001/******************************************************************************* 002 * Copyright 2017 The MIT Internet Trust Consortium 003 * 004 * Portions copyright 2011-2013 The MITRE Corporation 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 *******************************************************************************/ 018/** 019 * 020 */ 021package org.mitre.oauth2.service; 022 023import java.util.Set; 024 025import org.mitre.oauth2.model.SystemScope; 026 027import com.google.common.collect.Sets; 028 029/** 030 * @author jricher 031 * 032 */ 033public interface SystemScopeService { 034 035 public static final String OFFLINE_ACCESS = "offline_access"; 036 public static final String OPENID_SCOPE = "openid"; 037 public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations 038 public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources 039 public static final String UMA_PROTECTION_SCOPE = "uma_protection"; 040 public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization"; 041 042 public static final Set<SystemScope> reservedScopes = 043 Sets.newHashSet( 044 new SystemScope(REGISTRATION_TOKEN_SCOPE), 045 new SystemScope(RESOURCE_TOKEN_SCOPE) 046 ); 047 048 public Set<SystemScope> getAll(); 049 050 /** 051 * Get all scopes that are defaulted to new clients on this system 052 * @return 053 */ 054 public Set<SystemScope> getDefaults(); 055 056 /** 057 * Get all the reserved system scopes. These can't be used 058 * by clients directly, but are instead tied to special system 059 * tokens like id tokens and registration access tokens. 060 * 061 * @return 062 */ 063 public Set<SystemScope> getReserved(); 064 065 /** 066 * Get all the registered scopes that are restricted. 067 * @return 068 */ 069 public Set<SystemScope> getRestricted(); 070 071 /** 072 * Get all the registered scopes that aren't restricted. 073 * @return 074 */ 075 public Set<SystemScope> getUnrestricted(); 076 077 public SystemScope getById(Long id); 078 079 public SystemScope getByValue(String value); 080 081 public void remove(SystemScope scope); 082 083 public SystemScope save(SystemScope scope); 084 085 /** 086 * Translate the set of scope strings into a set of SystemScope objects. 087 * @param scope 088 * @return 089 */ 090 public Set<SystemScope> fromStrings(Set<String> scope); 091 092 /** 093 * Pluck the scope values from the set of SystemScope objects and return a list of strings 094 * @param scope 095 * @return 096 */ 097 public Set<String> toStrings(Set<SystemScope> scope); 098 099 /** 100 * Test whether the scopes in both sets are compatible. All scopes in "actual" must exist in "expected". 101 */ 102 public boolean scopesMatch(Set<String> expected, Set<String> actual); 103 104 /** 105 * Remove any system-reserved or registered restricted scopes from the 106 * set and return the result. 107 * @param scopes 108 * @return 109 */ 110 public Set<SystemScope> removeRestrictedAndReservedScopes(Set<SystemScope> scopes); 111 112 /** 113 * Remove any system-reserved scopes from the set and return the result. 114 * @param scopes 115 * @return 116 */ 117 public Set<SystemScope> removeReservedScopes(Set<SystemScope> scopes); 118 119}