diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
index fd33196a47..ad7191e176 100644
--- a/openid-connect-client/pom.xml
+++ b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
openid-connect-parent
org.mitre
- 2.0.0.cnaf-20260603
+ 2.1.0.cnaf-20260701
..
openid-connect-client
diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
index 5df3fa4ae2..af8795a9ef 100644
--- a/openid-connect-common/pom.xml
+++ b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
openid-connect-parent
org.mitre
- 2.0.0.cnaf-20260603
+ 2.1.0.cnaf-20260701
..
openid-connect-common
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 2695c18a2e..eab1e5fdc3 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -21,10 +21,12 @@
package org.mitre.oauth2.model;
import java.nio.charset.StandardCharsets;
+import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+import java.util.stream.Collectors;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
@@ -40,8 +42,6 @@
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
@@ -62,291 +62,271 @@
* @author jricher
*
*/
+@SuppressWarnings("deprecation")
@Entity
@Table(name = "access_token")
-@NamedQueries({
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_ALL, query = "select a from OAuth2AccessTokenEntity a"),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH, query = "select a from OAuth2AccessTokenEntity a where a.tokenValueHash = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
- @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME),
- @NamedQuery(name = OAuth2AccessTokenEntity.DELETE_BY_REFRESH_TOKEN, query = "delete from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN)
-})
-@com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
-@com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
+@com.fasterxml.jackson.databind.annotation.JsonSerialize(
+ using = OAuth2AccessTokenJackson2Serializer.class)
+@com.fasterxml.jackson.databind.annotation.JsonDeserialize(
+ using = OAuth2AccessTokenJackson2Deserializer.class)
public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
- public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
- public static final String QUERY_BY_TOKEN_VALUE_HASH = "OAuth2AccessTokenEntity.getByTokenValue";
- public static final String QUERY_BY_CLIENT = "OAuth2AccessTokenEntity.getByClient";
- public static final String QUERY_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.getByRefreshToken";
- public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
- public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll";
- public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
- public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
- public static final String DELETE_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.deleteByRefreshToken";
-
- public static final String PARAM_TOKEN_VALUE_HASH = "tokenValueHash";
- public static final String PARAM_CLIENT = "client";
- public static final String PARAM_REFRESH_TOKEN = "refreshToken";
- public static final String PARAM_DATE = "date";
- public static final String PARAM_RESOURCE_SET_ID = "rsid";
- public static final String PARAM_APPROVED_SITE = "approvedSite";
- public static final String PARAM_NAME = "name";
-
- public static final String ID_TOKEN_FIELD_NAME = "id_token";
-
- private Long id;
-
- private ClientDetailsEntity client;
-
- private AuthenticationHolderEntity authenticationHolder; // the authentication that made this access
-
- private JWT jwtValue; // JWT-encoded access token value
-
- private String tokenValueHash; // hash of access token value
-
- private Date expiration;
-
- private String tokenType = OAuth2AccessToken.BEARER_TYPE;
-
- private OAuth2RefreshTokenEntity refreshToken;
-
- private Set scope;
-
- private Set permissions;
-
- private ApprovedSite approvedSite;
-
- private Map additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
-
- /**
- * Create a new, blank access token
- */
- public OAuth2AccessTokenEntity() {
-
- }
-
- /**
- * @return the id
- */
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- /**
- * @param id the id to set
- */
- public void setId(Long id) {
- this.id = id;
- }
-
- /**
- * Get all additional information to be sent to the serializer as part of the token response.
- * This map is not persisted to the database.
- */
- @Override
- @Transient
- public Map getAdditionalInformation() {
- return additionalInformation;
- }
-
- /**
- * The authentication in place when this token was created.
- * @return the authentication
- */
- @ManyToOne
- @JoinColumn(name = "auth_holder_id")
- public AuthenticationHolderEntity getAuthenticationHolder() {
- return authenticationHolder;
- }
-
- /**
- * @param authentication the authentication to set
- */
- public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
- this.authenticationHolder = authenticationHolder;
- }
-
- /**
- * @return the client
- */
- @ManyToOne
- @JoinColumn(name = "client_id")
- public ClientDetailsEntity getClient() {
- return client;
- }
-
- /**
- * @param client the client to set
- */
- public void setClient(ClientDetailsEntity client) {
- this.client = client;
- }
-
- /**
- * Get the string-encoded value of this access token.
- */
- @Override
- @Transient
- public String getValue() {
- return jwtValue.serialize();
- }
-
- @Override
- @Basic
- @Temporal(javax.persistence.TemporalType.TIMESTAMP)
- @Column(name = "expiration")
- public Date getExpiration() {
- return expiration;
- }
-
- public void setExpiration(Date expiration) {
- this.expiration = expiration;
- }
-
- @Override
- @Basic
- @Column(name="token_type")
- public String getTokenType() {
- return tokenType;
- }
-
- public void setTokenType(String tokenType) {
- this.tokenType = tokenType;
- }
-
- @Override
- @ManyToOne
- @JoinColumn(name="refresh_token_id")
- public OAuth2RefreshTokenEntity getRefreshToken() {
- return refreshToken;
- }
-
- public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
- this.refreshToken = refreshToken;
- }
-
- public void setRefreshToken(OAuth2RefreshToken refreshToken) {
- if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
- throw new IllegalArgumentException("Not a storable refresh token entity!");
- }
- // force a pass through to the entity version
- setRefreshToken((OAuth2RefreshTokenEntity)refreshToken);
- }
-
- @Override
- @ElementCollection(fetch=FetchType.EAGER)
- @CollectionTable(
- joinColumns=@JoinColumn(name="owner_id"),
- name="token_scope"
- )
- public Set getScope() {
- return scope;
- }
-
- public void setScope(Set scope) {
- this.scope = scope;
- }
-
- @Override
- @Transient
- public boolean isExpired() {
- return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
- }
-
- /**
- * @return the jwtValue
- */
- @Basic
- @Column(name="token_value")
- @Convert(converter = JWTStringConverter.class)
- public JWT getJwt() {
- return jwtValue;
- }
-
- /**
- * @param jwtValue the jwtValue to set
- */
- public void setJwt(JWT jwt) {
- this.jwtValue = jwt;
- }
-
- /**
- * @return the tokenValueHash
- */
- @Basic
- @Column(name = "token_value_hash", length = 64)
- public String getTokenValueHash() {
- return tokenValueHash;
- }
-
- public void setTokenValueHash(String hash) {
- this.tokenValueHash = hash;
- }
-
- @Override
- @Transient
- public int getExpiresIn() {
-
- if (getExpiration() == null) {
- return -1; // no expiration time
- } else {
- int secondsRemaining = (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000);
- if (isExpired()) {
- return 0; // has an expiration time and expired
- } else { // has an expiration time and not expired
- return secondsRemaining;
- }
- }
- }
-
- /**
- * @return the permissions
- */
- @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
- @JoinTable(
- name = "access_token_permissions",
- joinColumns = @JoinColumn(name = "access_token_id"),
- inverseJoinColumns = @JoinColumn(name = "permission_id")
- )
- public Set getPermissions() {
- return permissions;
- }
-
- /**
- * @param permissions the permissions to set
- */
- public void setPermissions(Set permissions) {
- this.permissions = permissions;
- }
-
- @ManyToOne
- @JoinColumn(name="approved_site_id")
- public ApprovedSite getApprovedSite() {
- return approvedSite;
- }
-
- public void setApprovedSite(ApprovedSite approvedSite) {
- this.approvedSite = approvedSite;
- }
-
- /**
- * Add the ID Token to the additionalInformation map for a token response.
- * @param idToken
- */
- @Transient
- public void setIdToken(JWT idToken) {
- if (idToken != null) {
- additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize());
- }
- }
+ public static final String ID_TOKEN_FIELD_NAME = "id_token";
+
+ private Long id;
+
+ private ClientDetailsEntity client;
+
+ private AuthenticationHolderEntity authenticationHolder;
+
+ private JWT jwtValue;
+
+ private String tokenValueHash;
+
+ private Date expiration;
+
+ private String tokenType = OAuth2AccessToken.BEARER_TYPE;
+
+ private OAuth2RefreshTokenEntity refreshToken;
+
+ private Set scope;
+
+ private Set permissions;
+
+ private ApprovedSite approvedSite;
+
+ private Map additionalInformation = new HashMap<>();
+
+ /**
+ * Create a new, blank access token
+ */
+ public OAuth2AccessTokenEntity() {
+
+ }
+
+ /**
+ * @return the id
+ */
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * Get all additional information to be sent to the serializer as part of the token response. This
+ * map is not persisted to the database.
+ */
+ @Override
+ @Transient
+ public Map getAdditionalInformation() {
+ return additionalInformation;
+ }
+
+ /**
+ * The authentication in place when this token was created.
+ *
+ * @return the authentication
+ */
+ @ManyToOne
+ @JoinColumn(name = "auth_holder_id")
+ public AuthenticationHolderEntity getAuthenticationHolder() {
+ return authenticationHolder;
+ }
+
+ /**
+ * @param authentication the authentication to set
+ */
+ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ /**
+ * @return the client
+ */
+ @ManyToOne
+ @JoinColumn(name = "client_id")
+ public ClientDetailsEntity getClient() {
+ return client;
+ }
+
+ /**
+ * @param client the client to set
+ */
+ public void setClient(ClientDetailsEntity client) {
+ this.client = client;
+ }
+
+ /**
+ * Get the string-encoded value of this access token.
+ */
+ @Override
+ @Transient
+ public String getValue() {
+ return jwtValue.serialize();
+ }
+
+ @Override
+ @Basic
+ @Temporal(javax.persistence.TemporalType.TIMESTAMP)
+ @Column(name = "expiration")
+ public Date getExpiration() {
+ return expiration;
+ }
+
+ public void setExpiration(Date expiration) {
+ this.expiration = expiration;
+ }
+
+ @Override
+ @Basic
+ @Column(name = "token_type")
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
+ }
+
+ @Override
+ @ManyToOne
+ @JoinColumn(name = "refresh_token_id")
+ public OAuth2RefreshTokenEntity getRefreshToken() {
+ return refreshToken;
+ }
+
+ public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
+ this.refreshToken = refreshToken;
+ }
+
+ public void setRefreshToken(OAuth2RefreshToken refreshToken) {
+ if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
+ throw new IllegalArgumentException("Not a storable refresh token entity!");
+ }
+ // force a pass through to the entity version
+ setRefreshToken((OAuth2RefreshTokenEntity) refreshToken);
+ }
+
+ @Override
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(joinColumns = @JoinColumn(name = "owner_id"), name = "token_scope")
+ public Set getScope() {
+ return scope;
+ }
+
+ public void setScope(Set scope) {
+ this.scope = scope;
+ }
+
+ @Override
+ @Transient
+ public boolean isExpired() {
+ return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
+ }
+
+ /**
+ * @return the jwtValue
+ */
+ @Basic
+ @Column(name = "token_value")
+ @Convert(converter = JWTStringConverter.class)
+ public JWT getJwt() {
+ return jwtValue;
+ }
+
+ /**
+ * @param jwtValue the jwtValue to set
+ */
+ public void setJwt(JWT jwt) {
+ this.jwtValue = jwt;
+ }
+
+ /**
+ * @return the tokenValueHash
+ */
+ @Basic
+ @Column(name = "token_value_hash", length = 64)
+ public String getTokenValueHash() {
+ return tokenValueHash;
+ }
+
+ public void setTokenValueHash(String hash) {
+ this.tokenValueHash = hash;
+ }
+
+ @Override
+ @Transient
+ public int getExpiresIn() {
+
+ if (getExpiration() == null) {
+ return -1; // no expiration time
+ } else {
+ int secondsRemaining =
+ (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000);
+ if (isExpired()) {
+ return 0; // has an expiration time and expired
+ } else { // has an expiration time and not expired
+ return secondsRemaining;
+ }
+ }
+ }
+
+ /**
+ * @return the permissions
+ */
+ @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+ @JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
+ inverseJoinColumns = @JoinColumn(name = "permission_id"))
+ public Set getPermissions() {
+ return permissions;
+ }
+
+ /**
+ * @param permissions the permissions to set
+ */
+ public void setPermissions(Set permissions) {
+ this.permissions = permissions;
+ }
+
+ @ManyToOne
+ @JoinColumn(name = "approved_site_id")
+ public ApprovedSite getApprovedSite() {
+ return approvedSite;
+ }
+
+ public void setApprovedSite(ApprovedSite approvedSite) {
+ this.approvedSite = approvedSite;
+ }
+
+ /**
+ * Add the ID Token to the additionalInformation map for a token response.
+ *
+ * @param idToken
+ */
+ @Transient
+ public void setIdToken(JWT idToken) {
+ if (idToken != null) {
+ additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize());
+ }
+ }
+
+ @Transient
+ public Set getAudiences() {
+ try {
+ return jwtValue.getJWTClaimsSet().getAudience().stream().collect(Collectors.toSet());
+ } catch (ParseException e) {
+ return Set.of();
+ }
+ }
public void hashMe() {
if (jwtValue != null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
index f6c2d2153c..b5813e5618 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
@@ -20,11 +20,10 @@
*/
package org.mitre.oauth2.model;
+import java.text.ParseException;
import java.util.Date;
-import javax.persistence.Basic;
import javax.persistence.Column;
-import javax.persistence.Convert;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@@ -32,163 +31,91 @@
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.Transient;
-import org.mitre.oauth2.model.convert.JWTStringConverter;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.PlainJWT;
-/**
- * @author jricher
- *
- */
+@SuppressWarnings("deprecation")
@Entity
@Table(name = "refresh_token")
-@NamedQueries({
- @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
- @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
- @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
- @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
- @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
-})
public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
- public static final String QUERY_BY_TOKEN_VALUE = "OAuth2RefreshTokenEntity.getByTokenValue";
- public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient";
- public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate";
- public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll";
- public static final String QUERY_BY_NAME = "OAuth2RefreshTokenEntity.getByName";
-
- public static final String PARAM_TOKEN_VALUE = "tokenValue";
- public static final String PARAM_CLIENT = "client";
- public static final String PARAM_DATE = "date";
- public static final String PARAM_NAME = "name";
-
- private Long id;
-
- private AuthenticationHolderEntity authenticationHolder;
-
- private ClientDetailsEntity client;
-
- //JWT-encoded representation of this access token entity
- private JWT jwt;
-
- // our refresh tokens might expire
- private Date expiration;
-
- /**
- *
- */
- public OAuth2RefreshTokenEntity() {
-
- }
-
- /**
- * @return the id
- */
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- /**
- * @param id the id to set
- */
- public void setId(Long id) {
- this.id = id;
- }
-
- /**
- * The authentication in place when the original access token was
- * created
- *
- * @return the authentication
- */
- @ManyToOne
- @JoinColumn(name = "auth_holder_id")
- public AuthenticationHolderEntity getAuthenticationHolder() {
- return authenticationHolder;
- }
-
- /**
- * @param authentication the authentication to set
- */
- public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
- this.authenticationHolder = authenticationHolder;
- }
-
- /**
- * Get the JWT-encoded value of this token
- */
- @Override
- @Transient
- public String getValue() {
- return jwt.serialize();
- }
-
- @Basic
- @Temporal(javax.persistence.TemporalType.TIMESTAMP)
- @Column(name = "expiration")
- public Date getExpiration() {
- return expiration;
- }
-
- /* (non-Javadoc)
- * @see org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken#setExpiration(java.util.Date)
- */
-
- public void setExpiration(Date expiration) {
- this.expiration = expiration;
- }
-
- /**
- * Has this token expired?
- * @return true if it has a timeout set and the timeout has passed
- */
- @Transient
- public boolean isExpired() {
- return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
- }
-
- /**
- * @return the client
- */
- @ManyToOne(fetch = FetchType.EAGER)
- @JoinColumn(name = "client_id")
- public ClientDetailsEntity getClient() {
- return client;
- }
-
- /**
- * @param client the client to set
- */
- public void setClient(ClientDetailsEntity client) {
- this.client = client;
- }
-
- /**
- * Get the JWT object directly
- * @return the jwt
- */
- @Basic
- @Column(name="token_value")
- @Convert(converter = JWTStringConverter.class)
- public JWT getJwt() {
- return jwt;
- }
-
- /**
- * @param jwt the jwt to set
- */
- public void setJwt(JWT jwt) {
- this.jwt = jwt;
- }
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @ManyToOne
+ @JoinColumn(name = "auth_holder_id")
+ private AuthenticationHolderEntity authenticationHolder;
+
+ @ManyToOne(fetch = FetchType.EAGER)
+ @JoinColumn(name = "client_id")
+ private ClientDetailsEntity client;
+
+ @Column(name = "token_value")
+ private String value;
+
+ @Temporal(javax.persistence.TemporalType.TIMESTAMP)
+ @Column(name = "expiration")
+ private Date expiration;
+
+ public OAuth2RefreshTokenEntity() {
+
+ }
+
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public AuthenticationHolderEntity getAuthenticationHolder() {
+ return authenticationHolder;
+ }
+
+ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ @Override
+ public String getValue() {
+ return value;
+ }
+
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ public Date getExpiration() {
+ return expiration;
+ }
+
+ public void setExpiration(Date expiration) {
+ this.expiration = expiration;
+ }
+
+ public ClientDetailsEntity getClient() {
+ return client;
+ }
+
+ public void setClient(ClientDetailsEntity client) {
+ this.client = client;
+ }
+
+ @Transient
+ public PlainJWT getJwt() {
+ try {
+ return PlainJWT.parse(value);
+ } catch (ParseException e) {
+ return null;
+ }
+ }
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
deleted file mode 100644
index 1b217de3e2..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.repository;
-
-import java.util.List;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-
-public interface AuthenticationHolderRepository {
- public List getAll();
-
- public AuthenticationHolderEntity getById(Long id);
-
- public void remove(AuthenticationHolderEntity a);
-
- public AuthenticationHolderEntity save(AuthenticationHolderEntity a);
-
- public List getOrphanedAuthenticationHolders();
-
- public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
deleted file mode 100644
index 11375e7e64..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.repository;
-
-import java.util.Collection;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthorizationCodeEntity;
-
-/**
- * Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys.
- *
- * @author aanganes
- *
- */
-public interface AuthorizationCodeRepository {
-
- /**
- * Save an AuthorizationCodeEntity to the repository
- *
- * @param authorizationCode the AuthorizationCodeEntity to save
- * @return the saved AuthorizationCodeEntity
- */
- public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode);
-
- /**
- * Get an authorization code from the repository by value.
- *
- * @param code the authorization code value
- * @return the authentication associated with the code
- */
- public AuthorizationCodeEntity getByCode(String code);
-
- /**
- * Remove an authorization code from the repository
- *
- * @param authorizationCodeEntity
- */
- public void remove(AuthorizationCodeEntity authorizationCodeEntity);
-
- /**
- * @return A collection of all expired codes.
- */
- public Collection getExpiredCodes();
-
- /**
- * @return A collection of all expired codes, limited by the given
- * PageCriteria.
- */
- public Collection getExpiredCodes(PageCriteria pageCriteria);
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
deleted file mode 100644
index e71d0a5975..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.repository;
-
-import java.util.List;
-import java.util.Set;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
-import org.mitre.openid.connect.model.ApprovedSite;
-import org.mitre.uma.model.ResourceSet;
-
-public interface OAuth2TokenRepository {
-
- public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token);
-
- public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue);
-
- public OAuth2RefreshTokenEntity getRefreshTokenById(Long Id);
-
- public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken);
-
- public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
-
- public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
-
- public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue);
-
- public OAuth2AccessTokenEntity getAccessTokenById(Long id);
-
- public void removeAccessToken(OAuth2AccessTokenEntity accessToken);
-
- public void clearTokensForClient(ClientDetailsEntity client);
-
- public List getAccessTokensForClient(ClientDetailsEntity client);
-
- public List getRefreshTokensForClient(ClientDetailsEntity client);
-
- public Set getAccessTokensByUserName(String name);
-
- public Set getRefreshTokensByUserName(String name);
-
- public Set getAllAccessTokens();
-
- public Set getAllRefreshTokens();
-
- public Set getAllExpiredAccessTokens();
-
- public Set getAllExpiredAccessTokens(PageCriteria pageCriteria);
-
- public Set getAllExpiredRefreshTokens();
-
- public Set getAllExpiredRefreshTokens(PageCriteria pageCriteria);
-
- public Set getAccessTokensForResourceSet(ResourceSet rs);
-
- /**
- * removes duplicate access tokens.
- *
- * @deprecated this method was added to return the remove duplicate access tokens values
- * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
- * removeAccessToken method has been updated so as it will not fail in the event that an
- * accessToken has been duplicated, so this method is unnecessary.
- *
- */
- @Deprecated
- public void clearDuplicateAccessTokens();
-
- /**
- * removes duplicate refresh tokens.
- *
- * @deprecated this method was added to return the remove duplicate refresh token value
- * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
- * removeRefreshToken method has been updated so as it will not fail in the event that
- * refreshToken has been duplicated, so this method is unnecessary.
- *
- */
- @Deprecated
- public void clearDuplicateRefreshTokens();
-
- public List getAccessTokensForApprovedSite(ApprovedSite approvedSite);
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
deleted file mode 100644
index a33ca0e0b2..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.mitre.oauth2.service;
-
-import java.util.List;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-
-public interface AuthenticationHolderEntityService {
-
- AuthenticationHolderEntity create(OAuth2Authentication authn);
-
- void remove(AuthenticationHolderEntity holder);
-
- List getOrphanedAuthenticationHolders();
-
- List getOrphanedAuthenticationHolders(PageCriteria page);
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java
deleted file mode 100644
index 08695c6751..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service;
-
-import java.util.Collection;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-
-public interface ClientDetailsEntityService extends ClientDetailsService {
-
- public ClientDetailsEntity saveNewClient(ClientDetailsEntity client);
-
- public ClientDetailsEntity getClientById(Long id);
-
- @Override
- public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception;
-
- public void deleteClient(ClientDetailsEntity client);
-
- public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient);
-
- public Collection getAllClients();
-
- public ClientDetailsEntity generateClientId(ClientDetailsEntity client);
-
- public ClientDetailsEntity generateClientSecret(ClientDetailsEntity client);
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
deleted file mode 100644
index cf0e5169f0..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service;
-
-import java.util.List;
-import java.util.Set;
-
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
-import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
-
-@SuppressWarnings("deprecation")
-public interface OAuth2TokenEntityService extends AuthorizationServerTokenServices, ResourceServerTokenServices {
-
- @Override
- public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue);
-
- public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue);
-
- public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
-
- public void revokeAccessToken(OAuth2AccessTokenEntity accessToken);
-
- public List getAccessTokensForClient(ClientDetailsEntity client);
-
- public List getRefreshTokensForClient(ClientDetailsEntity client);
-
- public void clearExpiredTokens();
-
- public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken);
-
- public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
-
- @Override
- public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication);
-
- public OAuth2AccessTokenEntity getAccessTokenById(Long id);
-
- public OAuth2RefreshTokenEntity getRefreshTokenById(Long id);
-
- public Set getAllAccessTokensForUser(String name);
-
- public Set getAllRefreshTokensForUser(String name);
-
- public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client);
-
- public OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder);
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
deleted file mode 100644
index 55ab15b71e..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.mitre.oauth2.service.impl;
-
-import java.util.List;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.mitre.oauth2.repository.AuthenticationHolderRepository;
-import org.mitre.oauth2.service.AuthenticationHolderEntityService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.stereotype.Service;
-
-@Service("authenticationHolderEntityService")
-public class DefaultAuthenticationHolderEntityService implements AuthenticationHolderEntityService {
-
- private final AuthenticationHolderRepository repo;
-
- @Autowired
- public DefaultAuthenticationHolderEntityService(AuthenticationHolderRepository repo) {
- this.repo = repo;
- }
-
- @Override
- public AuthenticationHolderEntity create(OAuth2Authentication authn) {
- AuthenticationHolderEntity holder = new AuthenticationHolderEntity();
- holder.setAuthentication(authn);
-
- return repo.save(holder);
- }
-
- @Override
- public void remove(AuthenticationHolderEntity holder) {
- repo.remove(holder);
- }
-
- @Override
- public List getOrphanedAuthenticationHolders() {
-
- return repo.getOrphanedAuthenticationHolders();
- }
-
- @Override
- public List getOrphanedAuthenticationHolders(
- PageCriteria pageCriteria) {
- return repo.getOrphanedAuthenticationHolders(pageCriteria);
- }
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
deleted file mode 100644
index da7a177c87..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service.impl;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-import java.util.Collection;
-import java.util.HashSet;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.stereotype.Service;
-
-import com.google.common.base.Strings;
-
-/**
- * Shim layer to convert a ClientDetails service into a UserDetails service
- *
- * @author AANGANES
- *
- */
-@Service("clientUserDetailsService")
-public class DefaultClientUserDetailsService implements UserDetailsService {
-
- private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT");
-
- @Autowired
- private ClientDetailsEntityService clientDetailsService;
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- @Override
- public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
-
- try {
- ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId);
-
- if (client != null) {
-
- String password = Strings.nullToEmpty(client.getClientSecret());
-
- if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
- (client.getTokenEndpointAuthMethod() != null &&
- (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
- client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
-
- // Issue a random password each time to prevent password auth from being used (or skipped)
- // for private key or shared key clients, see #715
-
- password = new BigInteger(512, new SecureRandom()).toString(16);
- }
-
- boolean enabled = true;
- boolean accountNonExpired = true;
- boolean credentialsNonExpired = true;
- boolean accountNonLocked = true;
- Collection authorities = new HashSet<>(client.getAuthorities());
- authorities.add(ROLE_CLIENT);
-
- return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
- } else {
- throw new UsernameNotFoundException("Client not found: " + clientId);
- }
- } catch (InvalidClientException e) {
- throw new UsernameNotFoundException("Client not found: " + clientId);
- }
-
- }
-
- public ClientDetailsEntityService getClientDetailsService() {
- return clientDetailsService;
- }
-
- public void setClientDetailsService(ClientDetailsEntityService clientDetailsService) {
- this.clientDetailsService = clientDetailsService;
- }
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
deleted file mode 100644
index 9b8f6f45af..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service.impl;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-import java.util.Collection;
-import java.util.HashSet;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.stereotype.Service;
-import org.springframework.web.util.UriUtils;
-
-import com.google.common.base.Strings;
-
-/**
- * Loads client details based on URI encoding as passed in from basic auth.
- *
- * Should only get called if non-encoded provider fails.
- *
- * @author AANGANES
- *
- */
-@Service("uriEncodedClientUserDetailsService")
-public class UriEncodedClientUserDetailsService implements UserDetailsService {
-
- private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT");
-
- @Autowired
- private ClientDetailsEntityService clientDetailsService;
-
- @Autowired
- private ConfigurationPropertiesBean config;
-
- @Override
- public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
-
- try {
- String decodedClientId = UriUtils.decode(clientId, "UTF-8");
-
- ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId);
-
- if (client != null) {
-
- String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");
-
- if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
- (client.getTokenEndpointAuthMethod() != null &&
- (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
- client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
-
- // Issue a random password each time to prevent password auth from being used (or skipped)
- // for private key or shared key clients, see #715
-
- encodedPassword = new BigInteger(512, new SecureRandom()).toString(16);
- }
-
- boolean enabled = true;
- boolean accountNonExpired = true;
- boolean credentialsNonExpired = true;
- boolean accountNonLocked = true;
- Collection authorities = new HashSet<>(client.getAuthorities());
- authorities.add(ROLE_CLIENT);
-
- return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
- } else {
- throw new UsernameNotFoundException("Client not found: " + clientId);
- }
- } catch (InvalidClientException e) {
- throw new UsernameNotFoundException("Client not found: " + clientId);
- }
-
- }
-
- public ClientDetailsEntityService getClientDetailsService() {
- return clientDetailsService;
- }
-
- public void setClientDetailsService(ClientDetailsEntityService clientDetailsService) {
- this.clientDetailsService = clientDetailsService;
- }
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/DynamicClientValidationService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/DynamicClientValidationService.java
deleted file mode 100644
index 98754101cb..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/DynamicClientValidationService.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.mitre.openid.connect.service;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.openid.connect.exception.ValidationException;
-
-public interface DynamicClientValidationService {
-
- public ClientDetailsEntity validateClient(ClientDetailsEntity client) throws ValidationException;
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java
deleted file mode 100644
index 146f6164e4..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.openid.connect.service;
-
-import java.util.Date;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.springframework.security.oauth2.provider.OAuth2Request;
-
-import com.nimbusds.jwt.JWT;
-
-/**
- * Service to create specialty OpenID Connect tokens.
- *
- * @author Amanda Anganes
- *
- */
-public interface OIDCTokenService {
-
- /**
- * Create an id token with the information provided.
- *
- * @param client
- * @param request
- * @param issueTime
- * @param sub
- * @param signingAlg
- * @param accessToken
- * @return
- */
- public JWT createIdToken(
- ClientDetailsEntity client, OAuth2Request request, Date issueTime,
- String sub, OAuth2AccessTokenEntity accessToken);
-
- /**
- * Create a registration access token for the given client.
- *
- * @param client
- * @return
- */
- public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client);
-
- /**
- * Create a resource access token for the given client (protected resource).
- *
- * @param client
- * @return
- */
- public OAuth2AccessTokenEntity createResourceAccessToken(ClientDetailsEntity client);
-
- /**
- * Rotate the registration or resource token for a client
- * @param client
- * @return
- */
- public OAuth2AccessTokenEntity rotateRegistrationAccessTokenForClient(ClientDetailsEntity client);
-
-}
\ No newline at end of file
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
deleted file mode 100644
index ac7ab41070..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.openid.connect.web;
-
-import java.lang.reflect.Type;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
-import org.mitre.openid.connect.model.UserInfo;
-import org.mitre.openid.connect.service.UserInfoService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationTrustResolver;
-import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonPrimitive;
-import com.google.gson.JsonSerializationContext;
-import com.google.gson.JsonSerializer;
-
-/**
- * Injects the UserInfo object for the current user into the current model's context, if both exist. Allows JSPs and the like to call "userInfo.name" and other fields.
- *
- * @author jricher
- *
- */
-public class UserInfoInterceptor extends HandlerInterceptorAdapter {
-
- private Gson gson = new GsonBuilder()
- .registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer() {
- @Override
- public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
- return new JsonPrimitive(src.getAuthority());
- }
- })
- .create();
-
- @Autowired (required = false)
- private UserInfoService userInfoService;
-
- private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
-
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
- if (auth instanceof Authentication){
- request.setAttribute("userAuthorities", gson.toJson(auth.getAuthorities()));
- }
-
- if (!trustResolver.isAnonymous(auth)) { // skip lookup on anonymous logins
- if (auth instanceof OIDCAuthenticationToken) {
- // if they're logging into this server from a remote OIDC server, pass through their user info
- OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) auth;
- if (oidc.getUserInfo() != null) {
- request.setAttribute("userInfo", oidc.getUserInfo());
- request.setAttribute("userInfoJson", oidc.getUserInfo().toJson());
- } else {
- request.setAttribute("userInfo", null);
- request.setAttribute("userInfoJson", "null");
- }
- } else {
- // don't bother checking if we don't have a principal or a userInfoService to work with
- if (auth != null && auth.getName() != null && userInfoService != null) {
-
- // try to look up a user based on the principal's name
- UserInfo user = userInfoService.getByUsername(auth.getName());
-
- // if we have one, inject it so views can use it
- if (user != null) {
- request.setAttribute("userInfo", user);
- request.setAttribute("userInfoJson", user.toJson());
- }
- }
- }
- }
-
- return true;
- }
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java
deleted file mode 100644
index 8da2ce017c..0000000000
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.uma.service;
-
-import java.util.Collection;
-
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.uma.model.ResourceSet;
-
-/**
- *
- * Manage registered resource sets at this authorization server.
- *
- * @author jricher
- *
- */
-public interface ResourceSetService {
-
- public ResourceSet saveNew(ResourceSet rs);
-
- public ResourceSet getById(Long id);
-
- public ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
-
- public void remove(ResourceSet rs);
-
- public Collection getAllForOwner(String owner);
-
- public Collection getAllForOwnerAndClient(String owner, String authClientId);
-
- public Collection getAllForClient(ClientDetailsEntity client);
-
-}
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index ada12f5a57..199934f004 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
org.mitre
openid-connect-parent
- 2.0.0.cnaf-20260603
+ 2.1.0.cnaf-20260701
..
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
deleted file mode 100644
index 269db62171..0000000000
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.repository.impl;
-
-import java.util.List;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-
-import org.mitre.data.DefaultPageCriteria;
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.mitre.oauth2.repository.AuthenticationHolderRepository;
-import org.mitre.util.jpa.JpaUtil;
-import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
-
-@Repository
-@Transactional(value="defaultTransactionManager")
-public class JpaAuthenticationHolderRepository implements AuthenticationHolderRepository {
-
- private static final int MAXEXPIREDRESULTS = 1000;
-
- @PersistenceContext(unitName="defaultPersistenceUnit")
- private EntityManager manager;
-
- @Override
- public List getAll() {
- TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class);
- return query.getResultList();
- }
-
- @Override
- public AuthenticationHolderEntity getById(Long id) {
- return manager.find(AuthenticationHolderEntity.class, id);
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public void remove(AuthenticationHolderEntity a) {
- AuthenticationHolderEntity found = getById(a.getId());
- if (found != null) {
- manager.remove(found);
- } else {
- throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a);
- }
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthenticationHolderEntity save(AuthenticationHolderEntity a) {
- return JpaUtil.saveOrUpdate(a.getId(), manager, a);
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public List getOrphanedAuthenticationHolders() {
- DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
- return getOrphanedAuthenticationHolders(pageCriteria);
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
- return JpaUtil.getResultPage(query, pageCriteria);
- }
-
-}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
deleted file mode 100644
index ad7788b6c0..0000000000
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.oauth2.repository.impl;
-
-import java.util.Collection;
-import java.util.Date;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.AuthorizationCodeEntity;
-import org.mitre.oauth2.repository.AuthorizationCodeRepository;
-import org.mitre.util.jpa.JpaUtil;
-import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * JPA AuthorizationCodeRepository implementation.
- *
- * @author aanganes
- *
- */
-@Repository
-@Transactional(value="defaultTransactionManager")
-public class JpaAuthorizationCodeRepository implements AuthorizationCodeRepository {
-
- @PersistenceContext(unitName="defaultPersistenceUnit")
- EntityManager manager;
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.AuthorizationCodeEntity)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) {
-
- return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode);
-
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthorizationCodeEntity getByCode(String code) {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class);
- query.setParameter("code", code);
-
- AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());
- return result;
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model.AuthorizationCodeEntity)
- */
- @Override
- public void remove(AuthorizationCodeEntity authorizationCodeEntity) {
- AuthorizationCodeEntity found = manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId());
- if (found != null) {
- manager.remove(found);
- }
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes()
- */
- @Override
- public Collection getExpiredCodes() {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
- query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
- return query.getResultList();
- }
-
-
- @Override
- public Collection getExpiredCodes(PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
- query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
- return JpaUtil.getResultPage(query, pageCriteria);
- }
-
-
-
-}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
deleted file mode 100644
index becb26710c..0000000000
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ /dev/null
@@ -1,343 +0,0 @@
-/*******************************************************************************
- * Copyright 2018 The MIT Internet Trust Consortium
- *
- * Portions copyright 2011-2013 The MITRE Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.repository.impl;
-
-import java.nio.charset.StandardCharsets;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.Query;
-import javax.persistence.TypedQuery;
-import javax.persistence.criteria.CriteriaBuilder;
-import javax.persistence.criteria.CriteriaDelete;
-import javax.persistence.criteria.Root;
-
-import org.mitre.data.DefaultPageCriteria;
-import org.mitre.data.PageCriteria;
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
-import org.mitre.oauth2.repository.OAuth2TokenRepository;
-import org.mitre.openid.connect.model.ApprovedSite;
-import org.mitre.uma.model.ResourceSet;
-import org.mitre.util.jpa.JpaUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Repository;
-import org.springframework.transaction.annotation.Transactional;
-
-import com.google.common.hash.Hashing;
-import com.nimbusds.jwt.JWT;
-import com.nimbusds.jwt.JWTParser;
-
-@Repository
-public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
-
- private static final int MAXEXPIREDRESULTS = 1000;
-
- private static final Logger logger =
- LoggerFactory.getLogger(JpaOAuth2TokenRepository.class);
-
- @PersistenceContext(unitName = "defaultPersistenceUnit")
- private EntityManager manager;
-
- @Override
- public Set getAllAccessTokens() {
- TypedQuery query =
- manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_ALL,
- OAuth2AccessTokenEntity.class);
- return new LinkedHashSet<>(query.getResultList());
- }
-
- @Override
- public Set getAllRefreshTokens() {
- TypedQuery query =
- manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_ALL,
- OAuth2RefreshTokenEntity.class);
- return new LinkedHashSet<>(query.getResultList());
- }
-
- @Override
- public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
- String atHashed =
- Hashing.sha256().hashString(accessTokenValue, StandardCharsets.UTF_8).toString();
- TypedQuery query = manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
- atHashed);
- return JpaUtil.getSingleResult(query.getResultList());
- }
-
- @Override
- public OAuth2AccessTokenEntity getAccessTokenById(Long id) {
- return manager.find(OAuth2AccessTokenEntity.class, id);
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public OAuth2AccessTokenEntity saveAccessToken(
- OAuth2AccessTokenEntity token) {
- return JpaUtil.saveOrUpdate(token.getId(), manager, token);
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public void removeAccessToken(OAuth2AccessTokenEntity accessToken) {
- OAuth2AccessTokenEntity found = getAccessTokenById(accessToken.getId());
- if (found != null) {
- manager.remove(found);
- } else {
- throw new IllegalArgumentException(
- "Access token not found: " + accessToken);
- }
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public void clearAccessTokensForRefreshToken(
- OAuth2RefreshTokenEntity refreshToken) {
- TypedQuery query = manager.createNamedQuery(
- OAuth2AccessTokenEntity.DELETE_BY_REFRESH_TOKEN,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN,
- refreshToken);
- query.executeUpdate();
- }
-
- @Override
- public OAuth2RefreshTokenEntity getRefreshTokenByValue(
- String refreshTokenValue) {
- try {
- JWT jwt = JWTParser.parse(refreshTokenValue);
- TypedQuery query = manager
- .createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE,
- OAuth2RefreshTokenEntity.class);
- query.setParameter(OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE, jwt);
- return JpaUtil.getSingleResult(query.getResultList());
- } catch (ParseException e) {
- return null;
- }
- }
-
- @Override
- public OAuth2RefreshTokenEntity getRefreshTokenById(Long id) {
- return manager.find(OAuth2RefreshTokenEntity.class, id);
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public OAuth2RefreshTokenEntity saveRefreshToken(
- OAuth2RefreshTokenEntity refreshToken) {
- return JpaUtil.saveOrUpdate(refreshToken.getId(), manager,
- refreshToken);
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
- OAuth2RefreshTokenEntity found =
- getRefreshTokenById(refreshToken.getId());
- if (found != null) {
- manager.remove(found);
- } else {
- throw new IllegalArgumentException(
- "Refresh token not found: " + refreshToken);
- }
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public void clearTokensForClient(ClientDetailsEntity client) {
- TypedQuery queryA = manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_BY_CLIENT,
- OAuth2AccessTokenEntity.class);
- queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
- List accessTokens = queryA.getResultList();
- for (OAuth2AccessTokenEntity accessToken : accessTokens) {
- removeAccessToken(accessToken);
- }
- TypedQuery queryR = manager.createNamedQuery(
- OAuth2RefreshTokenEntity.QUERY_BY_CLIENT,
- OAuth2RefreshTokenEntity.class);
- queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
- List refreshTokens = queryR.getResultList();
- for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) {
- removeRefreshToken(refreshToken);
- }
- }
-
- @Override
- public List getAccessTokensForClient(
- ClientDetailsEntity client) {
- TypedQuery queryA = manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_BY_CLIENT,
- OAuth2AccessTokenEntity.class);
- queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
- List accessTokens = queryA.getResultList();
- return accessTokens;
- }
-
- @Override
- public List getRefreshTokensForClient(
- ClientDetailsEntity client) {
- TypedQuery queryR = manager.createNamedQuery(
- OAuth2RefreshTokenEntity.QUERY_BY_CLIENT,
- OAuth2RefreshTokenEntity.class);
- queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
- List refreshTokens = queryR.getResultList();
- return refreshTokens;
- }
-
- @Override
- public Set getAccessTokensByUserName(String name) {
- TypedQuery query =
- manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_NAME,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_NAME, name);
- List results = query.getResultList();
- return results != null ? new HashSet<>(results) : new HashSet<>();
- }
-
- @Override
- public Set getRefreshTokensByUserName(
- String name) {
- TypedQuery query =
- manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_NAME,
- OAuth2RefreshTokenEntity.class);
- query.setParameter(OAuth2RefreshTokenEntity.PARAM_NAME, name);
- List results = query.getResultList();
- return results != null ? new HashSet<>(results) : new HashSet<>();
- }
-
- @Override
- public Set getAllExpiredAccessTokens() {
- DefaultPageCriteria pageCriteria =
- new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
- return getAllExpiredAccessTokens(pageCriteria);
- }
-
- @Override
- public Set getAllExpiredAccessTokens(
- PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
- return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
- }
-
- @Override
- public Set getAllExpiredRefreshTokens() {
- DefaultPageCriteria pageCriteria =
- new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
- return getAllExpiredRefreshTokens(pageCriteria);
- }
-
- @Override
- public Set getAllExpiredRefreshTokens(
- PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(
- OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE,
- OAuth2RefreshTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
- return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
- }
-
- @Override
- public Set getAccessTokensForResourceSet(
- ResourceSet rs) {
- TypedQuery query = manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID,
- rs.getId());
- return new LinkedHashSet<>(query.getResultList());
- }
-
- @Override
- @Transactional(value = "defaultTransactionManager")
- public void clearDuplicateAccessTokens() {
- Query query = manager.createQuery(
- "select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
- @SuppressWarnings("unchecked")
- List