You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/09/23 15:03:55 UTC
[3/3] cxf git commit: [CXF-7069] Major improvements to OAuth2 JPA2
provider and model code, patch from Adrian Gonzalez applied
[CXF-7069] Major improvements to OAuth2 JPA2 provider and model code, patch from Adrian Gonzalez applied
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/88cde365
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/88cde365
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/88cde365
Branch: refs/heads/3.1.x-fixes
Commit: 88cde36520fac1e90af9854d02a40577ba1266b7
Parents: c43c298
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Sep 23 16:03:15 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Sep 23 16:03:15 2016 +0100
----------------------------------------------------------------------
rt/rs/security/oauth-parent/oauth2/pom.xml | 499 +++++++++++--------
.../rs/security/oauth2/common/AccessToken.java | 3 +-
.../cxf/rs/security/oauth2/common/Client.java | 143 +++---
.../security/oauth2/common/OAuthPermission.java | 64 ++-
.../oauth2/common/ServerAccessToken.java | 128 ++---
.../rs/security/oauth2/common/UserSubject.java | 58 ++-
.../grants/code/JPACMTCodeDataProvider.java | 63 +++
.../oauth2/grants/code/JPACodeDataProvider.java | 153 ++++--
.../code/ServerAuthorizationCodeGrant.java | 67 +--
.../oauth2/provider/JPAOAuthDataProvider.java | 434 ++++++++++++----
.../oauth2/tokens/refresh/RefreshToken.java | 49 +-
.../rs/security/oauth2/utils/OAuthUtils.java | 3 +-
.../code/JPACMTCodeDataProviderOpenJPATest.java | 43 ++
.../grants/code/JPACMTCodeDataProviderTest.java | 65 +++
.../JPACMTOAuthDataProviderOpenJPATest.java | 44 ++
.../code/JPACMTOAuthDataProviderTest.java | 67 +++
.../code/JPACodeDataProviderOpenJPATest.java | 26 +
.../grants/code/JPACodeDataProviderTest.java | 55 +-
.../JPAOAuthDataProviderOpenJPATest.java | 26 +
.../provider/JPAOAuthDataProviderTest.java | 163 +++---
.../oauth2/src/test/resources/META-INF/orm.xml | 99 ----
.../src/test/resources/META-INF/persistence.xml | 103 ++--
.../grants/code/JPACMTCodeDataProvider.xml | 113 +++++
rt/rs/security/sso/oidc/pom.xml | 392 +++++++++------
.../rs/security/oidc/idp/OidcUserSubject.java | 26 +-
.../idp/JPAOidcUserSubjectCMTOpenJPATest.java | 55 ++
.../oidc/idp/JPAOidcUserSubjectCMTTest.java | 55 ++
.../oidc/idp/JPAOidcUserSubjectOpenJPATest.java | 27 +
.../oidc/idp/JPAOidcUserSubjectTest.java | 56 +--
.../src/test/resources/META-INF/persistence.xml | 97 ++--
.../oidc/idp/JPAOidcUserSubjectCMTTest.xml | 113 +++++
31 files changed, 2229 insertions(+), 1060 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/pom.xml b/rt/rs/security/oauth-parent/oauth2/pom.xml
index e07aa4c..4c90679 100644
--- a/rt/rs/security/oauth-parent/oauth2/pom.xml
+++ b/rt/rs/security/oauth-parent/oauth2/pom.xml
@@ -17,203 +17,302 @@
specific language governing permissions and limitations
under the License.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>cxf-rt-rs-security-oauth2</artifactId>
- <packaging>bundle</packaging>
- <name>Apache CXF Runtime OAuth 2.0</name>
- <description>Apache CXF Runtime OAuth 2.0</description>
- <url>http://cxf.apache.org</url>
- <parent>
- <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
- <groupId>org.apache.cxf</groupId>
- <version>3.1.8-SNAPSHOT</version>
- <relativePath>../pom.xml</relativePath>
- </parent>
- <properties>
- <cxf.osgi.import>
- net.sf.ehcache*;resolution:=optional;version="[2.5, 3.0.0)",
- javax.servlet*;version="${cxf.osgi.javax.servlet.version}"
- </cxf.osgi.import>
- <hibernate.em.version>4.1.0.Final</hibernate.em.version>
- <hsqldb.version>2.3.4</hsqldb.version>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-client</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>${cxf.servlet-api.group}</groupId>
- <artifactId>${cxf.servlet-api.artifact}</artifactId>
- <scope>provided</scope>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>${cxf.ehcache.version}</version>
- <scope>provided</scope>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>javax.cache</groupId>
- <artifactId>cache-api</artifactId>
- <version>${cxf.jcache.version}</version>
- <scope>provided</scope>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-jpa_2.0_spec</artifactId>
- <version>${cxf.geronimo.jpa.version}</version>
- <scope>provided</scope>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.codehaus.jettison</groupId>
- <artifactId>jettison</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-extension-providers</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.easymock</groupId>
- <artifactId>easymock</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>${hsqldb.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>${cxf.ehcache3.version}</version>
- <scope>test</scope>
- </dependency>
- <!--
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa</artifactId>
- <version>${cxf.openjpa.version}</version>
- <scope>provided</scope>
- </dependency>
- -->
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-entitymanager</artifactId>
- <version>${hibernate.em.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-nop</artifactId>
- <version>${cxf.slf4j.version}</version>
- <scope>test</scope>
- </dependency>
-
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.bsc.maven</groupId>
- <artifactId>maven-processor-plugin</artifactId>
- <version>3.1.0</version>
- <executions>
- <execution>
- <id>process</id>
- <goals>
- <goal>process</goal>
- </goals>
- <phase>generate-sources</phase>
- <configuration>
- <compilerArguments>-Aopenjpa.source=7 -Aopenjpa.metamodel=true</compilerArguments>
- <processors>
- <processor>org.apache.openjpa.persistence.meta.AnnotationProcessor6</processor>
- </processors>
- <outputDirectory>target/generated-sources/metamodel</outputDirectory>
- </configuration>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa</artifactId>
- <version>${cxf.openjpa.version}</version>
- </dependency>
- </dependencies>
- </plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>build-helper-maven-plugin</artifactId>
- <version>1.10</version>
- <executions>
- <execution>
- <id>add-source</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>add-source</goal>
- </goals>
- <configuration>
- <sources>
- <source>target/generated-sources/metamodel</source>
- </sources>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <!--
- <plugin>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-maven-plugin</artifactId>
- <version>${cxf.openjpa.version}</version>
- <configuration>
- <includes>
- org/apache/cxf/rs/security/oauth2/common/Client.class,
- org/apache/cxf/rs/security/oauth2/common/UserSubject.class,
- org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant,
- org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.class,
- org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.class,
- org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.class,
- org/apache/cxf/rs/security/oauth2/common/AccessToken.class,
- org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.class,
- org/apache/cxf/rs/security/oauth2/common/OAuthPermission.class
- </includes>
- </configuration>
- <executions>
- <execution>
- <id>enhancer</id>
- <phase>process-test-classes</phase>
- <goals>
- <goal>test-enhance</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- -->
- </plugins>
- </build>
- </project>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>cxf-rt-rs-security-oauth2</artifactId>
+ <packaging>bundle</packaging>
+ <name>Apache CXF Runtime OAuth 2.0</name>
+ <description>Apache CXF Runtime OAuth 2.0</description>
+ <url>http://cxf.apache.org</url>
+ <parent>
+ <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
+ <groupId>org.apache.cxf</groupId>
+ <version>3.1.8-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <properties>
+ <cxf.osgi.import>
+ net.sf.ehcache*;resolution:=optional;version="[2.5, 3.0.0)",
+ javax.servlet*;version="${cxf.osgi.javax.servlet.version}"
+ </cxf.osgi.import>
+ <hibernate.em.version>4.1.0.Final</hibernate.em.version>
+ <hsqldb.version>2.3.4</hsqldb.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${cxf.servlet-api.group}</groupId>
+ <artifactId>${cxf.servlet-api.artifact}</artifactId>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>net.sf.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${cxf.ehcache.version}</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>javax.cache</groupId>
+ <artifactId>cache-api</artifactId>
+ <version>${cxf.jcache.version}</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jpa_2.0_spec</artifactId>
+ <version>${cxf.geronimo.jpa.version}</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jettison</groupId>
+ <artifactId>jettison</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-extension-providers</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldb.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${cxf.ehcache3.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.openjpa</groupId>
+ <artifactId>openjpa</artifactId>
+ <version>${cxf.openjpa.version}</version>
+ <scope>compile</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>${hibernate.em.version}</version>
+ <scope>compile</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-ehcache</artifactId>
+ <version>${hibernate.em.version}</version>
+ <scope>compile</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-nop</artifactId>
+ <version>${cxf.slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-aop</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-orm</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <version>${cxf.slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.aspectj</groupId>
+ <artifactId>aspectjweaver</artifactId>
+ <version>1.8.7</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.bsc.maven</groupId>
+ <artifactId>maven-processor-plugin</artifactId>
+ <version>3.1.0</version>
+ <executions>
+ <execution>
+ <id>process</id>
+ <goals>
+ <goal>process</goal>
+ </goals>
+ <phase>generate-sources</phase>
+ <configuration>
+ <compilerArguments>-Aopenjpa.source=7 -Aopenjpa.metamodel=true</compilerArguments>
+ <processors>
+ <processor>org.apache.openjpa.persistence.meta.AnnotationProcessor6</processor>
+ </processors>
+ <outputDirectory>target/generated-sources/metamodel</outputDirectory>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.openjpa</groupId>
+ <artifactId>openjpa</artifactId>
+ <version>${cxf.openjpa.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <version>1.10</version>
+ <executions>
+ <execution>
+ <id>add-source</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>add-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>target/generated-sources/metamodel</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <!--
+ <plugin>
+ <groupId>org.apache.openjpa</groupId>
+ <artifactId>openjpa-maven-plugin</artifactId>
+ <version>${cxf.openjpa.version}</version>
+ <configuration>
+ <includes>
+ org/apache/cxf/rs/security/oauth2/common/Client.class,
+ org/apache/cxf/rs/security/oauth2/common/UserSubject.class,
+ org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant,
+ org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.class,
+ org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.class,
+ org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.class,
+ org/apache/cxf/rs/security/oauth2/common/AccessToken.class,
+ org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.class,
+ org/apache/cxf/rs/security/oauth2/common/OAuthPermission.class
+ </includes>
+ </configuration>
+ <executions>
+ <execution>
+ <id>enhancer</id>
+ <phase>process-test-classes</phase>
+ <goals>
+ <goal>test-enhance</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>3.0.1</version>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <!-- this configures the surefire plugin to run your tests with the javaagent enabled -->
+ <!-- (openJPA loadtime weaving) -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>-javaagent:${project.basedir}/target/openjpa-${cxf.openjpa.version}.jar</argLine>
+ <workingDirectory>${project.basedir}/target</workingDirectory>
+ </configuration>
+ </plugin>
+ <!-- this tells maven to copy the openjpa agent jar into your target/ directory -->
+ <!-- where surefire can see it -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.openjpa</groupId>
+ <artifactId>openjpa</artifactId>
+ <version>${cxf.openjpa.version}</version>
+ <outputDirectory>${project.build.directory}</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
index ade93b4..39699d4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
@@ -23,6 +23,7 @@ import java.util.LinkedHashMap;
import java.util.Map;
import javax.persistence.ElementCollection;
+import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.MapKeyColumn;
import javax.persistence.MappedSuperclass;
@@ -117,7 +118,7 @@ public abstract class AccessToken implements Serializable {
* Gets token parameters
* @return
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
@MapKeyColumn(name = "propName")
public Map<String, String> getParameters() {
return parameters;
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
index c465d40..5988fcd 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
@@ -26,10 +26,12 @@ import java.util.Map;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn;
import javax.persistence.OneToOne;
+import javax.persistence.OrderColumn;
/**
@@ -37,59 +39,59 @@ import javax.persistence.OneToOne;
*/
@Entity
public class Client implements Serializable {
-
+
private static final long serialVersionUID = -5550840247125850922L;
-
+
private String clientId;
private String clientSecret;
private String clientIpAddress;
-
+
private String applicationName;
private String applicationDescription;
private String applicationWebUri;
private String applicationLogoUri;
private List<String> applicationCertificates = new LinkedList<String>();
private List<String> redirectUris = new LinkedList<String>();
-
+
private boolean isConfidential;
private List<String> allowedGrantTypes = new LinkedList<String>();
private List<String> registeredScopes = new LinkedList<String>();
private List<String> registeredAudiences = new LinkedList<String>();
-
+
private Map<String, String> properties = new HashMap<String, String>();
private UserSubject subject;
private UserSubject resourceOwnerSubject;
- private long registeredAt;
+ private long registeredAt;
private String homeRealm;
-
+
public Client() {
-
+
}
-
+
public Client(String clientId, String clientSecret, boolean isConfidential) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.isConfidential = isConfidential;
}
- public Client(String clientId,
+ public Client(String clientId,
String clientSecret,
boolean isConfidential,
String applicationName) {
this(clientId, clientSecret, isConfidential);
this.applicationName = applicationName;
}
-
- public Client(String clientId,
+
+ public Client(String clientId,
String clientSecret,
boolean isConfidential,
String applicationName,
String applicationWebUri) {
this(clientId, clientSecret, isConfidential, applicationName);
this.applicationWebUri = applicationWebUri;
-
+
}
-
+
/**
* Get the client registration id
* @return the consumer key
@@ -102,7 +104,7 @@ public class Client implements Serializable {
public void setClientId(String id) {
clientId = id;
}
-
+
/**
* Get the client secret
* @return the consumer key
@@ -114,7 +116,7 @@ public class Client implements Serializable {
public void setClientSecret(String id) {
clientSecret = id;
}
-
+
/**
* Get the name of the third-party application
* this client represents
@@ -150,6 +152,14 @@ public class Client implements Serializable {
}
/**
+ * Get the description of the third-party application.
+ * @return the application description
+ */
+ public String getApplicationDescription() {
+ return applicationDescription;
+ }
+
+ /**
* Set the description of the third-party application.
* @param applicationDescription the description
*/
@@ -158,13 +168,13 @@ public class Client implements Serializable {
}
/**
- * Get the description of the third-party application.
- * @return the application description
+ * Get the URI pointing to a logo image of the client application
+ * @return the logo URI
*/
- public String getApplicationDescription() {
- return applicationDescription;
+ public String getApplicationLogoUri() {
+ return applicationLogoUri;
}
-
+
/**
* Set the URI pointing to a logo image of the client application
* @param logoPath the logo URI
@@ -174,18 +184,18 @@ public class Client implements Serializable {
}
/**
- * Get the URI pointing to a logo image of the client application
- * @return the logo URI
+ * Get the confidentiality status of this client application.
+ * @return the confidentiality status
*/
- public String getApplicationLogoUri() {
- return applicationLogoUri;
+ public boolean isConfidential() {
+ return isConfidential;
}
/**
* Set the confidentiality status of this client application.
* This can be used to restrict which OAuth2 flows this client
* can participate in.
- *
+ *
* @param isConf true if the client is confidential
*/
public void setConfidential(boolean isConf) {
@@ -193,11 +203,14 @@ public class Client implements Serializable {
}
/**
- * Get the confidentiality status of this client application.
- * @return the confidentiality status
+ * Get a list of URIs the AuthorizationService
+ * may return the authorization code to
+ * @return the redirect uris
*/
- public boolean isConfidential() {
- return isConfidential;
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
+ public List<String> getRedirectUris() {
+ return redirectUris;
}
/**
@@ -210,13 +223,14 @@ public class Client implements Serializable {
}
/**
- * Get a list of URIs the AuthorizationService
- * may return the authorization code to
- * @return the redirect uris
+ * Get the list of access token grant types this client
+ * can use to obtain the access tokens.
+ * @return the list of grant types
*/
- @ElementCollection
- public List<String> getRedirectUris() {
- return redirectUris;
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
+ public List<String> getAllowedGrantTypes() {
+ return allowedGrantTypes;
}
/**
@@ -229,21 +243,21 @@ public class Client implements Serializable {
}
/**
- * Get the list of access token grant types this client
- * can use to obtain the access tokens.
- * @return the list of grant types
+ * Get the {@link UserSubject} representing this Client
+ * authentication
+ * @return the user subject
*/
- @ElementCollection
- public List<String> getAllowedGrantTypes() {
- return allowedGrantTypes;
+ @OneToOne
+ public UserSubject getSubject() {
+ return subject;
}
/**
- * Set the {@link UserSubject} representing this Client
+ * Set the {@link UserSubject} representing this Client
* authentication. This property may be set during the registration
* in cases where a 3rd party client needs to authenticate first before
* registering as OAuth2 client. This property may also wrap a clientId
- * in cases where a client credentials flow is used
+ * in cases where a client credentials flow is used
*
* @param subject the user subject
*/
@@ -252,43 +266,31 @@ public class Client implements Serializable {
}
/**
- * Get the {@link UserSubject} representing this Client
- * authentication
- * @return the user subject
+ * Get the {@link UserSubject} representing the resource owner
+ * who has registered this client
+ * @return the resource owner user subject
*/
- @OneToOne
- public UserSubject getSubject() {
- return subject;
+ @ManyToOne
+ public UserSubject getResourceOwnerSubject() {
+ return resourceOwnerSubject;
}
/**
- * Set the {@link UserSubject} representing the resource owner
+ * Set the {@link UserSubject} representing the resource owner
* who has registered this client. This property may be set in cases where
* each account (resource) owner registers account specific Clients
*
- * @param subject the resource owner user subject
+ * @param resourceOwnerSubject the resource owner user subject
*/
-
public void setResourceOwnerSubject(UserSubject resourceOwnerSubject) {
this.resourceOwnerSubject = resourceOwnerSubject;
}
-
- /**
- * Get the {@link UserSubject} representing the resource owner
- * who has registered this client
- * @return the resource owner user subject
- */
- @ManyToOne
- public UserSubject getResourceOwnerSubject() {
- return resourceOwnerSubject;
- }
-
/**
* Get the list of additional client properties
* @return the list of properties
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
@MapKeyColumn(name = "name")
public Map<String, String> getProperties() {
return properties;
@@ -306,7 +308,8 @@ public class Client implements Serializable {
* Get the list of registered scopes
* @return scopes
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getRegisteredScopes() {
return registeredScopes;
}
@@ -316,7 +319,7 @@ public class Client implements Serializable {
* Registering the scopes will allow the clients not to include the scopes
* and delegate to the runtime to enforce that the current request scopes are
* a subset of the pre-registered scopes.
- *
+ *
* Client Registration service is expected to reject unknown scopes.
* @param registeredScopes the scopes
*/
@@ -324,7 +327,8 @@ public class Client implements Serializable {
this.registeredScopes = registeredScopes;
}
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getRegisteredAudiences() {
return registeredAudiences;
}
@@ -337,7 +341,8 @@ public class Client implements Serializable {
this.registeredAudiences = registeredAudiences;
}
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getApplicationCertificates() {
return applicationCertificates;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
index 1026915..e57a793 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
@@ -20,11 +20,17 @@ package org.apache.cxf.rs.security.oauth2.common;
import java.util.LinkedList;
import java.util.List;
-
+import javax.persistence.Cacheable;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.OrderColumn;
import javax.xml.bind.annotation.XmlRootElement;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+import org.hibernate.annotations.FetchMode;
+
/**
* Provides the complete information about a given opaque permission.
* For example, a scope parameter such as "read_calendar" will be
@@ -34,23 +40,36 @@ import javax.xml.bind.annotation.XmlRootElement;
*/
@XmlRootElement
@Entity
+@Cacheable
public class OAuthPermission extends Permission {
private static final long serialVersionUID = -6486616235830491290L;
private List<String> httpVerbs = new LinkedList<String>();
private List<String> uris = new LinkedList<String>();
-
+
public OAuthPermission() {
-
+
}
-
+
public OAuthPermission(String permission) {
this(permission, null);
}
-
+
public OAuthPermission(String permission, String description) {
super(permission, description);
}
-
+
+ /**
+ * Gets the optional list of HTTP verbs
+ * @return the list of HTTP verbs
+ */
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
+ @org.hibernate.annotations.Fetch(FetchMode.SUBSELECT)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
+ public List<String> getHttpVerbs() {
+ return httpVerbs;
+ }
+
/**
* Sets the optional list of HTTP verbs, example,
* "GET" and "POST", etc
@@ -61,12 +80,15 @@ public class OAuthPermission extends Permission {
}
/**
- * Gets the optional list of HTTP verbs
- * @return the list of HTTP verbs
+ * Gets the optional list of relative request URIs
+ * @return the list of URIs
*/
- @ElementCollection
- public List<String> getHttpVerbs() {
- return httpVerbs;
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
+ @org.hibernate.annotations.Fetch(FetchMode.SUBSELECT)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
+ public List<String> getUris() {
+ return uris;
}
/**
@@ -77,33 +99,25 @@ public class OAuthPermission extends Permission {
this.uris = uri;
}
- /**
- * Gets the optional list of relative request URIs
- * @return the list of URIs
- */
- @ElementCollection
- public List<String> getUris() {
- return uris;
- }
-
@Override
public boolean equals(Object object) {
if (!(object instanceof OAuthPermission) || !super.equals(object)) {
return false;
}
- OAuthPermission that = (OAuthPermission)object;
+ OAuthPermission that = (OAuthPermission) object;
if (getHttpVerbs() != null && that.getHttpVerbs() == null
- || getHttpVerbs() == null && that.getHttpVerbs() != null
- || getHttpVerbs() != null && !getHttpVerbs().equals(that.getHttpVerbs())) {
+ || getHttpVerbs() == null && that.getHttpVerbs() != null
+ || getHttpVerbs() != null && !getHttpVerbs().equals(that.getHttpVerbs())) {
return false;
}
if (getUris() != null && that.getUris() == null // NOPMD
- || getUris() == null && that.getUris() != null // NOPMD
- || getUris() != null && !getUris().equals(that.getUris())) { // NOPMD
+ || getUris() == null && that.getUris() != null // NOPMD
+ || getUris() != null && !getUris().equals(that.getUris())) { // NOPMD
return false;
}
return true;
}
+
@Override
public int hashCode() {
int hashCode = super.hashCode();
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
index e3b8b05..72c2311 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
@@ -24,14 +24,20 @@ import java.util.List;
import java.util.Map;
import javax.persistence.ElementCollection;
+import javax.persistence.FetchType;
import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn;
import javax.persistence.MappedSuperclass;
+import javax.persistence.OrderColumn;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+import org.hibernate.annotations.Fetch;
+import org.hibernate.annotations.FetchMode;
/**
@@ -40,7 +46,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@MappedSuperclass
public abstract class ServerAccessToken extends AccessToken {
private static final long serialVersionUID = 638776204861456064L;
-
+
private String grantType;
private Client client;
private List<OAuthPermission> scopes = new LinkedList<OAuthPermission>();
@@ -51,34 +57,34 @@ public abstract class ServerAccessToken extends AccessToken {
private String responseType;
private String grantCode;
private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
-
+
protected ServerAccessToken() {
-
+
}
-
- protected ServerAccessToken(Client client,
- String tokenType,
- String tokenKey,
- long expiresIn) {
+
+ protected ServerAccessToken(Client client,
+ String tokenType,
+ String tokenKey,
+ long expiresIn) {
this(client, tokenType, tokenKey, expiresIn, OAuthUtils.getIssuedAt());
}
-
- protected ServerAccessToken(Client client,
+
+ protected ServerAccessToken(Client client,
String tokenType,
String tokenKey,
- long expiresIn,
+ long expiresIn,
long issuedAt) {
super(tokenType, tokenKey, expiresIn, issuedAt);
this.client = client;
}
-
- protected ServerAccessToken(ServerAccessToken token, String key) {
- super(token.getTokenType(),
- key,
- token.getExpiresIn(),
- token.getIssuedAt(),
- token.getRefreshToken(),
- token.getParameters());
+
+ protected ServerAccessToken(ServerAccessToken token, String key) {
+ super(token.getTokenType(),
+ key,
+ token.getExpiresIn(),
+ token.getIssuedAt(),
+ token.getRefreshToken(),
+ token.getParameters());
this.client = token.getClient();
this.grantType = token.getGrantType();
this.scopes = token.getScopes();
@@ -90,6 +96,13 @@ public abstract class ServerAccessToken extends AccessToken {
this.grantCode = token.getGrantCode();
}
+ protected static ServerAccessToken validateTokenType(ServerAccessToken token, String expectedType) {
+ if (!token.getTokenType().equals(expectedType)) {
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
+ }
+ return token;
+ }
+
/**
* Returns the Client associated with this token
* @return the client
@@ -102,12 +115,14 @@ public abstract class ServerAccessToken extends AccessToken {
public void setClient(Client c) {
this.client = c;
}
-
+
/**
* Returns a list of opaque permissions/scopes
* @return the scopes
*/
- @ManyToMany
+ @ManyToMany(fetch = FetchType.EAGER)
+ @Fetch(FetchMode.SUBSELECT)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public List<OAuthPermission> getScopes() {
return scopes;
}
@@ -119,16 +134,6 @@ public abstract class ServerAccessToken extends AccessToken {
public void setScopes(List<OAuthPermission> scopes) {
this.scopes = scopes;
}
-
- /**
- * Sets a subject capturing the login name
- * the end user used to login to the resource server
- * when authorizing a given client request
- * @param subject
- */
- public void setSubject(UserSubject subject) {
- this.subject = subject;
- }
/**
* Returns a subject capturing the login name
@@ -142,11 +147,13 @@ public abstract class ServerAccessToken extends AccessToken {
}
/**
- * Sets the grant type which was used to obtain the access token
- * @param grantType the grant type
+ * Sets a subject capturing the login name
+ * the end user used to login to the resource server
+ * when authorizing a given client request
+ * @param subject
*/
- public void setGrantType(String grantType) {
- this.grantType = grantType;
+ public void setSubject(UserSubject subject) {
+ this.subject = subject;
}
/**
@@ -156,13 +163,13 @@ public abstract class ServerAccessToken extends AccessToken {
public String getGrantType() {
return grantType;
}
-
+
/**
- * Set the response type
- * @param responseType the response type
+ * Sets the grant type which was used to obtain the access token
+ * @param grantType the grant type
*/
- public void setResponseType(String responseType) {
- this.responseType = responseType;
+ public void setGrantType(String grantType) {
+ this.grantType = grantType;
}
/**
@@ -172,8 +179,18 @@ public abstract class ServerAccessToken extends AccessToken {
public String getResponseType() {
return responseType;
}
-
- @ElementCollection
+
+ /**
+ * Set the response type
+ * @param responseType the response type
+ */
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public List<String> getAudiences() {
return audiences;
}
@@ -181,14 +198,7 @@ public abstract class ServerAccessToken extends AccessToken {
public void setAudiences(List<String> audiences) {
this.audiences = audiences;
}
-
- protected static ServerAccessToken validateTokenType(ServerAccessToken token, String expectedType) {
- if (!token.getTokenType().equals(expectedType)) {
- throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
- }
- return token;
- }
-
+
public String getClientCodeVerifier() {
return clientCodeVerifier;
}
@@ -205,8 +215,9 @@ public abstract class ServerAccessToken extends AccessToken {
this.nonce = nonce;
}
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
@MapKeyColumn(name = "extraPropName")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public Map<String, String> getExtraProperties() {
return extraProperties;
}
@@ -214,13 +225,6 @@ public abstract class ServerAccessToken extends AccessToken {
public void setExtraProperties(Map<String, String> extraProperties) {
this.extraProperties = extraProperties;
}
- /**
- * Set the grant code which was used to request the token
- * @param grantCode the grant code
- */
- public void setGrantCode(String grantCode) {
- this.grantCode = grantCode;
- }
/**
* Get the grant code
@@ -229,4 +233,12 @@ public abstract class ServerAccessToken extends AccessToken {
public String getGrantCode() {
return grantCode;
}
+
+ /**
+ * Set the grant code which was used to request the token
+ * @param grantCode the grant code
+ */
+ public void setGrantCode(String grantCode) {
+ this.grantCode = grantCode;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
index 8bd9571..8d27148 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
@@ -26,8 +26,10 @@ import java.util.Map;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.MapKeyColumn;
+import javax.persistence.OrderColumn;
import javax.xml.bind.annotation.XmlRootElement;
/**
@@ -37,56 +39,59 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement
@Entity
public class UserSubject implements Serializable {
-
+
private static final long serialVersionUID = -1469694589163385689L;
-
+
private String login;
private String id;
private List<String> roles = new LinkedList<String>();
private Map<String, String> properties = new HashMap<String, String>();
private AuthenticationMethod am;
+
public UserSubject() {
-
+
}
-
+
public UserSubject(String login) {
this.login = login;
}
-
+
public UserSubject(String login, List<String> roles) {
this.login = login;
this.roles = roles;
}
-
- public UserSubject(String login, String id) {
+
+ public UserSubject(String login, String id) {
this.login = login;
this.id = id;
}
-
+
public UserSubject(String login, String id, List<String> roles) {
this.login = login;
this.id = id;
this.roles = roles;
}
-
+
public UserSubject(UserSubject sub) {
this(sub.getLogin(), sub.getId(), sub.getRoles());
this.properties = sub.getProperties();
this.am = sub.getAuthenticationMethod();
-
+
}
-
+
/**
* Return the user login name
+ *
* @return the login name
*/
@Id
public String getLogin() {
return login;
}
-
+
/**
* Set the user login name
+ *
* @param login the login name
*/
public void setLogin(String login) {
@@ -94,18 +99,21 @@ public class UserSubject implements Serializable {
}
/**
- * Return the optional list of user roles which may have
- * been captured during the authentication process
+ * Return the optional list of user roles which may have
+ * been captured during the authentication process
+ *
* @return the list of roles
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getRoles() {
return roles;
}
-
+
/**
- * Set the optional list of user roles which may have
- * been captured during the authentication process
+ * Set the optional list of user roles which may have
+ * been captured during the authentication process
+ *
* @param roles the list of roles
*/
public void setRoles(List<String> roles) {
@@ -114,9 +122,10 @@ public class UserSubject implements Serializable {
/**
* Get the list of additional user subject properties
+ *
* @return the list of properties
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
@MapKeyColumn(name = "name")
public Map<String, String> getProperties() {
return properties;
@@ -124,22 +133,25 @@ public class UserSubject implements Serializable {
/**
* Set the list of additional user subject properties
+ *
* @param properties the properties
*/
public void setProperties(Map<String, String> properties) {
this.properties = properties;
}
-
+
/**
* Get the user's unique id
+ *
* @return the user's id
- */
+ */
public String getId() {
return this.id;
}
-
+
/**
* Set the users unique id
+ *
* @param id the user's id
*/
public void setId(String id) {
@@ -153,5 +165,5 @@ public class UserSubject implements Serializable {
public void setAuthenticationMethod(AuthenticationMethod method) {
this.am = method;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
new file mode 100644
index 0000000..5eaa39a
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityTransaction;
+import javax.persistence.PersistenceContext;
+
+public class JPACMTCodeDataProvider extends JPACodeDataProvider {
+
+ @PersistenceContext
+ private EntityManager entityManager;
+
+ /**
+ * Returns the entityManaged used for the current operation.
+ */
+ @Override
+ protected EntityManager getEntityManager() {
+ return this.entityManager;
+ }
+
+ public void setEntityManager(EntityManager entityManager) {
+ this.entityManager = entityManager;
+ }
+
+ /**
+ * Doesn't do anything, beginning tx is handled by container.
+ */
+ @Override
+ protected EntityTransaction beginIfNeeded(EntityManager em) {
+ return null;
+ }
+
+ /**
+ * Doesn't do anything, commit is handled by container.
+ */
+ @Override
+ protected void commitIfNeeded(EntityManager em) {
+ }
+
+ /**
+ * Doesn't do anything, em lifecycle is handled by container.
+ */
+ @Override
+ protected void closeIfNeeded(EntityManager em) {
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
index 9893b2e..84bfb8e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
@@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.EntityNotFoundException;
import javax.persistence.TypedQuery;
import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -28,83 +30,140 @@ import org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
public class JPACodeDataProvider extends JPAOAuthDataProvider implements AuthorizationCodeDataProvider {
- private static final String CODE_TABLE_NAME = ServerAuthorizationCodeGrant.class.getSimpleName();
private long codeLifetime = 10 * 60;
+
@Override
public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
- throws OAuthServiceException {
+ throws OAuthServiceException {
ServerAuthorizationCodeGrant grant = doCreateCodeGrant(reg);
saveCodeGrant(grant);
return grant;
}
-
+
protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration reg)
- throws OAuthServiceException {
+ throws OAuthServiceException {
return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
}
- protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) {
- getEntityManager().getTransaction().begin();
- if (grant.getSubject() != null) {
- UserSubject sub = getEntityManager().find(UserSubject.class, grant.getSubject().getLogin());
- if (sub == null) {
- getEntityManager().persist(grant.getSubject());
- } else {
- sub = getEntityManager().merge(grant.getSubject());
- grant.setSubject(sub);
+ protected void saveCodeGrant(final ServerAuthorizationCodeGrant grant) {
+ executeInTransaction(new EntityManagerOperation<Void>() {
+ @Override
+ public Void execute(EntityManager em) {
+ if (grant.getSubject() != null) {
+ UserSubject sub = em.find(UserSubject.class, grant.getSubject().getLogin());
+ if (sub == null) {
+ em.persist(grant.getSubject());
+ } else {
+ sub = em.merge(grant.getSubject());
+ grant.setSubject(sub);
+ }
+ }
+ // ensure we have a managed association
+ // (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)
+ if (grant.getClient() != null) {
+ grant.setClient(em.find(Client.class, grant.getClient().getClientId()));
+ }
+ em.persist(grant);
+ return null;
}
- }
- getEntityManager().persist(grant);
- getEntityManager().getTransaction().commit();
+ });
}
-
+
@Override
- protected void doRemoveClient(Client c) {
- removeClientCodeGrants(c);
- super.doRemoveClient(c);
+ protected void doRemoveClient(final Client c) {
+ executeInTransaction(new EntityManagerOperation<Void>() {
+ @Override
+ public Void execute(EntityManager em) {
+ removeClientCodeGrants(c, em);
+ Client clientToRemove = em.getReference(Client.class, c.getClientId());
+ em.remove(clientToRemove);
+ return null;
+ }
+ });
}
-
- protected void removeClientCodeGrants(Client c) {
- for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
- removeCodeGrant(grant.getCode());
+
+ protected void removeClientCodeGrants(final Client c) {
+ executeInTransaction(new EntityManagerOperation<Void>() {
+ @Override
+ public Void execute(EntityManager em) {
+ removeClientCodeGrants(c, em);
+ return null;
+ }
+ });
+ }
+
+ protected void removeClientCodeGrants(final Client c, EntityManager em) {
+ for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null, em)) {
+ removeCodeGrant(grant.getCode(), em);
}
}
-
+
@Override
- public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException {
- ServerAuthorizationCodeGrant grant = getEntityManager().find(ServerAuthorizationCodeGrant.class, code);
- if (grant != null) {
- removeEntity(grant);
- }
+ public ServerAuthorizationCodeGrant removeCodeGrant(final String code) throws OAuthServiceException {
+ return executeInTransaction(new EntityManagerOperation<ServerAuthorizationCodeGrant>() {
+ @Override
+ public ServerAuthorizationCodeGrant execute(EntityManager em) {
+ return removeCodeGrant(code, em);
+ }
+ });
+ }
+
+ private ServerAuthorizationCodeGrant removeCodeGrant(String code, EntityManager em) throws OAuthServiceException {
+ ServerAuthorizationCodeGrant grant = em.getReference(ServerAuthorizationCodeGrant.class, code);
+ try {
+ em.remove(grant);
+ } catch (EntityNotFoundException e) {
+ }
return grant;
}
@Override
- public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject subject)
- throws OAuthServiceException {
- return getCodesQuery(c, subject).getResultList();
+ public List<ServerAuthorizationCodeGrant> getCodeGrants(final Client c, final UserSubject subject)
+ throws OAuthServiceException {
+ return execute(new EntityManagerOperation<List<ServerAuthorizationCodeGrant>>() {
+ @Override
+ public List<ServerAuthorizationCodeGrant> execute(EntityManager em) {
+ return getCodeGrants(c, subject, em);
+ }
+ });
}
+
+ private List<ServerAuthorizationCodeGrant> getCodeGrants(final Client c, final UserSubject subject,
+ EntityManager em)
+ throws OAuthServiceException {
+ return getCodesQuery(c, subject, em).getResultList();
+ }
+
public void setCodeLifetime(long codeLifetime) {
this.codeLifetime = codeLifetime;
}
- protected TypedQuery<ServerAuthorizationCodeGrant> getCodesQuery(Client c, UserSubject resourceOwnerSubject) {
+
+ protected TypedQuery<ServerAuthorizationCodeGrant> getCodesQuery(Client c, UserSubject resourceOwnerSubject,
+ EntityManager em) {
if (c == null && resourceOwnerSubject == null) {
- return getEntityManager().createQuery("SELECT c FROM " + CODE_TABLE_NAME + " c",
- ServerAuthorizationCodeGrant.class);
+ return em.createQuery("SELECT c FROM ServerAuthorizationCodeGrant c",
+ ServerAuthorizationCodeGrant.class);
} else if (c == null) {
- return getEntityManager().createQuery(
- "SELECT c FROM " + CODE_TABLE_NAME + " c JOIN c.subject s WHERE s.login = '"
- + resourceOwnerSubject.getLogin() + "'", ServerAuthorizationCodeGrant.class);
+ return em.createQuery(
+ "SELECT c FROM ServerAuthorizationCodeGrant"
+ + " c JOIN c.subject s"
+ + " WHERE s.login = :login", ServerAuthorizationCodeGrant.class)
+ .setParameter("login", resourceOwnerSubject.getLogin());
} else if (resourceOwnerSubject == null) {
- return getEntityManager().createQuery(
- "SELECT code FROM " + CODE_TABLE_NAME + " code JOIN code.client c WHERE c.clientId = '"
- + c.getClientId() + "'", ServerAuthorizationCodeGrant.class);
+ return em.createQuery(
+ "SELECT code FROM ServerAuthorizationCodeGrant code"
+ + " JOIN code.client c"
+ + " WHERE c.clientId = :clientId", ServerAuthorizationCodeGrant.class)
+ .setParameter("clientId", c.getClientId());
} else {
- return getEntityManager().createQuery(
- "SELECT code FROM " + CODE_TABLE_NAME
- + " code JOIN code.subject s JOIN code.client c WHERE s.login = '"
- + resourceOwnerSubject.getLogin() + "' AND c.clientId = '" + c.getClientId() + "'",
- ServerAuthorizationCodeGrant.class);
+ return em.createQuery(
+ "SELECT code FROM ServerAuthorizationCodeGrant code"
+ + " JOIN code.subject s"
+ + " JOIN code.client c"
+ + " WHERE s.login = :login"
+ + " AND c.clientId = :clientId", ServerAuthorizationCodeGrant.class)
+ .setParameter("clientId", c.getClientId())
+ .setParameter("login", resourceOwnerSubject.getLogin());
}
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/88cde365/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
index 932d690..3ad5b36 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
@@ -25,8 +25,10 @@ import java.util.Map;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn;
+import javax.persistence.OrderColumn;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -39,7 +41,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@Entity
public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
private static final long serialVersionUID = -5004608901535459036L;
-
+
private long issuedAt;
private long expiresIn;
private Client client;
@@ -52,21 +54,21 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
private String nonce;
private boolean preauthorizedTokenAvailable;
private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
-
+
public ServerAuthorizationCodeGrant() {
-
+
}
-
- public ServerAuthorizationCodeGrant(Client client,
+
+ public ServerAuthorizationCodeGrant(Client client,
long lifetime) {
this(client, OAuthUtils.generateRandomTokenKey(), lifetime,
- OAuthUtils.getIssuedAt());
+ OAuthUtils.getIssuedAt());
}
-
- public ServerAuthorizationCodeGrant(Client client,
- String code,
- long expiresIn,
- long issuedAt) {
+
+ public ServerAuthorizationCodeGrant(Client client,
+ String code,
+ long expiresIn,
+ long issuedAt) {
super(code);
this.client = client;
this.expiresIn = expiresIn;
@@ -80,7 +82,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
public long getIssuedAt() {
return issuedAt;
}
-
+
public void setIssuedAt(long issuedAt) {
this.issuedAt = issuedAt;
}
@@ -92,7 +94,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
public long getExpiresIn() {
return expiresIn;
}
-
+
public void setExpiresIn(long expiresIn) {
this.expiresIn = expiresIn;
}
@@ -109,35 +111,27 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
public void setClient(Client c) {
this.client = c;
}
-
- /**
- * Sets the scopes explicitly approved by the end user.
- * If this list is empty then the end user had no way to down-scope.
- * @param approvedScope the approved scopes
- */
-
- public void setApprovedScopes(List<String> scopes) {
- this.approvedScopes = scopes;
- }
/**
* Gets the scopes explicitly approved by the end user
* @return the approved scopes
*/
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getApprovedScopes() {
return approvedScopes;
}
-
/**
- * Sets the user subject representing the end user
- * @param subject the subject
+ * Sets the scopes explicitly approved by the end user.
+ * If this list is empty then the end user had no way to down-scope.
+ * @param scopes the approved scopes
*/
- public void setSubject(UserSubject subject) {
- this.subject = subject;
+
+ public void setApprovedScopes(List<String> scopes) {
+ this.approvedScopes = scopes;
}
-
+
/**
* Gets the user subject representing the end user
* @return the subject
@@ -147,6 +141,14 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
return subject;
}
+ /**
+ * Sets the user subject representing the end user
+ * @param subject the subject
+ */
+ public void setSubject(UserSubject subject) {
+ this.subject = subject;
+ }
+
public String getAudience() {
return audience;
}
@@ -163,7 +165,8 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
this.clientCodeChallenge = clientCodeChallenge;
}
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
+ @OrderColumn
public List<String> getRequestedScopes() {
return requestedScopes;
}
@@ -188,7 +191,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
this.preauthorizedTokenAvailable = preauthorizedTokenAvailable;
}
- @ElementCollection
+ @ElementCollection(fetch = FetchType.EAGER)
@MapKeyColumn(name = "extraPropName")
public Map<String, String> getExtraProperties() {
return extraProperties;