org.mitre.uma.web.PolicyAPI クラス

org.mitre.uma.web.PolicyAPI 連携図

公開メンバ関数
String	getResourceSetsForCurrentUser (Model m, Authentication auth)
String	getResourceSet (@PathVariable(value="rsid") Long rsid, Model m, Authentication auth)
String	deleteResourceSet (@PathVariable(value="rsid") Long rsid, Model m, Authentication auth)
String	getPoliciesForResourceSet (@PathVariable(value="rsid") Long rsid, Model m, Authentication auth)
String	createNewPolicyForResourceSet (@PathVariable(value="rsid") Long rsid, @RequestBody String jsonString, Model m, Authentication auth)
String	getPolicy (@PathVariable(value="rsid") Long rsid, @PathVariable(value="pid") Long pid, Model m, Authentication auth)
String	setClaimsForResourceSet (@PathVariable(value="rsid") Long rsid, @PathVariable(value="pid") Long pid, @RequestBody String jsonString, Model m, Authentication auth)
String	deleteResourceSet (@PathVariable("rsid") Long rsid, @PathVariable(value="pid") Long pid, Model m, Authentication auth)

静的公開変数類
static final String	URL = RootController.API_URL + "/resourceset"
static final String	POLICYURL = "/policy"

非公開変数類
Gson	gson = new Gson()
ResourceSetService	resourceSetService

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(PolicyAPI.class)

詳解

API for managing policies on resource sets.

著者

jricher

関数詳解

createNewPolicyForResourceSet()

String org.mitre.uma.web.PolicyAPI.createNewPolicyForResourceSet ( @PathVariable(value="rsid") Long  rsid, @RequestBody String  jsonString, Model  m, Authentication  auth  )

inline

Create a new policy on the given resource set

引数

rsid
m
auth

戻り値

                                                                                                                                                            {
                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                Policy p = gson.fromJson(jsonString, Policy.class);

                if (p.getId() != null) {
                        logger.warn("Tried to add a policy with a non-null ID: " + p.getId());
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        return HttpCodeView.VIEWNAME;
                }

                for (Claim claim : p.getClaimsRequired()) {
                        if (claim.getId() != null) {
                                logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId());
                                m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                                return HttpCodeView.VIEWNAME;
                        }
                }

                rs.getPolicies().add(p);
                ResourceSet saved = resourceSetService.update(rs, rs);

                // find the new policy object
                Collection<Policy> newPolicies = Sets.difference(new HashSet<>(saved.getPolicies()), new HashSet<>(rs.getPolicies()));

                if (newPolicies.size() == 1) {
                        Policy newPolicy = newPolicies.iterator().next();
                        m.addAttribute(JsonEntityView.ENTITY, newPolicy);
                        return JsonEntityView.VIEWNAME;
                } else {
                        logger.warn("Unexpected result trying to add a new policy object: " + newPolicies);
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
                        return HttpCodeView.VIEWNAME;
                }

        }

deleteResourceSet() [1/2]

String org.mitre.uma.web.PolicyAPI.deleteResourceSet ( @PathVariable(value="rsid") Long  rsid, Model  m, Authentication  auth  )

inline

Delete the indicated resource set

引数

rsid
m
auth

戻り値

                                                                                                                {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                resourceSetService.remove(rs);
                m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
                return HttpCodeView.VIEWNAME;

        }

deleteResourceSet() [2/2]

String org.mitre.uma.web.PolicyAPI.deleteResourceSet ( @PathVariable("rsid") Long  rsid, @PathVariable(value="pid") Long  pid, Model  m, Authentication  auth  )

inline

Delete a specific policy

引数

rsid
pid
m
auth

戻り値

                                                                                                                                                {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.addAttribute(JsonErrorView.ERROR, "not_found");
                        return JsonErrorView.VIEWNAME;
                }

                if (!auth.getName().equals(rs.getOwner())) {

                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // it wasn't issued to this user
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return JsonErrorView.VIEWNAME;
                }


                for (Policy policy : rs.getPolicies()) {
                        if (policy.getId().equals(pid)) {
                                // found it!
                                rs.getPolicies().remove(policy);
                                resourceSetService.update(rs, rs);

                                m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
                                return HttpCodeView.VIEWNAME;
                        }
                }

                // if we made it this far, we haven't found it
                m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                return HttpCodeView.VIEWNAME;

        }

getPoliciesForResourceSet()

String org.mitre.uma.web.PolicyAPI.getPoliciesForResourceSet ( @PathVariable(value="rsid") Long  rsid, Model  m, Authentication  auth  )

inline

List all the policies for the given resource set

引数

rsid
m
auth

戻り値

                                                                                                                        {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());

                return JsonEntityView.VIEWNAME;
        }

getPolicy()

String org.mitre.uma.web.PolicyAPI.getPolicy ( @PathVariable(value="rsid") Long  rsid, @PathVariable(value="pid") Long  pid, Model  m, Authentication  auth  )

inline

Get a specific policy

引数

rsid
pid
m
auth

戻り値

                                                                                                                                                {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                for (Policy policy : rs.getPolicies()) {
                        if (policy.getId().equals(pid)) {
                                // found it!
                                m.addAttribute(JsonEntityView.ENTITY, policy);
                                return JsonEntityView.VIEWNAME;
                        }
                }

                // if we made it this far, we haven't found it
                m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                return HttpCodeView.VIEWNAME;
        }

getResourceSet()

String org.mitre.uma.web.PolicyAPI.getResourceSet ( @PathVariable(value="rsid") Long  rsid, Model  m, Authentication  auth  )

inline

Get the indicated resource set

引数

rsid
m
auth

戻り値

                                                                                                             {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                m.addAttribute(JsonEntityView.ENTITY, rs);

                return JsonEntityView.VIEWNAME;
        }

getResourceSetsForCurrentUser()

String org.mitre.uma.web.PolicyAPI.getResourceSetsForCurrentUser ( Model  m, Authentication  auth  )

inline

List all resource sets for the current user

引数

m
auth

戻り値

                                                                                  {

                Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwner(auth.getName());

                m.addAttribute(JsonEntityView.ENTITY, resourceSets);

                return JsonEntityView.VIEWNAME;
        }

setClaimsForResourceSet()

String org.mitre.uma.web.PolicyAPI.setClaimsForResourceSet ( @PathVariable(value="rsid") Long  rsid, @PathVariable(value="pid") Long  pid, @RequestBody String  jsonString, Model  m, Authentication  auth  )

inline

Update a specific policy

引数

rsid
pid
jsonString
m
auth

戻り値

                                                                                                                                                                                              {

                ResourceSet rs = resourceSetService.getById(rsid);

                if (rs == null) {
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                if (!rs.getOwner().equals(auth.getName())) {
                        logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());

                        // authenticated user didn't match the owner of the resource set
                        m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        return HttpCodeView.VIEWNAME;
                }

                Policy p = gson.fromJson(jsonString, Policy.class);

                if (!pid.equals(p.getId())) {
                        logger.warn("Policy ID mismatch, expected " + pid + " got " + p.getId());

                        m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        return HttpCodeView.VIEWNAME;
                }

                for (Policy policy : rs.getPolicies()) {
                        if (policy.getId().equals(pid)) {
                                // found it!

                                // find the existing claim IDs, make sure we're not overwriting anything from another policy
                                Set<Long> claimIds = new HashSet<>();
                                for (Claim claim : policy.getClaimsRequired()) {
                                        claimIds.add(claim.getId());
                                }

                                for (Claim claim : p.getClaimsRequired()) {
                                        if (claim.getId() != null && !claimIds.contains(claim.getId())) {
                                                logger.warn("Tried to add a policy with a an unmatched claim ID: got " + claim.getId() + " expected " + claimIds);
                                                m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                                                return HttpCodeView.VIEWNAME;
                                        }
                                }

                                // update the existing object with the new values
                                policy.setClaimsRequired(p.getClaimsRequired());
                                policy.setName(p.getName());
                                policy.setScopes(p.getScopes());

                                resourceSetService.update(rs, rs);

                                m.addAttribute(JsonEntityView.ENTITY, policy);
                                return JsonEntityView.VIEWNAME;
                        }
                }

                // if we made it this far, we haven't found it
                m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                return HttpCodeView.VIEWNAME;
        }

メンバ詳解

gson

Gson org.mitre.uma.web.PolicyAPI.gson = new Gson()

private

logger

final Logger org.mitre.uma.web.PolicyAPI.logger = LoggerFactory.getLogger(PolicyAPI.class)

staticprivate

POLICYURL

final String org.mitre.uma.web.PolicyAPI.POLICYURL = "/policy"

static

resourceSetService

ResourceSetService org.mitre.uma.web.PolicyAPI.resourceSetService

private

URL

final String org.mitre.uma.web.PolicyAPI.URL = RootController.API_URL + "/resourceset"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java