org.mitre.uma.web.ResourceSetRegistrationEndpoint クラス

org.mitre.uma.web.ResourceSetRegistrationEndpoint 連携図

公開メンバ関数
String	createResourceSet (@RequestBody String jsonString, Model m, Authentication auth)
String	readResourceSet (@PathVariable("id") Long id, Model m, Authentication auth)
String	updateResourceSet (@PathVariable("id") Long id, @RequestBody String jsonString, Model m, Authentication auth)
String	deleteResourceSet (@PathVariable("id") Long id, Model m, Authentication auth)
String	listResourceSets (Model m, Authentication auth)

静的公開変数類
static final String	DISCOVERY_URL = "resource_set"
static final String	URL = DISCOVERY_URL + "/resource_set"

非公開メンバ関数
ResourceSet	parseResourceSet (String jsonString)
ResourceSet	validateScopes (ResourceSet rs)

非公開変数類
ResourceSetService	resourceSetService
ConfigurationPropertiesBean	config
SystemScopeService	scopeService
JsonParser	parser = new JsonParser()

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class)

詳解

関数詳解

createResourceSet()

String org.mitre.uma.web.ResourceSetRegistrationEndpoint.createResourceSet ( @RequestBody String  jsonString, Model  m, Authentication  auth  )

inline

                                                                                                      {
                ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);

                ResourceSet rs = parseResourceSet(jsonString);

                if (rs == null) { // there was no resource set in the body
                        logger.warn("Resource set registration missing body.");

                        m.addAttribute("code", HttpStatus.BAD_REQUEST);
                        m.addAttribute("error_description", "Resource request was missing body.");
                        return JsonErrorView.VIEWNAME;
                }

                if (auth instanceof OAuth2Authentication) {
                        // if it's an OAuth mediated call, it's on behalf of a client, so store that
                        OAuth2Authentication o2a = (OAuth2Authentication) auth;
                        rs.setClientId(o2a.getOAuth2Request().getClientId());
                        rs.setOwner(auth.getName()); // the username is going to be in the auth object
                } else {
                        // this one shouldn't be called if it's not OAuth
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token");
                        return JsonErrorView.VIEWNAME;
                }

                rs = validateScopes(rs);

                if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required)
                                || rs.getScopes() == null // there were no scopes (required)
                                ) {

                        logger.warn("Resource set registration missing one or more required fields.");

                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
                        return JsonErrorView.VIEWNAME;
                }

                ResourceSet saved = resourceSetService.saveNew(rs);

                m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);
                m.addAttribute(JsonEntityView.ENTITY, saved);
                m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId());

                return ResourceSetEntityAbbreviatedView.VIEWNAME;

        }

deleteResourceSet()

String org.mitre.uma.web.ResourceSetRegistrationEndpoint.deleteResourceSet ( @PathVariable("id") Long  id, Model  m, Authentication  auth  )

inline

                                                                                                    {
                ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);

                ResourceSet rs = resourceSetService.getById(id);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.addAttribute(JsonErrorView.ERROR, "not_found");
                        return JsonErrorView.VIEWNAME;
                } else {
                        if (!auth.getName().equals(rs.getOwner())) {

                                logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                                // it wasn't issued to this user
                                m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                return JsonErrorView.VIEWNAME;
                        } else if (auth instanceof OAuth2Authentication &&
                                        !((OAuth2Authentication)auth).getOAuth2Request().getClientId().equals(rs.getClientId())){

                                logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication)auth).getOAuth2Request().getClientId());

                                // it wasn't issued to this client
                                m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                return JsonErrorView.VIEWNAME;
                        } else {

                                // user and client matched
                                resourceSetService.remove(rs);

                                m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
                                return HttpCodeView.VIEWNAME;
                        }

                }
        }

listResourceSets()

String org.mitre.uma.web.ResourceSetRegistrationEndpoint.listResourceSets ( Model  m, Authentication  auth  )

inline

                                                                     {
                ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);

                String owner = auth.getName();

                Collection<ResourceSet> resourceSets = Collections.emptySet();
                if (auth instanceof OAuth2Authentication) {
                        // if it's an OAuth mediated call, it's on behalf of a client, so look that up too
                        OAuth2Authentication o2a = (OAuth2Authentication) auth;
                        resourceSets = resourceSetService.getAllForOwnerAndClient(owner, o2a.getOAuth2Request().getClientId());
                } else {
                        // otherwise get everything for the current user
                        resourceSets = resourceSetService.getAllForOwner(owner);
                }

                // build the entity here and send to the display

                Set<String> ids = new HashSet<>();
                for (ResourceSet resourceSet : resourceSets) {
                        ids.add(resourceSet.getId().toString()); // add them all as strings so that gson renders them properly
                }

                m.addAttribute(JsonEntityView.ENTITY, ids);
                return JsonEntityView.VIEWNAME;
        }

parseResourceSet()

ResourceSet org.mitre.uma.web.ResourceSetRegistrationEndpoint.parseResourceSet ( String  jsonString )

inlineprivate

                                                                {

                try {
                        JsonElement el = parser.parse(jsonString);

                        if (el.isJsonObject()) {
                                JsonObject o = el.getAsJsonObject();

                                ResourceSet rs = new ResourceSet();
                                rs.setId(getAsLong(o, "_id"));
                                rs.setName(getAsString(o, "name"));
                                rs.setIconUri(getAsString(o, "icon_uri"));
                                rs.setType(getAsString(o, "type"));
                                rs.setScopes(getAsStringSet(o, "scopes"));
                                rs.setUri(getAsString(o, "uri"));

                                return rs;

                        }

                        return null;

                } catch (JsonParseException e) {
                        return null;
                }

        }

readResourceSet()

String org.mitre.uma.web.ResourceSetRegistrationEndpoint.readResourceSet ( @PathVariable("id") Long  id, Model  m, Authentication  auth  )

inline

                                                                                                  {
                ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);

                ResourceSet rs = resourceSetService.getById(id);

                if (rs == null) {
                        m.addAttribute("code", HttpStatus.NOT_FOUND);
                        m.addAttribute("error", "not_found");
                        return JsonErrorView.VIEWNAME;
                } else {

                        rs = validateScopes(rs);

                        if (!auth.getName().equals(rs.getOwner())) {

                                logger.warn("Unauthorized resource set request from wrong user; expected " + rs.getOwner() + " got " + auth.getName());

                                // it wasn't issued to this user
                                m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                return JsonErrorView.VIEWNAME;
                        } else {
                                m.addAttribute(JsonEntityView.ENTITY, rs);
                                return ResourceSetEntityView.VIEWNAME;
                        }

                }

        }

updateResourceSet()

String org.mitre.uma.web.ResourceSetRegistrationEndpoint.updateResourceSet ( @PathVariable("id") Long  id, @RequestBody String  jsonString, Model  m, Authentication  auth  )

inline

                                                                                                                                    {
                ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);

                ResourceSet newRs = parseResourceSet(jsonString);

                if (newRs == null // there was no resource set in the body
                                || Strings.isNullOrEmpty(newRs.getName()) // there was no name (required)
                                || newRs.getScopes() == null // there were no scopes (required)
                                || newRs.getId() == null || !newRs.getId().equals(id) // the IDs didn't match
                                ) {

                        logger.warn("Resource set registration missing one or more required fields.");

                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
                        return JsonErrorView.VIEWNAME;
                }

                ResourceSet rs = resourceSetService.getById(id);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.addAttribute(JsonErrorView.ERROR, "not_found");
                        return JsonErrorView.VIEWNAME;
                } else {
                        if (!auth.getName().equals(rs.getOwner())) {

                                logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                                // it wasn't issued to this user
                                m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                return JsonErrorView.VIEWNAME;
                        } else {

                                ResourceSet saved = resourceSetService.update(rs, newRs);

                                m.addAttribute(JsonEntityView.ENTITY, saved);
                                m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId());
                                return ResourceSetEntityAbbreviatedView.VIEWNAME;
                        }

                }
        }

validateScopes()

ResourceSet org.mitre.uma.web.ResourceSetRegistrationEndpoint.validateScopes ( ResourceSet  rs )

inlineprivate

Make sure the resource set doesn't have any restricted or reserved scopes.

引数

rs

                                                           {
                // scopes that the client is asking for
                Set<SystemScope> requestedScopes = scopeService.fromStrings(rs.getScopes());

                // the scopes that the resource set can have must be a subset of the dynamically allowed scopes
                Set<SystemScope> allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes);

                rs.setScopes(scopeService.toStrings(allowedScopes));

                return rs;
        }

メンバ詳解

config

ConfigurationPropertiesBean org.mitre.uma.web.ResourceSetRegistrationEndpoint.config

private

DISCOVERY_URL

final String org.mitre.uma.web.ResourceSetRegistrationEndpoint.DISCOVERY_URL = "resource_set"

static

logger

final Logger org.mitre.uma.web.ResourceSetRegistrationEndpoint.logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class)

staticprivate

parser

JsonParser org.mitre.uma.web.ResourceSetRegistrationEndpoint.parser = new JsonParser()

private

resourceSetService

ResourceSetService org.mitre.uma.web.ResourceSetRegistrationEndpoint.resourceSetService

private

scopeService

SystemScopeService org.mitre.uma.web.ResourceSetRegistrationEndpoint.scopeService

private

URL

final String org.mitre.uma.web.ResourceSetRegistrationEndpoint.URL = DISCOVERY_URL + "/resource_set"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java