From 19243821ed0c9595b1b0e328bcd7bcdda708a765 Mon Sep 17 00:00:00 2001 From: Federica Agostini Date: Wed, 24 Jan 2024 12:05:23 +0100 Subject: [PATCH 1/4] Fix Charset to UTF-8 used by token value hash function (#11) --- openid-connect-client/pom.xml | 2 +- openid-connect-common/pom.xml | 2 +- .../org/mitre/oauth2/model/OAuth2AccessTokenEntity.java | 6 +++--- openid-connect-server/pom.xml | 2 +- .../oauth2/repository/impl/JpaOAuth2TokenRepository.java | 8 +++----- pom.xml | 2 +- 6 files changed, 10 insertions(+), 12 deletions(-) diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml index 309c9e495..00847ec2e 100644 --- a/openid-connect-client/pom.xml +++ b/openid-connect-client/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.6.cnaf-20231129 + 1.3.6.cnaf-20240119 .. openid-connect-client diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml index 836dc30eb..c644e7670 100644 --- a/openid-connect-common/pom.xml +++ b/openid-connect-common/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.6.cnaf-20231129 + 1.3.6.cnaf-20240119 .. openid-connect-common diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 841ffd863..2695c18a2 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -20,6 +20,7 @@ */ package org.mitre.oauth2.model; +import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -349,9 +350,8 @@ public void setIdToken(JWT idToken) { public void hashMe() { if (jwtValue != null) { - this.tokenValueHash = Hashing.sha256() - .hashUnencodedChars(jwtValue.serialize()) - .toString(); + this.tokenValueHash = + Hashing.sha256().hashString(jwtValue.serialize(), StandardCharsets.UTF_8).toString(); } } } diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml index 45f853c03..c1b689602 100644 --- a/openid-connect-server/pom.xml +++ b/openid-connect-server/pom.xml @@ -23,7 +23,7 @@ org.mitre openid-connect-parent - 1.3.6.cnaf-20231129 + 1.3.6.cnaf-20240119 .. diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java index 60f763630..becb26710 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java @@ -80,11 +80,9 @@ public Set getAllRefreshTokens() { } @Override - public OAuth2AccessTokenEntity getAccessTokenByValue( - String accessTokenValue) { - String atHashed = Hashing.sha256() - .hashUnencodedChars(accessTokenValue) - .toString(); + public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) { + String atHashed = + Hashing.sha256().hashString(accessTokenValue, StandardCharsets.UTF_8).toString(); TypedQuery query = manager.createNamedQuery( OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH, OAuth2AccessTokenEntity.class); diff --git a/pom.xml b/pom.xml index 12a4fbfb4..78af85f34 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ 4.0.0 org.mitre openid-connect-parent - 1.3.6.cnaf-20231129 + 1.3.6.cnaf-20240119 MITREid Connect pom From c5cec1fc7266eae9b74865d90ff195b011295e20 Mon Sep 17 00:00:00 2001 From: Enrico Vianello Date: Wed, 3 Apr 2024 14:49:39 +0200 Subject: [PATCH 2/4] Add client last used info (#12) Co-authored-by: Davide Marcato --- openid-connect-client/pom.xml | 2 +- openid-connect-common/pom.xml | 2 +- .../oauth2/model/ClientDetailsEntity.java | 20 +++++ .../oauth2/model/ClientLastUsedEntity.java | 77 +++++++++++++++++++ .../db/hsql/hsql_database_tables.sql | 6 ++ .../db/mysql/mysql_database_tables.sql | 6 ++ .../db/psql/psql_database_tables.sql | 6 ++ openid-connect-server/pom.xml | 2 +- pom.xml | 2 +- 9 files changed, 119 insertions(+), 4 deletions(-) create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml index 00847ec2e..ad65387f3 100644 --- a/openid-connect-client/pom.xml +++ b/openid-connect-client/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.6.cnaf-20240119 + 1.3.7.cnaf.20240403 .. openid-connect-client diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml index c644e7670..ee16e3017 100644 --- a/openid-connect-common/pom.xml +++ b/openid-connect-common/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.6.cnaf-20240119 + 1.3.7.cnaf.20240403 .. openid-connect-common diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index d67a6b4b2..a4d15bacf 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -28,6 +28,7 @@ import java.util.Set; import javax.persistence.Basic; +import javax.persistence.CascadeType; import javax.persistence.CollectionTable; import javax.persistence.Column; import javax.persistence.Convert; @@ -42,8 +43,10 @@ import javax.persistence.JoinColumn; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.OneToOne; import javax.persistence.PrePersist; import javax.persistence.PreUpdate; +import javax.persistence.PrimaryKeyJoinColumn; import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; @@ -149,6 +152,7 @@ public class ClientDetailsEntity implements ClientDetails { private Date createdAt; // time the client was created private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh? private Integer deviceCodeValiditySeconds; // timeout for device codes + private ClientLastUsedEntity clientLastUsed; // last used info /** fields for UMA */ private Set claimsRedirectUris; @@ -982,6 +986,22 @@ public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) { this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh; } + /** + * @return the clientLastUsed entity + */ + @OneToOne(mappedBy="client", cascade = CascadeType.ALL) + @PrimaryKeyJoinColumn + public ClientLastUsedEntity getClientLastUsed() { + return clientLastUsed; + } + + /** + * @param clientLastUsed instance with the date of last use of this client + */ + public void setClientLastUsed(ClientLastUsedEntity clientLastUsed) { + this.clientLastUsed = clientLastUsed; + } + /** * @return the claimsRedirectUris */ diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java new file mode 100644 index 000000000..e632ac7ae --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientLastUsedEntity.java @@ -0,0 +1,77 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.mitre.oauth2.model; + +import java.time.LocalDate; + +import javax.persistence.CascadeType; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.MapsId; +import javax.persistence.OneToOne; +import javax.persistence.Table; + +@Entity +@Table(name = "client_last_used") +public class ClientLastUsedEntity { + + @Id + @Column(name = "client_details_id") + private Long id; + + @OneToOne(cascade = CascadeType.ALL) + @MapsId + @JoinColumn(name = "client_details_id") + private ClientDetailsEntity client; + + @Column(name = "last_used", nullable = false) + private LocalDate lastUsed; + + public ClientLastUsedEntity() { + // empty constructor + } + + public ClientLastUsedEntity(ClientDetailsEntity client, LocalDate lastUsed) { + this.client = client; + this.lastUsed = lastUsed; + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public ClientDetailsEntity getClient() { + return client; + } + + public void setClient(ClientDetailsEntity client) { + this.client = client; + } + + public LocalDate getLastUsed() { + return lastUsed; + } + + public void setLastUsed(LocalDate lastUsed) { + this.lastUsed = lastUsed; + } +} diff --git a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql index dac84964c..7f1d47b13 100644 --- a/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql @@ -180,6 +180,12 @@ CREATE TABLE IF NOT EXISTS client_details ( UNIQUE (client_id) ); +CREATE TABLE IF NOT EXISTS client_last_used ( + client_details_id BIGINT PRIMARY KEY, + last_used TIMESTAMP NOT NULL, + CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id) +); + CREATE TABLE IF NOT EXISTS client_request_uri ( owner_id BIGINT, request_uri VARCHAR(2000) diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql index cbdba5d9c..15c699964 100644 --- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql @@ -179,6 +179,12 @@ CREATE TABLE IF NOT EXISTS client_details ( UNIQUE (client_id) ); +CREATE TABLE IF NOT EXISTS client_last_used ( + client_details_id BIGINT PRIMARY KEY, + last_used TIMESTAMP NOT NULL, + CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id) +); + CREATE TABLE IF NOT EXISTS client_request_uri ( owner_id BIGINT, request_uri VARCHAR(2000) diff --git a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql index be871b7e8..cc365018a 100644 --- a/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql @@ -179,6 +179,12 @@ CREATE TABLE IF NOT EXISTS client_details ( UNIQUE (client_id) ); +CREATE TABLE IF NOT EXISTS client_last_used ( + client_details_id BIGINT PRIMARY KEY, + last_used TIMESTAMP NOT NULL, + CONSTRAINT fk_client_last_used FOREIGN KEY (client_details_id) REFERENCES client_details(id) +); + CREATE TABLE IF NOT EXISTS client_request_uri ( owner_id BIGINT, request_uri VARCHAR(2000) diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml index c1b689602..73aa992f7 100644 --- a/openid-connect-server/pom.xml +++ b/openid-connect-server/pom.xml @@ -23,7 +23,7 @@ org.mitre openid-connect-parent - 1.3.6.cnaf-20240119 + 1.3.7.cnaf.20240403 .. diff --git a/pom.xml b/pom.xml index 78af85f34..4e6ca3e58 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ 4.0.0 org.mitre openid-connect-parent - 1.3.6.cnaf-20240119 + 1.3.7.cnaf.20240403 MITREid Connect pom From 21bd4d7915eef9187b5ca3486935797be87e62ec Mon Sep 17 00:00:00 2001 From: Enrico Vianello Date: Mon, 26 Feb 2024 19:56:58 +0100 Subject: [PATCH 3/4] Remove Garbage Collector logic --- .../model/AuthenticationHolderEntity.java | 531 +++++++++--------- .../oauth2/model/AuthorizationCodeEntity.java | 198 +++---- .../AuthenticationHolderRepository.java | 11 +- .../AuthorizationCodeRepository.java | 1 + .../AuthenticationHolderEntityService.java | 14 +- ...aultAuthenticationHolderEntityService.java | 16 +- .../main/java/org/mitre/util/jpa/JpaUtil.java | 71 +-- .../JpaAuthenticationHolderRepository.java | 76 ++- .../impl/JpaAuthorizationCodeRepository.java | 135 +++-- .../DefaultOAuth2ProviderTokenService.java | 40 +- 10 files changed, 534 insertions(+), 559 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java index 2caeff7c8..2c2105fd0 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java @@ -51,279 +51,276 @@ @Entity @Table(name = "authentication_holder") -@NamedQueries ({ - @NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, query = "select a from AuthenticationHolderEntity a"), - @NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, query = "select a from AuthenticationHolderEntity a where " + - "a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and " + - "a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and " + - "a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)") -}) +@NamedQueries({ + @NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, + query = "select a from AuthenticationHolderEntity a"), + @NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, + query = "select a from AuthenticationHolderEntity a where " + + "a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and " + + "a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and " + + "a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)")}) +@SuppressWarnings("deprecation") public class AuthenticationHolderEntity implements Serializable { private static final long serialVersionUID = 1L; + + public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll"; public static final String QUERY_GET_UNUSED = "AuthenticationHolderEntity.getUnusedAuthenticationHolders"; - public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll"; - - private Long id; - - private SavedUserAuthentication userAuth; - - private Collection authorities; - - private Set resourceIds; - - private boolean approved; - - private String redirectUri; - - private Set responseTypes; - - private Map extensions; - - private String clientId; - - private Set scope; - - private Map requestParameters; - - public AuthenticationHolderEntity() { - - } - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - public Long getId() { - return id; - } - - public void setId(Long id) { - this.id = id; - } - - @Transient - public OAuth2Authentication getAuthentication() { - // TODO: memoize this - return new OAuth2Authentication(createOAuth2Request(), getUserAuth()); - } - - /** - * @return - */ - private OAuth2Request createOAuth2Request() { - return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); - } - - public void setAuthentication(OAuth2Authentication authentication) { - - // pull apart the request and save its bits - OAuth2Request o2Request = authentication.getOAuth2Request(); - setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); - setClientId(o2Request.getClientId()); - setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions())); - setRedirectUri(o2Request.getRedirectUri()); - setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters())); - setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds())); - setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes())); - setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope())); - setApproved(o2Request.isApproved()); - - if (authentication.getUserAuthentication() != null) { - this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); - } else { - this.userAuth = null; - } - } - - /** - * @return the userAuth - */ - @OneToOne(cascade=CascadeType.ALL) - @JoinColumn(name = "user_auth_id") - public SavedUserAuthentication getUserAuth() { - return userAuth; - } - - /** - * @param userAuth the userAuth to set - */ - public void setUserAuth(SavedUserAuthentication userAuth) { - this.userAuth = userAuth; - } - - /** - * @return the authorities - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_authority", - joinColumns=@JoinColumn(name="owner_id") - ) - @Convert(converter = SimpleGrantedAuthorityStringConverter.class) - @Column(name="authority") - public Collection getAuthorities() { - return authorities; - } - - /** - * @param authorities the authorities to set - */ - public void setAuthorities(Collection authorities) { - this.authorities = authorities; - } - - /** - * @return the resourceIds - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_resource_id", - joinColumns=@JoinColumn(name="owner_id") - ) - @Column(name="resource_id") - public Set getResourceIds() { - return resourceIds; - } - - /** - * @param resourceIds the resourceIds to set - */ - public void setResourceIds(Set resourceIds) { - this.resourceIds = resourceIds; - } - - /** - * @return the approved - */ - @Basic - @Column(name="approved") - public boolean isApproved() { - return approved; - } - - /** - * @param approved the approved to set - */ - public void setApproved(boolean approved) { - this.approved = approved; - } - - /** - * @return the redirectUri - */ - @Basic - @Column(name="redirect_uri") - public String getRedirectUri() { - return redirectUri; - } - - /** - * @param redirectUri the redirectUri to set - */ - public void setRedirectUri(String redirectUri) { - this.redirectUri = redirectUri; - } - - /** - * @return the responseTypes - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_response_type", - joinColumns=@JoinColumn(name="owner_id") - ) - @Column(name="response_type") - public Set getResponseTypes() { - return responseTypes; - } - - /** - * @param responseTypes the responseTypes to set - */ - public void setResponseTypes(Set responseTypes) { - this.responseTypes = responseTypes; - } - - /** - * @return the extensions - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_extension", - joinColumns=@JoinColumn(name="owner_id") - ) - @Column(name="val") - @MapKeyColumn(name="extension") - @Convert(converter=SerializableStringConverter.class) - public Map getExtensions() { - return extensions; - } - - /** - * @param extensions the extensions to set - */ - public void setExtensions(Map extensions) { - this.extensions = extensions; - } - - /** - * @return the clientId - */ - @Basic - @Column(name="client_id") - public String getClientId() { - return clientId; - } - - /** - * @param clientId the clientId to set - */ - public void setClientId(String clientId) { - this.clientId = clientId; - } - - /** - * @return the scope - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_scope", - joinColumns=@JoinColumn(name="owner_id") - ) - @Column(name="scope") - public Set getScope() { - return scope; - } - - /** - * @param scope the scope to set - */ - public void setScope(Set scope) { - this.scope = scope; - } - - /** - * @return the requestParameters - */ - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_request_parameter", - joinColumns=@JoinColumn(name="owner_id") - ) - @Column(name="val") - @MapKeyColumn(name="param") - public Map getRequestParameters() { - return requestParameters; - } - - /** - * @param requestParameters the requestParameters to set - */ - public void setRequestParameters(Map requestParameters) { - this.requestParameters = requestParameters; - } + + private Long id; + + private SavedUserAuthentication userAuth; + + private Collection authorities; + + private Set resourceIds; + + private boolean approved; + + private String redirectUri; + + private Set responseTypes; + + private Map extensions; + + private String clientId; + + private Set scope; + + private Map requestParameters; + + public AuthenticationHolderEntity() { + + } + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + @Transient + public OAuth2Authentication getAuthentication() { + // TODO: memoize this + return new OAuth2Authentication(createOAuth2Request(), getUserAuth()); + } + + /** + * @return + */ + private OAuth2Request createOAuth2Request() { + return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, + redirectUri, responseTypes, extensions); + } + + public void setAuthentication(OAuth2Authentication authentication) { + + // pull apart the request and save its bits + OAuth2Request o2Request = authentication.getOAuth2Request(); + setAuthorities( + o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); + setClientId(o2Request.getClientId()); + setExtensions( + o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions())); + setRedirectUri(o2Request.getRedirectUri()); + setRequestParameters(o2Request.getRequestParameters() == null ? null + : new HashMap<>(o2Request.getRequestParameters())); + setResourceIds( + o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds())); + setResponseTypes( + o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes())); + setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope())); + setApproved(o2Request.isApproved()); + + if (authentication.getUserAuthentication() != null) { + this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); + } else { + this.userAuth = null; + } + } + + /** + * @return the userAuth + */ + @OneToOne(cascade = CascadeType.ALL) + @JoinColumn(name = "user_auth_id") + public SavedUserAuthentication getUserAuth() { + return userAuth; + } + + /** + * @param userAuth the userAuth to set + */ + public void setUserAuth(SavedUserAuthentication userAuth) { + this.userAuth = userAuth; + } + + /** + * @return the authorities + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_authority", + joinColumns = @JoinColumn(name = "owner_id")) + @Convert(converter = SimpleGrantedAuthorityStringConverter.class) + @Column(name = "authority") + public Collection getAuthorities() { + return authorities; + } + + /** + * @param authorities the authorities to set + */ + public void setAuthorities(Collection authorities) { + this.authorities = authorities; + } + + /** + * @return the resourceIds + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_resource_id", + joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "resource_id") + public Set getResourceIds() { + return resourceIds; + } + + /** + * @param resourceIds the resourceIds to set + */ + public void setResourceIds(Set resourceIds) { + this.resourceIds = resourceIds; + } + + /** + * @return the approved + */ + @Basic + @Column(name = "approved") + public boolean isApproved() { + return approved; + } + + /** + * @param approved the approved to set + */ + public void setApproved(boolean approved) { + this.approved = approved; + } + + /** + * @return the redirectUri + */ + @Basic + @Column(name = "redirect_uri") + public String getRedirectUri() { + return redirectUri; + } + + /** + * @param redirectUri the redirectUri to set + */ + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } + + /** + * @return the responseTypes + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_response_type", + joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "response_type") + public Set getResponseTypes() { + return responseTypes; + } + + /** + * @param responseTypes the responseTypes to set + */ + public void setResponseTypes(Set responseTypes) { + this.responseTypes = responseTypes; + } + + /** + * @return the extensions + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_extension", + joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "val") + @MapKeyColumn(name = "extension") + @Convert(converter = SerializableStringConverter.class) + public Map getExtensions() { + return extensions; + } + + /** + * @param extensions the extensions to set + */ + public void setExtensions(Map extensions) { + this.extensions = extensions; + } + + /** + * @return the clientId + */ + @Basic + @Column(name = "client_id") + public String getClientId() { + return clientId; + } + + /** + * @param clientId the clientId to set + */ + public void setClientId(String clientId) { + this.clientId = clientId; + } + + /** + * @return the scope + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_scope", + joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "scope") + public Set getScope() { + return scope; + } + + /** + * @param scope the scope to set + */ + public void setScope(Set scope) { + this.scope = scope; + } + + /** + * @return the requestParameters + */ + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "authentication_holder_request_parameter", + joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "val") + @MapKeyColumn(name = "param") + public Map getRequestParameters() { + return requestParameters; + } + + /** + * @param requestParameters the requestParameters to set + */ + public void setRequestParameters(Map requestParameters) { + this.requestParameters = requestParameters; + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java index 9894e1376..1067d216a 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java @@ -28,6 +28,8 @@ import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; +import javax.persistence.NamedNativeQueries; +import javax.persistence.NamedNativeQuery; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.Table; @@ -42,103 +44,111 @@ @Entity @Table(name = "authorization_code") @NamedQueries({ - @NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, query = "select a from AuthorizationCodeEntity a where a.code = :code"), - @NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, query = "select a from AuthorizationCodeEntity a where a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE) -}) + @NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, + query = "select a from AuthorizationCodeEntity a where a.code = :code"), + @NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, + query = "select a from AuthorizationCodeEntity a where a.expiration <= :" + + AuthorizationCodeEntity.PARAM_DATE), + @NamedQuery(name = AuthorizationCodeEntity.QUERY_DELETE_EXPIRED, + query = "DELETE FROM AuthorizationCodeEntity a WHERE a.expiration <= :" + + AuthorizationCodeEntity.PARAM_DATE)}) public class AuthorizationCodeEntity implements Serializable { private static final long serialVersionUID = 1L; public static final String QUERY_BY_VALUE = "AuthorizationCodeEntity.getByValue"; - public static final String QUERY_EXPIRATION_BY_DATE = "AuthorizationCodeEntity.expirationByDate"; - - public static final String PARAM_DATE = "date"; - - private Long id; - - private String code; - - private AuthenticationHolderEntity authenticationHolder; - - private Date expiration; - - /** - * Default constructor. - */ - public AuthorizationCodeEntity() { - - } - - /** - * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder. - * - * @param code the authorization code - * @param authRequest the AuthoriztionRequestHolder associated with the original code request - */ - public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) { - this.code = code; - this.authenticationHolder = authenticationHolder; - this.expiration = expiration; - } - - /** - * @return the id - */ - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - public Long getId() { - return id; - } - - /** - * @param id the id to set - */ - public void setId(Long id) { - this.id = id; - } - - /** - * @return the code - */ - @Basic - @Column(name = "code") - public String getCode() { - return code; - } - - /** - * @param code the code to set - */ - public void setCode(String code) { - this.code = code; - } - - /** - * The authentication in place when this token was created. - * @return the authentication - */ - @ManyToOne - @JoinColumn(name = "auth_holder_id") - public AuthenticationHolderEntity getAuthenticationHolder() { - return authenticationHolder; - } - - /** - * @param authentication the authentication to set - */ - public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { - this.authenticationHolder = authenticationHolder; - } - - @Basic - @Temporal(javax.persistence.TemporalType.TIMESTAMP) - @Column(name = "expiration") - public Date getExpiration() { - return expiration; - } - - public void setExpiration(Date expiration) { - this.expiration = expiration; - } + public static final String QUERY_EXPIRATION_BY_DATE = "AuthorizationCodeEntity.expirationByDate"; + public static final String QUERY_DELETE_EXPIRED = "AuthorizationCodeEntity.deleteExpired"; + + public static final String PARAM_DATE = "date"; + + private Long id; + + private String code; + + private AuthenticationHolderEntity authenticationHolder; + + private Date expiration; + + /** + * Default constructor. + */ + public AuthorizationCodeEntity() { + + } + + /** + * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder. + * + * @param code the authorization code + * @param authRequest the AuthoriztionRequestHolder associated with the original code request + */ + public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, + Date expiration) { + this.code = code; + this.authenticationHolder = authenticationHolder; + this.expiration = expiration; + } + + /** + * @return the id + */ + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + public Long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + + /** + * @return the code + */ + @Basic + @Column(name = "code") + public String getCode() { + return code; + } + + /** + * @param code the code to set + */ + public void setCode(String code) { + this.code = code; + } + + /** + * The authentication in place when this token was created. + * + * @return the authentication + */ + @ManyToOne + @JoinColumn(name = "auth_holder_id") + public AuthenticationHolderEntity getAuthenticationHolder() { + return authenticationHolder; + } + + /** + * @param authentication the authentication to set + */ + public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { + this.authenticationHolder = authenticationHolder; + } + + @Basic + @Temporal(javax.persistence.TemporalType.TIMESTAMP) + @Column(name = "expiration") + public Date getExpiration() { + return expiration; + } + + public void setExpiration(Date expiration) { + this.expiration = expiration; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java index 1b217de3e..eac4f0c38 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java @@ -23,15 +23,14 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity; public interface AuthenticationHolderRepository { - public List getAll(); - public AuthenticationHolderEntity getById(Long id); + public List getAll(); - public void remove(AuthenticationHolderEntity a); + public AuthenticationHolderEntity getById(Long id); - public AuthenticationHolderEntity save(AuthenticationHolderEntity a); + public void remove(AuthenticationHolderEntity a); - public List getOrphanedAuthenticationHolders(); + public AuthenticationHolderEntity save(AuthenticationHolderEntity a); - public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria); + public long clearOrphaned(PageCriteria pageCriteria); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java index 11375e7e6..37c61f9fd 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java @@ -64,4 +64,5 @@ public interface AuthorizationCodeRepository { */ public Collection getExpiredCodes(PageCriteria pageCriteria); + public long deleteExpiredCodes(PageCriteria pageCriteria); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java index a33ca0e0b..43ffaf972 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java @@ -1,19 +1,15 @@ package org.mitre.oauth2.service; -import java.util.List; - -import org.mitre.data.PageCriteria; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.springframework.security.oauth2.provider.OAuth2Authentication; +@SuppressWarnings("deprecation") public interface AuthenticationHolderEntityService { - + AuthenticationHolderEntity create(OAuth2Authentication authn); - + void remove(AuthenticationHolderEntity holder); - List getOrphanedAuthenticationHolders(); - - List getOrphanedAuthenticationHolders(PageCriteria page); - + long clearOrphaned(); + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java index 55ab15b71..b14d1cb40 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java @@ -1,8 +1,6 @@ package org.mitre.oauth2.service.impl; -import java.util.List; - -import org.mitre.data.PageCriteria; +import org.mitre.data.DefaultPageCriteria; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.service.AuthenticationHolderEntityService; @@ -11,6 +9,7 @@ import org.springframework.stereotype.Service; @Service("authenticationHolderEntityService") +@SuppressWarnings("deprecation") public class DefaultAuthenticationHolderEntityService implements AuthenticationHolderEntityService { private final AuthenticationHolderRepository repo; @@ -34,15 +33,8 @@ public void remove(AuthenticationHolderEntity holder) { } @Override - public List getOrphanedAuthenticationHolders() { - - return repo.getOrphanedAuthenticationHolders(); - } - - @Override - public List getOrphanedAuthenticationHolders( - PageCriteria pageCriteria) { - return repo.getOrphanedAuthenticationHolders(pageCriteria); + public long clearOrphaned() { + return repo.clearOrphaned(new DefaultPageCriteria(0, 100)); } } diff --git a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java index f15e4c371..b92094b60 100644 --- a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java +++ b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java @@ -25,44 +25,47 @@ import org.mitre.data.PageCriteria; /** - * @author mfranklin - * Date: 4/28/11 - * Time: 2:13 PM + * @author mfranklin Date: 4/28/11 Time: 2:13 PM */ public class JpaUtil { - public static T getSingleResult(List list) { - switch(list.size()) { - case 0: - return null; - case 1: - return list.get(0); - default: - throw new IllegalStateException("Expected single result, got " + list.size()); - } - } + public static T getSingleResult(List list) { + switch (list.size()) { + case 0: + return null; + case 1: + return list.get(0); + default: + throw new IllegalStateException("Expected single result, got " + list.size()); + } + } - /** - * Get a page of results from the specified TypedQuery - * by using the given PageCriteria to limit the query - * results. The PageCriteria will override any size or - * offset already specified on the query. - * - * @param the type parameter - * @param query the query - * @param pageCriteria the page criteria - * @return the list - */ - public static List getResultPage(TypedQuery query, PageCriteria pageCriteria){ - query.setMaxResults(pageCriteria.getPageSize()); - query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize()); + /** + * Get a page of results from the specified TypedQuery by using the given PageCriteria to limit + * the query results. The PageCriteria will override any size or offset already specified on the + * query. + * + * @param the type parameter + * @param query the query + * @param pageCriteria the page criteria + * @return the list + */ + public static List getResultPage(TypedQuery query, PageCriteria pageCriteria) { + query.setMaxResults(pageCriteria.getPageSize()); + query.setFirstResult(pageCriteria.getPageNumber() * pageCriteria.getPageSize()); - return query.getResultList(); - } + return query.getResultList(); + } - public static T saveOrUpdate(I id, EntityManager entityManager, T entity) { - T tmp = entityManager.merge(entity); - entityManager.flush(); - return tmp; - } + public static T saveOrUpdate(I id, EntityManager entityManager, T entity) { + T tmp = entityManager.merge(entity); + entityManager.flush(); + return tmp; + } + + public static long delete(TypedQuery query, PageCriteria pageCriteria) { + query.setMaxResults(pageCriteria.getPageSize()); + query.setFirstResult(pageCriteria.getPageNumber() * pageCriteria.getPageSize()); + return query.executeUpdate(); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java index 269db6217..b18a31f4f 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java @@ -23,7 +23,6 @@ import javax.persistence.PersistenceContext; import javax.persistence.TypedQuery; -import org.mitre.data.DefaultPageCriteria; import org.mitre.data.PageCriteria; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.repository.AuthenticationHolderRepository; @@ -32,54 +31,47 @@ import org.springframework.transaction.annotation.Transactional; @Repository -@Transactional(value="defaultTransactionManager") +@Transactional(value = "defaultTransactionManager") public class JpaAuthenticationHolderRepository implements AuthenticationHolderRepository { - private static final int MAXEXPIREDRESULTS = 1000; + @PersistenceContext(unitName = "defaultPersistenceUnit") + private EntityManager manager; - @PersistenceContext(unitName="defaultPersistenceUnit") - private EntityManager manager; + @Override + public List getAll() { + TypedQuery query = manager + .createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class); + return query.getResultList(); + } - @Override - public List getAll() { - TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class); - return query.getResultList(); - } + @Override + public AuthenticationHolderEntity getById(Long id) { + return manager.find(AuthenticationHolderEntity.class, id); + } - @Override - public AuthenticationHolderEntity getById(Long id) { - return manager.find(AuthenticationHolderEntity.class, id); - } + @Override + @Transactional(value = "defaultTransactionManager") + public void remove(AuthenticationHolderEntity a) { + AuthenticationHolderEntity found = getById(a.getId()); + if (found != null) { + manager.remove(found); + } else { + throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a); + } + } - @Override - @Transactional(value="defaultTransactionManager") - public void remove(AuthenticationHolderEntity a) { - AuthenticationHolderEntity found = getById(a.getId()); - if (found != null) { - manager.remove(found); - } else { - throw new IllegalArgumentException("AuthenticationHolderEntity not found: " + a); - } - } + @Override + @Transactional(value = "defaultTransactionManager") + public AuthenticationHolderEntity save(AuthenticationHolderEntity a) { + return JpaUtil.saveOrUpdate(a.getId(), manager, a); + } - @Override - @Transactional(value="defaultTransactionManager") - public AuthenticationHolderEntity save(AuthenticationHolderEntity a) { - return JpaUtil.saveOrUpdate(a.getId(), manager, a); - } + @Override + public long clearOrphaned(PageCriteria pageCriteria) { - @Override - @Transactional(value="defaultTransactionManager") - public List getOrphanedAuthenticationHolders() { - DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS); - return getOrphanedAuthenticationHolders(pageCriteria); - } - - @Override - @Transactional(value="defaultTransactionManager") - public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class); - return JpaUtil.getResultPage(query, pageCriteria); - } + TypedQuery query = manager.createNamedQuery( + AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class); + return JpaUtil.delete(query, pageCriteria); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java index ad7788b6c..9f873fc29 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java @@ -41,64 +41,87 @@ * */ @Repository -@Transactional(value="defaultTransactionManager") +@Transactional(value = "defaultTransactionManager") public class JpaAuthorizationCodeRepository implements AuthorizationCodeRepository { - @PersistenceContext(unitName="defaultPersistenceUnit") - EntityManager manager; - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.AuthorizationCodeEntity) - */ - @Override - @Transactional(value="defaultTransactionManager") - public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) { - - return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode); - - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String) - */ - @Override - @Transactional(value="defaultTransactionManager") - public AuthorizationCodeEntity getByCode(String code) { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class); - query.setParameter("code", code); - - AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList()); - return result; - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model.AuthorizationCodeEntity) - */ - @Override - public void remove(AuthorizationCodeEntity authorizationCodeEntity) { - AuthorizationCodeEntity found = manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId()); - if (found != null) { - manager.remove(found); - } - } - - /* (non-Javadoc) - * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes() - */ - @Override - public Collection getExpiredCodes() { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); - query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired - return query.getResultList(); - } - - - @Override - public Collection getExpiredCodes(PageCriteria pageCriteria) { - TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); - query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired - return JpaUtil.getResultPage(query, pageCriteria); - } + @PersistenceContext(unitName = "defaultPersistenceUnit") + EntityManager manager; + + /* + * (non-Javadoc) + * + * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model. + * AuthorizationCodeEntity) + */ + @Override + @Transactional(value = "defaultTransactionManager") + public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) { + + return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode); + + } + + /* + * (non-Javadoc) + * + * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getByCode(java.lang.String) + */ + @Override + @Transactional(value = "defaultTransactionManager") + public AuthorizationCodeEntity getByCode(String code) { + TypedQuery query = manager + .createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class); + query.setParameter("code", code); + + AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList()); + return result; + } + + /* + * (non-Javadoc) + * + * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#remove(org.mitre.oauth2.model. + * AuthorizationCodeEntity) + */ + @Override + public void remove(AuthorizationCodeEntity authorizationCodeEntity) { + AuthorizationCodeEntity found = + manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId()); + if (found != null) { + manager.remove(found); + } + } + + /* + * (non-Javadoc) + * + * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#getExpiredCodes() + */ + @Override + public Collection getExpiredCodes() { + TypedQuery query = manager.createNamedQuery( + AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); + query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); + return query.getResultList(); + } + + + @Override + public Collection getExpiredCodes(PageCriteria pageCriteria) { + TypedQuery query = manager.createNamedQuery( + AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class); + query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); + return JpaUtil.getResultPage(query, pageCriteria); + } + + @Override + public long deleteExpiredCodes(PageCriteria pageCriteria) { + + TypedQuery query = manager.createNamedQuery( + AuthorizationCodeEntity.QUERY_DELETE_EXPIRED, AuthorizationCodeEntity.class); + query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); + return JpaUtil.delete(query, pageCriteria); + } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index e3dc32d56..2f7e7b268 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -507,45 +507,7 @@ public List getRefreshTokensForClient(ClientDetailsEnt */ @Override public void clearExpiredTokens() { - logger.debug("Cleaning out all expired tokens"); - - new AbstractPageOperationTemplate("clearExpiredAccessTokens") { - @Override - public Collection fetchPage() { - return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria()); - } - - @Override - public void doOperation(OAuth2AccessTokenEntity item) { - revokeAccessToken(item); - } - }.execute(); - - new AbstractPageOperationTemplate("clearExpiredRefreshTokens") { - @Override - public Collection fetchPage() { - return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria()); - } - - @Override - public void doOperation(OAuth2RefreshTokenEntity item) { - revokeRefreshToken(item); - } - }.execute(); - - new AbstractPageOperationTemplate( - "clearExpiredAuthenticationHolders") { - @Override - public Collection fetchPage() { - return authenticationHolderRepository - .getOrphanedAuthenticationHolders(new DefaultPageCriteria()); - } - - @Override - public void doOperation(AuthenticationHolderEntity item) { - authenticationHolderRepository.remove(item); - } - }.execute(); + logger.debug("Cleaning out all expired tokens - Removed from MitreID"); } /* From 99db6e843f6a896f2646a973a0b9d14e6defbae0 Mon Sep 17 00:00:00 2001 From: Enrico Vianello Date: Wed, 17 Apr 2024 16:57:40 +0200 Subject: [PATCH 4/4] Version 20240417 and fix cascade on at permission join --- openid-connect-client/pom.xml | 2 +- openid-connect-common/pom.xml | 2 +- .../java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java | 2 +- openid-connect-server/pom.xml | 2 +- pom.xml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml index ad65387f3..b38c22a63 100644 --- a/openid-connect-client/pom.xml +++ b/openid-connect-client/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.7.cnaf.20240403 + 1.3.6.cnaf-20240417 .. openid-connect-client diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml index ee16e3017..d5f4f31a3 100644 --- a/openid-connect-common/pom.xml +++ b/openid-connect-common/pom.xml @@ -22,7 +22,7 @@ openid-connect-parent org.mitre - 1.3.7.cnaf.20240403 + 1.3.6.cnaf-20240417 .. openid-connect-common diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 2695c18a2..d327d909f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -310,7 +310,7 @@ public int getExpiresIn() { /** * @return the permissions */ - @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL) + @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, orphanRemoval = true) @JoinTable( name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"), diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml index 73aa992f7..1a8664ba3 100644 --- a/openid-connect-server/pom.xml +++ b/openid-connect-server/pom.xml @@ -23,7 +23,7 @@ org.mitre openid-connect-parent - 1.3.7.cnaf.20240403 + 1.3.6.cnaf-20240417 .. diff --git a/pom.xml b/pom.xml index 4e6ca3e58..d60414548 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ 4.0.0 org.mitre openid-connect-parent - 1.3.7.cnaf.20240403 + 1.3.6.cnaf-20240417 MITREid Connect pom @@ -303,7 +303,7 @@ dependencies dependency-convergence dependency-management help