You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/04/21 18:55:17 UTC
cxf-fediz git commit: Starting switching OIDC to a JPA provider
Repository: cxf-fediz
Updated Branches:
refs/heads/master e280eb1a5 -> 2f401b311
Starting switching OIDC to a JPA provider
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2f401b31
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2f401b31
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2f401b31
Branch: refs/heads/master
Commit: 2f401b311c579843ff567c56a9219504413e0afe
Parents: e280eb1
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Apr 21 17:54:59 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Apr 21 17:54:59 2016 +0100
----------------------------------------------------------------------
services/oidc/pom.xml | 16 ++++++-
.../fediz/service/oidc/OAuthDataManager.java | 28 -------------
.../oidc/clients/ClientRegistrationService.java | 7 ++--
.../handler/hrd/ClientIdHomeRealmDiscovery.java | 4 +-
.../src/main/resources/META-INF/persistence.xml | 30 +++++++++++++
.../src/main/resources/cxf-oauth2-ehcache.xml | 6 ---
.../oidc/src/main/webapp/META-INF/context.xml | 2 +-
.../src/main/webapp/WEB-INF/data-manager.xml | 6 ++-
.../src/main/webapp/WEB-INF/entity-manager.xml | 44 ++++++++++++++++++++
9 files changed, 100 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/services/oidc/pom.xml b/services/oidc/pom.xml
index 56d8975..5374499 100644
--- a/services/oidc/pom.xml
+++ b/services/oidc/pom.xml
@@ -63,6 +63,16 @@
<version>${spring.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jpa_2.0_spec</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-orm</artifactId>
+ <version>${spring.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
@@ -72,7 +82,11 @@
<artifactId>commons-validator</artifactId>
<version>${commons.validator.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>org.apache.openjpa</groupId>
+ <artifactId>openjpa</artifactId>
+ <version>${openjpa.version}</version>
+ </dependency>
</dependencies>
<build>
<plugins>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
deleted file mode 100644
index c822223..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
-
-public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
-
- public OAuthDataManager() {
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index 9fae783..d82a309 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -60,6 +60,7 @@ import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
@Path("/")
@@ -150,7 +151,7 @@ public class ClientRegistrationService {
protected ClientTokens doGetClientIssuedTokens(Client c) {
Comparator<ServerAccessToken> tokenComp = new TokenComparator();
- UserSubject subject = new UserSubject(getUserName());
+ UserSubject subject = new OidcUserSubject(getUserName());
List<ServerAccessToken> accessTokens =
new ArrayList<ServerAccessToken>(dataProvider.getAccessTokens(c, subject));
Collections.sort(accessTokens, tokenComp);
@@ -191,7 +192,7 @@ public class ClientRegistrationService {
public ClientCodeGrants getClientCodeGrants(@PathParam("id") String id) {
if (dataProvider instanceof AuthorizationCodeDataProvider) {
Client c = getRegisteredClient(id);
- UserSubject subject = new UserSubject(getUserName());
+ UserSubject subject = new OidcUserSubject(getUserName());
List<ServerAuthorizationCodeGrant> codeGrants = new ArrayList<ServerAuthorizationCodeGrant>(
((AuthorizationCodeDataProvider)dataProvider).getCodeGrants(c, subject));
Collections.sort(codeGrants, new CodeGrantComparator());
@@ -247,7 +248,7 @@ public class ClientRegistrationService {
// User who registered this client
String userName = sc.getUserPrincipal().getName();
- UserSubject userSubject = new UserSubject(userName);
+ UserSubject userSubject = new OidcUserSubject(userName);
newClient.setResourceOwnerSubject(userSubject);
// Client Registration Time
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
index 6ff1151..34753a5 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
@@ -27,8 +27,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
-import org.apache.cxf.fediz.service.oidc.OAuthDataManager;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
@@ -47,7 +47,7 @@ public class ClientIdHomeRealmDiscovery implements CallbackHandler {
if (clientId != null) {
ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
- OAuthDataManager dataManager = (OAuthDataManager)ctx.getBean("oauthProvider");
+ OAuthDataProvider dataManager = (OAuthDataProvider)ctx.getBean("oauthProvider");
Client client = dataManager.getClient(clientId);
callback.setHomeRealm(client.getHomeRealm());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/resources/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/META-INF/persistence.xml b/services/oidc/src/main/resources/META-INF/persistence.xml
new file mode 100644
index 0000000..e5a96c5
--- /dev/null
+++ b/services/oidc/src/main/resources/META-INF/persistence.xml
@@ -0,0 +1,30 @@
+<persistence xmlns="http://java.sun.com/xml/ns/persistence"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
+ version="2.0">
+ <persistence-unit name="testUnitOpenJPA" transaction-type="RESOURCE_LOCAL">
+ <provider>org.apache.openjpa.persistence.PersistenceProviderImpl</provider>
+ <class>org.apache.cxf.rs.security.oidc.idp.OidcUserSubject</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.Client</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.UserSubject</class>
+ <class>org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant</class>
+ <class>org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant</class>
+ <class>org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant_</class>
+ <class>org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.ServerAccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.AccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.Permission</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.OAuthPermission</class>
+ <class>org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken</class>
+ <exclude-unlisted-classes>true</exclude-unlisted-classes>
+ <properties>
+ <property name="openjpa.ConnectionURL" value="jdbc:hsqldb:target/db/oidc/myDB;shutdown=true"/>
+ <property name="openjpa.ConnectionDriverName" value="org.hsqldb.jdbcDriver"/>
+ <property name="openjpa.jdbc.DBDictionary" value="hsql" />
+ <property name="openjpa.ConnectionUserName" value="sa"/>
+ <property name="openjpa.ConnectionPassword" value=""/>
+ <property name="openjpa.jdbc.SynchronizeMappings" value="buildSchema"/>
+ <property name="openjpa.MetaDataRepository" value="Preload=true"/>
+ </properties>
+ </persistence-unit>
+</persistence>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/resources/cxf-oauth2-ehcache.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/cxf-oauth2-ehcache.xml b/services/oidc/src/main/resources/cxf-oauth2-ehcache.xml
deleted file mode 100644
index 730b9bd..0000000
--- a/services/oidc/src/main/resources/cxf-oauth2-ehcache.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect" dynamicConfig="true" name="fedizOidcSecurityCache">
- <diskStore path="java.io.tmpdir/oidc"/>
- <defaultCache maxEntriesLocalHeap="5000" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="3600" overflowToDisk="true" maxElementsOnDisk="10000000" diskPersistent="true" diskExpiryThreadIntervalSeconds="120" memoryStoreEvictionPolicy="LRU"/>
-
-</ehcache>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/webapp/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/META-INF/context.xml b/services/oidc/src/main/webapp/META-INF/context.xml
index a789b58..a136a5d 100644
--- a/services/oidc/src/main/webapp/META-INF/context.xml
+++ b/services/oidc/src/main/webapp/META-INF/context.xml
@@ -18,5 +18,5 @@
under the License.
-->
<Context>
- <Valve className="org.apache.cxf.fediz.tomcat7.FederationAuthenticator" configFile="conf/fediz_config.xml" />
+ <Valve className="org.apache.cxf.fediz.tomcat7.FederationAuthenticator" configFile="conf/fediz_config.xml" />
</Context>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 25c9741..6b43e7a 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -26,7 +26,7 @@
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
">
-
+ <import resource="entity-manager.xml" />
<bean id="applicationContextProvider" class="org.apache.cxf.fediz.service.oidc.handler.hrd.ApplicationContextProvider"/>
<util:map id="supportedScopes">
@@ -39,8 +39,10 @@
<util:list id="invisibleToClientScopes">
<value>refreshToken</value>
</util:list>
- <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"
+ <bean id="oauthProvider"
+ class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
init-method="init" destroy-method="close">
+ <property name="entityManager" ref="entityManager"/>
<property name="supportedScopes" ref="supportedScopes"/>
<property name="requiredScopes" ref="coreScopes"/>
<property name="defaultScopes" ref="coreScopes"/>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2f401b31/services/oidc/src/main/webapp/WEB-INF/entity-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/entity-manager.xml b/services/oidc/src/main/webapp/WEB-INF/entity-manager.xml
new file mode 100644
index 0000000..6b7cb99
--- /dev/null
+++ b/services/oidc/src/main/webapp/WEB-INF/entity-manager.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ ">
+ <bean id="openJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.OpenJpaVendorAdapter"/>
+ <bean id="dataSource"
+ class="org.springframework.jdbc.datasource.DriverManagerDataSource"
+ p:driverClassName="org.hsqldb.jdbcDriver"
+ p:url="jdbc:hsqldb:target/db/oidc/myDB;shutdown=true"
+ p:username="sa"
+ p:password=""/>
+ <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="dataSource" ref="dataSource" />
+ <property name="jpaVendorAdapter" ref="openJpaVendorAdapter" />
+ <property name="loadTimeWeaver">
+ <bean class="org.springframework.instrument.classloading.ReflectiveLoadTimeWeaver"/>
+ </property>
+ </bean>
+ <bean id="entityManager" factory-bean="entityManagerFactory" factory-method="createEntityManager"/>
+
+</beans>
+