Merge remote-tracking branch 'origin/issue/iam-579' into v1.3.6
Enrico Vianello
commit
1329edd6ae
|
|
@ -67,7 +67,7 @@ import com.nimbusds.jwt.JWT;
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH, query = "select a from OAuth2AccessTokenEntity a where a.tokenValueHash = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
|
||||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME),
|
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME),
|
||||||
|
|
@ -78,7 +78,7 @@ import com.nimbusds.jwt.JWT;
|
||||||
public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
||||||
|
|
||||||
public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
|
public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
|
||||||
public static final String QUERY_BY_TOKEN_VALUE = "OAuth2AccessTokenEntity.getByTokenValue";
|
public static final String QUERY_BY_TOKEN_VALUE_HASH = "OAuth2AccessTokenEntity.getByTokenValue";
|
||||||
public static final String QUERY_BY_CLIENT = "OAuth2AccessTokenEntity.getByClient";
|
public static final String QUERY_BY_CLIENT = "OAuth2AccessTokenEntity.getByClient";
|
||||||
public static final String QUERY_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.getByRefreshToken";
|
public static final String QUERY_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.getByRefreshToken";
|
||||||
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
|
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
|
||||||
|
|
@ -87,7 +87,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
||||||
public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
|
public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
|
||||||
public static final String DELETE_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.deleteByRefreshToken";
|
public static final String DELETE_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.deleteByRefreshToken";
|
||||||
|
|
||||||
public static final String PARAM_TOKEN_VALUE = "tokenValue";
|
public static final String PARAM_TOKEN_VALUE_HASH = "tokenValueHash";
|
||||||
public static final String PARAM_CLIENT = "client";
|
public static final String PARAM_CLIENT = "client";
|
||||||
public static final String PARAM_REFRESH_TOKEN = "refreshToken";
|
public static final String PARAM_REFRESH_TOKEN = "refreshToken";
|
||||||
public static final String PARAM_DATE = "date";
|
public static final String PARAM_DATE = "date";
|
||||||
|
|
@ -105,6 +105,8 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
||||||
|
|
||||||
private JWT jwtValue; // JWT-encoded access token value
|
private JWT jwtValue; // JWT-encoded access token value
|
||||||
|
|
||||||
|
private String tokenValueHash; // hash of access token value
|
||||||
|
|
||||||
private Date expiration;
|
private Date expiration;
|
||||||
|
|
||||||
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
|
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
|
||||||
|
|
@ -274,6 +276,19 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
||||||
this.jwtValue = jwt;
|
this.jwtValue = jwt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the tokenValueHash
|
||||||
|
*/
|
||||||
|
@Basic
|
||||||
|
@Column(name="token_value_hash")
|
||||||
|
public String getTokenValueHash() {
|
||||||
|
return tokenValueHash;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTokenValueHash(String hash) {
|
||||||
|
this.tokenValueHash = hash;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transient
|
@Transient
|
||||||
public int getExpiresIn() {
|
public int getExpiresIn() {
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,9 @@
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
package org.mitre.oauth2.repository.impl;
|
package org.mitre.oauth2.repository.impl;
|
||||||
|
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.text.ParseException;
|
import java.text.ParseException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
@ -44,6 +47,7 @@ import org.mitre.uma.model.ResourceSet;
|
||||||
import org.mitre.util.jpa.JpaUtil;
|
import org.mitre.util.jpa.JpaUtil;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.security.crypto.codec.Hex;
|
||||||
import org.springframework.stereotype.Repository;
|
import org.springframework.stereotype.Repository;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
|
|
||||||
|
|
@ -55,32 +59,47 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
|
|
||||||
private static final int MAXEXPIREDRESULTS = 1000;
|
private static final int MAXEXPIREDRESULTS = 1000;
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(JpaOAuth2TokenRepository.class);
|
private static final Logger logger =
|
||||||
|
LoggerFactory.getLogger(JpaOAuth2TokenRepository.class);
|
||||||
|
|
||||||
@PersistenceContext(unitName="defaultPersistenceUnit")
|
@PersistenceContext(unitName = "defaultPersistenceUnit")
|
||||||
private EntityManager manager;
|
private EntityManager manager;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2AccessTokenEntity> getAllAccessTokens() {
|
public Set<OAuth2AccessTokenEntity> getAllAccessTokens() {
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_ALL, OAuth2AccessTokenEntity.class);
|
TypedQuery<OAuth2AccessTokenEntity> query =
|
||||||
|
manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_ALL,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
return new LinkedHashSet<>(query.getResultList());
|
return new LinkedHashSet<>(query.getResultList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
|
public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_ALL, OAuth2RefreshTokenEntity.class);
|
TypedQuery<OAuth2RefreshTokenEntity> query =
|
||||||
|
manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_ALL,
|
||||||
|
OAuth2RefreshTokenEntity.class);
|
||||||
return new LinkedHashSet<>(query.getResultList());
|
return new LinkedHashSet<>(query.getResultList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
|
public OAuth2AccessTokenEntity getAccessTokenByValue(
|
||||||
|
String accessTokenValue) {
|
||||||
|
MessageDigest md;
|
||||||
try {
|
try {
|
||||||
JWT jwt = JWTParser.parse(accessTokenValue);
|
md = MessageDigest.getInstance("SHA-256");
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2AccessTokenEntity.class);
|
byte[] hash = md
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE, jwt);
|
.digest(accessTokenValue.getBytes(StandardCharsets.UTF_8));
|
||||||
|
String atHash = new String(Hex.encode(hash));
|
||||||
|
TypedQuery<OAuth2AccessTokenEntity> query =
|
||||||
|
manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
|
||||||
|
atHash);
|
||||||
return JpaUtil.getSingleResult(query.getResultList());
|
return JpaUtil.getSingleResult(query.getResultList());
|
||||||
} catch (ParseException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
e.printStackTrace();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -91,35 +110,44 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token) {
|
public OAuth2AccessTokenEntity saveAccessToken(
|
||||||
|
OAuth2AccessTokenEntity token) {
|
||||||
return JpaUtil.saveOrUpdate(token.getId(), manager, token);
|
return JpaUtil.saveOrUpdate(token.getId(), manager, token);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void removeAccessToken(OAuth2AccessTokenEntity accessToken) {
|
public void removeAccessToken(OAuth2AccessTokenEntity accessToken) {
|
||||||
OAuth2AccessTokenEntity found = getAccessTokenById(accessToken.getId());
|
OAuth2AccessTokenEntity found = getAccessTokenById(accessToken.getId());
|
||||||
if (found != null) {
|
if (found != null) {
|
||||||
manager.remove(found);
|
manager.remove(found);
|
||||||
} else {
|
} else {
|
||||||
throw new IllegalArgumentException("Access token not found: " + accessToken);
|
throw new IllegalArgumentException(
|
||||||
|
"Access token not found: " + accessToken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
public void clearAccessTokensForRefreshToken(
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.DELETE_BY_REFRESH_TOKEN, OAuth2AccessTokenEntity.class);
|
OAuth2RefreshTokenEntity refreshToken) {
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN, refreshToken);
|
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.DELETE_BY_REFRESH_TOKEN,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN,
|
||||||
|
refreshToken);
|
||||||
query.executeUpdate();
|
query.executeUpdate();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue) {
|
public OAuth2RefreshTokenEntity getRefreshTokenByValue(
|
||||||
|
String refreshTokenValue) {
|
||||||
try {
|
try {
|
||||||
JWT jwt = JWTParser.parse(refreshTokenValue);
|
JWT jwt = JWTParser.parse(refreshTokenValue);
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2RefreshTokenEntity.class);
|
TypedQuery<OAuth2RefreshTokenEntity> query = manager
|
||||||
|
.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE,
|
||||||
|
OAuth2RefreshTokenEntity.class);
|
||||||
query.setParameter(OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE, jwt);
|
query.setParameter(OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE, jwt);
|
||||||
return JpaUtil.getSingleResult(query.getResultList());
|
return JpaUtil.getSingleResult(query.getResultList());
|
||||||
} catch (ParseException e) {
|
} catch (ParseException e) {
|
||||||
|
|
@ -133,32 +161,40 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
public OAuth2RefreshTokenEntity saveRefreshToken(
|
||||||
return JpaUtil.saveOrUpdate(refreshToken.getId(), manager, refreshToken);
|
OAuth2RefreshTokenEntity refreshToken) {
|
||||||
|
return JpaUtil.saveOrUpdate(refreshToken.getId(), manager,
|
||||||
|
refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
||||||
OAuth2RefreshTokenEntity found = getRefreshTokenById(refreshToken.getId());
|
OAuth2RefreshTokenEntity found =
|
||||||
|
getRefreshTokenById(refreshToken.getId());
|
||||||
if (found != null) {
|
if (found != null) {
|
||||||
manager.remove(found);
|
manager.remove(found);
|
||||||
} else {
|
} else {
|
||||||
throw new IllegalArgumentException("Refresh token not found: " + refreshToken);
|
throw new IllegalArgumentException(
|
||||||
|
"Refresh token not found: " + refreshToken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void clearTokensForClient(ClientDetailsEntity client) {
|
public void clearTokensForClient(ClientDetailsEntity client) {
|
||||||
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class);
|
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_BY_CLIENT,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
|
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
|
||||||
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
||||||
for (OAuth2AccessTokenEntity accessToken : accessTokens) {
|
for (OAuth2AccessTokenEntity accessToken : accessTokens) {
|
||||||
removeAccessToken(accessToken);
|
removeAccessToken(accessToken);
|
||||||
}
|
}
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class);
|
TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery(
|
||||||
|
OAuth2RefreshTokenEntity.QUERY_BY_CLIENT,
|
||||||
|
OAuth2RefreshTokenEntity.class);
|
||||||
queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
|
queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
|
||||||
List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
|
List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
|
||||||
for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) {
|
for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) {
|
||||||
|
|
@ -167,85 +203,112 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client) {
|
public List<OAuth2AccessTokenEntity> getAccessTokensForClient(
|
||||||
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class);
|
ClientDetailsEntity client) {
|
||||||
|
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_BY_CLIENT,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
|
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client);
|
||||||
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
||||||
return accessTokens;
|
return accessTokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client) {
|
public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class);
|
ClientDetailsEntity client) {
|
||||||
|
TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery(
|
||||||
|
OAuth2RefreshTokenEntity.QUERY_BY_CLIENT,
|
||||||
|
OAuth2RefreshTokenEntity.class);
|
||||||
queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
|
queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client);
|
||||||
List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
|
List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
|
||||||
return refreshTokens;
|
return refreshTokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name) {
|
public Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name) {
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_NAME, OAuth2AccessTokenEntity.class);
|
TypedQuery<OAuth2AccessTokenEntity> query =
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_NAME, name);
|
manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_NAME,
|
||||||
List<OAuth2AccessTokenEntity> results = query.getResultList();
|
OAuth2AccessTokenEntity.class);
|
||||||
return results != null ? new HashSet<>(results) : new HashSet<>();
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_NAME, name);
|
||||||
|
List<OAuth2AccessTokenEntity> results = query.getResultList();
|
||||||
|
return results != null ? new HashSet<>(results) : new HashSet<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(String name) {
|
public Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_NAME, OAuth2RefreshTokenEntity.class);
|
String name) {
|
||||||
query.setParameter(OAuth2RefreshTokenEntity.PARAM_NAME, name);
|
TypedQuery<OAuth2RefreshTokenEntity> query =
|
||||||
List<OAuth2RefreshTokenEntity> results = query.getResultList();
|
manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_NAME,
|
||||||
return results != null ? new HashSet<>(results) : new HashSet<>();
|
OAuth2RefreshTokenEntity.class);
|
||||||
|
query.setParameter(OAuth2RefreshTokenEntity.PARAM_NAME, name);
|
||||||
|
List<OAuth2RefreshTokenEntity> results = query.getResultList();
|
||||||
|
return results != null ? new HashSet<>(results) : new HashSet<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
|
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
|
||||||
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
|
DefaultPageCriteria pageCriteria =
|
||||||
|
new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
|
||||||
return getAllExpiredAccessTokens(pageCriteria);
|
return getAllExpiredAccessTokens(pageCriteria);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria) {
|
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
|
PageCriteria pageCriteria) {
|
||||||
|
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
|
||||||
return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
|
return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
|
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
|
||||||
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
|
DefaultPageCriteria pageCriteria =
|
||||||
|
new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
|
||||||
return getAllExpiredRefreshTokens(pageCriteria);
|
return getAllExpiredRefreshTokens(pageCriteria);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria) {
|
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(
|
||||||
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class);
|
PageCriteria pageCriteria) {
|
||||||
|
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(
|
||||||
|
OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE,
|
||||||
|
OAuth2RefreshTokenEntity.class);
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
|
||||||
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
|
return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs) {
|
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(
|
||||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class);
|
ResourceSet rs) {
|
||||||
query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId());
|
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
|
query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID,
|
||||||
|
rs.getId());
|
||||||
return new LinkedHashSet<>(query.getResultList());
|
return new LinkedHashSet<>(query.getResultList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void clearDuplicateAccessTokens() {
|
public void clearDuplicateAccessTokens() {
|
||||||
Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
|
Query query = manager.createQuery(
|
||||||
|
"select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
List<Object[]> resultList = query.getResultList();
|
List<Object[]> resultList = query.getResultList();
|
||||||
List<JWT> values = new ArrayList<>();
|
List<JWT> values = new ArrayList<>();
|
||||||
for (Object[] r : resultList) {
|
for (Object[] r : resultList) {
|
||||||
logger.warn("Found duplicate access tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]);
|
logger.warn("Found duplicate access tokens: {}, {}",
|
||||||
|
((JWT) r[0]).serialize(), r[1]);
|
||||||
values.add((JWT) r[0]);
|
values.add((JWT) r[0]);
|
||||||
}
|
}
|
||||||
if (values.size() > 0) {
|
if (values.size() > 0) {
|
||||||
CriteriaBuilder cb = manager.getCriteriaBuilder();
|
CriteriaBuilder cb = manager.getCriteriaBuilder();
|
||||||
CriteriaDelete<OAuth2AccessTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2AccessTokenEntity.class);
|
CriteriaDelete<OAuth2AccessTokenEntity> criteriaDelete =
|
||||||
Root<OAuth2AccessTokenEntity> root = criteriaDelete.from(OAuth2AccessTokenEntity.class);
|
cb.createCriteriaDelete(OAuth2AccessTokenEntity.class);
|
||||||
|
Root<OAuth2AccessTokenEntity> root =
|
||||||
|
criteriaDelete.from(OAuth2AccessTokenEntity.class);
|
||||||
criteriaDelete.where(root.get("jwt").in(values));
|
criteriaDelete.where(root.get("jwt").in(values));
|
||||||
int result = manager.createQuery(criteriaDelete).executeUpdate();
|
int result = manager.createQuery(criteriaDelete).executeUpdate();
|
||||||
logger.warn("Deleted {} duplicate access tokens", result);
|
logger.warn("Deleted {} duplicate access tokens", result);
|
||||||
|
|
@ -253,20 +316,24 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(value="defaultTransactionManager")
|
@Transactional(value = "defaultTransactionManager")
|
||||||
public void clearDuplicateRefreshTokens() {
|
public void clearDuplicateRefreshTokens() {
|
||||||
Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
|
Query query = manager.createQuery(
|
||||||
|
"select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING count(1) > 1");
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
List<Object[]> resultList = query.getResultList();
|
List<Object[]> resultList = query.getResultList();
|
||||||
List<JWT> values = new ArrayList<>();
|
List<JWT> values = new ArrayList<>();
|
||||||
for (Object[] r : resultList) {
|
for (Object[] r : resultList) {
|
||||||
logger.warn("Found duplicate refresh tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]);
|
logger.warn("Found duplicate refresh tokens: {}, {}",
|
||||||
|
((JWT) r[0]).serialize(), r[1]);
|
||||||
values.add((JWT) r[0]);
|
values.add((JWT) r[0]);
|
||||||
}
|
}
|
||||||
if (values.size() > 0) {
|
if (values.size() > 0) {
|
||||||
CriteriaBuilder cb = manager.getCriteriaBuilder();
|
CriteriaBuilder cb = manager.getCriteriaBuilder();
|
||||||
CriteriaDelete<OAuth2RefreshTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class);
|
CriteriaDelete<OAuth2RefreshTokenEntity> criteriaDelete =
|
||||||
Root<OAuth2RefreshTokenEntity> root = criteriaDelete.from(OAuth2RefreshTokenEntity.class);
|
cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class);
|
||||||
|
Root<OAuth2RefreshTokenEntity> root =
|
||||||
|
criteriaDelete.from(OAuth2RefreshTokenEntity.class);
|
||||||
criteriaDelete.where(root.get("jwt").in(values));
|
criteriaDelete.where(root.get("jwt").in(values));
|
||||||
int result = manager.createQuery(criteriaDelete).executeUpdate();
|
int result = manager.createQuery(criteriaDelete).executeUpdate();
|
||||||
logger.warn("Deleted {} duplicate refresh tokens", result);
|
logger.warn("Deleted {} duplicate refresh tokens", result);
|
||||||
|
|
@ -275,9 +342,13 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite) {
|
public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(
|
||||||
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, OAuth2AccessTokenEntity.class);
|
ApprovedSite approvedSite) {
|
||||||
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_APPROVED_SITE, approvedSite);
|
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(
|
||||||
|
OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE,
|
||||||
|
OAuth2AccessTokenEntity.class);
|
||||||
|
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_APPROVED_SITE,
|
||||||
|
approvedSite);
|
||||||
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
||||||
return accessTokens;
|
return accessTokens;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue