Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
App Blocks
Commits
9cf1b767
Commit
9cf1b767
authored
Apr 06, 2017
by
Maxim
Committed by
Matija Obreza
Apr 23, 2017
Browse files
OAuth2 server code. The code from projectmanager-server
parent
f2646673
Changes
11
Hide whitespace changes
Inline
Side-by-side
security/pom.xml
View file @
9cf1b767
...
...
@@ -123,5 +123,11 @@
<version>
${querydsl.version}
</version>
<scope>
provided
</scope>
</dependency>
<dependency>
<groupId>
org.springframework.security.oauth
</groupId>
<artifactId>
spring-security-oauth2
</artifactId>
<version>
2.0.11.RELEASE
</version>
</dependency>
</dependencies>
</project>
security/src/main/java/org/genesys/blocks/oauth/model/AccessToken.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.model
;
import
java.io.Serializable
;
import
javax.persistence.Column
;
import
javax.persistence.Entity
;
import
javax.persistence.Id
;
import
javax.persistence.Lob
;
import
javax.persistence.Table
;
@Entity
@Table
(
name
=
"oauthaccesstoken"
)
public
class
AccessToken
implements
Serializable
{
private
static
final
long
serialVersionUID
=
-
2254427722756061411L
;
@Id
@Column
(
length
=
100
)
private
String
tokenId
;
@Column
(
unique
=
true
)
private
String
authenticationId
;
@Lob
private
byte
[]
token
;
private
String
username
;
private
String
clientId
;
@Lob
private
byte
[]
authentication
;
private
String
refreshToken
;
public
String
getId
()
{
return
tokenId
;
}
public
String
getAuthenticationId
()
{
return
authenticationId
;
}
public
void
setAuthenticationId
(
final
String
authenticationId
)
{
this
.
authenticationId
=
authenticationId
;
}
public
String
getTokenId
()
{
return
tokenId
;
}
public
void
setTokenId
(
final
String
tokenId
)
{
this
.
tokenId
=
tokenId
;
}
public
byte
[]
getToken
()
{
return
token
;
}
public
void
setToken
(
final
byte
[]
token
)
{
this
.
token
=
token
;
}
public
void
setUsername
(
final
String
username
)
{
this
.
username
=
username
;
}
public
String
getUsername
()
{
return
username
;
}
public
void
setClientId
(
final
String
clientId
)
{
this
.
clientId
=
clientId
;
}
public
String
getClientId
()
{
return
clientId
;
}
public
void
setAuthentication
(
final
byte
[]
authentication
)
{
this
.
authentication
=
authentication
;
}
public
byte
[]
getAuthentication
()
{
return
authentication
;
}
public
void
setRefreshToken
(
final
String
refreshToken
)
{
this
.
refreshToken
=
refreshToken
;
}
public
String
getRefreshToken
()
{
return
refreshToken
;
}
}
security/src/main/java/org/genesys/blocks/oauth/model/OAuthClient.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.model
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.Collection
;
import
java.util.HashSet
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
import
javax.persistence.CollectionTable
;
import
javax.persistence.Column
;
import
javax.persistence.ElementCollection
;
import
javax.persistence.Entity
;
import
javax.persistence.EnumType
;
import
javax.persistence.Enumerated
;
import
javax.persistence.JoinColumn
;
import
javax.persistence.PostLoad
;
import
javax.persistence.PrePersist
;
import
javax.persistence.Table
;
import
javax.persistence.Transient
;
import
org.apache.commons.lang3.StringUtils
;
import
org.genesys.blocks.model.AuditedVersionedModel
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.oauth2.provider.ClientDetails
;
@Entity
@Table
(
name
=
"oauthclient"
)
public
class
OAuthClient
extends
AuditedVersionedModel
implements
ClientDetails
{
private
static
final
long
serialVersionUID
=
-
4204753722663196007L
;
@Column
(
unique
=
true
,
nullable
=
false
,
length
=
100
)
private
String
clientId
;
@Column
(
nullable
=
true
,
length
=
100
)
private
String
clientSecret
;
@Column
(
nullable
=
true
,
length
=
200
)
private
String
resource
;
@Transient
private
final
Set
<
String
>
resourceIds
=
new
HashSet
<>();
@Column
(
nullable
=
false
)
boolean
autoApprove
=
false
;
@Column
(
nullable
=
true
,
length
=
200
)
private
String
autoApproveScope
;
@Transient
private
final
Set
<
String
>
autoApproveScopes
=
new
HashSet
<>();
@Column
(
nullable
=
true
,
length
=
200
)
private
String
scope
;
@Transient
private
final
Set
<
String
>
scopes
=
new
HashSet
<>();
@Column
(
nullable
=
true
,
length
=
200
)
private
String
grants
;
@Transient
private
final
Set
<
String
>
grantTypes
=
new
HashSet
<>();
@Column
(
nullable
=
true
,
length
=
200
)
private
String
redirect
;
@Transient
private
final
Set
<
String
>
redirectUris
=
new
HashSet
<>();
@ElementCollection
@Enumerated
(
EnumType
.
STRING
)
@CollectionTable
(
name
=
"clientrole"
,
joinColumns
=
@JoinColumn
(
name
=
"clientId"
))
@Column
(
name
=
"oauthclientrole"
)
private
Collection
<
OAuthRole
>
roles
=
new
ArrayList
<>();
@Transient
private
final
Map
<
String
,
Object
>
additionalInformation
=
null
;
private
Integer
accessTokenValidity
;
private
Integer
refreshTokenValidity
;
@PrePersist
private
void
flatten
()
{
resource
=
resourceIds
.
stream
().
collect
(
Collectors
.
joining
(
";"
));
scope
=
scopes
.
stream
().
collect
(
Collectors
.
joining
(
";"
));
autoApproveScope
=
autoApproveScopes
.
stream
().
collect
(
Collectors
.
joining
(
";"
));
grants
=
grantTypes
.
stream
().
collect
(
Collectors
.
joining
(
";"
));
redirect
=
redirectUris
.
stream
().
collect
(
Collectors
.
joining
(
";"
));
}
@PostLoad
private
void
inflate
()
{
if
(
resource
!=
null
)
{
Arrays
.
stream
(
StringUtils
.
split
(
resource
,
";"
)).
filter
(
r
->
StringUtils
.
isNotBlank
(
r
)).
forEach
(
r
->
resourceIds
.
add
(
r
));
}
if
(
scope
!=
null
)
{
Arrays
.
stream
(
StringUtils
.
split
(
scope
,
";"
)).
filter
(
r
->
StringUtils
.
isNotBlank
(
r
)).
forEach
(
s
->
scopes
.
add
(
s
));
}
if
(
autoApproveScope
!=
null
)
{
Arrays
.
stream
(
StringUtils
.
split
(
autoApproveScope
,
";"
)).
filter
(
r
->
StringUtils
.
isNotBlank
(
r
)).
forEach
(
s
->
autoApproveScopes
.
add
(
s
));
}
if
(
grants
!=
null
)
{
Arrays
.
stream
(
StringUtils
.
split
(
grants
,
";"
)).
filter
(
r
->
StringUtils
.
isNotBlank
(
r
)).
forEach
(
g
->
grantTypes
.
add
(
g
));
}
if
(
redirect
!=
null
)
{
Arrays
.
stream
(
StringUtils
.
split
(
redirect
,
";"
)).
filter
(
r
->
StringUtils
.
isNotBlank
(
r
)).
forEach
(
u
->
redirectUris
.
add
(
u
));
}
}
@Override
public
String
getClientId
()
{
return
clientId
;
}
public
void
setClientId
(
final
String
clientId
)
{
this
.
clientId
=
clientId
;
}
@Override
public
String
getClientSecret
()
{
return
clientSecret
;
}
public
void
setClientSecret
(
final
String
clientSecret
)
{
this
.
clientSecret
=
clientSecret
;
}
public
String
getResource
()
{
return
resource
;
}
public
void
setResource
(
final
String
resource
)
{
this
.
resource
=
resource
;
}
public
String
getGrants
()
{
return
grants
;
}
public
void
setGrants
(
final
String
grants
)
{
this
.
grants
=
grants
;
}
public
String
getRedirect
()
{
return
redirect
;
}
public
void
setRedirect
(
final
String
redirect
)
{
this
.
redirect
=
redirect
;
}
public
Collection
<
OAuthRole
>
getRoles
()
{
return
roles
;
}
public
void
setRoles
(
final
Collection
<
OAuthRole
>
roles
)
{
this
.
roles
=
roles
;
}
public
void
setScope
(
final
String
scope
)
{
this
.
scope
=
scope
;
}
public
void
setAutoApprove
(
final
boolean
autoApprove
)
{
this
.
autoApprove
=
autoApprove
;
}
public
boolean
getAutoApprove
()
{
return
autoApprove
;
}
protected
String
getAutoApproveScope
()
{
return
autoApproveScope
;
}
protected
void
setAutoApproveScope
(
final
String
autoApproveScope
)
{
this
.
autoApproveScope
=
autoApproveScope
;
}
public
Set
<
String
>
getAutoApproveScopes
()
{
return
autoApproveScopes
;
}
@Override
public
Set
<
String
>
getResourceIds
()
{
return
resourceIds
;
}
/**
* Client secret is required when provided
*/
@Override
public
boolean
isSecretRequired
()
{
return
clientSecret
!=
null
;
}
@Override
public
boolean
isScoped
()
{
return
!
scopes
.
isEmpty
();
}
@Override
public
Set
<
String
>
getScope
()
{
return
scopes
;
}
@Override
public
Set
<
String
>
getAuthorizedGrantTypes
()
{
return
grantTypes
;
}
@Override
public
Set
<
String
>
getRegisteredRedirectUri
()
{
return
redirectUris
;
}
@Override
public
Collection
<
GrantedAuthority
>
getAuthorities
()
{
return
roles
.
stream
().
collect
(
Collectors
.
toList
());
}
@Override
public
Integer
getAccessTokenValiditySeconds
()
{
return
accessTokenValidity
;
}
public
Integer
getAccessTokenValidity
()
{
return
accessTokenValidity
;
}
public
void
setAccessTokenValidity
(
final
Integer
accessTokenValidity
)
{
this
.
accessTokenValidity
=
accessTokenValidity
;
}
@Override
public
Integer
getRefreshTokenValiditySeconds
()
{
return
refreshTokenValidity
;
}
public
Integer
getRefreshTokenValidity
()
{
return
refreshTokenValidity
;
}
public
void
setRefreshTokenValidity
(
final
Integer
refreshTokenValidity
)
{
this
.
refreshTokenValidity
=
refreshTokenValidity
;
}
@Override
public
boolean
isAutoApprove
(
final
String
scope
)
{
return
autoApprove
||
autoApproveScopes
.
contains
(
scope
);
}
@Override
public
Map
<
String
,
Object
>
getAdditionalInformation
()
{
return
additionalInformation
;
}
}
security/src/main/java/org/genesys/blocks/oauth/model/OAuthRole.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.model
;
import
org.springframework.security.core.GrantedAuthority
;
/**
* Roles available for OAuth clients
*
* @author Matija Obreza
*/
public
enum
OAuthRole
implements
GrantedAuthority
{
CLIENT
,
TRUSTED_CLIENT
;
/**
* GrantedAuthorities start with ROLE_
*/
@Override
public
String
getAuthority
()
{
return
"ROLE_"
+
toString
();
}
}
security/src/main/java/org/genesys/blocks/oauth/model/RefreshToken.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.model
;
import
java.io.Serializable
;
import
javax.persistence.Column
;
import
javax.persistence.Entity
;
import
javax.persistence.Id
;
import
javax.persistence.Lob
;
import
javax.persistence.Table
;
@Entity
@Table
(
name
=
"oauthrefreshtoken"
)
public
class
RefreshToken
implements
Serializable
{
private
static
final
long
serialVersionUID
=
-
9214518032613402956L
;
@Id
@Column
(
length
=
100
)
private
String
tokenId
;
@Lob
private
byte
[]
token
;
@Lob
private
byte
[]
authentication
;
public
void
setTokenId
(
final
String
tokenId
)
{
this
.
tokenId
=
tokenId
;
}
public
String
getTokenId
()
{
return
tokenId
;
}
public
void
setToken
(
final
byte
[]
token
)
{
this
.
token
=
token
;
}
public
byte
[]
getToken
()
{
return
token
;
}
public
void
setAuthentication
(
final
byte
[]
authentication
)
{
this
.
authentication
=
authentication
;
}
public
byte
[]
getAuthentication
()
{
return
authentication
;
}
}
security/src/main/java/org/genesys/blocks/oauth/persistence/AccessTokenRepository.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.persistence
;
import
java.util.List
;
import
org.genesys.blocks.oauth.model.AccessToken
;
import
org.springframework.data.jpa.repository.JpaRepository
;
import
org.springframework.data.jpa.repository.Modifying
;
import
org.springframework.data.jpa.repository.Query
;
import
org.springframework.stereotype.Repository
;
@Repository
public
interface
AccessTokenRepository
extends
JpaRepository
<
AccessToken
,
String
>
{
AccessToken
findByAuthenticationId
(
String
key
);
@Modifying
@Query
(
"delete from AccessToken at where at.refreshToken = ?1"
)
void
deleteByRefreshToken
(
String
refreshToken
);
List
<
AccessToken
>
findByClientId
(
String
clientId
);
List
<
AccessToken
>
findByClientIdAndUsername
(
String
clientId
,
String
username
);
@Modifying
@Query
(
"delete from AccessToken at where at.authenticationId = ?1"
)
void
deleteByAuthenticationId
(
String
key
);
}
security/src/main/java/org/genesys/blocks/oauth/persistence/OAuthClientRepository.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.persistence
;
import
org.genesys.blocks.oauth.model.OAuthClient
;
import
org.springframework.data.jpa.repository.JpaRepository
;
import
org.springframework.stereotype.Repository
;
@Repository
public
interface
OAuthClientRepository
extends
JpaRepository
<
OAuthClient
,
Long
>
{
OAuthClient
findByClientId
(
String
clientId
);
}
security/src/main/java/org/genesys/blocks/oauth/persistence/RefreshTokenRepository.java
0 → 100644
View file @
9cf1b767
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.genesys.blocks.oauth.persistence
;
import
org.genesys.blocks.oauth.model.RefreshToken
;
import
org.springframework.data.jpa.repository.JpaRepository
;
import
org.springframework.stereotype.Repository
;
@Repository
public
interface
RefreshTokenRepository
extends
JpaRepository
<
RefreshToken
,
String
>
{