Updates to OAuth token management

e9e6e37b · Matija Obreza · ba9efe93 · e9e6e37b · e9e6e37b · e9e6e37b
Commit e9e6e37b authored Jan 31, 2014 by Matija Obreza
--- a/src/main/java/org/genesys2/server/model/oauth/OAuthAccessToken.java
+++ b/src/main/java/org/genesys2/server/model/oauth/OAuthAccessToken.java
@@ -16,13 +16,18 @@

 package org.genesys2.server.model.oauth;

+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Lob;
+import javax.persistence.Table;
+
 import org.genesys2.server.model.HibernateModel;
-import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.util.SerializationUtils;

-import javax.persistence.*;
-import java.util.Date;
-
 @Entity
 @Table(name = "oauth_access_token")
 public class OAuthAccessToken implements HibernateModel {
@@ -53,31 +58,18 @@ public class OAuthAccessToken implements HibernateModel {
 	@Column(name = "refresh_token")
 	private String refreshToken;

-    @Column(name = "created_date")
-    private Date createdDate;
-
-    private DefaultOAuth2AccessToken defaultOAuth2AccessToken;
+	@Column(name = "created_date")
+	private Date createdDate;

-    private synchronized DefaultOAuth2AccessToken getDefaultOAuth2AccessToken () {
-        if (this.defaultOAuth2AccessToken==null) {
-            this.defaultOAuth2AccessToken =  SerializationUtils.deserialize(this.token);
-        }
-        return this.defaultOAuth2AccessToken;
-    }
-
-    public Date getTokenExpiration() {
-        return getDefaultOAuth2AccessToken().getExpiration();
-    }
-
-    public Date getCreatedDate() {
-        return createdDate;
-    }
+	public Date getCreatedDate() {
+		return createdDate;
+	}

-    public void setCreatedDate(Date createdDate) {
-        this.createdDate = createdDate;
-    }
+	public void setCreatedDate(Date createdDate) {
+		this.createdDate = createdDate;
+	}

-    public String getTokenId() {
+	public String getTokenId() {
 		return tokenId;
 	}

@@ -171,4 +163,8 @@ public class OAuthAccessToken implements HibernateModel {
 		result = 31 * result + (refreshToken != null ? refreshToken.hashCode() : 0);
 		return result;
 	}
+
+	public OAuth2AccessToken getAccessToken() {
+		return SerializationUtils.deserialize(this.token);
+	}
 }
--- a/src/main/java/org/genesys2/server/service/impl/OAuth2JPATokenStoreImpl.java
+++ b/src/main/java/org/genesys2/server/service/impl/OAuth2JPATokenStoreImpl.java
@@ -107,7 +107,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
 		List<OAuth2AccessToken> tokens = new ArrayList<OAuth2AccessToken>();
 		for (OAuthAccessToken token : accessTokenPersistence.findByClientId(clientId)) {
 			if (token != null) {
-				tokens.add(deserializeAccessToken(token.getToken()));
+				tokens.add(token.getAccessToken());
 			}
 		}
 		return tokens;
@@ -118,7 +118,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
 		List<OAuth2AccessToken> tokens = new ArrayList<OAuth2AccessToken>();
 		for (OAuthAccessToken token : accessTokenPersistence.findByUserName(username)) {
 			if (token != null) {
-				tokens.add(deserializeAccessToken(token.getToken()));
+				tokens.add(token.getAccessToken());
 			}
 		}
 		return tokens;
@@ -132,7 +132,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
 		try {
 			// FIXME Dies with two keys issued to same user in same client
 			OAuthAccessToken persisted = accessTokenPersistence.findByAuthenticationId(key);
-			accessToken = deserializeAccessToken(persisted.getToken());
+			accessToken = persisted.getAccessToken();
 		} catch (NullPointerException e) {
 			if (LOG.isInfoEnabled()) {
 				LOG.debug("Failed to find access token for authentication " + authentication);
@@ -157,7 +157,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {

 		try {
 			OAuthAccessToken persisted = accessTokenPersistence.findOne(extractTokenKey(tokenValue));
-			accessToken = deserializeAccessToken(persisted.getToken());
+			accessToken = persisted.getAccessToken();
 		} catch (NullPointerException e) {
 			if (LOG.isInfoEnabled()) {
 				LOG.info("Failed to find access token for token " + tokenValue);
@@ -324,10 +324,6 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
 		return SerializationUtils.serialize(authentication);
 	}

-	protected OAuth2AccessToken deserializeAccessToken(byte[] token) {
-		return SerializationUtils.deserialize(token);
-	}
-
 	protected OAuth2RefreshToken deserializeRefreshToken(byte[] token) {
 		return SerializationUtils.deserialize(token);
 	}

--- a/src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java
 package org.genesys2.server.servlet.controller;

-
 import org.genesys2.server.model.oauth.OAuthAccessToken;
 import org.genesys2.server.service.OAuth2ClientDetailsService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -16,70 +15,67 @@ import org.springframework.web.bind.annotation.RequestMapping;

 import java.util.Collection;

-
 @Controller
 @RequestMapping("/management")
 public class OAuthManagementController extends BaseController {

-
-    @Autowired
-    private OAuth2ClientDetailsService clientDetailsService;
-
-    @Autowired
-    @Qualifier("tokenStore")
-    private TokenStore tokenStore;
-
-
-    @PreAuthorize("hasRole('ADMINISTRATOR')")
-    @RequestMapping("/allTokens")
-    public String getAllTokens(Model model) {
-        model.addAttribute("clientDetailsList", clientDetailsService.listClientDetails());
-        return "/oauth/clientslist";
-    }
-
-    @PreAuthorize("hasRole('ADMINISTRATOR')")
-    @RequestMapping("/{clientId}")
-    public String clientDetailsInfo(Model model, @PathVariable("clientId") String clientId) {
-        ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-        Collection<OAuthAccessToken> tokensByClientId = clientDetailsService.findTokensByClientId(clientId);
-
-        model.addAttribute("accessTokens", tokensByClientId);
-        model.addAttribute("clientDetails", clientDetails);
-        return "/oauth/detailsinfo";
-    }
-
-    @PreAuthorize("hasRole('ADMINISTRATOR')")
-    @RequestMapping("/{clientId}/removeAll")
-    public String removeAllAccessTokens(@PathVariable("clientId") String clientId) {
-
-        Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByClientId(clientId);
-        for (OAuthAccessToken token : tokens) {
-            tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(token.getTokenId()));
-        }
-
-        return "redirect:/management/" + clientId;
-    }
-
-    @PreAuthorize("hasRole('ADMINISTRATOR')")
-    @RequestMapping("/{clientId}/{tokenId}/remove")
-    public String removeAccessTokens(@PathVariable("tokenId") String tokenId,
-                                     @PathVariable("clientId") String clientId) {
-
-        tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(tokenId));
-        return "redirect:/management/" + clientId;
-    }
-
-    @RequestMapping("/user/{userName}/tokens")
-    public String getIssuedTokens(@PathVariable("userName") String userName, Model model) {
-        Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByUserName(userName);
-        model.addAttribute("tokens", tokens);
-        return "/oauth/tokenslist";
-    }
-
-    @RequestMapping("/user/{userName}/{tokenId}/remove")
-    public String removeUsersAccessToken(@PathVariable("tokenId") String tokenId,
-                                         @PathVariable("userName") String userName) {
-        tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(tokenId));
-        return "redirect:/management/user/" + userName + "/tokens";
-    }
+	@Autowired
+	private OAuth2ClientDetailsService clientDetailsService;
+
+	@Autowired
+	@Qualifier("tokenStore")
+	private TokenStore tokenStore;
+
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	@RequestMapping("/allTokens")
+	public String getAllTokens(Model model) {
+		model.addAttribute("clientDetailsList", clientDetailsService.listClientDetails());
+		return "/oauth/clientslist";
+	}
+
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	@RequestMapping("/{clientId}")
+	public String clientDetailsInfo(Model model, @PathVariable("clientId") String clientId) {
+		ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+		Collection<OAuthAccessToken> tokensByClientId = clientDetailsService.findTokensByClientId(clientId);
+
+		model.addAttribute("accessTokens", tokensByClientId);
+		model.addAttribute("clientDetails", clientDetails);
+		return "/oauth/detailsinfo";
+	}
+
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	@RequestMapping("/{clientId}/removeAll")
+	public String removeAllAccessTokens(@PathVariable("clientId") String clientId) {
+
+		Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByClientId(clientId);
+		for (OAuthAccessToken token : tokens) {
+			tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(token.getTokenId()));
+		}
+
+		return "redirect:/management/" + clientId;
+	}
+
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	@RequestMapping("/{clientId}/{tokenId}/remove")
+	public String removeAccessTokens(@PathVariable("tokenId") String tokenId, @PathVariable("clientId") String clientId) {
+
+		tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(tokenId));
+		return "redirect:/management/" + clientId;
+	}
+
+	@RequestMapping("/user/{uuid}/tokens")
+	@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
+	public String getIssuedTokens(@PathVariable("uuid") String uuid, Model model) {
+		Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByUserName(uuid);
+		model.addAttribute("tokens", tokens);
+		return "/oauth/tokenslist";
+	}
+
+	@RequestMapping("/user/{uuid}/{tokenId}/remove")
+	@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
+	public String removeUsersAccessToken(@PathVariable("tokenId") String tokenId, @PathVariable("uuid") String uuid) {
+		tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(tokenId));
+		return "redirect:/management/user/" + uuid + "/tokens";
+	}
 }
--- a/src/main/resources/spring/spring-db.xml
+++ b/src/main/resources/spring/spring-db.xml
@@ -54,7 +54,6 @@
 				<prop key="hibernate.hbm2ddl.auto">${db.hbm2ddl}</prop>
 				<prop key="hibernate.search.default.indexBase">${lucene.indexDir}</prop>
 				<prop key="hibernate.search.default.exclusive_index_use">false</prop>
-                <prop key="hibernate.dialect">org.hibernate.dialect.MySQL5Dialect</prop>
 			</props>
 		</property>
 		<property name="packagesToScan">

--- a/src/main/resources/spring/spring-security.xml
+++ b/src/main/resources/spring/spring-security.xml
@@ -61,8 +61,4 @@
 		<sec:expression-handler ref="webExpressionHandler"/>
 	</sec:http>

-    <bean name="jdbcTokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
-        <constructor-arg ref="dataSource"/>
-    </bean>
-
 </beans>
\ No newline at end of file
--- a/src/main/resources/spring/spring.properties
+++ b/src/main/resources/spring/spring.properties
@@ -16,12 +16,12 @@

 base.url=http://localhost:8080

-db.url=jdbc:mysql://localhost/genesys2?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
+db.url=jdbc:mysql://localhost/genesys4?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
 db.driverClassName = com.mysql.jdbc.Driver
 db.username = root
-db.password = 1
-db.showSql=false
-db.hbm2ddl=update
+db.password = 
+db.showSql=true
+db.hbm2ddl=do-nothing

 c3p0.acquireIncrement=1
 c3p0.minPoolSize=1

--- a/src/main/webapp/WEB-INF/jsp/oauth/detailsinfo.jsp
+++ b/src/main/webapp/WEB-INF/jsp/oauth/detailsinfo.jsp
@@ -23,12 +23,13 @@
        <div class="form-group">
            <label class="col-lg-2 control-label"><spring:message code="clinet.details.token.list"/></label>

-            <div class="col-lg-5">
+            <div class="col-lg-10">
                <table class="accessions">
                    <tbody>
                    <c:forEach items="${accessTokens}" var="accessToken">
-                        <tr>
+                        <tr class="${accessToken.accessToken.expired ? 'expired' : ''}">
                            <td>${accessToken.userName}</td>
+                            <td><c:out value="${jspHelper.userByUuid(accessToken.userName).email}"/></td>
                            <td>
                                <a href="<c:url value="/management/${clientDetails.clientId}/${accessToken.tokenId}/remove"/> "><spring:message
                                        code="oauth-client.remove"/></a>

--- a/src/main/webapp/WEB-INF/jsp/oauth/tokenslist.jsp
+++ b/src/main/webapp/WEB-INF/jsp/oauth/tokenslist.jsp
@@ -25,7 +25,7 @@
    <tbody>

    <c:forEach items="${tokens}" var="token">
-        <tr>
+        <tr class="${token.accessToken.expired ? 'expired' : ''}">
            <td>
                <a href="<c:url value="/management/${token.clientId}"/> ">${token.clientId}</a>
            </td>
@@ -33,9 +33,10 @@
                <fmt:formatDate value="${token.createdDate}" pattern="MM-dd-yyyy hh:mm:ss"/>
            </td>
            <td>
-                <fmt:formatDate value="${token.tokenExpiration}" pattern="MM-dd-yyyy hh:mm:ss"/>
+                <fmt:formatDate value="${token.accessToken.expiration}" pattern="MM-dd-yyyy hh:mm:ss"/>
            </td>
            <td>
+            	<!-- FIXME Use POST -->
                <a href="<c:url value="/management/user/${token.userName}/${token.tokenId}/remove"/>"><spring:message
                        code="oauth-client.remove"/></a>
            </td>

--- a/src/main/webapp/WEB-INF/jsp/user/profile.jsp
+++ b/src/main/webapp/WEB-INF/jsp/user/profile.jsp
@@ -59,7 +59,7 @@
                    <a href="<c:url value="/management/allTokens" />" class="btn btn-default"> <spring:message code="oauth-client.list" /></a>
                </security:authorize>
                <security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.user.id == #user.id)">
-                    <a href="<c:url value="/management/user/${user.email}/tokens" />" class="btn btn-default"><spring:message code="oauth-client.issued.tokens" /></a>
+                    <a href="<c:url value="/management/user/${user.uuid}/tokens" />" class="btn btn-default"><spring:message code="oauth-client.issued.tokens" /></a>
                </security:authorize>
                <security:authorize access="(not hasRole('VALIDATEDUSER') && principal.user.id == #user.id)">
                    <a href="<c:url value="/profile/${user.uuid}/send"/>"  class="btn btn-default"/>Send validation email</a>

--- a/src/main/webapp/html/css/custom.css
+++ b/src/main/webapp/html/css/custom.css
@@ -1234,7 +1234,7 @@ ul.funny-list {
 	background-position:center right;
 }

-table.accessions tr.not-available > td {
+table.accessions tr.not-available > td, table tr.expired > td {
 	text-decoration: line-through;
 	opacity:0.5;	
 }