Commit bb5363a0 authored by Matija Obreza's avatar Matija Obreza
Browse files

Merge branch '16-oauth-management' into 'master'

Resolve "OAuth management"

Closes #16

See merge request !15
parents b67c173c 9c368660
/*
* Copyright 2016 Global Crop Diversity Trust
* Copyright 2017 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -16,93 +16,210 @@
package org.genesys.blocks.oauth.model;
import java.io.Serializable;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
/**
* OAuth AccessToken
*/
@Entity
@Table(name = "oauthaccesstoken")
public class AccessToken implements Serializable {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = -2254427722756061411L;
/** The token id. */
@Id
@Column(length = 100)
private String tokenId;
/** The authentication id. */
@Column(unique = true, length = 100)
private String authenticationId;
/** The token. */
@Lob
private byte[] token;
/** The username. */
@Column(length = 100)
private String username;
/** The client id. */
@Column(length = 100)
private String clientId;
/** The authentication. */
@Lob
private byte[] authentication;
/** The refresh token. */
@Column(length = 100)
private String refreshToken;
/** The expiration. */
@Temporal(TemporalType.TIMESTAMP)
private Date expiration;
/**
* Gets the id.
*
* @return the id
*/
public String getId() {
return tokenId;
}
/**
* Gets the authentication id.
*
* @return the authentication id
*/
public String getAuthenticationId() {
return authenticationId;
}
/**
* Sets the authentication id.
*
* @param authenticationId the new authentication id
*/
public void setAuthenticationId(final String authenticationId) {
this.authenticationId = authenticationId;
}
/**
* Gets the token id.
*
* @return the token id
*/
public String getTokenId() {
return tokenId;
}
/**
* Sets the token id.
*
* @param tokenId the new token id
*/
public void setTokenId(final String tokenId) {
this.tokenId = tokenId;
}
/**
* Gets the token.
*
* @return the token
*/
public byte[] getToken() {
return token;
}
/**
* Sets the token.
*
* @param token the new token
*/
public void setToken(final byte[] token) {
this.token = token;
}
/**
* Sets the username.
*
* @param username the new username
*/
public void setUsername(final String username) {
this.username = username;
}
/**
* Get the identifier of the user associated with this refresh token.
*
* @return Usually the UUID of the User
*/
public String getUsername() {
return username;
}
/**
* Sets the client id.
*
* @param clientId the new client id
*/
public void setClientId(final String clientId) {
this.clientId = clientId;
}
/**
* Get the clientId for which this token is issued.
*
* @return OAuth clientId
* @see {@link OAuthClient#getClientId()}
*/
public String getClientId() {
return clientId;
}
/**
* Sets the authentication.
*
* @param authentication the new authentication
*/
public void setAuthentication(final byte[] authentication) {
this.authentication = authentication;
}
/**
* Gets the authentication.
*
* @return the authentication
*/
public byte[] getAuthentication() {
return authentication;
}
/**
* Sets the refresh token.
*
* @param refreshToken the new refresh token
*/
public void setRefreshToken(final String refreshToken) {
this.refreshToken = refreshToken;
}
/**
* Gets the refresh token.
*
* @return the refresh token
*/
public String getRefreshToken() {
return refreshToken;
}
/**
* Sets the expiration.
*
* @param expiration the new expiration
*/
public void setExpiration(final Date expiration) {
this.expiration = expiration;
}
/**
* Gets the expiration.
*
* @return the expiration
*/
public Date getExpiration() {
return expiration;
}
}
/*
* Copyright 2016 Global Crop Diversity Trust
* Copyright 2017 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -36,69 +36,121 @@ import javax.persistence.PrePersist;
import javax.persistence.Table;
import javax.persistence.Transient;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonView;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.model.AuditedVersionedModel;
import org.genesys.blocks.model.Copyable;
import org.genesys.blocks.model.JsonViews;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
/**
* OAuth Client information.
*
* @author Matija Obreza
*/
@Entity
@Table(name = "oauthclient")
public class OAuthClient extends AuditedVersionedModel implements ClientDetails {
public class OAuthClient extends AuditedVersionedModel implements ClientDetails, Copyable<OAuthClient> {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = -4204753722663196007L;
/** The client id. */
@JsonView(JsonViews.Public.class)
@Column(unique = true, nullable = false, length = 100)
private String clientId;
/** The client secret. */
@JsonView(JsonViews.Protected.class)
@Column(nullable = true, length = 100)
private String clientSecret;
/** The resource. */
@JsonIgnore
@Column(nullable = true, length = 200)
private String resource;
/** The resource ids. */
@JsonView(JsonViews.Protected.class)
@Transient
private final Set<String> resourceIds = new HashSet<>();
/** The auto approve. */
@Column(nullable = false)
boolean autoApprove = false;
/** The auto approve scope. */
@JsonIgnore
@Column(nullable = true, length = 200)
private String autoApproveScope;
/** The auto approve scopes. */
@JsonView(JsonViews.Protected.class)
@Transient
private final Set<String> autoApproveScopes = new HashSet<>();
/** The scope. */
@JsonIgnore
@Column(nullable = true, length = 200)
private String scope;
/** The scopes. */
@JsonView(JsonViews.Protected.class)
@Transient
private final Set<String> scopes = new HashSet<>();
/** The grants. */
@JsonIgnore
@Column(nullable = true, length = 200)
private String grants;
/** The grant types. */
@JsonView(JsonViews.Protected.class)
@Transient
private final Set<String> grantTypes = new HashSet<>();
/** The redirect. */
@JsonIgnore
@Column(nullable = true, length = 200)
private String redirect;
/** The redirect uris. */
@JsonView(JsonViews.Protected.class)
@Transient
private final Set<String> redirectUris = new HashSet<>();
/** The roles. */
@JsonView(JsonViews.Protected.class)
@ElementCollection
@Enumerated(EnumType.STRING)
@CollectionTable(name = "oauthclientrole", joinColumns = @JoinColumn(name = "clientId"))
@Column(name = "oauthclientrole")
private Collection<OAuthRole> roles = new ArrayList<>();
/** The additional information. */
@Transient
private final Map<String, Object> additionalInformation = null;
/** The access token validity. */
private Integer accessTokenValidity;
/** The refresh token validity. */
private Integer refreshTokenValidity;
/** The title. */
@Column(nullable = false, length = 200)
private String title;
/** The description. */
@Lob
private String description;
/**
* Flatten.
*/
@PrePersist
private void flatten() {
resource = resourceIds.stream().collect(Collectors.joining(";"));
......@@ -108,6 +160,9 @@ public class OAuthClient extends AuditedVersionedModel implements ClientDetails
redirect = redirectUris.stream().collect(Collectors.joining(";"));
}
/**
* Inflate.
*/
@PostLoad
private void inflate() {
if (resource != null) {
......@@ -127,167 +182,358 @@ public class OAuthClient extends AuditedVersionedModel implements ClientDetails
}
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#getClientId()
*/
@Override
public String getClientId() {
return clientId;
}
/**
* Sets the client id.
*
* @param clientId the new client id
*/
public void setClientId(final String clientId) {
this.clientId = clientId;
}
/*
* (non-Javadoc)
* @see
* org.springframework.security.oauth2.provider.ClientDetails#getClientSecret()
*/
@Override
public String getClientSecret() {
return clientSecret;
}
/**
* Sets the client secret.
*
* @param clientSecret the new client secret
*/
public void setClientSecret(final String clientSecret) {
this.clientSecret = clientSecret;
}
/**
* Gets the resource.
*
* @return the resource
*/
public String getResource() {
return resource;
}
/**
* Sets the resource.
*
* @param resource the new resource
*/
public void setResource(final String resource) {
this.resource = resource;
}
/**
* Gets the grants.
*
* @return the grants
*/
public String getGrants() {
return grants;
}
/**
* Sets the grants.
*
* @param grants the new grants
*/
public void setGrants(final String grants) {
this.grants = grants;
}
/**
* Gets the redirect.
*
* @return the redirect
*/
public String getRedirect() {
return redirect;
}
/**
* Sets the redirect.
*
* @param redirect the new redirect
*/
public void setRedirect(final String redirect) {
this.redirect = redirect;
}
/**
* Gets the roles.
*
* @return the roles
*/
public Collection<OAuthRole> getRoles() {
return roles;
}
/**
* Sets the roles.
*
* @param roles the new roles
*/
public void setRoles(final Collection<OAuthRole> roles) {
this.roles = roles;
}
/**
* Sets the scope.
*
* @param scope the new scope
*/
public void setScope(final String scope) {
this.scope = scope;
}
/**
* Sets the auto approve.
*
* @param autoApprove the new auto approve
*/
public void setAutoApprove(final boolean autoApprove) {
this.autoApprove = autoApprove;
}
/**
* Gets the auto approve.
*
* @return the auto approve
*/
public boolean getAutoApprove() {
return autoApprove;
}
/**
* Gets the auto approve scope.
*
* @return the auto approve scope
*/
protected String getAutoApproveScope() {
return autoApproveScope;
}
/**
* Sets the auto approve scope.
*
* @param autoApproveScope the new auto approve scope
*/
protected void setAutoApproveScope(final String autoApproveScope) {
this.autoApproveScope = autoApproveScope;
}
/**
* Gets the auto approve scopes.
*
* @return the auto approve scopes
*/
public Set<String> getAutoApproveScopes() {
return autoApproveScopes;
}
/*
* (non-Javadoc)
* @see
* org.springframework.security.oauth2.provider.ClientDetails#getResourceIds()
*/
@Override
public Set<String> getResourceIds() {
return resourceIds;
}
/**
* Client secret is required when provided
* Client secret is required when provided.
*
* @return true, if is secret required
*/
@Override
public boolean isSecretRequired() {
return clientSecret != null;
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#isScoped()
*/
@Override
public boolean isScoped() {
return !scopes.isEmpty();
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#getScope()
*/
@Override
public Set<String> getScope() {
return scopes;
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#
* getAuthorizedGrantTypes()
*/
@Override
public Set<String> getAuthorizedGrantTypes() {
return grantTypes;
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#
* getRegisteredRedirectUri()
*/
@Override
public Set<String> getRegisteredRedirectUri() {
return redirectUris;
}
/*
* (non-Javadoc)
* @see
* org.springframework.security.oauth2.provider.ClientDetails#getAuthorities()
*/
@Override
public Collection<GrantedAuthority> getAuthorities() {
return roles.stream().collect(Collectors.toList());
}
/*
* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.ClientDetails#
* getAccessTokenValiditySeconds()
*/
@Override
public Integer getAccessTokenValiditySeconds() {
return accessTokenValidity;
}
/**
* Gets the access token validity.
*
* @return the access token validity
*/
public Integer getAccessTokenValidity() {