Commit 933fe3af authored by Matija Obreza's avatar Matija Obreza
Browse files

OAuth: Evict entry from SID cache when clientId is modified

parent c531278f
......@@ -27,10 +27,13 @@ import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.model.OAuthRole;
import org.genesys.blocks.oauth.model.QOAuthClient;
import org.genesys.blocks.oauth.persistence.OAuthClientRepository;
import org.genesys.blocks.security.service.impl.CustomAclServiceImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.data.domain.Page;
......@@ -69,6 +72,10 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
@Autowired
public PasswordEncoder passwordEncoder;
/** The cache manager. */
@Autowired(required = false)
private CacheManager cacheManager;
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetailsService#
......@@ -179,6 +186,16 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
public OAuthClient updateClientId(String sourceId, String targetId) {
OAuthClient client = getClient(sourceId);
client.setClientId(targetId);
if (cacheManager!=null) {
// We need to clear sid names cache manually. Duplicate @CacheEvict annotations are not allowed.
final Cache sidNamesCache = cacheManager.getCache(CustomAclServiceImpl.CACHE_SID_NAMES);
if (sidNamesCache != null) {
sidNamesCache.evict(sourceId);
sidNamesCache.evict(client.getId());
}
}
return lazyLoad(oauthClientRepository.save(client));
}
......
......@@ -59,6 +59,8 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class CustomAclServiceImpl implements CustomAclService {
public static final String CACHE_SID_NAMES = "aclSidNames";
/** The base permissions. */
private static Permission[] basePermissions;
......@@ -102,7 +104,7 @@ public class CustomAclServiceImpl implements CustomAclService {
@Override
@Transactional(readOnly = true)
@Cacheable(cacheNames = { "aclSidNames" }, key = "#id", unless = "#result == null")
@Cacheable(cacheNames = { CACHE_SID_NAMES }, key = "#id", unless = "#result == null")
public String getSidName(long id) {
AclSid sid = aclSidPersistence.findById(id).orElse(null);
return sid == null ? null : sid.getSid();
......@@ -110,7 +112,7 @@ public class CustomAclServiceImpl implements CustomAclService {
@Override
@Transactional(readOnly = true, propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_UNCOMMITTED)
@Cacheable(cacheNames = { "aclSidNames" }, key = "#sid", unless = "#result == null")
@Cacheable(cacheNames = { CACHE_SID_NAMES }, key = "#sid", unless = "#result == null")
public Long getSidId(String sid) {
return aclSidPersistence.getSidId(sid);
}
......
......@@ -34,6 +34,7 @@ import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.UserRole;
import org.genesys.blocks.security.persistence.AclSidPersistence;
import org.genesys.blocks.security.rest.AbstractRestTest;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.junit.Before;
import org.junit.Test;
......@@ -57,6 +58,9 @@ public class OAuthClientTest extends AbstractRestTest {
@Autowired
private AclSidPersistence aclSidRepository;
@Autowired
private CustomAclService aclService;
/**
* Sets the up.
*/
......@@ -112,6 +116,9 @@ public class OAuthClientTest extends AbstractRestTest {
public void updateClientId() {
OAuthClient client = oauthClientDetailsService.addClient(makeClient());
assertThat(aclService.getSidName(client.getId()), is(client.getClientId()));
assertThat(aclService.getSidId(client.getClientId()), is(client.getId()));
var sid = aclSidRepository.findById(client.getId()).orElse(null);
assertThat(sid, not(nullValue()));
assertThat(sid.getSid(), is(client.getClientId()));
......@@ -131,6 +138,8 @@ public class OAuthClientTest extends AbstractRestTest {
assertThat(sid.getSid(), is(updatedClient.getClientId()));
assertThat(oauthClientDetailsService.getClient(targetClientId), is(notNullValue()));
assertThat(aclService.getSidName(client.getId()), is(updatedClient.getClientId()));
assertThat(aclService.getSidId(updatedClient.getClientId()), is(updatedClient.getId()));
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment