {
-
- private static final Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class);
-
- @Autowired
- private ResourceSetRepository repository;
-
- @Autowired
- private OAuth2TokenRepository tokenRepository;
-
- @Autowired
- private PermissionRepository ticketRepository;
-
- @Override
- public ResourceSet saveNew(ResourceSet rs) {
-
- if (rs.getId() != null) {
- throw new IllegalArgumentException("Can't save a new resource set with an ID already set to it.");
- }
-
- if (!checkScopeConsistency(rs)) {
- throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
- }
-
- ResourceSet saved = repository.save(rs);
-
- return saved;
-
- }
-
- @Override
- public ResourceSet getById(Long id) {
- return repository.getById(id);
- }
-
- @Override
- public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) {
-
- if (oldRs.getId() == null || newRs.getId() == null
- || !oldRs.getId().equals(newRs.getId())) {
-
- throw new IllegalArgumentException("Resource set IDs mismatched");
-
- }
-
- if (!checkScopeConsistency(newRs)) {
- throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
- }
-
- newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
- newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates
-
- ResourceSet saved = repository.save(newRs);
-
- return saved;
-
- }
-
- @Override
- public void remove(ResourceSet rs) {
- // find all the access tokens issued against this resource set and revoke them
- Collection tokens = tokenRepository.getAccessTokensForResourceSet(rs);
- for (OAuth2AccessTokenEntity token : tokens) {
- tokenRepository.removeAccessToken(token);
- }
-
- // find all outstanding tickets issued against this resource set and revoke them too
- Collection tickets = ticketRepository.getPermissionTicketsForResourceSet(rs);
- for (PermissionTicket ticket : tickets) {
- ticketRepository.remove(ticket);
- }
-
- repository.remove(rs);
- }
-
- @Override
- public Collection getAllForOwner(String owner) {
- return repository.getAllForOwner(owner);
- }
-
- @Override
- public Collection getAllForOwnerAndClient(String owner, String clientId) {
- return repository.getAllForOwnerAndClient(owner, clientId);
- }
-
- private boolean checkScopeConsistency(ResourceSet rs) {
- if (rs.getPolicies() == null) {
- // nothing to check, no problem!
- return true;
- }
- for (Policy policy : rs.getPolicies()) {
- if (!rs.getScopes().containsAll(policy.getScopes())) {
- return false;
- }
- }
- // we've checked everything, we're good
- return true;
- }
-
- /* (non-Javadoc)
- * @see org.mitre.uma.service.ResourceSetService#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity)
- */
- @Override
- public Collection getAllForClient(ClientDetailsEntity client) {
- return repository.getAllForClient(client.getClientId());
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
deleted file mode 100644
index 62bd24eac..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-
-import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.repository.AuthenticationHolderRepository;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.oauth2.service.OAuth2TokenEntityService;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.uma.model.Permission;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.Policy;
-import org.mitre.uma.service.UmaTokenService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.stereotype.Service;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.SignedJWT;
-
-/**
- * @author jricher
- *
- */
-@Service("defaultUmaTokenService")
-public class DefaultUmaTokenService implements UmaTokenService {
-
- @Autowired
- private AuthenticationHolderRepository authenticationHolderRepository;
-
- @Autowired
- private OAuth2TokenEntityService tokenService;
-
- @Autowired
- private ClientDetailsEntityService clientService;
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- @Autowired
- private JWTSigningAndValidationService jwtService;
-
-
- @Override
- public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy) {
- OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
- AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
- authHolder.setAuthentication(o2auth);
- authHolder = authenticationHolderRepository.save(authHolder);
-
- token.setAuthenticationHolder(authHolder);
-
- ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId());
- token.setClient(client);
-
- Set ticketScopes = ticket.getPermission().getScopes();
- Set policyScopes = policy.getScopes();
-
- Permission perm = new Permission();
- perm.setResourceSet(ticket.getPermission().getResourceSet());
- perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes)));
-
- token.setPermissions(Sets.newHashSet(perm));
-
- JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder();
-
- claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
- claims.issuer(config.getIssuer());
- claims.jwtID(UUID.randomUUID().toString());
-
- if (config.getRqpTokenLifeTime() != null) {
- Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
-
- claims.expirationTime(exp);
- token.setExpiration(exp);
- }
-
-
- JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
- JWSHeader header = new JWSHeader(signingAlgorithm, null, null, null, null, null, null, null, null, null,
- jwtService.getDefaultSignerKeyId(),
- null, null);
- SignedJWT signed = new SignedJWT(header, claims.build());
-
- jwtService.signJwt(signed);
-
- token.setJwt(signed);
-
- tokenService.saveAccessToken(token);
-
- return token;
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java
deleted file mode 100644
index 8ceb548e8..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import java.util.Collection;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-
-import org.mitre.oauth2.model.RegisteredClient;
-import org.mitre.openid.connect.client.service.RegisteredClientService;
-import org.mitre.uma.model.SavedRegisteredClient;
-import org.mitre.uma.service.SavedRegisteredClientService;
-import org.mitre.util.jpa.JpaUtil;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * @author jricher
- *
- */
-@Service
-public class JpaRegisteredClientService implements RegisteredClientService, SavedRegisteredClientService{
-
- @PersistenceContext(unitName="defaultPersistenceUnit")
- private EntityManager em;
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.client.service.RegisteredClientService#getByIssuer(java.lang.String)
- */
- @Override
- public RegisteredClient getByIssuer(String issuer) {
- SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer);
-
- if (saved == null) {
- return null;
- } else {
- return saved.getRegisteredClient();
- }
- }
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.client.service.RegisteredClientService#save(java.lang.String, org.mitre.oauth2.model.RegisteredClient)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public void save(String issuer, RegisteredClient client) {
-
-
- SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer);
-
- if (saved == null) {
- saved = new SavedRegisteredClient();
- saved.setIssuer(issuer);
- }
-
- saved.setRegisteredClient(client);
-
- em.persist(saved);
-
- }
-
- private SavedRegisteredClient getSavedRegisteredClientFromStorage(String issuer) {
- TypedQuery query = em.createQuery("SELECT c from SavedRegisteredClient c where c.issuer = :issuer", SavedRegisteredClient.class);
- query.setParameter("issuer", issuer);
-
- SavedRegisteredClient saved = JpaUtil.getSingleResult(query.getResultList());
- return saved;
- }
-
- /**
- * @return
- */
- @Override
- public Collection getAll() {
- TypedQuery query = em.createQuery("SELECT c from SavedRegisteredClient c", SavedRegisteredClient.class);
- return query.getResultList();
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
deleted file mode 100644
index 7d480bf61..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import java.util.Collection;
-import java.util.HashSet;
-
-import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.ClaimProcessingResult;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.Policy;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.service.ClaimsProcessingService;
-import org.springframework.stereotype.Service;
-
-/**
- * Tests if all the claims in the required set have a matching
- * value in the supplied set.
- *
- * @author jricher
- *
- */
-@Service("matchAllClaimsOnAnyPolicy")
-public class MatchAllClaimsOnAnyPolicy implements ClaimsProcessingService {
-
- /* (non-Javadoc)
- * @see org.mitre.uma.service.ClaimsProcessingService#claimsAreSatisfied(java.util.Collection, java.util.Collection)
- */
- @Override
- public ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket) {
- Collection allUnmatched = new HashSet<>();
- for (Policy policy : rs.getPolicies()) {
- Collection unmatched = checkIndividualClaims(policy.getClaimsRequired(), ticket.getClaimsSupplied());
- if (unmatched.isEmpty()) {
- // we found something that's satisfied the claims, let's go with it!
- return new ClaimProcessingResult(policy);
- } else {
- // otherwise add it to the stack to send back
- allUnmatched.addAll(unmatched);
- }
- }
-
- // otherwise, tell the caller that we'll need some set of these fulfilled somehow
- return new ClaimProcessingResult(allUnmatched);
- }
-
- private Collection checkIndividualClaims(Collection claimsRequired, Collection claimsSupplied) {
-
- Collection claimsUnmatched = new HashSet<>(claimsRequired);
-
- // see if each of the required claims has a counterpart in the supplied claims set
- for (Claim required : claimsRequired) {
- for (Claim supplied : claimsSupplied) {
-
- if (required.getIssuer().containsAll(supplied.getIssuer())) {
- // it's from the right issuer
-
- if (required.getName().equals(supplied.getName()) &&
- required.getValue().equals(supplied.getValue())) {
-
- // the claim matched, pull it from the set
- claimsUnmatched.remove(required);
-
- }
-
- }
- }
- }
-
- // if there's anything left then the claims aren't satisfied, return the leftovers
- return claimsUnmatched;
-
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java b/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java
deleted file mode 100644
index 6e9fba180..000000000
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java
+++ /dev/null
@@ -1,715 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import static org.mitre.util.JsonUtils.readSet;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.model.RegisteredClient;
-import org.mitre.oauth2.repository.OAuth2TokenRepository;
-import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor;
-import org.mitre.openid.connect.service.MITREidDataService;
-import org.mitre.openid.connect.service.MITREidDataServiceExtension;
-import org.mitre.openid.connect.service.MITREidDataServiceMaps;
-import org.mitre.openid.connect.service.impl.MITREidDataServiceSupport;
-import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.Permission;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.Policy;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.model.SavedRegisteredClient;
-import org.mitre.uma.repository.PermissionRepository;
-import org.mitre.uma.repository.ResourceSetRepository;
-import org.mitre.uma.service.SavedRegisteredClientService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParser;
-import com.google.gson.stream.JsonReader;
-import com.google.gson.stream.JsonToken;
-import com.google.gson.stream.JsonWriter;
-
-/**
- * @author jricher
- *
- */
-@Service("umaDataExtension_1_3")
-public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport implements MITREidDataServiceExtension {
-
- private static final String THIS_VERSION = MITREidDataService.MITREID_CONNECT_1_3;
-
- private static final String REGISTERED_CLIENT = "registeredClient";
- private static final String URI = "uri";
- private static final String NAME = "name";
- private static final String TYPE = "type";
- private static final String VALUE = "value";
- private static final String CLIENT_ID = "clientId";
- private static final String EXPIRATION = "expiration";
- private static final String ID = "id";
- private static final String ICON_URI = "iconUri";
- private static final String OWNER = "owner";
- private static final String POLICIES = "policies";
- private static final String SCOPES = "scopes";
- private static final String CLAIMS_REQUIRED = "claimsRequired";
- private static final String ISSUER = "issuer";
- private static final String CLAIM_TOKEN_FORMAT = "claimTokenFormat";
- private static final String CLAIM_TYPE = "claimType";
- private static final String FRIENDLY_NAME = "friendlyName";
- private static final String PERMISSIONS = "permissions";
- private static final String RESOURCE_SET = "resourceSet";
- private static final String PERMISSION_TICKETS = "permissionTickets";
- private static final String PERMISSION = "permission";
- private static final String TICKET = "ticket";
- private static final String CLAIMS_SUPPLIED = "claimsSupplied";
- private static final String SAVED_REGISTERED_CLIENTS = "savedRegisteredClients";
- private static final String RESOURCE_SETS = "resourceSets";
- private static final String TOKEN_PERMISSIONS = "tokenPermissions";
- private static final String TOKEN_ID = "tokenId";
-
- private static final Logger logger = LoggerFactory.getLogger(UmaDataServiceExtension_1_3.class);
-
-
-
- @Autowired
- private SavedRegisteredClientService registeredClientService;
- @Autowired
- private ResourceSetRepository resourceSetRepository;
- @Autowired
- private PermissionRepository permissionRepository;
- @Autowired
- private OAuth2TokenRepository tokenRepository;
-
- private Map> tokenToPermissionRefs = new HashMap<>();
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#supportsVersion(java.lang.String)
- */
- @Override
- public boolean supportsVersion(String version) {
- return THIS_VERSION.equals(version);
-
- }
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#exportExtensionData(com.google.gson.stream.JsonWriter)
- */
- @Override
- public void exportExtensionData(JsonWriter writer) throws IOException {
- writer.name(SAVED_REGISTERED_CLIENTS);
- writer.beginArray();
- writeSavedRegisteredClients(writer);
- writer.endArray();
-
- writer.name(RESOURCE_SETS);
- writer.beginArray();
- writeResourceSets(writer);
- writer.endArray();
-
- writer.name(PERMISSION_TICKETS);
- writer.beginArray();
- writePermissionTickets(writer);
- writer.endArray();
-
- writer.name(TOKEN_PERMISSIONS);
- writer.beginArray();
- writeTokenPermissions(writer);
- writer.endArray();
- }
-
- /**
- * @param writer
- * @throws IOException
- */
- private void writeTokenPermissions(JsonWriter writer) throws IOException {
- for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) {
- if (!token.getPermissions().isEmpty()) { // skip tokens that don't have the permissions structure attached
- writer.beginObject();
- writer.name(TOKEN_ID).value(token.getId());
- writer.name(PERMISSIONS);
- writer.beginArray();
- for (Permission p : token.getPermissions()) {
- writer.beginObject();
- writer.name(RESOURCE_SET).value(p.getResourceSet().getId());
- writer.name(SCOPES);
- writer.beginArray();
- for (String s : p.getScopes()) {
- writer.value(s);
- }
- writer.endArray();
- writer.endObject();
- }
- writer.endArray();
-
- writer.endObject();
- }
- }
- }
-
- /**
- * @param writer
- * @throws IOException
- */
- private void writePermissionTickets(JsonWriter writer) throws IOException {
- for (PermissionTicket ticket : permissionRepository.getAll()) {
- writer.beginObject();
-
- writer.name(CLAIMS_SUPPLIED);
- writer.beginArray();
- for (Claim claim : ticket.getClaimsSupplied()) {
- writer.beginObject();
-
- writer.name(ISSUER);
- writer.beginArray();
- for (String issuer : claim.getIssuer()) {
- writer.value(issuer);
- }
- writer.endArray();
- writer.name(CLAIM_TOKEN_FORMAT);
- writer.beginArray();
- for (String format : claim.getClaimTokenFormat()) {
- writer.value(format);
- }
- writer.endArray();
- writer.name(CLAIM_TYPE).value(claim.getClaimType());
- writer.name(FRIENDLY_NAME).value(claim.getFriendlyName());
- writer.name(NAME).value(claim.getName());
- writer.name(VALUE).value(claim.getValue().toString());
- writer.endObject();
- }
- writer.endArray();
-
- writer.name(EXPIRATION).value(toUTCString(ticket.getExpiration()));
-
- writer.name(PERMISSION);
- writer.beginObject();
- Permission p = ticket.getPermission();
- writer.name(RESOURCE_SET).value(p.getResourceSet().getId());
- writer.name(SCOPES);
- writer.beginArray();
- for (String s : p.getScopes()) {
- writer.value(s);
- }
- writer.endArray();
- writer.endObject();
-
- writer.name(TICKET).value(ticket.getTicket());
-
- writer.endObject();
- }
-
-
- }
-
- /**
- * @param writer
- * @throws IOException
- */
- private void writeResourceSets(JsonWriter writer) throws IOException {
- for (ResourceSet rs : resourceSetRepository.getAll()) {
- writer.beginObject();
- writer.name(ID).value(rs.getId());
- writer.name(CLIENT_ID).value(rs.getClientId());
- writer.name(ICON_URI).value(rs.getIconUri());
- writer.name(NAME).value(rs.getName());
- writer.name(TYPE).value(rs.getType());
- writer.name(URI).value(rs.getUri());
- writer.name(OWNER).value(rs.getOwner());
- writer.name(POLICIES);
- writer.beginArray();
- for (Policy policy : rs.getPolicies()) {
- writer.beginObject();
- writer.name(NAME).value(policy.getName());
- writer.name(SCOPES);
- writer.beginArray();
- for (String scope : policy.getScopes()) {
- writer.value(scope);
- }
- writer.endArray();
- writer.name(CLAIMS_REQUIRED);
- writer.beginArray();
- for (Claim claim : policy.getClaimsRequired()) {
- writer.beginObject();
-
- writer.name(ISSUER);
- writer.beginArray();
- for (String issuer : claim.getIssuer()) {
- writer.value(issuer);
- }
- writer.endArray();
- writer.name(CLAIM_TOKEN_FORMAT);
- writer.beginArray();
- for (String format : claim.getClaimTokenFormat()) {
- writer.value(format);
- }
- writer.endArray();
- writer.name(CLAIM_TYPE).value(claim.getClaimType());
- writer.name(FRIENDLY_NAME).value(claim.getFriendlyName());
- writer.name(NAME).value(claim.getName());
- writer.name(VALUE).value(claim.getValue().toString());
- writer.endObject();
- }
- writer.endArray();
- writer.endObject();
- }
- writer.endArray();
- writer.name(SCOPES);
- writer.beginArray();
- for (String scope : rs.getScopes()) {
- writer.value(scope);
- }
- writer.endArray();
- writer.endObject();
- logger.debug("Finished writing resource set {}", rs.getId());
- }
-
- }
-
- /**
- * @param writer
- */
- private void writeSavedRegisteredClients(JsonWriter writer) throws IOException {
- for (SavedRegisteredClient src : registeredClientService.getAll()) {
- writer.beginObject();
- writer.name(ISSUER).value(src.getIssuer());
- writer.name(REGISTERED_CLIENT).value(src.getRegisteredClient().getSource().toString());
- writer.endObject();
- logger.debug("Wrote saved registered client {}", src.getId());
- }
- logger.info("Done writing saved registered clients");
- }
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#importExtensionData(com.google.gson.stream.JsonReader)
- */
- @Override
- public boolean importExtensionData(String name, JsonReader reader) throws IOException {
- if (name.equals(SAVED_REGISTERED_CLIENTS)) {
- readSavedRegisteredClients(reader);
- return true;
- } else if (name.equals(RESOURCE_SETS)) {
- readResourceSets(reader);
- return true;
- } else if (name.equals(PERMISSION_TICKETS)) {
- readPermissionTickets(reader);
- return true;
- } else if (name.equals(TOKEN_PERMISSIONS)) {
- readTokenPermissions(reader);
- return true;
- } else {
- return false;
- }
- }
-
- /**
- * @param reader
- */
- private void readTokenPermissions(JsonReader reader) throws IOException {
- reader.beginArray();
- while(reader.hasNext()) {
- reader.beginObject();
- Long tokenId = null;
- Set permissions = new HashSet<>();
- while (reader.hasNext()) {
- switch(reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String name = reader.nextName();
- if (name.equals(TOKEN_ID)) {
- tokenId = reader.nextLong();
- } else if (name.equals(PERMISSIONS)) {
- reader.beginArray();
- while (reader.hasNext()) {
- Permission p = new Permission();
- Long rsid = null;
- Set scope = new HashSet<>();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String pname = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (pname.equals(RESOURCE_SET)) {
- rsid = reader.nextLong();
- } else if (pname.equals(SCOPES)) {
- scope = readSet(reader);
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- p.setScopes(scope);
- Permission saved = permissionRepository.saveRawPermission(p);
- permissionToResourceRefs.put(saved.getId(), rsid);
- permissions.add(saved.getId());
- }
- reader.endArray();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- tokenToPermissionRefs.put(tokenId, permissions);
- }
- reader.endArray();
-
- }
-
- private Map permissionToResourceRefs = new HashMap<>();
-
- /**
- * @param reader
- */
- private void readPermissionTickets(JsonReader reader) throws IOException {
- JsonParser parser = new JsonParser();
- reader.beginArray();
- while (reader.hasNext()) {
- PermissionTicket ticket = new PermissionTicket();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String name = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (name.equals(CLAIMS_SUPPLIED)) {
- Set claimsSupplied = new HashSet<>();
- reader.beginArray();
- while (reader.hasNext()) {
- Claim c = new Claim();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String cname = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (cname.equals(ISSUER)) {
- c.setIssuer(readSet(reader));
- } else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
- c.setClaimTokenFormat(readSet(reader));
- } else if (cname.equals(CLAIM_TYPE)) {
- c.setClaimType(reader.nextString());
- } else if (cname.equals(FRIENDLY_NAME)) {
- c.setFriendlyName(reader.nextString());
- } else if (cname.equals(NAME)) {
- c.setName(reader.nextString());
- } else if (cname.equals(VALUE)) {
- JsonElement e = parser.parse(reader.nextString());
- c.setValue(e);
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- claimsSupplied.add(c);
- }
- reader.endArray();
- ticket.setClaimsSupplied(claimsSupplied);
- } else if (name.equals(EXPIRATION)) {
- ticket.setExpiration(utcToDate(reader.nextString()));
- } else if (name.equals(PERMISSION)) {
- Permission p = new Permission();
- Long rsid = null;
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String pname = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (pname.equals(RESOURCE_SET)) {
- rsid = reader.nextLong();
- } else if (pname.equals(SCOPES)) {
- p.setScopes(readSet(reader));
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- Permission saved = permissionRepository.saveRawPermission(p);
- permissionToResourceRefs.put(saved.getId(), rsid);
- ticket.setPermission(saved);
- } else if (name.equals(TICKET)) {
- ticket.setTicket(reader.nextString());
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- permissionRepository.save(ticket);
- }
- reader.endArray();
- }
-
-
- private Map resourceSetOldToNewIdMap = new HashMap<>();
-
- /**
- * @param reader
- */
- private void readResourceSets(JsonReader reader) throws IOException {
- JsonParser parser = new JsonParser();
- reader.beginArray();
- while (reader.hasNext()) {
- Long oldId = null;
- ResourceSet rs = new ResourceSet();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String name = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (name.equals(ID)) {
- oldId = reader.nextLong();
- } else if (name.equals(CLIENT_ID)) {
- rs.setClientId(reader.nextString());
- } else if (name.equals(ICON_URI)) {
- rs.setIconUri(reader.nextString());
- } else if (name.equals(NAME)) {
- rs.setName(reader.nextString());
- } else if (name.equals(TYPE)) {
- rs.setType(reader.nextString());
- } else if (name.equals(URI)) {
- rs.setUri(reader.nextString());
- } else if (name.equals(OWNER)) {
- rs.setOwner(reader.nextString());
- } else if (name.equals(POLICIES)) {
- Set policies = new HashSet<>();
- reader.beginArray();
- while (reader.hasNext()) {
- Policy p = new Policy();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String pname = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (pname.equals(NAME)) {
- p.setName(reader.nextString());
- } else if (pname.equals(SCOPES)) {
- p.setScopes(readSet(reader));
- } else if (pname.equals(CLAIMS_REQUIRED)) {
- Set claimsRequired = new HashSet<>();
- reader.beginArray();
- while (reader.hasNext()) {
- Claim c = new Claim();
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String cname = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (cname.equals(ISSUER)) {
- c.setIssuer(readSet(reader));
- } else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
- c.setClaimTokenFormat(readSet(reader));
- } else if (cname.equals(CLAIM_TYPE)) {
- c.setClaimType(reader.nextString());
- } else if (cname.equals(FRIENDLY_NAME)) {
- c.setFriendlyName(reader.nextString());
- } else if (cname.equals(NAME)) {
- c.setName(reader.nextString());
- } else if (cname.equals(VALUE)) {
- JsonElement e = parser.parse(reader.nextString());
- c.setValue(e);
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- claimsRequired.add(c);
- }
- reader.endArray();
- p.setClaimsRequired(claimsRequired);
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- policies.add(p);
- }
- reader.endArray();
- rs.setPolicies(policies);
- } else if (name.equals(SCOPES)) {
- rs.setScopes(readSet(reader));
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- Long newId = resourceSetRepository.save(rs).getId();
- resourceSetOldToNewIdMap.put(oldId, newId);
- }
- reader.endArray();
- logger.info("Done reading resource sets");
- }
-
- /**
- * @param reader
- */
- private void readSavedRegisteredClients(JsonReader reader) throws IOException{
- reader.beginArray();
- while (reader.hasNext()) {
- String issuer = null;
- String clientString = null;
- reader.beginObject();
- while (reader.hasNext()) {
- switch (reader.peek()) {
- case END_OBJECT:
- continue;
- case NAME:
- String name = reader.nextName();
- if (reader.peek() == JsonToken.NULL) {
- reader.skipValue();
- } else if (name.equals(ISSUER)) {
- issuer = reader.nextString();
- } else if (name.equals(REGISTERED_CLIENT)) {
- clientString = reader.nextString();
- } else {
- logger.debug("Found unexpected entry");
- reader.skipValue();
- }
- break;
- default:
- logger.debug("Found unexpected entry");
- reader.skipValue();
- continue;
- }
- }
- reader.endObject();
- RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(clientString);
- registeredClientService.save(issuer, client);
- logger.debug("Saved registered client");
- }
- reader.endArray();
- logger.info("Done reading saved registered clients");
- }
-
- /* (non-Javadoc)
- * @see org.mitre.openid.connect.service.MITREidDataServiceExtension#fixExtensionObjectReferences()
- */
- @Override
- public void fixExtensionObjectReferences(MITREidDataServiceMaps maps) {
- for (Long permissionId : permissionToResourceRefs.keySet()) {
- Long oldResourceId = permissionToResourceRefs.get(permissionId);
- Long newResourceId = resourceSetOldToNewIdMap.get(oldResourceId);
- Permission p = permissionRepository.getById(permissionId);
- ResourceSet rs = resourceSetRepository.getById(newResourceId);
- p.setResourceSet(rs);
- permissionRepository.saveRawPermission(p);
- logger.debug("Mapping rsid " + oldResourceId + " to " + newResourceId + " for permission " + permissionId);
- }
- for (Long tokenId : tokenToPermissionRefs.keySet()) {
- Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(tokenId);
- OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId);
-
- Set permissions = new HashSet<>();
- for (Long permissionId : tokenToPermissionRefs.get(tokenId)) {
- Permission p = permissionRepository.getById(permissionId);
- permissions.add(p);
- }
-
- token.setPermissions(permissions);
- tokenRepository.saveAccessToken(token);
- }
- permissionToResourceRefs.clear();
- resourceSetOldToNewIdMap.clear();
- tokenToPermissionRefs.clear();
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java b/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java
deleted file mode 100644
index 9626eba04..000000000
--- a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.util;
-
-import java.util.Collection;
-
-import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
-import org.mitre.openid.connect.model.UserInfo;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-
-import com.google.common.collect.Sets;
-import com.nimbusds.jwt.JWT;
-
-/**
- * Utility class to map all external logins to the ROLE_EXTERNAL_USER authority
- * to prevent them from accessing other parts of the server.
- *
- * @author jricher
- *
- */
-public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper {
-
- private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER");
-
- @Override
- public Collection mapAuthorities(JWT idToken, UserInfo userInfo) {
- return Sets.newHashSet(ROLE_EXTERNAL_USER);
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
deleted file mode 100644
index 9f581fb67..000000000
--- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.uma.view;
-
-import java.io.IOException;
-import java.io.Writer;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.uma.model.ResourceSet;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Component;
-import org.springframework.validation.BeanPropertyBindingResult;
-import org.springframework.web.servlet.view.AbstractView;
-
-import com.google.common.base.Strings;
-import com.google.gson.ExclusionStrategy;
-import com.google.gson.FieldAttributes;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonObject;
-import com.google.gson.LongSerializationPolicy;
-
-@Component(ResourceSetEntityAbbreviatedView.VIEWNAME)
-public class ResourceSetEntityAbbreviatedView extends AbstractView {
- private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
-
- public static final String VIEWNAME = "resourceSetEntityAbbreviatedView";
-
- public static final String LOCATION = "location";
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- private Gson gson = new GsonBuilder()
- .setExclusionStrategies(new ExclusionStrategy() {
-
- @Override
- public boolean shouldSkipField(FieldAttributes f) {
-
- return false;
- }
-
- @Override
- public boolean shouldSkipClass(Class clazz) {
- // skip the JPA binding wrapper
- if (clazz.equals(BeanPropertyBindingResult.class)) {
- return true;
- }
- return false;
- }
-
- })
- .serializeNulls()
- .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
- .setLongSerializationPolicy(LongSerializationPolicy.STRING)
- .create();
-
- @Override
- protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) {
-
- response.setContentType("application/json");
-
-
- HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE);
- if (code == null) {
- code = HttpStatus.OK; // default to 200
- }
-
- response.setStatus(code.value());
-
- String location = (String) model.get(LOCATION);
- if (!Strings.isNullOrEmpty(location)) {
- response.setHeader(HttpHeaders.LOCATION, location);
- }
-
- try {
-
- Writer out = response.getWriter();
- ResourceSet rs = (ResourceSet) model.get(JsonEntityView.ENTITY);
-
- JsonObject o = new JsonObject();
-
- o.addProperty("_id", rs.getId().toString()); // set the ID to a string
- o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/user/policy/" + rs.getId());
-
-
- gson.toJson(o, out);
-
- } catch (IOException e) {
-
- logger.error("IOException in ResourceSetEntityView.java: ", e);
-
- }
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java
deleted file mode 100644
index e34e47431..000000000
--- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.uma.view;
-
-import java.io.IOException;
-import java.io.Writer;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.util.JsonUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Component;
-import org.springframework.validation.BeanPropertyBindingResult;
-import org.springframework.web.servlet.view.AbstractView;
-
-import com.google.common.base.Strings;
-import com.google.gson.ExclusionStrategy;
-import com.google.gson.FieldAttributes;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonObject;
-import com.google.gson.LongSerializationPolicy;
-
-@Component(ResourceSetEntityView.VIEWNAME)
-public class ResourceSetEntityView extends AbstractView {
- private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
-
- public static final String VIEWNAME = "resourceSetEntityView";
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- private Gson gson = new GsonBuilder()
- .setExclusionStrategies(new ExclusionStrategy() {
-
- @Override
- public boolean shouldSkipField(FieldAttributes f) {
-
- return false;
- }
-
- @Override
- public boolean shouldSkipClass(Class clazz) {
- // skip the JPA binding wrapper
- if (clazz.equals(BeanPropertyBindingResult.class)) {
- return true;
- }
- return false;
- }
-
- })
- .serializeNulls()
- .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
- .setLongSerializationPolicy(LongSerializationPolicy.STRING)
- .create();
-
- @Override
- protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) {
-
- response.setContentType("application/json");
-
-
- HttpStatus code = (HttpStatus) model.get("code");
- if (code == null) {
- code = HttpStatus.OK; // default to 200
- }
-
- response.setStatus(code.value());
-
- String location = (String) model.get("location");
- if (!Strings.isNullOrEmpty(location)) {
- response.setHeader(HttpHeaders.LOCATION, location);
- }
-
- try {
-
- Writer out = response.getWriter();
- ResourceSet rs = (ResourceSet) model.get("entity");
-
- JsonObject o = new JsonObject();
-
- o.addProperty("_id", rs.getId().toString()); // send the id as a string
- o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/resource/" + rs.getId());
- o.addProperty("name", rs.getName());
- o.addProperty("uri", rs.getUri());
- o.addProperty("type", rs.getType());
- o.add("scopes", JsonUtils.getAsArray(rs.getScopes()));
- o.addProperty("icon_uri", rs.getIconUri());
-
- gson.toJson(o, out);
-
- } catch (IOException e) {
-
- logger.error("IOException in ResourceSetEntityView.java: ", e);
-
- }
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
deleted file mode 100644
index 04f837844..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
+++ /dev/null
@@ -1,202 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import java.util.Map;
-
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.service.OAuth2TokenEntityService;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mitre.oauth2.web.AuthenticationUtilities;
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.view.JsonErrorView;
-import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.ClaimProcessingResult;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.service.ClaimsProcessingService;
-import org.mitre.uma.service.PermissionService;
-import org.mitre.uma.service.UmaTokenService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.gson.JsonArray;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import com.google.gson.JsonPrimitive;
-
-/**
- * @author jricher
- *
- */
-@Controller
-@RequestMapping("/" + AuthorizationRequestEndpoint.URL)
-public class AuthorizationRequestEndpoint {
- // Logger for this class
- private static final Logger logger = LoggerFactory.getLogger(AuthorizationRequestEndpoint.class);
-
- public static final String RPT = "rpt";
- public static final String TICKET = "ticket";
- public static final String URL = "authz_request";
-
- @Autowired
- private PermissionService permissionService;
-
- @Autowired
- private OAuth2TokenEntityService tokenService;
-
- @Autowired
- private ClaimsProcessingService claimsProcessingService;
-
- @Autowired
- private UmaTokenService umaTokenService;
-
- @RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String authorizationRequest(@RequestBody String jsonString, Model m, Authentication auth) {
-
- AuthenticationUtilities.ensureOAuthScope(auth, SystemScopeService.UMA_AUTHORIZATION_SCOPE);
-
- JsonParser parser = new JsonParser();
- JsonElement e = parser.parse(jsonString);
-
- if (e.isJsonObject()) {
- JsonObject o = e.getAsJsonObject();
-
- if (o.has(TICKET)) {
-
- OAuth2AccessTokenEntity incomingRpt = null;
- if (o.has(RPT)) {
- String rptValue = o.get(RPT).getAsString();
- incomingRpt = tokenService.readAccessToken(rptValue);
- }
-
- String ticketValue = o.get(TICKET).getAsString();
-
- PermissionTicket ticket = permissionService.getByTicket(ticketValue);
-
- if (ticket != null) {
- // found the ticket, see if it's any good
-
- ResourceSet rs = ticket.getPermission().getResourceSet();
-
- if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) {
- // the required claims are empty, this resource has no way to be authorized
-
- m.addAttribute(JsonErrorView.ERROR, "not_authorized");
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed.");
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- } else {
- // claims weren't empty or missing, we need to check against what we have
-
- ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket);
-
-
- if (result.isSatisfied()) {
- // the service found what it was looking for, issue a token
-
- // we need to downscope this based on the required set that was matched if it was matched
- OAuth2Authentication o2auth = (OAuth2Authentication) auth;
-
- OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket, result.getMatched());
-
- // if we have an inbound RPT, throw it out because we're replacing it
- if (incomingRpt != null) {
- tokenService.revokeAccessToken(incomingRpt);
- }
-
- Map entity = ImmutableMap.of("rpt", token.getValue());
-
- m.addAttribute(JsonEntityView.ENTITY, entity);
-
- return JsonEntityView.VIEWNAME;
-
- } else {
-
- // if we got here, the claim didn't match, forward the user to the claim gathering endpoint
- JsonObject entity = new JsonObject();
-
- entity.addProperty(JsonErrorView.ERROR, "need_info");
- JsonObject details = new JsonObject();
-
- JsonObject rpClaims = new JsonObject();
- rpClaims.addProperty("redirect_user", true);
- rpClaims.addProperty("ticket", ticketValue);
- JsonArray req = new JsonArray();
- for (Claim claim : result.getUnmatched()) {
- JsonObject c = new JsonObject();
- c.addProperty("name", claim.getName());
- c.addProperty("friendly_name", claim.getFriendlyName());
- c.addProperty("claim_type", claim.getClaimType());
- JsonArray f = new JsonArray();
- for (String format : claim.getClaimTokenFormat()) {
- f.add(new JsonPrimitive(format));
- }
- c.add("claim_token_format", f);
- JsonArray i = new JsonArray();
- for (String issuer : claim.getIssuer()) {
- i.add(new JsonPrimitive(issuer));
- }
- c.add("issuer", i);
- req.add(c);
- }
- rpClaims.add("required_claims", req);
- details.add("requesting_party_claims", rpClaims);
- entity.add("error_details", details);
-
- m.addAttribute(JsonEntityView.ENTITY, entity);
- return JsonEntityView.VIEWNAME;
- }
-
-
- }
- } else {
- // ticket wasn't found, return an error
- m.addAttribute(HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR, "invalid_ticket");
- return JsonErrorView.VIEWNAME;
- }
-
- } else {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Missing JSON elements.");
- return JsonErrorView.VIEWNAME;
- }
-
-
- } else {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Malformed JSON request.");
- return JsonErrorView.VIEWNAME;
- }
-
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
deleted file mode 100644
index 52061e4eb..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import java.util.Set;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
-import org.mitre.openid.connect.model.UserInfo;
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.service.PermissionService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.util.UriComponentsBuilder;
-
-import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonPrimitive;
-
-/**
- *
- * Collect claims interactively from the end user.
- *
- * @author jricher
- *
- */
-@Controller
-@PreAuthorize("hasRole('ROLE_EXTERNAL_USER')")
-@RequestMapping("/" + ClaimsCollectionEndpoint.URL)
-public class ClaimsCollectionEndpoint {
- // Logger for this class
- private static final Logger logger = LoggerFactory.getLogger(ClaimsCollectionEndpoint.class);
-
- public static final String URL = "rqp_claims";
-
- @Autowired
- private ClientDetailsEntityService clientService;
-
- @Autowired
- private PermissionService permissionService;
-
-
- @RequestMapping(method = RequestMethod.GET)
- public String collectClaims(@RequestParam("client_id") String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri,
- @RequestParam("ticket") String ticketValue, @RequestParam(value = "state", required = false) String state,
- Model m, OIDCAuthenticationToken auth) {
-
-
- ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
-
- PermissionTicket ticket = permissionService.getByTicket(ticketValue);
-
- if (client == null || ticket == null) {
- logger.info("Client or ticket not found: " + clientId + " :: " + ticketValue);
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- // we've got a client and ticket, let's attach the claims that we have from the token and userinfo
-
- // subject
- Set claimsSupplied = Sets.newHashSet(ticket.getClaimsSupplied());
-
- String issuer = auth.getIssuer();
- UserInfo userInfo = auth.getUserInfo();
-
- claimsSupplied.add(mkClaim(issuer, "sub", new JsonPrimitive(auth.getSub())));
- if (userInfo.getEmail() != null) {
- claimsSupplied.add(mkClaim(issuer, "email", new JsonPrimitive(userInfo.getEmail())));
- }
- if (userInfo.getEmailVerified() != null) {
- claimsSupplied.add(mkClaim(issuer, "email_verified", new JsonPrimitive(userInfo.getEmailVerified())));
- }
- if (userInfo.getPhoneNumber() != null) {
- claimsSupplied.add(mkClaim(issuer, "phone_number", new JsonPrimitive(auth.getUserInfo().getPhoneNumber())));
- }
- if (userInfo.getPhoneNumberVerified() != null) {
- claimsSupplied.add(mkClaim(issuer, "phone_number_verified", new JsonPrimitive(auth.getUserInfo().getPhoneNumberVerified())));
- }
- if (userInfo.getPreferredUsername() != null) {
- claimsSupplied.add(mkClaim(issuer, "preferred_username", new JsonPrimitive(auth.getUserInfo().getPreferredUsername())));
- }
- if (userInfo.getProfile() != null) {
- claimsSupplied.add(mkClaim(issuer, "profile", new JsonPrimitive(auth.getUserInfo().getProfile())));
- }
-
- ticket.setClaimsSupplied(claimsSupplied);
-
- PermissionTicket updatedTicket = permissionService.updateTicket(ticket);
-
- if (Strings.isNullOrEmpty(redirectUri)) {
- if (client.getClaimsRedirectUris().size() == 1) {
- redirectUri = client.getClaimsRedirectUris().iterator().next(); // get the first (and only) redirect URI to use here
- logger.info("No redirect URI passed in, using registered value: " + redirectUri);
- } else {
- throw new RedirectMismatchException("Unable to find redirect URI and none passed in.");
- }
- } else {
- if (!client.getClaimsRedirectUris().contains(redirectUri)) {
- throw new RedirectMismatchException("Claims redirect did not match the registered values.");
- }
- }
-
- UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri);
- template.queryParam("authorization_state", "claims_submitted");
- if (!Strings.isNullOrEmpty(state)) {
- template.queryParam("state", state);
- }
-
- String uriString = template.toUriString();
- logger.info("Redirecting to " + uriString);
-
- return "redirect:" + uriString;
- }
-
-
- private Claim mkClaim(String issuer, String name, JsonElement value) {
- Claim c = new Claim();
- c.setIssuer(Sets.newHashSet(issuer));
- c.setName(name);
- c.setValue(value);
- return c;
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
deleted file mode 100644
index a3b660129..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
+++ /dev/null
@@ -1,155 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
-import static org.mitre.util.JsonUtils.getAsLong;
-import static org.mitre.util.JsonUtils.getAsStringSet;
-
-import java.util.Set;
-
-import org.mitre.oauth2.model.SystemScope;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.view.JsonErrorView;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.service.PermissionService;
-import org.mitre.uma.service.ResourceSetService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonParser;
-
-/**
- * @author jricher
- *
- */
-@Controller
-@RequestMapping("/" + PermissionRegistrationEndpoint.URL)
-@PreAuthorize("hasRole('ROLE_USER')")
-public class PermissionRegistrationEndpoint {
- // Logger for this class
- private static final Logger logger = LoggerFactory.getLogger(PermissionRegistrationEndpoint.class);
-
- public static final String URL = "permission";
-
- @Autowired
- private PermissionService permissionService;
-
- @Autowired
- private ResourceSetService resourceSetService;
-
- @Autowired
- private SystemScopeService scopeService;
-
- private JsonParser parser = new JsonParser();
-
- @RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String getPermissionTicket(@RequestBody String jsonString, Model m, Authentication auth) {
-
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- try {
-
- // parse the permission request
-
- JsonElement el = parser.parse(jsonString);
- if (el.isJsonObject()) {
- JsonObject o = el.getAsJsonObject();
-
- Long rsid = getAsLong(o, "resource_set_id");
- Set scopes = getAsStringSet(o, "scopes");
-
- if (rsid == null || scopes == null || scopes.isEmpty()){
- // missing information
- m.addAttribute("code", HttpStatus.BAD_REQUEST);
- m.addAttribute("errorMessage", "Missing required component of permission registration request.");
- return JsonErrorView.VIEWNAME;
- }
-
- // trim any restricted scopes
- Set scopesRequested = scopeService.fromStrings(scopes);
- scopesRequested = scopeService.removeRestrictedAndReservedScopes(scopesRequested);
- scopes = scopeService.toStrings(scopesRequested);
-
- ResourceSet resourceSet = resourceSetService.getById(rsid);
-
- // requested resource set doesn't exist
- if (resourceSet == null) {
- m.addAttribute("code", HttpStatus.NOT_FOUND);
- m.addAttribute("errorMessage", "Requested resource set not found: " + rsid);
- return JsonErrorView.VIEWNAME;
- }
-
- // authorized user of the token doesn't match owner of the resource set
- if (!resourceSet.getOwner().equals(auth.getName())) {
- m.addAttribute("code", HttpStatus.FORBIDDEN);
- m.addAttribute("errorMessage", "Party requesting permission is not owner of resource set, expected " + resourceSet.getOwner() + " got " + auth.getName());
- return JsonErrorView.VIEWNAME;
- }
-
- // create the permission
- PermissionTicket permission = permissionService.createTicket(resourceSet, scopes);
-
- if (permission != null) {
- // we've created the permission, return the ticket
- JsonObject out = new JsonObject();
- out.addProperty("ticket", permission.getTicket());
- m.addAttribute("entity", out);
-
- m.addAttribute("code", HttpStatus.CREATED);
-
- return JsonEntityView.VIEWNAME;
- } else {
- // there was a failure creating the permission object
-
- m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
- m.addAttribute("errorMessage", "Unable to save permission and generate ticket.");
-
- return JsonErrorView.VIEWNAME;
- }
-
- } else {
- // malformed request
- m.addAttribute("code", HttpStatus.BAD_REQUEST);
- m.addAttribute("errorMessage", "Malformed JSON request.");
- return JsonErrorView.VIEWNAME;
- }
- } catch (JsonParseException e) {
- // malformed request
- m.addAttribute("code", HttpStatus.BAD_REQUEST);
- m.addAttribute("errorMessage", "Malformed JSON request.");
- return JsonErrorView.VIEWNAME;
- }
-
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java b/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java
deleted file mode 100644
index 2b1feda58..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java
+++ /dev/null
@@ -1,391 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.view.JsonErrorView;
-import org.mitre.openid.connect.web.RootController;
-import org.mitre.uma.model.Claim;
-import org.mitre.uma.model.Policy;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.service.ResourceSetService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import com.google.common.collect.Sets;
-import com.google.gson.Gson;
-
-/**
- * API for managing policies on resource sets.
- *
- * @author jricher
- *
- */
-@Controller
-@RequestMapping("/" + PolicyAPI.URL)
-@PreAuthorize("hasRole('ROLE_USER')")
-public class PolicyAPI {
-
- // Logger for this class
- private static final Logger logger = LoggerFactory.getLogger(PolicyAPI.class);
-
- public static final String URL = RootController.API_URL + "/resourceset";
- public static final String POLICYURL = "/policy";
-
- private Gson gson = new Gson();
-
- @Autowired
- private ResourceSetService resourceSetService;
-
- /**
- * List all resource sets for the current user
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String getResourceSetsForCurrentUser(Model m, Authentication auth) {
-
- Collection resourceSets = resourceSetService.getAllForOwner(auth.getName());
-
- m.addAttribute(JsonEntityView.ENTITY, resourceSets);
-
- return JsonEntityView.VIEWNAME;
- }
-
- /**
- * Get the indicated resource set
- * @param rsid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String getResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- m.addAttribute(JsonEntityView.ENTITY, rs);
-
- return JsonEntityView.VIEWNAME;
- }
-
- /**
- * Delete the indicated resource set
- * @param rsid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String deleteResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- resourceSetService.remove(rs);
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
- return HttpCodeView.VIEWNAME;
-
- }
-
- /**
- * List all the policies for the given resource set
- * @param rsid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String getPoliciesForResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
-
- return JsonEntityView.VIEWNAME;
- }
-
- /**
- * Create a new policy on the given resource set
- * @param rsid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String createNewPolicyForResourceSet(@PathVariable (value = "rsid") Long rsid, @RequestBody String jsonString, Model m, Authentication auth) {
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- Policy p = gson.fromJson(jsonString, Policy.class);
-
- if (p.getId() != null) {
- logger.warn("Tried to add a policy with a non-null ID: " + p.getId());
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- return HttpCodeView.VIEWNAME;
- }
-
- for (Claim claim : p.getClaimsRequired()) {
- if (claim.getId() != null) {
- logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId());
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- return HttpCodeView.VIEWNAME;
- }
- }
-
- rs.getPolicies().add(p);
- ResourceSet saved = resourceSetService.update(rs, rs);
-
- // find the new policy object
- Collection newPolicies = Sets.difference(new HashSet<>(saved.getPolicies()), new HashSet<>(rs.getPolicies()));
-
- if (newPolicies.size() == 1) {
- Policy newPolicy = newPolicies.iterator().next();
- m.addAttribute(JsonEntityView.ENTITY, newPolicy);
- return JsonEntityView.VIEWNAME;
- } else {
- logger.warn("Unexpected result trying to add a new policy object: " + newPolicies);
- m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
- return HttpCodeView.VIEWNAME;
- }
-
- }
-
- /**
- * Get a specific policy
- * @param rsid
- * @param pid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String getPolicy(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- for (Policy policy : rs.getPolicies()) {
- if (policy.getId().equals(pid)) {
- // found it!
- m.addAttribute(JsonEntityView.ENTITY, policy);
- return JsonEntityView.VIEWNAME;
- }
- }
-
- // if we made it this far, we haven't found it
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- /**
- * Update a specific policy
- * @param rsid
- * @param pid
- * @param jsonString
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String setClaimsForResourceSet(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, @RequestBody String jsonString, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- if (!rs.getOwner().equals(auth.getName())) {
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // authenticated user didn't match the owner of the resource set
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return HttpCodeView.VIEWNAME;
- }
-
- Policy p = gson.fromJson(jsonString, Policy.class);
-
- if (!pid.equals(p.getId())) {
- logger.warn("Policy ID mismatch, expected " + pid + " got " + p.getId());
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- return HttpCodeView.VIEWNAME;
- }
-
- for (Policy policy : rs.getPolicies()) {
- if (policy.getId().equals(pid)) {
- // found it!
-
- // find the existing claim IDs, make sure we're not overwriting anything from another policy
- Set claimIds = new HashSet<>();
- for (Claim claim : policy.getClaimsRequired()) {
- claimIds.add(claim.getId());
- }
-
- for (Claim claim : p.getClaimsRequired()) {
- if (claim.getId() != null && !claimIds.contains(claim.getId())) {
- logger.warn("Tried to add a policy with a an unmatched claim ID: got " + claim.getId() + " expected " + claimIds);
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- return HttpCodeView.VIEWNAME;
- }
- }
-
- // update the existing object with the new values
- policy.setClaimsRequired(p.getClaimsRequired());
- policy.setName(p.getName());
- policy.setScopes(p.getScopes());
-
- resourceSetService.update(rs, rs);
-
- m.addAttribute(JsonEntityView.ENTITY, policy);
- return JsonEntityView.VIEWNAME;
- }
- }
-
- // if we made it this far, we haven't found it
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
- }
-
- /**
- * Delete a specific policy
- * @param rsid
- * @param pid
- * @param m
- * @param auth
- * @return
- */
- @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String deleteResourceSet(@PathVariable ("rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) {
-
- ResourceSet rs = resourceSetService.getById(rsid);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- m.addAttribute(JsonErrorView.ERROR, "not_found");
- return JsonErrorView.VIEWNAME;
- }
-
- if (!auth.getName().equals(rs.getOwner())) {
-
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // it wasn't issued to this user
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- }
-
-
- for (Policy policy : rs.getPolicies()) {
- if (policy.getId().equals(pid)) {
- // found it!
- rs.getPolicies().remove(policy);
- resourceSetService.update(rs, rs);
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
- return HttpCodeView.VIEWNAME;
- }
- }
-
- // if we made it this far, we haven't found it
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return HttpCodeView.VIEWNAME;
-
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
deleted file mode 100644
index ce10568fb..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ /dev/null
@@ -1,317 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.uma.web;
-
-
-import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
-import static org.mitre.util.JsonUtils.getAsLong;
-import static org.mitre.util.JsonUtils.getAsString;
-import static org.mitre.util.JsonUtils.getAsStringSet;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.mitre.oauth2.model.SystemScope;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.view.JsonErrorView;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.service.ResourceSetService;
-import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
-import org.mitre.uma.view.ResourceSetEntityView;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import com.google.common.base.Strings;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonParser;
-
-@Controller
-@RequestMapping("/" + ResourceSetRegistrationEndpoint.URL)
-@PreAuthorize("hasRole('ROLE_USER')")
-public class ResourceSetRegistrationEndpoint {
-
- private static final Logger logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class);
-
- public static final String DISCOVERY_URL = "resource_set";
- public static final String URL = DISCOVERY_URL + "/resource_set";
-
- @Autowired
- private ResourceSetService resourceSetService;
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- @Autowired
- private SystemScopeService scopeService;
-
- private JsonParser parser = new JsonParser();
-
- @RequestMapping(method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) {
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- ResourceSet rs = parseResourceSet(jsonString);
-
- if (rs == null) { // there was no resource set in the body
- logger.warn("Resource set registration missing body.");
-
- m.addAttribute("code", HttpStatus.BAD_REQUEST);
- m.addAttribute("error_description", "Resource request was missing body.");
- return JsonErrorView.VIEWNAME;
- }
-
- if (auth instanceof OAuth2Authentication) {
- // if it's an OAuth mediated call, it's on behalf of a client, so store that
- OAuth2Authentication o2a = (OAuth2Authentication) auth;
- rs.setClientId(o2a.getOAuth2Request().getClientId());
- rs.setOwner(auth.getName()); // the username is going to be in the auth object
- } else {
- // this one shouldn't be called if it's not OAuth
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token");
- return JsonErrorView.VIEWNAME;
- }
-
- rs = validateScopes(rs);
-
- if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required)
- || rs.getScopes() == null // there were no scopes (required)
- ) {
-
- logger.warn("Resource set registration missing one or more required fields.");
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
- return JsonErrorView.VIEWNAME;
- }
-
- ResourceSet saved = resourceSetService.saveNew(rs);
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);
- m.addAttribute(JsonEntityView.ENTITY, saved);
- m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId());
-
- return ResourceSetEntityAbbreviatedView.VIEWNAME;
-
- }
-
- @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String readResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- ResourceSet rs = resourceSetService.getById(id);
-
- if (rs == null) {
- m.addAttribute("code", HttpStatus.NOT_FOUND);
- m.addAttribute("error", "not_found");
- return JsonErrorView.VIEWNAME;
- } else {
-
- rs = validateScopes(rs);
-
- if (!auth.getName().equals(rs.getOwner())) {
-
- logger.warn("Unauthorized resource set request from wrong user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // it wasn't issued to this user
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- } else {
- m.addAttribute(JsonEntityView.ENTITY, rs);
- return ResourceSetEntityView.VIEWNAME;
- }
-
- }
-
- }
-
- @RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String updateResourceSet(@PathVariable ("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) {
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- ResourceSet newRs = parseResourceSet(jsonString);
-
- if (newRs == null // there was no resource set in the body
- || Strings.isNullOrEmpty(newRs.getName()) // there was no name (required)
- || newRs.getScopes() == null // there were no scopes (required)
- || newRs.getId() == null || !newRs.getId().equals(id) // the IDs didn't match
- ) {
-
- logger.warn("Resource set registration missing one or more required fields.");
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
- m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
- return JsonErrorView.VIEWNAME;
- }
-
- ResourceSet rs = resourceSetService.getById(id);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- m.addAttribute(JsonErrorView.ERROR, "not_found");
- return JsonErrorView.VIEWNAME;
- } else {
- if (!auth.getName().equals(rs.getOwner())) {
-
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // it wasn't issued to this user
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- } else {
-
- ResourceSet saved = resourceSetService.update(rs, newRs);
-
- m.addAttribute(JsonEntityView.ENTITY, saved);
- m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId());
- return ResourceSetEntityAbbreviatedView.VIEWNAME;
- }
-
- }
- }
-
- @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String deleteResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- ResourceSet rs = resourceSetService.getById(id);
-
- if (rs == null) {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- m.addAttribute(JsonErrorView.ERROR, "not_found");
- return JsonErrorView.VIEWNAME;
- } else {
- if (!auth.getName().equals(rs.getOwner())) {
-
- logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-
- // it wasn't issued to this user
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- } else if (auth instanceof OAuth2Authentication &&
- !((OAuth2Authentication)auth).getOAuth2Request().getClientId().equals(rs.getClientId())){
-
- logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication)auth).getOAuth2Request().getClientId());
-
- // it wasn't issued to this client
- m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
- return JsonErrorView.VIEWNAME;
- } else {
-
- // user and client matched
- resourceSetService.remove(rs);
-
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
- return HttpCodeView.VIEWNAME;
- }
-
- }
- }
-
- @RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String listResourceSets(Model m, Authentication auth) {
- ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-
- String owner = auth.getName();
-
- Collection resourceSets = Collections.emptySet();
- if (auth instanceof OAuth2Authentication) {
- // if it's an OAuth mediated call, it's on behalf of a client, so look that up too
- OAuth2Authentication o2a = (OAuth2Authentication) auth;
- resourceSets = resourceSetService.getAllForOwnerAndClient(owner, o2a.getOAuth2Request().getClientId());
- } else {
- // otherwise get everything for the current user
- resourceSets = resourceSetService.getAllForOwner(owner);
- }
-
- // build the entity here and send to the display
-
- Set ids = new HashSet<>();
- for (ResourceSet resourceSet : resourceSets) {
- ids.add(resourceSet.getId().toString()); // add them all as strings so that gson renders them properly
- }
-
- m.addAttribute(JsonEntityView.ENTITY, ids);
- return JsonEntityView.VIEWNAME;
- }
-
- private ResourceSet parseResourceSet(String jsonString) {
-
- try {
- JsonElement el = parser.parse(jsonString);
-
- if (el.isJsonObject()) {
- JsonObject o = el.getAsJsonObject();
-
- ResourceSet rs = new ResourceSet();
- rs.setId(getAsLong(o, "_id"));
- rs.setName(getAsString(o, "name"));
- rs.setIconUri(getAsString(o, "icon_uri"));
- rs.setType(getAsString(o, "type"));
- rs.setScopes(getAsStringSet(o, "scopes"));
- rs.setUri(getAsString(o, "uri"));
-
- return rs;
-
- }
-
- return null;
-
- } catch (JsonParseException e) {
- return null;
- }
-
- }
-
-
- /**
- *
- * Make sure the resource set doesn't have any restricted or reserved scopes.
- *
- * @param rs
- */
- private ResourceSet validateScopes(ResourceSet rs) {
- // scopes that the client is asking for
- Set requestedScopes = scopeService.fromStrings(rs.getScopes());
-
- // the scopes that the resource set can have must be a subset of the dynamically allowed scopes
- Set allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes);
-
- rs.setScopes(scopeService.toStrings(allowedScopes));
-
- return rs;
- }
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java
deleted file mode 100644
index 6dc8717ad..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.mitre.oauth2.web.IntrospectionEndpoint;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
-
-/**
- * @author jricher
- *
- */
-@Controller
-public class UmaDiscoveryEndpoint {
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- @RequestMapping(".well-known/uma-configuration")
- public String umaConfiguration(Model model) {
-
- Map m = new HashMap<>();
-
- String issuer = config.getIssuer();
- ImmutableSet tokenProfiles = ImmutableSet.of("bearer");
- ArrayList grantTypes = Lists.newArrayList("authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "client_credentials", "urn:ietf:params:oauth:grant_type:redelegate");
-
- m.put("version", "1.0");
- m.put("issuer", issuer);
- m.put("pat_profiles_supported", tokenProfiles);
- m.put("aat_profiles_supported", tokenProfiles);
- m.put("rpt_profiles_supported", tokenProfiles);
- m.put("pat_grant_types_supported", grantTypes);
- m.put("aat_grant_types_supported", grantTypes);
- m.put("claim_token_profiles_supported", ImmutableSet.of());
- m.put("uma_profiles_supported", ImmutableSet.of());
- m.put("dynamic_client_endpoint", issuer + DynamicClientRegistrationEndpoint.URL);
- m.put("token_endpoint", issuer + "token");
- m.put("authorization_endpoint", issuer + "authorize");
- m.put("requesting_party_claims_endpoint", issuer + ClaimsCollectionEndpoint.URL);
- m.put("introspection_endpoint", issuer + IntrospectionEndpoint.URL);
- m.put("resource_set_registration_endpoint", issuer + ResourceSetRegistrationEndpoint.DISCOVERY_URL);
- m.put("permission_registration_endpoint", issuer + PermissionRegistrationEndpoint.URL);
- m.put("rpt_endpoint", issuer + AuthorizationRequestEndpoint.URL);
-
-
-
- model.addAttribute("entity", m);
- return JsonEntityView.VIEWNAME;
- }
-
-
-}
diff --git a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java b/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java
deleted file mode 100644
index 377326470..000000000
--- a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.web;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.mitre.openid.connect.client.model.IssuerServiceResponse;
-import org.mitre.openid.connect.client.service.impl.WebfingerIssuerService;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.mitre.openid.connect.model.UserInfo;
-import org.mitre.openid.connect.service.UserInfoService;
-import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.openid.connect.view.JsonEntityView;
-import org.mitre.openid.connect.view.JsonErrorView;
-import org.mitre.openid.connect.web.RootController;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.util.MimeTypeUtils;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-
-import com.google.common.collect.ImmutableSet;
-
-
-/**
- * @author jricher
- *
- */
-@Controller
-@RequestMapping("/" + UserClaimSearchHelper.URL)
-@PreAuthorize("hasRole('ROLE_USER')")
-public class UserClaimSearchHelper {
-
- public static final String URL = RootController.API_URL + "/emailsearch";
-
- private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService();
-
- @Autowired
- private UserInfoService userInfoService;
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
-
- @RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- public String search(@RequestParam(value = "identifier") String email, Model m, Authentication auth, HttpServletRequest req) {
-
- // check locally first
- UserInfo localUser = userInfoService.getByEmailAddress(email);
-
- if (localUser != null) {
- Map e = new HashMap<>();
- e.put("issuer", ImmutableSet.of(config.getIssuer()));
- e.put("name", "email");
- e.put("value", localUser.getEmail());
-
- Map ev = new HashMap<>();
- ev.put("issuer", ImmutableSet.of(config.getIssuer()));
- ev.put("name", "email_verified");
- ev.put("value", localUser.getEmailVerified());
-
- Map s = new HashMap<>();
- s.put("issuer", ImmutableSet.of(config.getIssuer()));
- s.put("name", "sub");
- s.put("value", localUser.getSub());
-
- m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev, s));
- return JsonEntityView.VIEWNAME;
- } else {
-
- // otherwise do a webfinger lookup
- IssuerServiceResponse resp = webfingerIssuerService.getIssuer(req);
-
- if (resp != null && resp.getIssuer() != null) {
- // we found an issuer, return that
- Map e = new HashMap<>();
- e.put("issuer", ImmutableSet.of(resp.getIssuer()));
- e.put("name", "email");
- e.put("value", email);
-
- Map ev = new HashMap<>();
- ev.put("issuer", ImmutableSet.of(resp.getIssuer()));
- ev.put("name", "email_verified");
- ev.put("value", true);
-
- m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev));
- return JsonEntityView.VIEWNAME;
- } else {
- m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
- return JsonErrorView.VIEWNAME;
- }
- }
- }
-
-}
diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java
deleted file mode 100644
index 0a2063cb3..000000000
--- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import static org.mockito.Matchers.anySetOf;
-
-import java.util.Set;
-import java.util.UUID;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mitre.uma.model.PermissionTicket;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.PermissionRepository;
-import org.mockito.AdditionalAnswers;
-import org.mockito.InjectMocks;
-import org.mockito.Matchers;
-import org.mockito.Mock;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.runners.MockitoJUnitRunner;
-import org.mockito.stubbing.Answer;
-import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
-
-import com.google.common.collect.ImmutableSet;
-
-import static org.hamcrest.CoreMatchers.equalTo;
-import static org.hamcrest.CoreMatchers.not;
-
-import static org.mockito.Mockito.when;
-
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThat;
-
-/**
- * @author jricher
- *
- */
-@RunWith(MockitoJUnitRunner.class)
-public class TestDefaultPermissionService {
-
- @Mock
- private PermissionRepository permissionRepository;
-
- @Mock
- private SystemScopeService scopeService;
-
- @InjectMocks
- private DefaultPermissionService permissionService;
-
- private Set scopes1 = ImmutableSet.of("foo", "bar", "baz");
- private Set scopes2 = ImmutableSet.of("alpha", "beta", "betest");
-
- private ResourceSet rs1;
- private ResourceSet rs2;
-
- private String rs1Name = "resource set 1";
- private String rs1Owner = "resource set owner 1";
- private Long rs1Id = 1L;
-
- private String rs2Name = "resource set 2";
- private String rs2Owner = "resource set owner 2";
- private Long rs2Id = 2L;
-
-
- @Before
- public void prepare() {
- rs1 = new ResourceSet();
- rs1.setName(rs1Name);
- rs1.setOwner(rs1Owner);
- rs1.setId(rs1Id );
- rs1.setScopes(scopes1);
-
- rs2 = new ResourceSet();
- rs2.setName(rs2Name);
- rs2.setOwner(rs2Owner);
- rs2.setId(rs2Id);
- rs2.setScopes(scopes2);
-
- // have the repository just pass the argument through
- when(permissionRepository.save(Matchers.any(PermissionTicket.class))).then(AdditionalAnswers.returnsFirstArg());
-
- when(scopeService.scopesMatch(anySetOf(String.class), anySetOf(String.class))).then(new Answer() {
-
- @Override
- public Boolean answer(InvocationOnMock invocation) throws Throwable {
- Object[] arguments = invocation.getArguments();
- @SuppressWarnings("unchecked")
- Set expected = (Set) arguments[0];
- @SuppressWarnings("unchecked")
- Set actual = (Set) arguments[1];
-
- return expected.containsAll(actual);
- }
- });
-
- }
-
-
- /**
- * Test method for {@link org.mitre.uma.service.impl.DefaultPermissionService#createTicket(org.mitre.uma.model.ResourceSet, java.util.Set)}.
- */
- @Test
- public void testCreate_ticket() {
-
- PermissionTicket perm = permissionService.createTicket(rs1, scopes1);
-
- // we want there to be a non-null ticket
- assertNotNull(perm.getTicket());
- }
-
- @Test
- public void testCreate_uuid() {
- PermissionTicket perm = permissionService.createTicket(rs1, scopes1);
-
- // we expect this to be a UUID
- UUID uuid = UUID.fromString(perm.getTicket());
-
- assertNotNull(uuid);
-
- }
-
- @Test
- public void testCreate_differentTicketsSameClient() {
-
- PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1);
- PermissionTicket perm2 = permissionService.createTicket(rs1, scopes1);
-
- assertNotNull(perm1.getTicket());
- assertNotNull(perm2.getTicket());
-
- // make sure these are different from each other
- assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket())));
-
- }
-
- @Test
- public void testCreate_differentTicketsDifferentClient() {
-
- PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1);
- PermissionTicket perm2 = permissionService.createTicket(rs2, scopes2);
-
- assertNotNull(perm1.getTicket());
- assertNotNull(perm2.getTicket());
-
- // make sure these are different from each other
- assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket())));
-
- }
-
- @Test(expected = InsufficientScopeException.class)
- public void testCreate_scopeMismatch() {
- @SuppressWarnings("unused")
- // try to get scopes outside of what we're allowed to do, this should throw an exception
- PermissionTicket perm = permissionService.createTicket(rs1, scopes2);
- }
-
-}
diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java
deleted file mode 100644
index 52ca091be..000000000
--- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-
-package org.mitre.uma.service.impl;
-
-import static org.mockito.Matchers.any;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.uma.repository.ResourceSetRepository;
-import org.mockito.AdditionalAnswers;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-
-import static org.mockito.Mockito.when;
-
-/**
- * @author jricher
- *
- */
-@RunWith(MockitoJUnitRunner.class)
-public class TestDefaultResourceSetService {
-
- @Mock
- private ResourceSetRepository repository;
-
- @InjectMocks
- private DefaultResourceSetService resourceSetService;
-
- /**
- * @throws java.lang.Exception
- */
- @Before
- public void setUp() throws Exception {
-
- when(repository.save(any(ResourceSet.class))).then(AdditionalAnswers.returnsFirstArg());
-
- }
-
- /**
- * Test method for {@link org.mitre.uma.service.impl.DefaultResourceSetService#saveNew(org.mitre.uma.model.ResourceSet)}.
- */
- @Test(expected = IllegalArgumentException.class)
- public void testSaveNew_hasId() {
-
- ResourceSet rs = new ResourceSet();
- rs.setId(1L);
-
- resourceSetService.saveNew(rs);
-
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testUpdate_nullId() {
- ResourceSet rs = new ResourceSet();
- rs.setId(1L);
-
- ResourceSet rs2 = new ResourceSet();
-
- resourceSetService.update(rs, rs2);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testUpdate_nullId2() {
- ResourceSet rs = new ResourceSet();
-
- ResourceSet rs2 = new ResourceSet();
- rs2.setId(1L);
-
- resourceSetService.update(rs, rs2);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testUpdate_mismatchedIds() {
- ResourceSet rs = new ResourceSet();
- rs.setId(1L);
-
- ResourceSet rs2 = new ResourceSet();
- rs2.setId(2L);
-
- resourceSetService.update(rs, rs2);
-
- }
-
-}