oauth2 models creation via factory

Implement factory pattern for oauth2 models instantiation, and use
models interface in components - service, repository, etc

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java

@@ -44,8 +44,8 @@ import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricCacheService.java

@@ -22,7 +22,6 @@ import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 
-import com.nimbusds.jose.Algorithm;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.slf4j.Logger;
@@ -36,8 +35,8 @@ import com.google.common.cache.LoadingCache;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.util.Base64URL;
 
 /**

openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java

@@ -14,19 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  ******************************************************************************/
-package org.mitre.oauth2.model;
 
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Lob;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.Table;
+package org.mitre.oauth2.model;
 
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 
@@ -36,85 +25,36 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
  * @author aanganes
  *
  */
-@Entity
-@Table(name = "authorization_code")
-@NamedQueries({
-	@NamedQuery(name = "AuthorizationCodeEntity.getByValue", query = "select a from AuthorizationCodeEntity a where a.code = :code")
-})
-public class AuthorizationCodeEntity {
-
-	private Long id;
-
-	private String code;
-
-	private OAuth2Authentication authentication;
-
-	/**
-	 * Default constructor.
-	 */
-	public AuthorizationCodeEntity() {
-
-	}
-
-	/**
-	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
-	 * 
-	 * @param code 			the authorization code
-	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
-	 */
-	public AuthorizationCodeEntity(String code, OAuth2Authentication authRequest) {
-		this.code = code;
-		this.authentication = authRequest;
-	}
+public interface AuthorizationCodeEntity {
 
 	/**
 	 * @return the id
 	 */
-	@Id
-	@GeneratedValue(strategy = GenerationType.IDENTITY)
-	@Column(name = "id")
-	public Long getId() {
-		return id;
-	}
+	Long getId();
 
 	/**
 	 * @param id the id to set
 	 */
-	public void setId(Long id) {
-		this.id = id;
-	}
+	void setId(Long id);
 
 	/**
 	 * @return the code
 	 */
-	@Basic
-	@Column(name = "code")
-	public String getCode() {
-		return code;
-	}
+	String getCode();
 
 	/**
 	 * @param code the code to set
 	 */
-	public void setCode(String code) {
-		this.code = code;
-	}
+	void setCode(String code);
 
 	/**
 	 * @return the authentication
 	 */
-	@Lob
-	@Basic(fetch=FetchType.EAGER)
-	@Column(name="authentication")
-	public OAuth2Authentication getAuthentication() {
-		return authentication;
-	}
+	OAuth2Authentication getAuthentication();
 
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthentication(OAuth2Authentication authentication) {
-		this.authentication = authentication;
-	}
+	void setAuthentication(OAuth2Authentication authentication);
 
 }

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthenticationHolderEntity.java

@@ -14,7 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  ******************************************************************************/
-package org.mitre.oauth2.model;
+
+package org.mitre.oauth2.model.impl;
 
 import javax.persistence.Basic;
 import javax.persistence.Column;
@@ -28,15 +29,20 @@ import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 
+import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 
+/**
+ * @author jricher
+ *
+ */
 @Entity
 @Table(name = "authentication_holder")
 @NamedQueries ({
-	@NamedQuery(name = "AuthenticationHolderEntity.getByAuthentication", query = "select a from AuthenticationHolderEntity a where a.authentication = :authentication"),
-	@NamedQuery(name = "AuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)")
+	@NamedQuery(name = "DefaultAuthenticationHolderEntity.getByAuthentication", query = "select a from DefaultAuthenticationHolderEntity a where a.authentication = :authentication"),
+	@NamedQuery(name = "DefaultAuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from DefaultAuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from DefaultOAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from DefaultOAuth2RefreshTokenEntity r)")
 })
-public class AuthenticationHolderEntity {
+public class DefaultAuthenticationHolderEntity implements AuthenticationHolderEntity {
 
 	private Long id;
 
@@ -44,7 +50,7 @@ public class AuthenticationHolderEntity {
 
 	private OAuth2Authentication authentication;
 
-	public AuthenticationHolderEntity() {
+	DefaultAuthenticationHolderEntity() {
 
 	}
 
@@ -79,7 +85,5 @@ public class AuthenticationHolderEntity {
 	public void setAuthentication(OAuth2Authentication authentication) {
 		this.authentication = authentication;
 	}
-
-
-
+	
 }

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthorizationCodeEntity.java

@@ -0,0 +1,124 @@
+/*******************************************************************************
+ * Copyright 2014 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+
+package org.mitre.oauth2.model.impl;
+
+import javax.persistence.Basic;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Lob;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+
+/**
+ * Entity class for authorization codes
+ * 
+ * @author aanganes
+ *
+ */
+@Entity
+@Table(name = "authorization_code")
+@NamedQueries({
+	@NamedQuery(name = "DefaultAuthorizationCodeEntity.getByValue", query = "select a from DefaultAuthorizationCodeEntity a where a.code = :code")
+})
+public class DefaultAuthorizationCodeEntity implements AuthorizationCodeEntity {
+
+	private Long id;
+
+	private String code;
+
+	private OAuth2Authentication authentication;
+
+	/**
+	 * Default constructor.
+	 */
+	DefaultAuthorizationCodeEntity() {
+
+	}
+
+	/**
+	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
+	 * 
+	 * @param code 			the authorization code
+	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
+	 */
+	/*
+	public DefaultAuthorizationCodeEntity(String code, OAuth2Authentication authRequest) {
+		this.code = code;
+		this.authentication = authRequest;
+	}
+	*/
+	
+	/**
+	 * @return the id
+	 */
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	@Column(name = "id")
+	public Long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id the id to set
+	 */
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	/**
+	 * @return the code
+	 */
+	@Basic
+	@Column(name = "code")
+	public String getCode() {
+		return code;
+	}
+
+	/**
+	 * @param code the code to set
+	 */
+	public void setCode(String code) {
+		this.code = code;
+	}
+
+	/**
+	 * @return the authentication
+	 */
+	@Lob
+	@Basic(fetch=FetchType.EAGER)
+	@Column(name="authentication")
+	public OAuth2Authentication getAuthentication() {
+		return authentication;
+	}
+
+	/**
+	 * @param authentication the authentication to set
+	 */
+	public void setAuthentication(OAuth2Authentication authentication) {
+		this.authentication = authentication;
+	}
+
+}

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2AccessTokenEntity.java

@@ -14,10 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  ******************************************************************************/
-/**
- * 
- */
-package org.mitre.oauth2.model;
+
+package org.mitre.oauth2.model.impl;
 
 import java.text.ParseException;
 import java.util.Date;
@@ -44,6 +42,10 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
+import org.mitre.oauth2.model.AuthenticationHolderEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 
@@ -57,42 +59,40 @@ import com.nimbusds.jwt.JWTParser;
 @Entity
 @Table(name = "access_token")
 @NamedQueries({
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getAll", query = "select a from OAuth2AccessTokenEntity a"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getAllExpiredByDate", query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :date"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByIdToken", query = "select a from OAuth2AccessTokenEntity a where a.idToken = :idToken"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByTokenValue", query = "select a from OAuth2AccessTokenEntity a where a.value = :tokenValue")
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getAll", query = "select a from DefaultOAuth2AccessTokenEntity a"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getAllExpiredByDate", query = "select a from DefaultOAuth2AccessTokenEntity a where a.expiration <= :date"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByRefreshToken", query = "select a from DefaultOAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByClient", query = "select a from DefaultOAuth2AccessTokenEntity a where a.client = :client"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByAuthentication", query = "select a from DefaultOAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByIdToken", query = "select a from DefaultOAuth2AccessTokenEntity a where a.idToken = :idToken"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByTokenValue", query = "select a from DefaultOAuth2AccessTokenEntity a where a.value = :tokenValue")
 })
-//@JsonSerialize(using = OAuth2AccessTokenSerializer.class)
-//@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class)
-public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
+public class DefaultOAuth2AccessTokenEntity implements OAuth2AccessTokenEntity {
 
 	public static String ID_TOKEN_FIELD_NAME = "id_token";
 
 	private Long id;
 
-	private ClientDetailsEntity client;
+	private DefaultClientDetailsEntity client;
 
-	private AuthenticationHolderEntity authenticationHolder; // the authentication that made this access
+	private DefaultAuthenticationHolderEntity authenticationHolder; // the authentication that made this access
 
 	private JWT jwtValue; // JWT-encoded access token value
 
-	private OAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
+	private DefaultOAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
 
 	private Date expiration;
 
 	private String tokenType = OAuth2AccessToken.BEARER_TYPE;
 
-	private OAuth2RefreshTokenEntity refreshToken;
+	private DefaultOAuth2RefreshTokenEntity refreshToken;
 
 	private Set<String> scope;
 
 	/**
 	 * Create a new, blank access token
 	 */
-	public OAuth2AccessTokenEntity() {
+	DefaultOAuth2AccessTokenEntity() {
 
 	}
 
@@ -132,33 +132,49 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 */
 	@ManyToOne
 	@JoinColumn(name = "auth_holder_id")
-	public AuthenticationHolderEntity getAuthenticationHolder() {
+	public DefaultAuthenticationHolderEntity getAuthenticationHolder() {
 		return authenticationHolder;
 	}
 
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+	public void setAuthenticationHolder(DefaultAuthenticationHolderEntity authenticationHolder) {
 		this.authenticationHolder = authenticationHolder;
 	}
-
+	
+	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+		if (!(authenticationHolder instanceof DefaultAuthenticationHolderEntity)) {
+			throw new IllegalArgumentException("Not a storable authentication holder entity!");
+		}
+		// force a pass through to the entity version
+		setAuthenticationHolder((DefaultAuthenticationHolderEntity)authenticationHolder);
+	}
+	
 	/**
 	 * @return the client
 	 */
 	@ManyToOne
 	@JoinColumn(name = "client_id")
-	public ClientDetailsEntity getClient() {
+	public DefaultClientDetailsEntity getClient() {
 		return client;
 	}
-
+	
 	/**
 	 * @param client the client to set
 	 */
-	public void setClient(ClientDetailsEntity client) {
+	public void setClient(DefaultClientDetailsEntity client) {
 		this.client = client;
 	}
-
+	
+	public void setClient(ClientDetailsEntity client) {
+		if (!(client instanceof DefaultClientDetailsEntity)) {
+			throw new IllegalArgumentException("Not a storable client details entity!");
+		}
+		// force a pass through to the entity version
+		setClient((DefaultClientDetailsEntity)client);
+	}
+	
 	/**
 	 * Get the string-encoded value of this access token.
 	 */
@@ -205,20 +221,28 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	@Override
 	@ManyToOne
 	@JoinColumn(name="refresh_token_id")
-	public OAuth2RefreshTokenEntity getRefreshToken() {
+	public DefaultOAuth2RefreshTokenEntity getRefreshToken() {
 		return refreshToken;
 	}
-
-	public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
+	
+	public void setRefreshToken(DefaultOAuth2RefreshTokenEntity refreshToken) {
 		this.refreshToken = refreshToken;
 	}
-
-	public void setRefreshToken(OAuth2RefreshToken refreshToken) {
-		if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
+	
+	public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
+		if (!(refreshToken instanceof DefaultOAuth2RefreshTokenEntity)) {
 			throw new IllegalArgumentException("Not a storable refresh token entity!");
 		}
 		// force a pass through to the entity version
-		setRefreshToken((OAuth2RefreshTokenEntity)refreshToken);
+		setRefreshToken((DefaultOAuth2RefreshTokenEntity)refreshToken);
+	}
+	
+	public void setRefreshToken(OAuth2RefreshToken refreshToken) {
+		if (!(refreshToken instanceof DefaultOAuth2RefreshTokenEntity)) {
+			throw new IllegalArgumentException("Not a storable refresh token entity!");
+		}
+		// force a pass through to the entity version
+		setRefreshToken((DefaultOAuth2RefreshTokenEntity)refreshToken);
 	}
 
 	@Override
@@ -246,17 +270,25 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 */
 	@OneToOne(cascade=CascadeType.ALL) // one-to-one mapping for now
 	@JoinColumn(name = "id_token_id")
-	public OAuth2AccessTokenEntity getIdToken() {
+	public DefaultOAuth2AccessTokenEntity getIdToken() {
 		return idToken;
 	}
-
+	
 	/**
 	 * @param idToken the idToken to set
 	 */
-	public void setIdToken(OAuth2AccessTokenEntity idToken) {
+	public void setIdToken(DefaultOAuth2AccessTokenEntity idToken) {
 		this.idToken = idToken;
 	}
-
+	
+	public void setIdToken(OAuth2AccessTokenEntity idToken) {
+		if (!(idToken instanceof DefaultOAuth2AccessTokenEntity)) {
+			throw new IllegalArgumentException("Not a storable access token entity!");
+		}
+		// force a pass through to the entity version
+		setIdToken((DefaultOAuth2AccessTokenEntity)idToken);
+	}
+	
 	/**
 	 * @return the idTokenString
 	 */

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2RefreshTokenEntity.java

@@ -14,10 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  ******************************************************************************/
-/**
- * 
- */
-package org.mitre.oauth2.model;
+
+package org.mitre.oauth2.model.impl;
 
 import java.text.ParseException;
 import java.util.Date;
@@ -37,7 +35,9 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.mitre.oauth2.model.AuthenticationHolderEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
@@ -49,19 +49,19 @@ import com.nimbusds.jwt.JWTParser;
 @Entity
 @Table(name = "refresh_token")
 @NamedQueries({
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getAll", query = "select r from OAuth2RefreshTokenEntity r"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getAllExpiredByDate", query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :date"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByTokenValue", query = "select r from OAuth2RefreshTokenEntity r where r.value = :tokenValue"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByAuthentication", query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication")
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getAll", query = "select r from DefaultOAuth2RefreshTokenEntity r"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getAllExpiredByDate", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.expiration <= :date"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByClient", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.client = :client"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByTokenValue", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.value = :tokenValue"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByAuthentication", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication")
 })
-public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
+public class DefaultOAuth2RefreshTokenEntity implements OAuth2RefreshTokenEntity {
 
 	private Long id;
 
-	private AuthenticationHolderEntity authenticationHolder;
-
-	private ClientDetailsEntity client;
+	private DefaultAuthenticationHolderEntity authenticationHolder;
+	
+	private DefaultClientDetailsEntity client;
 
 	//JWT-encoded representation of this access token entity
 	private JWT jwt;
@@ -72,7 +72,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	/**
 	 * 
 	 */
-	public OAuth2RefreshTokenEntity() {
+	DefaultOAuth2RefreshTokenEntity() {
 
 	}
 
@@ -101,17 +101,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	 */
 	@ManyToOne
 	@JoinColumn(name = "auth_holder_id")
-	public AuthenticationHolderEntity getAuthenticationHolder() {
+	public DefaultAuthenticationHolderEntity getAuthenticationHolder() {
 		return authenticationHolder;
 	}
 
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+	public void setAuthenticationHolder(DefaultAuthenticationHolderEntity authenticationHolder) {
 		this.authenticationHolder = authenticationHolder;
 	}
-
+	
+	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+		if (!(authenticationHolder instanceof DefaultAuthenticationHolderEntity)) {
+			throw new IllegalArgumentException("Not a storable authentication holder entity!");
+		}
+		// force a pass through to the entity version
+		setAuthenticationHolder((DefaultAuthenticationHolderEntity)authenticationHolder);
+	}
+	
 	/**
 	 * Get the JWT-encoded value of this token
 	 */
@@ -160,17 +168,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	 */
 	@ManyToOne(fetch = FetchType.EAGER)
 	@JoinColumn(name = "client_id")
-	public ClientDetailsEntity getClient() {
+	public DefaultClientDetailsEntity getClient() {
 		return client;
 	}
-
+	
 	/**
 	 * @param client the client to set
 	 */
-	public void setClient(ClientDetailsEntity client) {
+	public void setClient(DefaultClientDetailsEntity client) {
 		this.client = client;
 	}
-
+	
+	public void setClient(ClientDetailsEntity client) {
+		if (!(client instanceof DefaultClientDetailsEntity)) {
+			throw new IllegalArgumentException("Not a storable client details entity!");
+		}
+		// force a pass through to the entity version
+		setClient((DefaultClientDetailsEntity)client);
+	}
+	
 	/**
 	 * Get the JWT object directly
 	 * @return the jwt
@@ -186,5 +202,5 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	public void setJwt(JWT jwt) {
 		this.jwt = jwt;
 	}
-
+	
 }

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultRegisteredClient.java

@@ -0,0 +1,912 @@
+/*******************************************************************************
+ * Copyright 2014 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+
+package org.mitre.oauth2.model.impl;
+
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+import org.mitre.jose.JWEAlgorithmEmbed;
+import org.mitre.jose.JWEEncryptionMethodEmbed;
+import org.mitre.jose.JWSAlgorithmEmbed;
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
+import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
+import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.RegisteredClient;
+import org.springframework.security.core.GrantedAuthority;
+
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
+
+/**
+ * @author jricher
+ *
+ */
+public class DefaultRegisteredClient implements RegisteredClient {
+
+	// these fields are needed in addition to the ones in ClientDetailsEntity
+	private String registrationAccessToken;
+	private String registrationClientUri;
+	private Date clientSecretExpiresAt;
+	private Date clientIdIssuedAt;
+	private DefaultClientDetailsEntity client;
+
+	/**
+	 * 
+	 */
+	DefaultRegisteredClient() {
+		this.client = ModelFactory.instance().getClientDetailsInstance();
+	}
+
+	/**
+	 * @param client
+	 */
+	/*
+	public DefaultRegisteredClient(ClientDetailsEntity client) {
+		this.client = client;
+	}
+	*/
+	
+	/**
+	 * @param client
+	 * @param registrationAccessToken
+	 * @param registrationClientUri
+	 */
+	/*
+	public DefaultRegisteredClient(ClientDetailsEntity client, String registrationAccessToken, String registrationClientUri) {
+		this.client = client;
+		this.registrationAccessToken = registrationAccessToken;
+		this.registrationClientUri = registrationClientUri;
+	}
+	*/
+	
+	/**
+	 * @return the client
+	 */
+	public DefaultClientDetailsEntity getClient() {
+		return client;
+	}
+	/**
+	 * @param client the client to set
+	 */
+	public void setClient(DefaultClientDetailsEntity client) {
+		this.client = client;
+	}
+	
+	public void setClient(ClientDetailsEntity client) {
+		if (!(client instanceof DefaultClientDetailsEntity)) {
+			throw new IllegalArgumentException("Not a storable client details entity!");
+		}
+		// force a pass through to the entity version
+		setClient((DefaultClientDetailsEntity)client);
+	}
+	
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientDescription()
+	 */
+	public String getClientDescription() {
+		return client.getClientDescription();
+	}
+	/**
+	 * @param clientDescription
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String)
+	 */
+	public void setClientDescription(String clientDescription) {
+		client.setClientDescription(clientDescription);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowRefresh()
+	 */
+	public boolean isAllowRefresh() {
+		return client.isAllowRefresh();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isReuseRefreshToken()
+	 */
+	public boolean isReuseRefreshToken() {
+		return client.isReuseRefreshToken();
+	}
+	/**
+	 * @param reuseRefreshToken
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setReuseRefreshToken(boolean)
+	 */
+	public void setReuseRefreshToken(boolean reuseRefreshToken) {
+		client.setReuseRefreshToken(reuseRefreshToken);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenValiditySeconds()
+	 */
+	public Integer getIdTokenValiditySeconds() {
+		return client.getIdTokenValiditySeconds();
+	}
+	/**
+	 * @param idTokenValiditySeconds
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenValiditySeconds(java.lang.Integer)
+	 */
+	public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
+		client.setIdTokenValiditySeconds(idTokenValiditySeconds);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isDynamicallyRegistered()
+	 */
+	public boolean isDynamicallyRegistered() {
+		return client.isDynamicallyRegistered();
+	}
+	/**
+	 * @param dynamicallyRegistered
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDynamicallyRegistered(boolean)
+	 */
+	public void setDynamicallyRegistered(boolean dynamicallyRegistered) {
+		client.setDynamicallyRegistered(dynamicallyRegistered);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowIntrospection()
+	 */
+	public boolean isAllowIntrospection() {
+		return client.isAllowIntrospection();
+	}
+	/**
+	 * @param allowIntrospection
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowIntrospection(boolean)
+	 */
+	public void setAllowIntrospection(boolean allowIntrospection) {
+		client.setAllowIntrospection(allowIntrospection);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isSecretRequired()
+	 */
+	public boolean isSecretRequired() {
+		return client.isSecretRequired();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isScoped()
+	 */
+	public boolean isScoped() {
+		return client.isScoped();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId()
+	 */
+	public String getClientId() {
+		return client.getClientId();
+	}
+	/**
+	 * @param clientId
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String)
+	 */
+	public void setClientId(String clientId) {
+		client.setClientId(clientId);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret()
+	 */
+	public String getClientSecret() {
+		return client.getClientSecret();
+	}
+	/**
+	 * @param clientSecret
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientSecret(java.lang.String)
+	 */
+	public void setClientSecret(String clientSecret) {
+		client.setClientSecret(clientSecret);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getScope()
+	 */
+	public Set<String> getScope() {
+		return client.getScope();
+	}
+	/**
+	 * @param scope
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setScope(java.util.Set)
+	 */
+	public void setScope(Set<String> scope) {
+		client.setScope(scope);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getGrantTypes()
+	 */
+	public Set<String> getGrantTypes() {
+		return client.getGrantTypes();
+	}
+	/**
+	 * @param grantTypes
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setGrantTypes(java.util.Set)
+	 */
+	public void setGrantTypes(Set<String> grantTypes) {
+		client.setGrantTypes(grantTypes);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorizedGrantTypes()
+	 */
+	public Set<String> getAuthorizedGrantTypes() {
+		return client.getAuthorizedGrantTypes();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorities()
+	 */
+	public Set<GrantedAuthority> getAuthorities() {
+		return client.getAuthorities();
+	}
+	/**
+	 * @param authorities
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAuthorities(java.util.Set)
+	 */
+	public void setAuthorities(Set<GrantedAuthority> authorities) {
+		client.setAuthorities(authorities);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAccessTokenValiditySeconds()
+	 */
+	public Integer getAccessTokenValiditySeconds() {
+		return client.getAccessTokenValiditySeconds();
+	}
+	/**
+	 * @param accessTokenValiditySeconds
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenValiditySeconds(java.lang.Integer)
+	 */
+	public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
+		client.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRefreshTokenValiditySeconds()
+	 */
+	public Integer getRefreshTokenValiditySeconds() {
+		return client.getRefreshTokenValiditySeconds();
+	}
+	/**
+	 * @param refreshTokenValiditySeconds
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenValiditySeconds(java.lang.Integer)
+	 */
+	public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
+		client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRedirectUris()
+	 */
+	public Set<String> getRedirectUris() {
+		return client.getRedirectUris();
+	}
+	/**
+	 * @param redirectUris
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRedirectUris(java.util.Set)
+	 */
+	public void setRedirectUris(Set<String> redirectUris) {
+		client.setRedirectUris(redirectUris);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRegisteredRedirectUri()
+	 */
+	public Set<String> getRegisteredRedirectUri() {
+		return client.getRegisteredRedirectUri();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getResourceIds()
+	 */
+	public Set<String> getResourceIds() {
+		return client.getResourceIds();
+	}
+	/**
+	 * @param resourceIds
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setResourceIds(java.util.Set)
+	 */
+	public void setResourceIds(Set<String> resourceIds) {
+		client.setResourceIds(resourceIds);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAdditionalInformation()
+	 */
+	public Map<String, Object> getAdditionalInformation() {
+		return client.getAdditionalInformation();
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getApplicationType()
+	 */
+	public AppType getApplicationType() {
+		return client.getApplicationType();
+	}
+	/**
+	 * @param applicationType
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setApplicationType(org.mitre.oauth2.model.ClientDetailsEntity.AppType)
+	 */
+	public void setApplicationType(AppType applicationType) {
+		client.setApplicationType(applicationType);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientName()
+	 */
+	public String getClientName() {
+		return client.getClientName();
+	}
+	/**
+	 * @param clientName
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientName(java.lang.String)
+	 */
+	public void setClientName(String clientName) {
+		client.setClientName(clientName);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthMethod()
+	 */
+	public AuthMethod getTokenEndpointAuthMethod() {
+		return client.getTokenEndpointAuthMethod();
+	}
+	/**
+	 * @param tokenEndpointAuthMethod
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthMethod(org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod)
+	 */
+	public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) {
+		client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getSubjectType()
+	 */
+	public SubjectType getSubjectType() {
+		return client.getSubjectType();
+	}
+	/**
+	 * @param subjectType
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setSubjectType(org.mitre.oauth2.model.ClientDetailsEntity.SubjectType)
+	 */
+	public void setSubjectType(SubjectType subjectType) {
+		client.setSubjectType(subjectType);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getContacts()
+	 */
+	public Set<String> getContacts() {
+		return client.getContacts();
+	}
+	/**
+	 * @param contacts
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setContacts(java.util.Set)
+	 */
+	public void setContacts(Set<String> contacts) {
+		client.setContacts(contacts);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getLogoUri()
+	 */
+	public String getLogoUri() {
+		return client.getLogoUri();
+	}
+	/**
+	 * @param logoUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setLogoUri(java.lang.String)
+	 */
+	public void setLogoUri(String logoUri) {
+		client.setLogoUri(logoUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPolicyUri()
+	 */
+	public String getPolicyUri() {
+		return client.getPolicyUri();
+	}
+	/**
+	 * @param policyUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPolicyUri(java.lang.String)
+	 */
+	public void setPolicyUri(String policyUri) {
+		client.setPolicyUri(policyUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientUri()
+	 */
+	public String getClientUri() {
+		return client.getClientUri();
+	}
+	/**
+	 * @param clientUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientUri(java.lang.String)
+	 */
+	public void setClientUri(String clientUri) {
+		client.setClientUri(clientUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTosUri()
+	 */
+	public String getTosUri() {
+		return client.getTosUri();
+	}
+	/**
+	 * @param tosUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTosUri(java.lang.String)
+	 */
+	public void setTosUri(String tosUri) {
+		client.setTosUri(tosUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwksUri()
+	 */
+	public String getJwksUri() {
+		return client.getJwksUri();
+	}
+	/**
+	 * @param jwksUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setJwksUri(java.lang.String)
+	 */
+	public void setJwksUri(String jwksUri) {
+		client.setJwksUri(jwksUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getSectorIdentifierUri()
+	 */
+	public String getSectorIdentifierUri() {
+		return client.getSectorIdentifierUri();
+	}
+	/**
+	 * @param sectorIdentifierUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setSectorIdentifierUri(java.lang.String)
+	 */
+	public void setSectorIdentifierUri(String sectorIdentifierUri) {
+		client.setSectorIdentifierUri(sectorIdentifierUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultMaxAge()
+	 */
+	public Integer getDefaultMaxAge() {
+		return client.getDefaultMaxAge();
+	}
+	/**
+	 * @param defaultMaxAge
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultMaxAge(java.lang.Integer)
+	 */
+	public void setDefaultMaxAge(Integer defaultMaxAge) {
+		client.setDefaultMaxAge(defaultMaxAge);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequireAuthTime()
+	 */
+	public Boolean getRequireAuthTime() {
+		return client.getRequireAuthTime();
+	}
+	/**
+	 * @param requireAuthTime
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequireAuthTime(java.lang.Boolean)
+	 */
+	public void setRequireAuthTime(Boolean requireAuthTime) {
+		client.setRequireAuthTime(requireAuthTime);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getResponseTypes()
+	 */
+	public Set<String> getResponseTypes() {
+		return client.getResponseTypes();
+	}
+	/**
+	 * @param responseTypes
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setResponseTypes(java.util.Set)
+	 */
+	public void setResponseTypes(Set<String> responseTypes) {
+		client.setResponseTypes(responseTypes);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultACRvalues()
+	 */
+	public Set<String> getDefaultACRvalues() {
+		return client.getDefaultACRvalues();
+	}
+	/**
+	 * @param defaultACRvalues
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultACRvalues(java.util.Set)
+	 */
+	public void setDefaultACRvalues(Set<String> defaultACRvalues) {
+		client.setDefaultACRvalues(defaultACRvalues);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getInitiateLoginUri()
+	 */
+	public String getInitiateLoginUri() {
+		return client.getInitiateLoginUri();
+	}
+	/**
+	 * @param initiateLoginUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setInitiateLoginUri(java.lang.String)
+	 */
+	public void setInitiateLoginUri(String initiateLoginUri) {
+		client.setInitiateLoginUri(initiateLoginUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUri()
+	 */
+	public String getPostLogoutRedirectUri() {
+		return client.getPostLogoutRedirectUri();
+	}
+	/**
+	 * @param postLogoutRedirectUri
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUri(java.lang.String)
+	 */
+	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
+		client.setPostLogoutRedirectUri(postLogoutRedirectUri);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestUris()
+	 */
+	public Set<String> getRequestUris() {
+		return client.getRequestUris();
+	}
+	/**
+	 * @param requestUris
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestUris(java.util.Set)
+	 */
+	public void setRequestUris(Set<String> requestUris) {
+		client.setRequestUris(requestUris);
+	}
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed()
+	 */
+	public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
+		return client.getRequestObjectSigningAlgEmbed();
+	}
+
+	/**
+	 * @param requestObjectSigningAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
+	 */
+	public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
+		client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed()
+	 */
+	public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
+		return client.getUserInfoSignedResponseAlgEmbed();
+	}
+
+	/**
+	 * @param userInfoSignedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
+	 */
+	public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
+		client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed()
+	 */
+	public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
+		return client.getUserInfoEncryptedResponseAlgEmbed();
+	}
+
+	/**
+	 * @param userInfoEncryptedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
+	 */
+	public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
+		client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed()
+	 */
+	public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
+		return client.getUserInfoEncryptedResponseEncEmbed();
+	}
+
+	/**
+	 * @param userInfoEncryptedResponseEnc
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
+	 */
+	public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
+		client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed()
+	 */
+	public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
+		return client.getIdTokenSignedResponseAlgEmbed();
+	}
+
+	/**
+	 * @param idTokenSignedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
+	 */
+	public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
+		client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed()
+	 */
+	public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
+		return client.getIdTokenEncryptedResponseAlgEmbed();
+	}
+
+	/**
+	 * @param idTokenEncryptedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
+	 */
+	public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
+		client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed()
+	 */
+	public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
+		return client.getIdTokenEncryptedResponseEncEmbed();
+	}
+
+	/**
+	 * @param idTokenEncryptedResponseEnc
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
+	 */
+	public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
+		client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
+	 */
+	public JWSAlgorithm getRequestObjectSigningAlg() {
+		return client.getRequestObjectSigningAlg();
+	}
+
+	/**
+	 * @param requestObjectSigningAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm)
+	 */
+	public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
+		client.setRequestObjectSigningAlg(requestObjectSigningAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg()
+	 */
+	public JWSAlgorithm getUserInfoSignedResponseAlg() {
+		return client.getUserInfoSignedResponseAlg();
+	}
+
+	/**
+	 * @param userInfoSignedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
+	 */
+	public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
+		client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg()
+	 */
+	public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
+		return client.getUserInfoEncryptedResponseAlg();
+	}
+
+	/**
+	 * @param userInfoEncryptedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
+	 */
+	public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
+		client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc()
+	 */
+	public EncryptionMethod getUserInfoEncryptedResponseEnc() {
+		return client.getUserInfoEncryptedResponseEnc();
+	}
+
+	/**
+	 * @param userInfoEncryptedResponseEnc
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
+	 */
+	public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
+		client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg()
+	 */
+	public JWSAlgorithm getIdTokenSignedResponseAlg() {
+		return client.getIdTokenSignedResponseAlg();
+	}
+
+	/**
+	 * @param idTokenSignedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
+	 */
+	public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
+		client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg()
+	 */
+	public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
+		return client.getIdTokenEncryptedResponseAlg();
+	}
+
+	/**
+	 * @param idTokenEncryptedResponseAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
+	 */
+	public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
+		client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc()
+	 */
+	public EncryptionMethod getIdTokenEncryptedResponseEnc() {
+		return client.getIdTokenEncryptedResponseEnc();
+	}
+
+	/**
+	 * @param idTokenEncryptedResponseEnc
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
+	 */
+	public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
+		client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed()
+	 */
+	public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
+		return client.getTokenEndpointAuthSigningAlgEmbed();
+	}
+
+	/**
+	 * @param tokenEndpointAuthSigningAlgEmbed
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
+	 */
+	public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
+		client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
+	 */
+	public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
+		return client.getTokenEndpointAuthSigningAlg();
+	}
+
+	/**
+	 * @param tokenEndpointAuthSigningAlg
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm)
+	 */
+	public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
+		client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg);
+	}
+
+	/**
+	 * @return
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getCreatedAt()
+	 */
+	public Date getCreatedAt() {
+		return client.getCreatedAt();
+	}
+	/**
+	 * @param createdAt
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setCreatedAt(java.util.Date)
+	 */
+	public void setCreatedAt(Date createdAt) {
+		client.setCreatedAt(createdAt);
+	}
+	/**
+	 * @return the registrationAccessToken
+	 */
+	public String getRegistrationAccessToken() {
+		return registrationAccessToken;
+	}
+	/**
+	 * @param registrationAccessToken the registrationAccessToken to set
+	 */
+	public void setRegistrationAccessToken(String registrationAccessToken) {
+		this.registrationAccessToken = registrationAccessToken;
+	}
+	/**
+	 * @return the registrationClientUri
+	 */
+	public String getRegistrationClientUri() {
+		return registrationClientUri;
+	}
+	/**
+	 * @param registrationClientUri the registrationClientUri to set
+	 */
+	public void setRegistrationClientUri(String registrationClientUri) {
+		this.registrationClientUri = registrationClientUri;
+	}
+	/**
+	 * @return the clientSecretExpiresAt
+	 */
+	public Date getClientSecretExpiresAt() {
+		return clientSecretExpiresAt;
+	}
+	/**
+	 * @param clientSecretExpiresAt the clientSecretExpiresAt to set
+	 */
+	public void setClientSecretExpiresAt(Date expiresAt) {
+		this.clientSecretExpiresAt = expiresAt;
+	}
+	/**
+	 * @return the clientIdIssuedAt
+	 */
+	public Date getClientIdIssuedAt() {
+		return clientIdIssuedAt;
+	}
+	/**
+	 * @param clientIdIssuedAt the clientIdIssuedAt to set
+	 */
+	public void setClientIdIssuedAt(Date issuedAt) {
+		this.clientIdIssuedAt = issuedAt;
+	}
+
+
+
+}

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultSystemScope.java

@@ -14,10 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  ******************************************************************************/
-/**
- * 
- */
-package org.mitre.oauth2.model;
+
+package org.mitre.oauth2.model.impl;
 
 import javax.persistence.Basic;
 import javax.persistence.Column;
@@ -30,6 +28,8 @@ import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import javax.persistence.Transient;
 
+import org.mitre.oauth2.model.SystemScope;
+
 /**
  * @author jricher
  *
@@ -37,10 +37,10 @@ import javax.persistence.Transient;
 @Entity
 @Table(name = "system_scope")
 @NamedQueries({
-	@NamedQuery(name = "SystemScope.findAll", query = "select s from SystemScope s ORDER BY s.id"),
-	@NamedQuery(name = "SystemScope.getByValue", query = "select s from SystemScope s WHERE s.value = :value")
+	@NamedQuery(name = "DefaultSystemScope.findAll", query = "select s from DefaultSystemScope s ORDER BY s.id"),
+	@NamedQuery(name = "DefaultSystemScope.getByValue", query = "select s from DefaultSystemScope s WHERE s.value = :value")
 })
-public class SystemScope {
+public class DefaultSystemScope implements SystemScope {
 
 	private Long id;
 	private String value; // scope value
@@ -55,18 +55,20 @@ public class SystemScope {
 	/**
 	 * Make a blank system scope with no value
 	 */
-	public SystemScope() {
-
+	DefaultSystemScope() {
+		
 	}
 
 	/**
 	 * Make a system scope with the given scope value
 	 * @param value
 	 */
-	public SystemScope(String value) {
+	/*
+	public DefaultSystemScope(String value) {
 		this.value = value;
 	}
-
+	*/
+	
 	/**
 	 * @return the id
 	 */
@@ -76,12 +78,14 @@ public class SystemScope {
 	public Long getId() {
 		return id;
 	}
+	
 	/**
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
 		this.id = id;
 	}
+	
 	/**
 	 * @return the value
 	 */
@@ -90,12 +94,14 @@ public class SystemScope {
 	public String getValue() {
 		return value;
 	}
+	
 	/**
 	 * @param value the value to set
 	 */
 	public void setValue(String value) {
 		this.value = value;
 	}
+	
 	/**
 	 * @return the description
 	 */
@@ -104,12 +110,14 @@ public class SystemScope {
 	public String getDescription() {
 		return description;
 	}
+	
 	/**
 	 * @param description the description to set
 	 */
 	public void setDescription(String description) {
 		this.description = description;
 	}
+	
 	/**
 	 * @return the icon
 	 */
@@ -118,12 +126,14 @@ public class SystemScope {
 	public String getIcon() {
 		return icon;
 	}
+	
 	/**
 	 * @param icon the icon to set
 	 */
 	public void setIcon(String icon) {
 		this.icon = icon;
 	}
+	
 	/**
 	 * @return the allowDynReg
 	 */
@@ -132,6 +142,7 @@ public class SystemScope {
 	public boolean isAllowDynReg() {
 		return allowDynReg;
 	}
+	
 	/**
 	 * @param allowDynReg the allowDynReg to set
 	 */
@@ -184,7 +195,6 @@ public class SystemScope {
 		this.structuredParamDescription = d;
 	}
 
-
 	/**
 	 * @return the structuredValue
 	 */
@@ -199,8 +209,7 @@ public class SystemScope {
 	public void setStructuredValue(String structuredValue) {
 		this.structuredValue = structuredValue;
 	}
-
-
+	
 	/* (non-Javadoc)
 	 * @see java.lang.Object#hashCode()
 	 */
@@ -231,10 +240,10 @@ public class SystemScope {
 		if (obj == null) {
 			return false;
 		}
-		if (!(obj instanceof SystemScope)) {
+		if (!(obj instanceof DefaultSystemScope)) {
 			return false;
 		}
-		SystemScope other = (SystemScope) obj;
+		DefaultSystemScope other = (DefaultSystemScope) obj;
 		if (allowDynReg != other.allowDynReg) {
 			return false;
 		}
@@ -294,7 +303,7 @@ public class SystemScope {
 	 */
 	@Override
 	public String toString() {
-		return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
+		return "DefaultSystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
 				+ structuredValue + "]";
 	}
 

openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/ModelFactory.java

@@ -0,0 +1,150 @@
+package org.mitre.oauth2.model.impl;
+
+import org.mitre.oauth2.model.AuthenticationHolderEntity;
+import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.mitre.oauth2.model.RegisteredClient;
+import org.mitre.oauth2.model.SystemScope;
+
+public class ModelFactory {
+	
+	private static ModelFactory factory = new ModelFactory();
+	
+	private Class<? extends AuthenticationHolderEntity> authHolderType = DefaultAuthenticationHolderEntity.class;
+	private Class<? extends AuthorizationCodeEntity> authCodeType = DefaultAuthorizationCodeEntity.class;
+	private Class<? extends ClientDetailsEntity> clientDetailsType = DefaultClientDetailsEntity.class;
+	private Class<? extends OAuth2AccessTokenEntity> accessTokenType = DefaultOAuth2AccessTokenEntity.class;
+	private Class<? extends OAuth2RefreshTokenEntity> refreshTokenType = DefaultOAuth2RefreshTokenEntity.class;
+	private Class<? extends RegisteredClient> regClientType = DefaultRegisteredClient.class;
+	private Class<? extends SystemScope> sysScopeType = DefaultSystemScope.class;
+	
+	private ModelFactory() {
+		
+	}
+	
+	public static ModelFactory instance() {
+		return factory;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public void setClientDetailsType(String type) {
+		try {
+			Class<?> localType = Class.forName(type);
+			setClientDetailsType((Class<? extends ClientDetailsEntity>)localType);
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed while setting class", ex);
+		}
+	}
+	
+	@SuppressWarnings("unchecked")
+	public void setAccessTokenType(String type) {
+		try {
+			Class<?> localType = Class.forName(type);
+			setAccessTokenType((Class<? extends OAuth2AccessTokenEntity>)localType);
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed while setting class", ex);
+		}
+	}
+	
+	@SuppressWarnings("unchecked")
+	public void setRefreshTokenType(String type) {
+		try {
+			Class<?> localType = Class.forName(type);
+			setRefreshTokenType((Class<? extends OAuth2RefreshTokenEntity>)localType);
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed while setting class", ex);
+		}
+	}
+	
+	public void setClientDetailsType(Class<? extends ClientDetailsEntity> type) {
+		this.clientDetailsType = type;
+	}
+	
+	public void setAccessTokenType(Class<? extends OAuth2AccessTokenEntity> type) {
+		this.accessTokenType = type;
+	}
+	
+	public void setRefreshTokenType(Class<? extends OAuth2RefreshTokenEntity> type) {
+		this.refreshTokenType = type;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends ClientDetailsEntity> T getClientDetailsInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.clientDetailsType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate client details", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends OAuth2AccessTokenEntity> T getAccessTokenInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.accessTokenType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate access token", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends OAuth2RefreshTokenEntity> T getRefreshTokenInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.refreshTokenType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate refresh token", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends AuthorizationCodeEntity> T getAuthCodeInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.authCodeType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate authorization code", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends AuthenticationHolderEntity> T getAuthHolderInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.authHolderType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate authentication holder", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends RegisteredClient> T getRegisteredClientInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.regClientType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate registered client", ex);
+		}
+		return instance;
+	}
+	
+	@SuppressWarnings("unchecked")
+	public <T extends SystemScope> T getSystemScopeInstance() {
+		T instance = null;
+		try {
+			instance = (T)this.sysScopeType.newInstance();
+		} catch (Throwable ex) {
+			throw new RuntimeException("failed to instanciate system scope", ex);
+		}
+		return instance;
+	}
+	
+}

openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java

@@ -32,6 +32,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.RegisteredClient;
 
 import com.google.common.base.Joiner;
@@ -65,8 +66,8 @@ public class ClientDetailsEntityJsonProcessor {
 		if (jsonEl.isJsonObject()) {
 
 			JsonObject o = jsonEl.getAsJsonObject();
-			ClientDetailsEntity c = new ClientDetailsEntity();
-
+			ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
+			
 			// TODO: make these field names into constants
 
 			// these two fields should only be sent in the update request, and MUST match existing values
@@ -162,7 +163,8 @@ public class ClientDetailsEntityJsonProcessor {
 			JsonObject o = jsonEl.getAsJsonObject();
 			ClientDetailsEntity c = parse(jsonEl);
 
-			RegisteredClient rc = new RegisteredClient(c);
+			RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
+			rc.setClient(c);
 			// get any fields from the registration
 			rc.setRegistrationAccessToken(getAsString(o, "registration_access_token"));
 			rc.setRegistrationClientUri(getAsString(o, "registration_client_uri"));

openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java

@@ -16,6 +16,7 @@
  ******************************************************************************/
 package org.mitre.openid.connect.model;
 
+import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
 
@@ -39,6 +40,7 @@ import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.impl.DefaultOAuth2AccessTokenEntity;
 
 import com.google.common.collect.Sets;
 
@@ -78,7 +80,7 @@ public class ApprovedSite {
 	private WhitelistedSite whitelistedSite;
 
 	//Link to any access tokens approved through this stored decision
-	private Set<OAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
+	private Set<DefaultOAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
 
 	/**
 	 * Empty constructor
@@ -189,7 +191,7 @@ public class ApprovedSite {
 	public void setAllowedScopes(Set<String> allowedScopes) {
 		this.allowedScopes = allowedScopes;
 	}
-
+	
 	/**
 	 * @return the timeoutDate
 	 */
@@ -247,14 +249,25 @@ public class ApprovedSite {
 
 	@OneToMany(cascade=CascadeType.ALL, fetch=FetchType.EAGER)
 	@JoinColumn(name="approved_site_id")
-	public Set<OAuth2AccessTokenEntity> getApprovedAccessTokens() {
+	public Set<DefaultOAuth2AccessTokenEntity> getApprovedAccessTokens() {
 		return approvedAccessTokens;
 	}
-
+	
 	/**
 	 * @param approvedAccessTokens the approvedAccessTokens to set
 	 */
-	public void setApprovedAccessTokens(Set<OAuth2AccessTokenEntity> approvedAccessTokens) {
+	public void setApprovedAccessTokens(Set<DefaultOAuth2AccessTokenEntity> approvedAccessTokens) {
 		this.approvedAccessTokens = approvedAccessTokens;
 	}
+	
+	public void setApprovedAccessTokens(Collection<OAuth2AccessTokenEntity> approvedAccessTokens) {
+		Set<DefaultOAuth2AccessTokenEntity> tmpTokens = Sets.newHashSet();
+		for(OAuth2AccessTokenEntity aToken : approvedAccessTokens) {
+			if(aToken instanceof DefaultOAuth2AccessTokenEntity) {
+				tmpTokens.add((DefaultOAuth2AccessTokenEntity)aToken);
+			}
+		}
+		setApprovedAccessTokens(tmpTokens);
+	}
+	
 }

openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java

@@ -24,6 +24,7 @@ import static org.junit.Assert.assertEquals;
 import java.util.Date;
 
 import org.junit.Test;
+import org.mitre.oauth2.model.impl.ModelFactory;
 
 import com.google.common.collect.ImmutableSet;
 import com.nimbusds.jose.EncryptionMethod;
@@ -34,16 +35,16 @@ import com.nimbusds.jose.JWEAlgorithm;
  *
  */
 public class ClientDetailsEntityTest {
-
+	
 	/**
 	 * Test method for {@link org.mitre.oauth2.model.ClientDetailsEntity#ClientDetailsEntity()}.
 	 */
 	@Test
 	public void testClientDetailsEntity() {
 		Date now = new Date();
-
-		ClientDetailsEntity c = new ClientDetailsEntity();
-
+		
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setApplicationType(ClientDetailsEntity.AppType.WEB);

openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java

@@ -24,6 +24,7 @@ import static org.junit.Assert.assertEquals;
 import java.sql.Date;
 
 import org.junit.Test;
+import org.mitre.oauth2.model.impl.ModelFactory;
 
 import com.google.common.collect.ImmutableSet;
 import com.nimbusds.jose.EncryptionMethod;
@@ -34,7 +35,7 @@ import com.nimbusds.jose.JWEAlgorithm;
  *
  */
 public class RegisteredClientTest {
-
+	
 	/**
 	 * Test method for {@link org.mitre.oauth2.model.RegisteredClient#RegisteredClient()}.
 	 */
@@ -42,9 +43,9 @@ public class RegisteredClientTest {
 	public void testRegisteredClient() {
 
 		// make sure all the pass-through getters and setters work
-
-		RegisteredClient c = new RegisteredClient();
-
+		
+		RegisteredClient c = ModelFactory.instance().getRegisteredClientInstance();
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
@@ -87,7 +88,7 @@ public class RegisteredClientTest {
 	 */
 	@Test
 	public void testRegisteredClientClientDetailsEntity() {
-		ClientDetailsEntity c = new ClientDetailsEntity();
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
 
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
@@ -105,7 +106,8 @@ public class RegisteredClientTest {
 		c.setRequestUris(ImmutableSet.of("https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"));
 
 		// Create a RegisteredClient based on a ClientDetailsEntity object and set several properties
-		RegisteredClient rc = new RegisteredClient(c);
+		RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
+		rc.setClient(c);
 		rc.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
 		rc.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
 		rc.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
@@ -135,8 +137,8 @@ public class RegisteredClientTest {
 	 */
 	@Test
 	public void testRegisteredClientClientDetailsEntityStringString() {
-		ClientDetailsEntity c = new ClientDetailsEntity();
-
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setApplicationType(ClientDetailsEntity.AppType.WEB);
@@ -153,8 +155,11 @@ public class RegisteredClientTest {
 		c.setRequestUris(ImmutableSet.of("https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"));
 
 		// Create a RegisteredClient based on a ClientDetails, a token, and a server URI
-		RegisteredClient rc = new RegisteredClient(c, "this.is.an.access.token.value.ffx83", "https://server.example.com/connect/register?client_id=s6BhdRkqt3");
-
+		RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
+		rc.setClient(c);
+		rc.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
+		rc.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
+		
 		// make sure all the pass-throughs work
 		assertEquals("s6BhdRkqt3", rc.getClientId());
 		assertEquals("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk", rc.getClientSecret());

openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java

@@ -27,6 +27,7 @@ import java.sql.Date;
 import org.junit.Test;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.RegisteredClient;
+import org.mitre.oauth2.model.impl.ModelFactory;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.JsonElement;
@@ -153,8 +154,8 @@ public class ClientDetailsEntityJsonProcessorTest {
 	 */
 	@Test
 	public void testSerialize() {
-		RegisteredClient c = new RegisteredClient();
-
+		RegisteredClient c = ModelFactory.instance().getRegisteredClientInstance();
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

@@ -28,7 +28,13 @@
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
-
+		
+	<bean id="modelFactory" class="org.mitre.oauth2.model.impl.ModelFactory" factory-method="instance">
+		<property name="clientDetailsType" value="org.mitre.oauth2.model.impl.DefaultClientDetailsEntity" />
+		<property name="accessTokenType" value="org.mitre.oauth2.model.impl.DefaultOAuth2AccessTokenEntity" />
+		<property name="refreshTokenType" value="org.mitre.oauth2.model.impl.DefaultOAuth2RefreshTokenEntity" />
+	</bean>
+	
 	<!-- Scan for components -->
 	<context:component-scan annotation-config="true" base-package="org.mitre" />
 

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java

@@ -45,7 +45,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
 
 	@Override
 	public AuthenticationHolderEntity getByAuthentication(OAuth2Authentication a) {
-		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getByAuthentication", AuthenticationHolderEntity.class);
+		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("DefaultAuthenticationHolderEntity.getByAuthentication", AuthenticationHolderEntity.class);
 		query.setParameter("authentication", a);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@@ -81,7 +81,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
 	@Override
 	@Transactional
 	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders() {
-		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getUnusedAuthenticationHolders", AuthenticationHolderEntity.class);
+		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("DefaultAuthenticationHolderEntity.getUnusedAuthenticationHolders", AuthenticationHolderEntity.class);
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		List<AuthenticationHolderEntity> unusedAuthenticationHolders = query.getResultList();
 		return unusedAuthenticationHolders;

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java

@@ -62,7 +62,7 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
 	@Transactional
 	public OAuth2Authentication consume(String code) throws InvalidGrantException {
 
-		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery("AuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class);
+		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery("DefaultAuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class);
 		query.setParameter("code", code);
 
 		AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java

@@ -57,7 +57,7 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository {
 	 */
 	@Override
 	public ClientDetailsEntity getClientByClientId(String clientId) {
-		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("ClientDetailsEntity.getByClientId", ClientDetailsEntity.class);
+		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("DefaultClientDetailsEntity.getByClientId", ClientDetailsEntity.class);
 		query.setParameter("clientId", clientId);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@@ -93,7 +93,7 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository {
 
 	@Override
 	public Collection<ClientDetailsEntity> getAllClients() {
-		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("ClientDetailsEntity.findAll", ClientDetailsEntity.class);
+		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("DefaultClientDetailsEntity.findAll", ClientDetailsEntity.class);
 		return query.getResultList();
 	}
 

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java

@@ -44,20 +44,20 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllAccessTokens() {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class);
 		return new LinkedHashSet<OAuth2AccessTokenEntity>(query.getResultList());
 	}
 
 	@Override
 	public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class);
 		return new LinkedHashSet<OAuth2RefreshTokenEntity>(query.getResultList());
 	}
 
 
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByTokenValue", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByTokenValue", OAuth2AccessTokenEntity.class);
 		query.setParameter("tokenValue", accessTokenValue);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@@ -87,7 +87,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	@Transactional
 	public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByRefreshToken", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByRefreshToken", OAuth2AccessTokenEntity.class);
 		query.setParameter("refreshToken", refreshToken);
 		List<OAuth2AccessTokenEntity> accessTokens = query.getResultList();
 		for (OAuth2AccessTokenEntity accessToken : accessTokens) {
@@ -97,7 +97,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue) {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByTokenValue", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByTokenValue", OAuth2RefreshTokenEntity.class);
 		query.setParameter("tokenValue", refreshTokenValue);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@@ -127,13 +127,13 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	@Transactional
 	public void clearTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("client", client);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		for (OAuth2AccessTokenEntity accessToken : accessTokens) {
 			removeAccessToken(accessToken);
 		}
-		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
 		queryR.setParameter("client", client);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 		for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) {
@@ -146,7 +146,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("client", client);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return accessTokens;
@@ -157,7 +157,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
 		queryR.setParameter("client", client);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 		return refreshTokens;
@@ -165,7 +165,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("authentication", auth);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return JpaUtil.getSingleResult(accessTokens);
@@ -176,7 +176,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByIdToken", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByIdToken", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("idToken", idToken);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return JpaUtil.getSingleResult(accessTokens);
@@ -184,7 +184,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAllExpiredByDate", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getAllExpiredByDate", OAuth2AccessTokenEntity.class);
 		query.setParameter("date", new Date());
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		return new LinkedHashSet<OAuth2AccessTokenEntity>(query.getResultList());
@@ -192,7 +192,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAllExpiredByDate", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getAllExpiredByDate", OAuth2RefreshTokenEntity.class);
 		query.setParameter("date", new Date());
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		return new LinkedHashSet<OAuth2RefreshTokenEntity>(query.getResultList());

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java

@@ -50,7 +50,7 @@ public class JpaSystemScopeRepository implements SystemScopeRepository {
 	@Override
 	@Transactional
 	public Set<SystemScope> getAll() {
-		TypedQuery<SystemScope> query = em.createNamedQuery("SystemScope.findAll", SystemScope.class);
+		TypedQuery<SystemScope> query = em.createNamedQuery("DefaultSystemScope.findAll", SystemScope.class);
 
 		return new LinkedHashSet<SystemScope>(query.getResultList());
 	}
@@ -70,7 +70,7 @@ public class JpaSystemScopeRepository implements SystemScopeRepository {
 	@Override
 	@Transactional
 	public SystemScope getByValue(String value) {
-		TypedQuery<SystemScope> query = em.createNamedQuery("SystemScope.getByValue", SystemScope.class);
+		TypedQuery<SystemScope> query = em.createNamedQuery("DefaultSystemScope.getByValue", SystemScope.class);
 		query.setParameter("value", value);
 		return getSingleResult(query.getResultList());
 	}

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java

@@ -9,7 +9,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidRequestExcep
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
-import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
 import org.springframework.stereotype.Component;
 
 /**

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java

@@ -20,6 +20,7 @@
 package org.mitre.oauth2.service.impl;
 
 import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthorizationCodeRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
@@ -54,7 +55,10 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 	public String createAuthorizationCode(OAuth2Authentication authentication) {
 		String code = generator.generate();
 
-		AuthorizationCodeEntity entity = new AuthorizationCodeEntity(code, authentication);
+		AuthorizationCodeEntity entity = ModelFactory.instance().getAuthCodeInstance();
+		entity.setCode(code);
+		entity.setAuthentication(authentication);
+		
 		repository.save(entity);
 
 		return code;

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -30,6 +30,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@@ -136,7 +137,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 				throw new InvalidClientException("Client not found: " + clientAuth.getClientId());
 			}
 
-			OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();
+			OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 
 			// attach the client
 			token.setClient(client);
@@ -156,15 +157,15 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			}
 
 			// attach the authorization so that we can look it up later
-			AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+			AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 			authHolder.setAuthentication(authentication);
 			authHolder = authenticationHolderRepository.save(authHolder);
-
+			
 			token.setAuthenticationHolder(authHolder);
 
 			// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
 			if (client.isAllowRefresh() && scopes.contains(SystemScopeService.OFFLINE_ACCESS)) {
-				OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
+				OAuth2RefreshTokenEntity refreshToken = ModelFactory.instance().getRefreshTokenInstance();
 				JWTClaimsSet refreshClaims = new JWTClaimsSet();
 
 
@@ -206,9 +207,13 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 
 				Long apId = (Long) originalAuthRequest.getExtensions().get("approved_site");
 				ApprovedSite ap = approvedSiteService.getById(apId);
-				Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
-				apTokens.add(savedToken);
-				ap.setApprovedAccessTokens(apTokens);
+				
+				//TODO: FIX - JAVA GENERICS ISSUE
+				Set<? extends OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
+				HashSet<OAuth2AccessTokenEntity> tmpTokens = Sets.newHashSet(apTokens);
+				tmpTokens.add(savedToken);
+				ap.setApprovedAccessTokens(tmpTokens);
+				
 				approvedSiteService.save(ap);
 
 			}
@@ -253,7 +258,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		// TODO: have the option to recycle the refresh token here, too
 		// for now, we just reuse it as long as it's valid, which is the original intent
 
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 
 		// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
 		Set<String> refreshScopes = new HashSet<String>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope());

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java

@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Set;
 
 import org.mitre.oauth2.model.SystemScope;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -86,7 +87,8 @@ public class DefaultSystemScopeService implements SystemScopeService {
 				SystemScope s = getByValue(base);
 				if (s == null) {
 					// make a fake one otherwise
-					s = new SystemScope(base);
+					s = ModelFactory.instance().getSystemScopeInstance();
+					s.setValue(base);
 					if (parts.size() > 1) {
 						s.setStructured(true);
 					}

openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java

@@ -25,6 +25,7 @@ import java.util.Date;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
@@ -99,7 +100,7 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 
 					//OAuth2AccessTokenEntity newIdToken = tokenServices.get
 
-					OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();
+					OAuth2AccessTokenEntity newIdTokenEntity = ModelFactory.instance().getAccessTokenInstance();
 
 					// copy over all existing claims
 					JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java

@@ -79,8 +79,8 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 	@Transactional
 	public void remove(ApprovedSite approvedSite) {
 
-		//Remove any associated access and refresh tokens
-		Set<OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
+		//Remove any associated access and refresh tokens	
+		Set<? extends OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
 
 		for (OAuth2AccessTokenEntity token : accessTokens) {
 			if (token.getRefreshToken() != null) {

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -28,6 +28,7 @@ import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
@@ -94,7 +95,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		}
 
 
-		OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity idTokenEntity = ModelFactory.instance().getAccessTokenInstance();
 		JWTClaimsSet idClaims = new JWTClaimsSet();
 
 		// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
@@ -208,11 +209,11 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 				Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE), null, null, null, null);
 		OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);
 
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 		token.setClient(client);
 		token.setScope(Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE));
 
-		AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+		AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 		authHolder.setAuthentication(authentication);
 		authHolder = authenticationHolderRepository.save(authHolder);
 		token.setAuthenticationHolder(authHolder);
@@ -249,11 +250,11 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 				Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE), null, null, null, null);
 		OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);
 
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 		token.setClient(client);
 		token.setScope(Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE));
-
-		AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+		
+		AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 		authHolder.setAuthentication(authentication);
 		authHolder = authenticationHolderRepository.save(authHolder);
 		token.setAuthenticationHolder(authHolder);

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -25,7 +25,6 @@ import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,7 +42,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 
 import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonDeserializationContext;

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -26,6 +26,7 @@ import java.util.concurrent.TimeUnit;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.SystemScope;
@@ -164,7 +165,12 @@ public class ClientDynamicRegistrationEndpoint {
 
 				// send it all out to the view
 
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(savedClient);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.CREATED); // http 201
 
@@ -209,8 +215,12 @@ public class ClientDynamicRegistrationEndpoint {
 
 			try {
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client);
-				RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
-
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(client);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "register/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
@@ -296,9 +306,13 @@ public class ClientDynamicRegistrationEndpoint {
 				ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient);
 
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient);
-
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
-
+				
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(savedClient);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java

@@ -25,6 +25,7 @@ import java.util.Set;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.SystemScope;
@@ -169,8 +170,12 @@ public class ProtectedResourceRegistrationEndpoint {
 				tokenService.saveAccessToken(token);
 
 				// send it all out to the view
-
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(savedClient);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.CREATED); // http 201
 
@@ -238,9 +243,13 @@ public class ProtectedResourceRegistrationEndpoint {
 			try {
 				// possibly update the token
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client);
-
-				RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
-
+				
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(client);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "resource/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
@@ -349,9 +358,13 @@ public class ProtectedResourceRegistrationEndpoint {
 
 				// possibly update the token
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient);
-
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
-
+				
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
+				registered.setClient(savedClient);
+				registered.setRegistrationAccessToken(token.getValue());
+				String clientUri = config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
+				registered.setRegistrationClientUri(clientUri);
+				
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java

@@ -16,6 +16,12 @@
  ******************************************************************************/
 package org.mitre.oauth2.service.impl;
 
+import static com.google.common.collect.Sets.newHashSet;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+
 import java.util.Set;
 
 import org.junit.Test;
@@ -26,12 +32,6 @@ import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.springframework.security.oauth2.provider.ClientDetails;
 
-import static com.google.common.collect.Sets.newHashSet;
-import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-
 @RunWith(MockitoJUnitRunner.class)
 public class TestDefaultIntrospectionAuthorizer {
 

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java

@@ -34,6 +34,9 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.mitre.oauth2.model.impl.DefaultAuthenticationHolderEntity;
+import org.mitre.oauth2.model.impl.DefaultClientDetailsEntity;
+import org.mitre.oauth2.model.impl.DefaultOAuth2RefreshTokenEntity;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@@ -113,14 +116,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null);
 		Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth);
 
-		client = Mockito.mock(ClientDetailsEntity.class);
+		client = Mockito.mock(DefaultClientDetailsEntity.class);
 		Mockito.when(client.getClientId()).thenReturn(clientId);
 		Mockito.when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(client);
 
 		// by default in tests, allow refresh tokens
 		Mockito.when(client.isAllowRefresh()).thenReturn(true);
 
-		refreshToken = Mockito.mock(OAuth2RefreshTokenEntity.class);
+		refreshToken = Mockito.mock(DefaultOAuth2RefreshTokenEntity.class);
 		Mockito.when(tokenRepository.getRefreshTokenByValue(refreshTokenValue)).thenReturn(refreshToken);
 		Mockito.when(refreshToken.getClient()).thenReturn(client);
 		Mockito.when(refreshToken.isExpired()).thenReturn(false);
@@ -129,14 +132,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 
 		storedAuthentication = authentication;
 		storedAuthRequest = clientAuth;
-		storedAuthHolder = Mockito.mock(AuthenticationHolderEntity.class);
+		storedAuthHolder = Mockito.mock(DefaultAuthenticationHolderEntity.class);
 		storedScope = Sets.newHashSet(scope);
 
 		Mockito.when(refreshToken.getAuthenticationHolder()).thenReturn(storedAuthHolder);
 		Mockito.when(storedAuthHolder.getAuthentication()).thenReturn(storedAuthentication);
 		Mockito.when(storedAuthentication.getOAuth2Request()).thenReturn(storedAuthRequest);
 
-		Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder);
+		Mockito.when(authenticationHolderRepository.save(Matchers.any(DefaultAuthenticationHolderEntity.class))).thenReturn(storedAuthHolder);
 
 		Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
 
@@ -215,7 +218,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 
 		Mockito.verify(clientDetailsService).loadClientByClientId(Matchers.anyString());
-		Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
+		Mockito.verify(authenticationHolderRepository).save(Matchers.any(DefaultAuthenticationHolderEntity.class));
 		Mockito.verify(tokenEnhancer).enhance(Matchers.any(OAuth2AccessTokenEntity.class), Mockito.eq(authentication));
 		Mockito.verify(tokenRepository).saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class));
 
@@ -286,15 +289,15 @@ public class TestDefaultOAuth2ProviderTokenService {
 	@Test
 	public void createAccessToken_checkAttachedAuthentication() {
 
-		AuthenticationHolderEntity authHolder = Mockito.mock(AuthenticationHolderEntity.class);
+		AuthenticationHolderEntity authHolder = Mockito.mock(DefaultAuthenticationHolderEntity.class);
 		Mockito.when(authHolder.getAuthentication()).thenReturn(authentication);
 
-		Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(authHolder);
+		Mockito.when(authenticationHolderRepository.save(Matchers.any(DefaultAuthenticationHolderEntity.class))).thenReturn(authHolder);
 
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 
 		assertThat(token.getAuthenticationHolder().getAuthentication(), equalTo(authentication));
-		Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
+		Mockito.verify(authenticationHolderRepository).save(Matchers.any(DefaultAuthenticationHolderEntity.class));
 	}
 
 	@Test(expected = InvalidTokenException.class)

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java

@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.SystemScope;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
@@ -77,36 +78,44 @@ public class TestDefaultSystemScopeService {
 	 */
 	@Before
 	public void prepare() {
-
+		
 		Mockito.reset(repository);
-
+		
 		// two default and dynamically registerable scopes
-		defaultDynScope1 = new SystemScope(defaultDynScope1String);
-		defaultDynScope2 = new SystemScope(defaultDynScope2String);
+		defaultDynScope1 = ModelFactory.instance().getSystemScopeInstance();
+		defaultDynScope1.setValue(defaultDynScope1String);
+		defaultDynScope2 = ModelFactory.instance().getSystemScopeInstance();
+		defaultDynScope2.setValue(defaultDynScope2String);
 		defaultDynScope1.setAllowDynReg(true);
 		defaultDynScope2.setAllowDynReg(true);
 		defaultDynScope1.setDefaultScope(true);
 		defaultDynScope2.setDefaultScope(true);
 
 		// two strictly default scopes (isAllowDynReg false)
-		defaultScope1 = new SystemScope(defaultScope1String);
-		defaultScope2 = new SystemScope(defaultScope2String);
+		defaultScope1 = ModelFactory.instance().getSystemScopeInstance();
+		defaultScope1.setValue(defaultScope1String);
+		defaultScope2 = ModelFactory.instance().getSystemScopeInstance();
+		defaultScope2.setValue(defaultScope2String);
 		defaultScope1.setDefaultScope(true);
 		defaultScope2.setDefaultScope(true);
 
 		// one strictly dynamically registerable scope (isDefault false)
-		dynScope1 = new SystemScope(dynScope1String);
+		dynScope1 = ModelFactory.instance().getSystemScopeInstance();
+		dynScope1.setValue(dynScope1String);
 		dynScope1.setAllowDynReg(true);
 
 		// extraScope1 : extra scope that is neither (defaults to false/false)
-		extraScope1 = new SystemScope(extraScope1String);
+		extraScope1 = ModelFactory.instance().getSystemScopeInstance();
+		extraScope1.setValue(extraScope1String);
 
 		// structuredScope1 : structured scope
-		structuredScope1 = new SystemScope(structuredScope1String);
+		structuredScope1 = ModelFactory.instance().getSystemScopeInstance();
+		structuredScope1.setValue(structuredScope1String);
 		structuredScope1.setStructured(true);
 
 		// structuredScope1Value : structured scope with value
-		structuredScope1Value = new SystemScope(structuredScope1String);
+		structuredScope1Value = ModelFactory.instance().getSystemScopeInstance();
+		structuredScope1Value.setValue(structuredScope1String);
 		structuredScope1Value.setStructured(true);
 		structuredScope1Value.setStructuredValue(structuredValue);
 
@@ -123,7 +132,8 @@ public class TestDefaultSystemScopeService {
 		Mockito.when(repository.getByValue(structuredScope1String)).thenAnswer(new Answer<SystemScope>() {
 			@Override
 			public SystemScope answer(InvocationOnMock invocation) throws Throwable {
-				SystemScope s = new SystemScope(structuredScope1String);
+				SystemScope s = ModelFactory.instance().getSystemScopeInstance();
+				s.setValue(structuredScope1String);
 				s.setStructured(true);
 				return s;
 			}
@@ -201,7 +211,8 @@ public class TestDefaultSystemScopeService {
 		Mockito.when(repository.getByValue("foo")).thenAnswer(new Answer<SystemScope>() {
 			@Override
 			public SystemScope answer(InvocationOnMock invocation) throws Throwable {
-				SystemScope foo = new SystemScope("foo");
+				SystemScope foo = ModelFactory.instance().getSystemScopeInstance();
+				foo.setValue("foo");
 				foo.setStructured(true);
 				return foo;
 			}

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java

@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.mitre.openid.connect.service.ApprovedSiteService;
@@ -66,7 +67,7 @@ public class TestDefaultApprovedSiteService {
 	@Before
 	public void prepare() {
 
-		client = new ClientDetailsEntity();
+		client = ModelFactory.instance().getClientDetailsInstance();
 		client.setClientId(clientId);
 
 		site1 = new ApprovedSite();

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java

@@ -27,6 +27,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.DefaultUserInfo;
 import org.mitre.openid.connect.model.UserInfo;
@@ -88,9 +89,6 @@ public class TestDefaultUserInfoService {
 	private String sectorIdentifier2 = "https://sector-identifier-12/url2";
 	private String sectorIdentifier3 = "https://sector-identifier-3/url";
 
-
-
-
 	/**
 	 * Initialize the service and the mocked repository.
 	 * Initialize 2 users, one of them an admin, for use in unit tests.
@@ -98,7 +96,6 @@ public class TestDefaultUserInfoService {
 	@Before
 	public void prepare() {
 
-
 		userInfoAdmin = new DefaultUserInfo();
 		userInfoAdmin.setPreferredUsername(adminUsername);
 		userInfoAdmin.setSub(adminSub);
@@ -107,38 +104,35 @@ public class TestDefaultUserInfoService {
 		userInfoRegular.setPreferredUsername(regularUsername);
 		userInfoRegular.setSub(regularSub);
 
-		publicClient1 = new ClientDetailsEntity();
+		publicClient1 = ModelFactory.instance().getClientDetailsInstance();
 		publicClient1.setClientId(publicClientId1);
 
-		publicClient2 = new ClientDetailsEntity();
+		publicClient2 = ModelFactory.instance().getClientDetailsInstance();
 		publicClient2.setClientId(publicClientId2);
 		publicClient2.setSubjectType(SubjectType.PUBLIC);
 
 		// pairwise set 1
-		pairwiseClient1 = new ClientDetailsEntity();
+		pairwiseClient1 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient1.setClientId(pairwiseClientId1);
 		pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
 
-		pairwiseClient2 = new ClientDetailsEntity();
+		pairwiseClient2 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient2.setClientId(pairwiseClientId2);
 		pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
 
 		// pairwise set 2
-		pairwiseClient3 = new ClientDetailsEntity();
+		pairwiseClient3 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient3.setClientId(pairwiseClientId3);
 		pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
 
 		// pairwise with null sector
-		pairwiseClient4 = new ClientDetailsEntity();
+		pairwiseClient4 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient4.setClientId(pairwiseClientId4);
 		pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);
 
-
-
-
 	}
 
 	/**
@@ -236,6 +230,4 @@ public class TestDefaultUserInfoService {
 
 	}
 
-
-
 }

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java

@@ -30,6 +30,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.openid.connect.model.DefaultUserInfo;
 import org.mitre.openid.connect.model.PairwiseIdentifier;
 import org.mitre.openid.connect.model.UserInfo;
@@ -95,31 +96,31 @@ public class TestUUIDPairwiseIdentiferService {
 		userInfoRegular.setSub(regularSub);
 
 		// pairwise set 1
-		pairwiseClient1 = new ClientDetailsEntity();
+		pairwiseClient1 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient1.setClientId(pairwiseClientId1);
 		pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
 
-		pairwiseClient2 = new ClientDetailsEntity();
+		pairwiseClient2 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient2.setClientId(pairwiseClientId2);
 		pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
 
 		// pairwise set 2
-		pairwiseClient3 = new ClientDetailsEntity();
+		pairwiseClient3 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient3.setClientId(pairwiseClientId3);
 		pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
 		pairwiseClient3.setRedirectUris(pairwiseClient3RedirectUris);
 
 		// pairwise with null sector
-		pairwiseClient4 = new ClientDetailsEntity();
+		pairwiseClient4 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient4.setClientId(pairwiseClientId4);
 		pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient4.setRedirectUris(pairwiseClient4RedirectUris);
 
 		// pairwise with multiple redirects and no sector (error)
-		pairwiseClient5 = new ClientDetailsEntity();
+		pairwiseClient5 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient5.setClientId(pairwiseClientId5);
 		pairwiseClient5.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient5.setRedirectUris(pairwiseClient5RedirectUris);