diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
index 309c9e495c..b38c22a639 100644
--- a/openid-connect-client/pom.xml
+++ b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
openid-connect-parent
org.mitre
- 1.3.6.cnaf-20231129
+ 1.3.6.cnaf-20240417
..
openid-connect-client
diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
index 836dc30eb7..d5f4f31a30 100644
--- a/openid-connect-common/pom.xml
+++ b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
openid-connect-parent
org.mitre
- 1.3.6.cnaf-20231129
+ 1.3.6.cnaf-20240417
..
openid-connect-common
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
index 2caeff7c8e..2c2105fd03 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
@@ -51,279 +51,276 @@
@Entity
@Table(name = "authentication_holder")
-@NamedQueries ({
- @NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, query = "select a from AuthenticationHolderEntity a"),
- @NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, query = "select a from AuthenticationHolderEntity a where " +
- "a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and " +
- "a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and " +
- "a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)")
-})
+@NamedQueries({
+ @NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL,
+ query = "select a from AuthenticationHolderEntity a"),
+ @NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED,
+ query = "select a from AuthenticationHolderEntity a where "
+ + "a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and "
+ + "a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and "
+ + "a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)")})
+@SuppressWarnings("deprecation")
public class AuthenticationHolderEntity implements Serializable {
private static final long serialVersionUID = 1L;
+
+ public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll";
public static final String QUERY_GET_UNUSED =
"AuthenticationHolderEntity.getUnusedAuthenticationHolders";
- public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll";
-
- private Long id;
-
- private SavedUserAuthentication userAuth;
-
- private Collection authorities;
-
- private Set resourceIds;
-
- private boolean approved;
-
- private String redirectUri;
-
- private Set responseTypes;
-
- private Map extensions;
-
- private String clientId;
-
- private Set scope;
-
- private Map requestParameters;
-
- public AuthenticationHolderEntity() {
-
- }
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- @Transient
- public OAuth2Authentication getAuthentication() {
- // TODO: memoize this
- return new OAuth2Authentication(createOAuth2Request(), getUserAuth());
- }
-
- /**
- * @return
- */
- private OAuth2Request createOAuth2Request() {
- return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
- }
-
- public void setAuthentication(OAuth2Authentication authentication) {
-
- // pull apart the request and save its bits
- OAuth2Request o2Request = authentication.getOAuth2Request();
- setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities()));
- setClientId(o2Request.getClientId());
- setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions()));
- setRedirectUri(o2Request.getRedirectUri());
- setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters()));
- setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds()));
- setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes()));
- setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope()));
- setApproved(o2Request.isApproved());
-
- if (authentication.getUserAuthentication() != null) {
- this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication());
- } else {
- this.userAuth = null;
- }
- }
-
- /**
- * @return the userAuth
- */
- @OneToOne(cascade=CascadeType.ALL)
- @JoinColumn(name = "user_auth_id")
- public SavedUserAuthentication getUserAuth() {
- return userAuth;
- }
-
- /**
- * @param userAuth the userAuth to set
- */
- public void setUserAuth(SavedUserAuthentication userAuth) {
- this.userAuth = userAuth;
- }
-
- /**
- * @return the authorities
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_authority",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Convert(converter = SimpleGrantedAuthorityStringConverter.class)
- @Column(name="authority")
- public Collection getAuthorities() {
- return authorities;
- }
-
- /**
- * @param authorities the authorities to set
- */
- public void setAuthorities(Collection authorities) {
- this.authorities = authorities;
- }
-
- /**
- * @return the resourceIds
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_resource_id",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Column(name="resource_id")
- public Set getResourceIds() {
- return resourceIds;
- }
-
- /**
- * @param resourceIds the resourceIds to set
- */
- public void setResourceIds(Set resourceIds) {
- this.resourceIds = resourceIds;
- }
-
- /**
- * @return the approved
- */
- @Basic
- @Column(name="approved")
- public boolean isApproved() {
- return approved;
- }
-
- /**
- * @param approved the approved to set
- */
- public void setApproved(boolean approved) {
- this.approved = approved;
- }
-
- /**
- * @return the redirectUri
- */
- @Basic
- @Column(name="redirect_uri")
- public String getRedirectUri() {
- return redirectUri;
- }
-
- /**
- * @param redirectUri the redirectUri to set
- */
- public void setRedirectUri(String redirectUri) {
- this.redirectUri = redirectUri;
- }
-
- /**
- * @return the responseTypes
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_response_type",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Column(name="response_type")
- public Set getResponseTypes() {
- return responseTypes;
- }
-
- /**
- * @param responseTypes the responseTypes to set
- */
- public void setResponseTypes(Set responseTypes) {
- this.responseTypes = responseTypes;
- }
-
- /**
- * @return the extensions
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_extension",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Column(name="val")
- @MapKeyColumn(name="extension")
- @Convert(converter=SerializableStringConverter.class)
- public Map getExtensions() {
- return extensions;
- }
-
- /**
- * @param extensions the extensions to set
- */
- public void setExtensions(Map extensions) {
- this.extensions = extensions;
- }
-
- /**
- * @return the clientId
- */
- @Basic
- @Column(name="client_id")
- public String getClientId() {
- return clientId;
- }
-
- /**
- * @param clientId the clientId to set
- */
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
- /**
- * @return the scope
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_scope",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Column(name="scope")
- public Set getScope() {
- return scope;
- }
-
- /**
- * @param scope the scope to set
- */
- public void setScope(Set scope) {
- this.scope = scope;
- }
-
- /**
- * @return the requestParameters
- */
- @ElementCollection(fetch = FetchType.EAGER)
- @CollectionTable(
- name="authentication_holder_request_parameter",
- joinColumns=@JoinColumn(name="owner_id")
- )
- @Column(name="val")
- @MapKeyColumn(name="param")
- public Map getRequestParameters() {
- return requestParameters;
- }
-
- /**
- * @param requestParameters the requestParameters to set
- */
- public void setRequestParameters(Map requestParameters) {
- this.requestParameters = requestParameters;
- }
+
+ private Long id;
+
+ private SavedUserAuthentication userAuth;
+
+ private Collection authorities;
+
+ private Set resourceIds;
+
+ private boolean approved;
+
+ private String redirectUri;
+
+ private Set responseTypes;
+
+ private Map extensions;
+
+ private String clientId;
+
+ private Set scope;
+
+ private Map requestParameters;
+
+ public AuthenticationHolderEntity() {
+
+ }
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ @Transient
+ public OAuth2Authentication getAuthentication() {
+ // TODO: memoize this
+ return new OAuth2Authentication(createOAuth2Request(), getUserAuth());
+ }
+
+ /**
+ * @return
+ */
+ private OAuth2Request createOAuth2Request() {
+ return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds,
+ redirectUri, responseTypes, extensions);
+ }
+
+ public void setAuthentication(OAuth2Authentication authentication) {
+
+ // pull apart the request and save its bits
+ OAuth2Request o2Request = authentication.getOAuth2Request();
+ setAuthorities(
+ o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities()));
+ setClientId(o2Request.getClientId());
+ setExtensions(
+ o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions()));
+ setRedirectUri(o2Request.getRedirectUri());
+ setRequestParameters(o2Request.getRequestParameters() == null ? null
+ : new HashMap<>(o2Request.getRequestParameters()));
+ setResourceIds(
+ o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds()));
+ setResponseTypes(
+ o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes()));
+ setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope()));
+ setApproved(o2Request.isApproved());
+
+ if (authentication.getUserAuthentication() != null) {
+ this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication());
+ } else {
+ this.userAuth = null;
+ }
+ }
+
+ /**
+ * @return the userAuth
+ */
+ @OneToOne(cascade = CascadeType.ALL)
+ @JoinColumn(name = "user_auth_id")
+ public SavedUserAuthentication getUserAuth() {
+ return userAuth;
+ }
+
+ /**
+ * @param userAuth the userAuth to set
+ */
+ public void setUserAuth(SavedUserAuthentication userAuth) {
+ this.userAuth = userAuth;
+ }
+
+ /**
+ * @return the authorities
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_authority",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Convert(converter = SimpleGrantedAuthorityStringConverter.class)
+ @Column(name = "authority")
+ public Collection getAuthorities() {
+ return authorities;
+ }
+
+ /**
+ * @param authorities the authorities to set
+ */
+ public void setAuthorities(Collection authorities) {
+ this.authorities = authorities;
+ }
+
+ /**
+ * @return the resourceIds
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_resource_id",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Column(name = "resource_id")
+ public Set getResourceIds() {
+ return resourceIds;
+ }
+
+ /**
+ * @param resourceIds the resourceIds to set
+ */
+ public void setResourceIds(Set resourceIds) {
+ this.resourceIds = resourceIds;
+ }
+
+ /**
+ * @return the approved
+ */
+ @Basic
+ @Column(name = "approved")
+ public boolean isApproved() {
+ return approved;
+ }
+
+ /**
+ * @param approved the approved to set
+ */
+ public void setApproved(boolean approved) {
+ this.approved = approved;
+ }
+
+ /**
+ * @return the redirectUri
+ */
+ @Basic
+ @Column(name = "redirect_uri")
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ /**
+ * @param redirectUri the redirectUri to set
+ */
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ /**
+ * @return the responseTypes
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_response_type",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Column(name = "response_type")
+ public Set getResponseTypes() {
+ return responseTypes;
+ }
+
+ /**
+ * @param responseTypes the responseTypes to set
+ */
+ public void setResponseTypes(Set responseTypes) {
+ this.responseTypes = responseTypes;
+ }
+
+ /**
+ * @return the extensions
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_extension",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Column(name = "val")
+ @MapKeyColumn(name = "extension")
+ @Convert(converter = SerializableStringConverter.class)
+ public Map getExtensions() {
+ return extensions;
+ }
+
+ /**
+ * @param extensions the extensions to set
+ */
+ public void setExtensions(Map extensions) {
+ this.extensions = extensions;
+ }
+
+ /**
+ * @return the clientId
+ */
+ @Basic
+ @Column(name = "client_id")
+ public String getClientId() {
+ return clientId;
+ }
+
+ /**
+ * @param clientId the clientId to set
+ */
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ /**
+ * @return the scope
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_scope",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Column(name = "scope")
+ public Set getScope() {
+ return scope;
+ }
+
+ /**
+ * @param scope the scope to set
+ */
+ public void setScope(Set scope) {
+ this.scope = scope;
+ }
+
+ /**
+ * @return the requestParameters
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @CollectionTable(name = "authentication_holder_request_parameter",
+ joinColumns = @JoinColumn(name = "owner_id"))
+ @Column(name = "val")
+ @MapKeyColumn(name = "param")
+ public Map getRequestParameters() {
+ return requestParameters;
+ }
+
+ /**
+ * @param requestParameters the requestParameters to set
+ */
+ public void setRequestParameters(Map requestParameters) {
+ this.requestParameters = requestParameters;
+ }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
index 9894e1376b..1067d216a4 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
@@ -28,6 +28,8 @@
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
+import javax.persistence.NamedNativeQueries;
+import javax.persistence.NamedNativeQuery;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
@@ -42,103 +44,111 @@
@Entity
@Table(name = "authorization_code")
@NamedQueries({
- @NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, query = "select a from AuthorizationCodeEntity a where a.code = :code"),
- @NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, query = "select a from AuthorizationCodeEntity a where a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE)
-})
+ @NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE,
+ query = "select a from AuthorizationCodeEntity a where a.code = :code"),
+ @NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE,
+ query = "select a from AuthorizationCodeEntity a where a.expiration <= :"
+ + AuthorizationCodeEntity.PARAM_DATE),
+ @NamedQuery(name = AuthorizationCodeEntity.QUERY_DELETE_EXPIRED,
+ query = "DELETE FROM AuthorizationCodeEntity a WHERE a.expiration <= :"
+ + AuthorizationCodeEntity.PARAM_DATE)})
public class AuthorizationCodeEntity implements Serializable {
private static final long serialVersionUID = 1L;
public static final String QUERY_BY_VALUE = "AuthorizationCodeEntity.getByValue";
- public static final String QUERY_EXPIRATION_BY_DATE = "AuthorizationCodeEntity.expirationByDate";
-
- public static final String PARAM_DATE = "date";
-
- private Long id;
-
- private String code;
-
- private AuthenticationHolderEntity authenticationHolder;
-
- private Date expiration;
-
- /**
- * Default constructor.
- */
- public AuthorizationCodeEntity() {
-
- }
-
- /**
- * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
- *
- * @param code the authorization code
- * @param authRequest the AuthoriztionRequestHolder associated with the original code request
- */
- public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) {
- this.code = code;
- this.authenticationHolder = authenticationHolder;
- this.expiration = expiration;
- }
-
- /**
- * @return the id
- */
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- public Long getId() {
- return id;
- }
-
- /**
- * @param id the id to set
- */
- public void setId(Long id) {
- this.id = id;
- }
-
- /**
- * @return the code
- */
- @Basic
- @Column(name = "code")
- public String getCode() {
- return code;
- }
-
- /**
- * @param code the code to set
- */
- public void setCode(String code) {
- this.code = code;
- }
-
- /**
- * The authentication in place when this token was created.
- * @return the authentication
- */
- @ManyToOne
- @JoinColumn(name = "auth_holder_id")
- public AuthenticationHolderEntity getAuthenticationHolder() {
- return authenticationHolder;
- }
-
- /**
- * @param authentication the authentication to set
- */
- public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
- this.authenticationHolder = authenticationHolder;
- }
-
- @Basic
- @Temporal(javax.persistence.TemporalType.TIMESTAMP)
- @Column(name = "expiration")
- public Date getExpiration() {
- return expiration;
- }
-
- public void setExpiration(Date expiration) {
- this.expiration = expiration;
- }
+ public static final String QUERY_EXPIRATION_BY_DATE = "AuthorizationCodeEntity.expirationByDate";
+ public static final String QUERY_DELETE_EXPIRED = "AuthorizationCodeEntity.deleteExpired";
+
+ public static final String PARAM_DATE = "date";
+
+ private Long id;
+
+ private String code;
+
+ private AuthenticationHolderEntity authenticationHolder;
+
+ private Date expiration;
+
+ /**
+ * Default constructor.
+ */
+ public AuthorizationCodeEntity() {
+
+ }
+
+ /**
+ * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
+ *
+ * @param code the authorization code
+ * @param authRequest the AuthoriztionRequestHolder associated with the original code request
+ */
+ public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder,
+ Date expiration) {
+ this.code = code;
+ this.authenticationHolder = authenticationHolder;
+ this.expiration = expiration;
+ }
+
+ /**
+ * @return the id
+ */
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the code
+ */
+ @Basic
+ @Column(name = "code")
+ public String getCode() {
+ return code;
+ }
+
+ /**
+ * @param code the code to set
+ */
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ /**
+ * The authentication in place when this token was created.
+ *
+ * @return the authentication
+ */
+ @ManyToOne
+ @JoinColumn(name = "auth_holder_id")
+ public AuthenticationHolderEntity getAuthenticationHolder() {
+ return authenticationHolder;
+ }
+
+ /**
+ * @param authentication the authentication to set
+ */
+ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ @Basic
+ @Temporal(javax.persistence.TemporalType.TIMESTAMP)
+ @Column(name = "expiration")
+ public Date getExpiration() {
+ return expiration;
+ }
+
+ public void setExpiration(Date expiration) {
+ this.expiration = expiration;
+ }
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index d67a6b4b23..a4d15bacff 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -28,6 +28,7 @@
import java.util.Set;
import javax.persistence.Basic;
+import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
@@ -42,8 +43,10 @@
import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
+import javax.persistence.OneToOne;
import javax.persistence.PrePersist;
import javax.persistence.PreUpdate;
+import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@@ -149,6 +152,7 @@ public class ClientDetailsEntity implements ClientDetails {
private Date createdAt; // time the client was created
private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh?
private Integer deviceCodeValiditySeconds; // timeout for device codes
+ private ClientLastUsedEntity clientLastUsed; // last used info
/** fields for UMA */
private Set claimsRedirectUris;
@@ -982,6 +986,22 @@ public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) {
this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh;
}
+ /**
+ * @return the clientLastUsed entity
+ */
+ @OneToOne(mappedBy="client", cascade = CascadeType.ALL)
+ @PrimaryKeyJoinColumn
+ public ClientLastUsedEntity getClientLastUsed() {
+ return clientLastUsed;
+ }
+
+ /**
+ * @param clientLastUsed instance with the date of last use of this client
+ */
+ public void setClientLastUsed(ClientLastUsedEntity clientLastUsed) {
+ this.clientLastUsed = clientLastUsed;
+ }
+
/**
* @return the claimsRedirectUris
*/
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java
new file mode 100644
index 0000000000..e632ac7ae2
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java
@@ -0,0 +1,77 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.mitre.oauth2.model;
+
+import java.time.LocalDate;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.MapsId;
+import javax.persistence.OneToOne;
+import javax.persistence.Table;
+
+@Entity
+@Table(name = "client_last_used")
+public class ClientLastUsedEntity {
+
+ @Id
+ @Column(name = "client_details_id")
+ private Long id;
+
+ @OneToOne(cascade = CascadeType.ALL)
+ @MapsId
+ @JoinColumn(name = "client_details_id")
+ private ClientDetailsEntity client;
+
+ @Column(name = "last_used", nullable = false)
+ private LocalDate lastUsed;
+
+ public ClientLastUsedEntity() {
+ // empty constructor
+ }
+
+ public ClientLastUsedEntity(ClientDetailsEntity client, LocalDate lastUsed) {
+ this.client = client;
+ this.lastUsed = lastUsed;
+ }
+
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public ClientDetailsEntity getClient() {
+ return client;
+ }
+
+ public void setClient(ClientDetailsEntity client) {
+ this.client = client;
+ }
+
+ public LocalDate getLastUsed() {
+ return lastUsed;
+ }
+
+ public void setLastUsed(LocalDate lastUsed) {
+ this.lastUsed = lastUsed;
+ }
+}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 841ffd863a..d327d909f5 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -20,6 +20,7 @@
*/
package org.mitre.oauth2.model;
+import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@@ -309,7 +310,7 @@ public int getExpiresIn() {
/**
* @return the permissions
*/
- @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+ @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, orphanRemoval = true)
@JoinTable(
name = "access_token_permissions",
joinColumns = @JoinColumn(name = "access_token_id"),
@@ -349,9 +350,8 @@ public void setIdToken(JWT idToken) {
public void hashMe() {
if (jwtValue != null) {
- this.tokenValueHash = Hashing.sha256()
- .hashUnencodedChars(jwtValue.serialize())
- .toString();
+ this.tokenValueHash =
+ Hashing.sha256().hashString(jwtValue.serialize(), StandardCharsets.UTF_8).toString();
}
}
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
index 1b217de3e2..eac4f0c389 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
@@ -23,15 +23,14 @@
import org.mitre.oauth2.model.AuthenticationHolderEntity;
public interface AuthenticationHolderRepository {
- public List getAll();
- public AuthenticationHolderEntity getById(Long id);
+ public List getAll();
- public void remove(AuthenticationHolderEntity a);
+ public AuthenticationHolderEntity getById(Long id);
- public AuthenticationHolderEntity save(AuthenticationHolderEntity a);
+ public void remove(AuthenticationHolderEntity a);
- public List getOrphanedAuthenticationHolders();
+ public AuthenticationHolderEntity save(AuthenticationHolderEntity a);
- public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
+ public long clearOrphaned(PageCriteria pageCriteria);
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
index 11375e7e64..37c61f9fda 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
@@ -64,4 +64,5 @@ public interface AuthorizationCodeRepository {
*/
public Collection getExpiredCodes(PageCriteria pageCriteria);
+ public long deleteExpiredCodes(PageCriteria pageCriteria);
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
index a33ca0e0b2..43ffaf972f 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
@@ -1,19 +1,15 @@
package org.mitre.oauth2.service;
-import java.util.List;
-
-import org.mitre.data.PageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
+@SuppressWarnings("deprecation")
public interface AuthenticationHolderEntityService {
-
+
AuthenticationHolderEntity create(OAuth2Authentication authn);
-
+
void remove(AuthenticationHolderEntity holder);
- List getOrphanedAuthenticationHolders();
-
- List getOrphanedAuthenticationHolders(PageCriteria page);
-
+ long clearOrphaned();
+
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
index 55ab15b71e..b14d1cb407 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
@@ -1,8 +1,6 @@
package org.mitre.oauth2.service.impl;
-import java.util.List;
-
-import org.mitre.data.PageCriteria;
+import org.mitre.data.DefaultPageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.service.AuthenticationHolderEntityService;
@@ -11,6 +9,7 @@
import org.springframework.stereotype.Service;
@Service("authenticationHolderEntityService")
+@SuppressWarnings("deprecation")
public class DefaultAuthenticationHolderEntityService implements AuthenticationHolderEntityService {
private final AuthenticationHolderRepository repo;
@@ -34,15 +33,8 @@ public void remove(AuthenticationHolderEntity holder) {
}
@Override
- public List getOrphanedAuthenticationHolders() {
-
- return repo.getOrphanedAuthenticationHolders();
- }
-
- @Override
- public List getOrphanedAuthenticationHolders(
- PageCriteria pageCriteria) {
- return repo.getOrphanedAuthenticationHolders(pageCriteria);
+ public long clearOrphaned() {
+ return repo.clearOrphaned(new DefaultPageCriteria(0, 100));
}
}
diff --git a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
index f15e4c371c..b92094b602 100644
--- a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
+++ b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
@@ -25,44 +25,47 @@
import org.mitre.data.PageCriteria;
/**
- * @author mfranklin
- * Date: 4/28/11
- * Time: 2:13 PM
+ * @author mfranklin Date: 4/28/11 Time: 2:13 PM
*/
public class JpaUtil {
- public static T getSingleResult(List list) {
- switch(list.size()) {
- case 0:
- return null;
- case 1:
- return list.get(0);
- default:
- throw new IllegalStateException("Expected single result, got " + list.size());
- }
- }
+ public static T getSingleResult(List list) {
+ switch (list.size()) {
+ case 0:
+ return null;
+ case 1:
+ return list.get(0);
+ default:
+ throw new IllegalStateException("Expected single result, got " + list.size());
+ }
+ }
- /**
- * Get a page of results from the specified TypedQuery
- * by using the given PageCriteria to limit the query
- * results. The PageCriteria will override any size or
- * offset already specified on the query.
- *
- * @param the type parameter
- * @param query the query
- * @param pageCriteria the page criteria
- * @return the list
- */
- public static List getResultPage(TypedQuery query, PageCriteria pageCriteria){
- query.setMaxResults(pageCriteria.getPageSize());
- query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize());
+ /**
+ * Get a page of results from the specified TypedQuery by using the given PageCriteria to limit
+ * the query results. The PageCriteria will override any size or offset already specified on the
+ * query.
+ *
+ * @param the type parameter
+ * @param query the query
+ * @param pageCriteria the page criteria
+ * @return the list
+ */
+ public static List getResultPage(TypedQuery query, PageCriteria pageCriteria) {
+ query.setMaxResults(pageCriteria.getPageSize());
+ query.setFirstResult(pageCriteria.getPageNumber() * pageCriteria.getPageSize());
- return query.getResultList();
- }
+ return query.getResultList();
+ }
- public static T saveOrUpdate(I id, EntityManager entityManager, T entity) {
- T tmp = entityManager.merge(entity);
- entityManager.flush();
- return tmp;
- }
+ public static T saveOrUpdate(I id, EntityManager entityManager, T entity) {
+ T tmp = entityManager.merge(entity);
+ entityManager.flush();
+ return tmp;
+ }
+
+ public static long delete(TypedQuery query, PageCriteria pageCriteria) {
+ query.setMaxResults(pageCriteria.getPageSize());
+ query.setFirstResult(pageCriteria.getPageNumber() * pageCriteria.getPageSize());
+ return query.executeUpdate();
+ }
}
diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
index dac84964cc..7f1d47b13a 100644
--- a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
@@ -180,6 +180,12 @@ CREATE TABLE IF NOT EXISTS client_details (
UNIQUE (client_id)
);
+CREATE TABLE IF NOT EXISTS client_last_used (
+ client_details_id BIGINT PRIMARY KEY,
+ last_used TIMESTAMP NOT NULL,
+ CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id)
+);
+
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
index cbdba5d9c2..15c699964f 100644
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@@ -179,6 +179,12 @@ CREATE TABLE IF NOT EXISTS client_details (
UNIQUE (client_id)
);
+CREATE TABLE IF NOT EXISTS client_last_used (
+ client_details_id BIGINT PRIMARY KEY,
+ last_used TIMESTAMP NOT NULL,
+ CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id)
+);
+
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
index be871b7e80..cc365018ac 100644
--- a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
@@ -179,6 +179,12 @@ CREATE TABLE IF NOT EXISTS client_details (
UNIQUE (client_id)
);
+CREATE TABLE IF NOT EXISTS client_last_used (
+ client_details_id BIGINT PRIMARY KEY,
+ last_used TIMESTAMP NOT NULL,
+ CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id)
+);
+
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index 45f853c030..1a8664ba30 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
org.mitre
openid-connect-parent
- 1.3.6.cnaf-20231129
+ 1.3.6.cnaf-20240417
..
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
index 269db62171..b18a31f4fe 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
@@ -23,7 +23,6 @@
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
-import org.mitre.data.DefaultPageCriteria;
import org.mitre.data.PageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
@@ -32,54 +31,47 @@
import org.springframework.transaction.annotation.Transactional;
@Repository
-@Transactional(value="defaultTransactionManager")
+@Transactional(value = "defaultTransactionManager")
public class JpaAuthenticationHolderRepository implements AuthenticationHolderRepository {
- private static final int MAXEXPIREDRESULTS = 1000;
+ @PersistenceContext(unitName = "defaultPersistenceUnit")
+ private EntityManager manager;
- @PersistenceContext(unitName="defaultPersistenceUnit")
- private EntityManager manager;
+ @Override
+ public List getAll() {
+ TypedQuery query = manager
+ .createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class);
+ return query.getResultList();
+ }
- @Override
- public List getAll() {
- TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class);
- return query.getResultList();
- }
+ @Override
+ public AuthenticationHolderEntity getById(Long id) {
+ return manager.find(AuthenticationHolderEntity.class, id);
+ }
- @Override
- public AuthenticationHolderEntity getById(Long id) {
- return manager.find(AuthenticationHolderEntity.class, id);
- }
+ @Override
+ @Transactional(value = "defaultTransactionManager")
+ public void remove(AuthenticationHolderEntity a) {
+ AuthenticationHolderEntity found = getById(a.getId());
+ if (found != null) {
+ manager.remove(found);
+ } else {
+ throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a);
+ }
+ }
- @Override
- @Transactional(value="defaultTransactionManager")
- public void remove(AuthenticationHolderEntity a) {
- AuthenticationHolderEntity found = getById(a.getId());
- if (found != null) {
- manager.remove(found);
- } else {
- throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a);
- }
- }
+ @Override
+ @Transactional(value = "defaultTransactionManager")
+ public AuthenticationHolderEntity save(AuthenticationHolderEntity a) {
+ return JpaUtil.saveOrUpdate(a.getId(), manager, a);
+ }
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthenticationHolderEntity save(AuthenticationHolderEntity a) {
- return JpaUtil.saveOrUpdate(a.getId(), manager, a);
- }
+ @Override
+ public long clearOrphaned(PageCriteria pageCriteria) {
- @Override
- @Transactional(value="defaultTransactionManager")
- public List getOrphanedAuthenticationHolders() {
- DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
- return getOrphanedAuthenticationHolders(pageCriteria);
- }
-
- @Override
- @Transactional(value="defaultTransactionManager")
- public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
- return JpaUtil.getResultPage(query, pageCriteria);
- }
+ TypedQuery query = manager.createNamedQuery(
+ AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
+ return JpaUtil.delete(query, pageCriteria);
+ }
}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
index ad7788b6c0..9f873fc29f 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
@@ -41,64 +41,87 @@
*
*/
@Repository
-@Transactional(value="defaultTransactionManager")
+@Transactional(value = "defaultTransactionManager")
public class JpaAuthorizationCodeRepository implements AuthorizationCodeRepository {
- @PersistenceContext(unitName="defaultPersistenceUnit")
- EntityManager manager;
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.AuthorizationCodeEntity)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) {
-
- return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode);
-
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String)
- */
- @Override
- @Transactional(value="defaultTransactionManager")
- public AuthorizationCodeEntity getByCode(String code) {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class);
- query.setParameter("code", code);
-
- AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());
- return result;
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model.AuthorizationCodeEntity)
- */
- @Override
- public void remove(AuthorizationCodeEntity authorizationCodeEntity) {
- AuthorizationCodeEntity found = manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId());
- if (found != null) {
- manager.remove(found);
- }
- }
-
- /* (non-Javadoc)
- * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes()
- */
- @Override
- public Collection getExpiredCodes() {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
- query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
- return query.getResultList();
- }
-
-
- @Override
- public Collection getExpiredCodes(PageCriteria pageCriteria) {
- TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
- query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
- return JpaUtil.getResultPage(query, pageCriteria);
- }
+ @PersistenceContext(unitName = "defaultPersistenceUnit")
+ EntityManager manager;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.
+ * AuthorizationCodeEntity)
+ */
+ @Override
+ @Transactional(value = "defaultTransactionManager")
+ public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) {
+
+ return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String)
+ */
+ @Override
+ @Transactional(value = "defaultTransactionManager")
+ public AuthorizationCodeEntity getByCode(String code) {
+ TypedQuery query = manager
+ .createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class);
+ query.setParameter("code", code);
+
+ AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model.
+ * AuthorizationCodeEntity)
+ */
+ @Override
+ public void remove(AuthorizationCodeEntity authorizationCodeEntity) {
+ AuthorizationCodeEntity found =
+ manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId());
+ if (found != null) {
+ manager.remove(found);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes()
+ */
+ @Override
+ public Collection getExpiredCodes() {
+ TypedQuery query = manager.createNamedQuery(
+ AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
+ query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date());
+ return query.getResultList();
+ }
+
+
+ @Override
+ public Collection getExpiredCodes(PageCriteria pageCriteria) {
+ TypedQuery query = manager.createNamedQuery(
+ AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
+ query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date());
+ return JpaUtil.getResultPage(query, pageCriteria);
+ }
+
+ @Override
+ public long deleteExpiredCodes(PageCriteria pageCriteria) {
+
+ TypedQuery query = manager.createNamedQuery(
+ AuthorizationCodeEntity.QUERY_DELETE_EXPIRED, AuthorizationCodeEntity.class);
+ query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date());
+ return JpaUtil.delete(query, pageCriteria);
+ }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 60f7636302..becb26710c 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -80,11 +80,9 @@ public Set getAllRefreshTokens() {
}
@Override
- public OAuth2AccessTokenEntity getAccessTokenByValue(
- String accessTokenValue) {
- String atHashed = Hashing.sha256()
- .hashUnencodedChars(accessTokenValue)
- .toString();
+ public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
+ String atHashed =
+ Hashing.sha256().hashString(accessTokenValue, StandardCharsets.UTF_8).toString();
TypedQuery query = manager.createNamedQuery(
OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
OAuth2AccessTokenEntity.class);
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index e3dc32d56f..2f7e7b268e 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -507,45 +507,7 @@ public List getRefreshTokensForClient(ClientDetailsEnt
*/
@Override
public void clearExpiredTokens() {
- logger.debug("Cleaning out all expired tokens");
-
- new AbstractPageOperationTemplate("clearExpiredAccessTokens") {
- @Override
- public Collection fetchPage() {
- return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria());
- }
-
- @Override
- public void doOperation(OAuth2AccessTokenEntity item) {
- revokeAccessToken(item);
- }
- }.execute();
-
- new AbstractPageOperationTemplate("clearExpiredRefreshTokens") {
- @Override
- public Collection fetchPage() {
- return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria());
- }
-
- @Override
- public void doOperation(OAuth2RefreshTokenEntity item) {
- revokeRefreshToken(item);
- }
- }.execute();
-
- new AbstractPageOperationTemplate(
- "clearExpiredAuthenticationHolders") {
- @Override
- public Collection fetchPage() {
- return authenticationHolderRepository
- .getOrphanedAuthenticationHolders(new DefaultPageCriteria());
- }
-
- @Override
- public void doOperation(AuthenticationHolderEntity item) {
- authenticationHolderRepository.remove(item);
- }
- }.execute();
+ logger.debug("Cleaning out all expired tokens - Removed from MitreID");
}
/*
diff --git a/pom.xml b/pom.xml
index 12a4fbfb4d..d60414548d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
4.0.0
org.mitre
openid-connect-parent
- 1.3.6.cnaf-20231129
+ 1.3.6.cnaf-20240417
MITREid Connect
pom
@@ -303,7 +303,7 @@
dependencies
dependency-convergence
dependency-management
help