Commit 9cf1b767 authored by Maxim's avatar Maxim Committed by Matija Obreza
Browse files

OAuth2 server code. The code from projectmanager-server

parent f2646673
......@@ -123,5 +123,11 @@
<version>${querydsl.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.11.RELEASE</version>
</dependency>
</dependencies>
</project>
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.model;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
@Entity
@Table(name = "oauthaccesstoken")
public class AccessToken implements Serializable {
private static final long serialVersionUID = -2254427722756061411L;
@Id
@Column(length = 100)
private String tokenId;
@Column(unique = true)
private String authenticationId;
@Lob
private byte[] token;
private String username;
private String clientId;
@Lob
private byte[] authentication;
private String refreshToken;
public String getId() {
return tokenId;
}
public String getAuthenticationId() {
return authenticationId;
}
public void setAuthenticationId(final String authenticationId) {
this.authenticationId = authenticationId;
}
public String getTokenId() {
return tokenId;
}
public void setTokenId(final String tokenId) {
this.tokenId = tokenId;
}
public byte[] getToken() {
return token;
}
public void setToken(final byte[] token) {
this.token = token;
}
public void setUsername(final String username) {
this.username = username;
}
public String getUsername() {
return username;
}
public void setClientId(final String clientId) {
this.clientId = clientId;
}
public String getClientId() {
return clientId;
}
public void setAuthentication(final byte[] authentication) {
this.authentication = authentication;
}
public byte[] getAuthentication() {
return authentication;
}
public void setRefreshToken(final String refreshToken) {
this.refreshToken = refreshToken;
}
public String getRefreshToken() {
return refreshToken;
}
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.model;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.JoinColumn;
import javax.persistence.PostLoad;
import javax.persistence.PrePersist;
import javax.persistence.Table;
import javax.persistence.Transient;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.model.AuditedVersionedModel;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
@Entity
@Table(name = "oauthclient")
public class OAuthClient extends AuditedVersionedModel implements ClientDetails {
private static final long serialVersionUID = -4204753722663196007L;
@Column(unique = true, nullable = false, length = 100)
private String clientId;
@Column(nullable = true, length = 100)
private String clientSecret;
@Column(nullable = true, length = 200)
private String resource;
@Transient
private final Set<String> resourceIds = new HashSet<>();
@Column(nullable = false)
boolean autoApprove = false;
@Column(nullable = true, length = 200)
private String autoApproveScope;
@Transient
private final Set<String> autoApproveScopes = new HashSet<>();
@Column(nullable = true, length = 200)
private String scope;
@Transient
private final Set<String> scopes = new HashSet<>();
@Column(nullable = true, length = 200)
private String grants;
@Transient
private final Set<String> grantTypes = new HashSet<>();
@Column(nullable = true, length = 200)
private String redirect;
@Transient
private final Set<String> redirectUris = new HashSet<>();
@ElementCollection
@Enumerated(EnumType.STRING)
@CollectionTable(name = "clientrole", joinColumns = @JoinColumn(name = "clientId"))
@Column(name = "oauthclientrole")
private Collection<OAuthRole> roles = new ArrayList<>();
@Transient
private final Map<String, Object> additionalInformation = null;
private Integer accessTokenValidity;
private Integer refreshTokenValidity;
@PrePersist
private void flatten() {
resource = resourceIds.stream().collect(Collectors.joining(";"));
scope = scopes.stream().collect(Collectors.joining(";"));
autoApproveScope = autoApproveScopes.stream().collect(Collectors.joining(";"));
grants = grantTypes.stream().collect(Collectors.joining(";"));
redirect = redirectUris.stream().collect(Collectors.joining(";"));
}
@PostLoad
private void inflate() {
if (resource != null) {
Arrays.stream(StringUtils.split(resource, ";")).filter(r -> StringUtils.isNotBlank(r)).forEach(r -> resourceIds.add(r));
}
if (scope != null) {
Arrays.stream(StringUtils.split(scope, ";")).filter(r -> StringUtils.isNotBlank(r)).forEach(s -> scopes.add(s));
}
if (autoApproveScope != null) {
Arrays.stream(StringUtils.split(autoApproveScope, ";")).filter(r -> StringUtils.isNotBlank(r)).forEach(s -> autoApproveScopes.add(s));
}
if (grants != null) {
Arrays.stream(StringUtils.split(grants, ";")).filter(r -> StringUtils.isNotBlank(r)).forEach(g -> grantTypes.add(g));
}
if (redirect != null) {
Arrays.stream(StringUtils.split(redirect, ";")).filter(r -> StringUtils.isNotBlank(r)).forEach(u -> redirectUris.add(u));
}
}
@Override
public String getClientId() {
return clientId;
}
public void setClientId(final String clientId) {
this.clientId = clientId;
}
@Override
public String getClientSecret() {
return clientSecret;
}
public void setClientSecret(final String clientSecret) {
this.clientSecret = clientSecret;
}
public String getResource() {
return resource;
}
public void setResource(final String resource) {
this.resource = resource;
}
public String getGrants() {
return grants;
}
public void setGrants(final String grants) {
this.grants = grants;
}
public String getRedirect() {
return redirect;
}
public void setRedirect(final String redirect) {
this.redirect = redirect;
}
public Collection<OAuthRole> getRoles() {
return roles;
}
public void setRoles(final Collection<OAuthRole> roles) {
this.roles = roles;
}
public void setScope(final String scope) {
this.scope = scope;
}
public void setAutoApprove(final boolean autoApprove) {
this.autoApprove = autoApprove;
}
public boolean getAutoApprove() {
return autoApprove;
}
protected String getAutoApproveScope() {
return autoApproveScope;
}
protected void setAutoApproveScope(final String autoApproveScope) {
this.autoApproveScope = autoApproveScope;
}
public Set<String> getAutoApproveScopes() {
return autoApproveScopes;
}
@Override
public Set<String> getResourceIds() {
return resourceIds;
}
/**
* Client secret is required when provided
*/
@Override
public boolean isSecretRequired() {
return clientSecret != null;
}
@Override
public boolean isScoped() {
return !scopes.isEmpty();
}
@Override
public Set<String> getScope() {
return scopes;
}
@Override
public Set<String> getAuthorizedGrantTypes() {
return grantTypes;
}
@Override
public Set<String> getRegisteredRedirectUri() {
return redirectUris;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
return roles.stream().collect(Collectors.toList());
}
@Override
public Integer getAccessTokenValiditySeconds() {
return accessTokenValidity;
}
public Integer getAccessTokenValidity() {
return accessTokenValidity;
}
public void setAccessTokenValidity(final Integer accessTokenValidity) {
this.accessTokenValidity = accessTokenValidity;
}
@Override
public Integer getRefreshTokenValiditySeconds() {
return refreshTokenValidity;
}
public Integer getRefreshTokenValidity() {
return refreshTokenValidity;
}
public void setRefreshTokenValidity(final Integer refreshTokenValidity) {
this.refreshTokenValidity = refreshTokenValidity;
}
@Override
public boolean isAutoApprove(final String scope) {
return autoApprove || autoApproveScopes.contains(scope);
}
@Override
public Map<String, Object> getAdditionalInformation() {
return additionalInformation;
}
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.model;
import org.springframework.security.core.GrantedAuthority;
/**
* Roles available for OAuth clients
*
* @author Matija Obreza
*/
public enum OAuthRole implements GrantedAuthority {
CLIENT, TRUSTED_CLIENT;
/**
* GrantedAuthorities start with ROLE_
*/
@Override
public String getAuthority() {
return "ROLE_" + toString();
}
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.model;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
@Entity
@Table(name = "oauthrefreshtoken")
public class RefreshToken implements Serializable {
private static final long serialVersionUID = -9214518032613402956L;
@Id
@Column(length = 100)
private String tokenId;
@Lob
private byte[] token;
@Lob
private byte[] authentication;
public void setTokenId(final String tokenId) {
this.tokenId = tokenId;
}
public String getTokenId() {
return tokenId;
}
public void setToken(final byte[] token) {
this.token = token;
}
public byte[] getToken() {
return token;
}
public void setAuthentication(final byte[] authentication) {
this.authentication = authentication;
}
public byte[] getAuthentication() {
return authentication;
}
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.persistence;
import java.util.List;
import org.genesys.blocks.oauth.model.AccessToken;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
@Repository
public interface AccessTokenRepository extends JpaRepository<AccessToken, String> {
AccessToken findByAuthenticationId(String key);
@Modifying
@Query("delete from AccessToken at where at.refreshToken = ?1")
void deleteByRefreshToken(String refreshToken);
List<AccessToken> findByClientId(String clientId);
List<AccessToken> findByClientIdAndUsername(String clientId, String username);
@Modifying
@Query("delete from AccessToken at where at.authenticationId = ?1")
void deleteByAuthenticationId(String key);
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.persistence;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
@Repository
public interface OAuthClientRepository extends JpaRepository<OAuthClient, Long> {
OAuthClient findByClientId(String clientId);
}
/*
* Copyright 2016 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.blocks.oauth.persistence;
import org.genesys.blocks.oauth.model.RefreshToken;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
@Repository
public interface RefreshTokenRepository extends JpaRepository<RefreshToken, String> {
}