oauth2 models creation via factory

Implement factory pattern for oauth2 models instantiation, and use models interface in components - service, repository, etc
2014-09-02 16:43:36 -04:00 · 2014-09-02 16:43:36 -04:00 · 380d31c5cd
parent dee78c130c
commit 380d31c5cd
40 changed files with 3125 additions and 1432 deletions
--- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
@ -44,8 +44,8 @@ import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricCacheService.java
@ -22,7 +22,6 @@ import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import com.nimbusds.jose.Algorithm;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.slf4j.Logger;
@ -36,8 +35,8 @@ import com.google.common.cache.LoadingCache;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.util.Base64URL;
 /**
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
@ -14,19 +14,8 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
 package org.mitre.oauth2.model;
-import javax.persistence.Basic;
+package org.mitre.oauth2.model;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Lob;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -36,85 +25,36 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 * @author aanganes
 *
 */
-@Entity
+public interface AuthorizationCodeEntity {
@Table(name = "authorization_code")
@NamedQueries({
 	@NamedQuery(name = "AuthorizationCodeEntity.getByValue", query = "select a from AuthorizationCodeEntity a where a.code = :code")
 })
 public class AuthorizationCodeEntity {
 	private Long id;
 	private String code;
 	private OAuth2Authentication authentication;
 	/**
 	 * Default constructor.
 	 */
 	public AuthorizationCodeEntity() {
 	}
 	/**
 	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
 	 * 
 	 * @param code 			the authorization code
 	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
 	 */
 	public AuthorizationCodeEntity(String code, OAuth2Authentication authRequest) {
 		this.code = code;
 		this.authentication = authRequest;
 	}
 	/**
 	 * @return the id
 	 */
-	@Id
+	Long getId();
 	@GeneratedValue(strategy = GenerationType.IDENTITY)
 	@Column(name = "id")
 	public Long getId() {
 		return id;
 	}
 	/**
 	 * @param id the id to set
 	 */
-	public void setId(Long id) {
+	void setId(Long id);
 		this.id = id;
 	}
 	/**
 	 * @return the code
 	 */
-	@Basic
+	String getCode();
 	@Column(name = "code")
 	public String getCode() {
 		return code;
 	}
 	/**
 	 * @param code the code to set
 	 */
-	public void setCode(String code) {
+	void setCode(String code);
 		this.code = code;
 	}
 	/**
 	 * @return the authentication
 	 */
-	@Lob
+	OAuth2Authentication getAuthentication();
 	@Basic(fetch=FetchType.EAGER)
 	@Column(name="authentication")
 	public OAuth2Authentication getAuthentication() {
 		return authentication;
 	}
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthentication(OAuth2Authentication authentication) {
+	void setAuthentication(OAuth2Authentication authentication);
 		this.authentication = authentication;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthenticationHolderEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthenticationHolderEntity.java
@ -14,7 +14,8 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
-package org.mitre.oauth2.model;
+
 package org.mitre.oauth2.model.impl;
 import javax.persistence.Basic;
 import javax.persistence.Column;
@ -28,15 +29,20 @@ import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 /**
 * @author jricher
 *
 */
@Entity
@Table(name = "authentication_holder")
@NamedQueries ({
-	@NamedQuery(name = "AuthenticationHolderEntity.getByAuthentication", query = "select a from AuthenticationHolderEntity a where a.authentication = :authentication"),
+	@NamedQuery(name = "DefaultAuthenticationHolderEntity.getByAuthentication", query = "select a from DefaultAuthenticationHolderEntity a where a.authentication = :authentication"),
-	@NamedQuery(name = "AuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)")
+	@NamedQuery(name = "DefaultAuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from DefaultAuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from DefaultOAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from DefaultOAuth2RefreshTokenEntity r)")
 })
-public class AuthenticationHolderEntity {
+public class DefaultAuthenticationHolderEntity implements AuthenticationHolderEntity {
 	private Long id;
@ -44,7 +50,7 @@ public class AuthenticationHolderEntity {
 	private OAuth2Authentication authentication;
-	public AuthenticationHolderEntity() {
+	DefaultAuthenticationHolderEntity() {
 	}
@ -79,7 +85,5 @@ public class AuthenticationHolderEntity {
 	public void setAuthentication(OAuth2Authentication authentication) {
 		this.authentication = authentication;
 	}
-
+	
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthorizationCodeEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultAuthorizationCodeEntity.java
@ -0,0 +1,124 @@
 /*******************************************************************************
 * Copyright 2014 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
 package org.mitre.oauth2.model.impl;
 import javax.persistence.Basic;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Lob;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import org.mitre.oauth2.model.AuthorizationCodeEntity;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 /**
 * Entity class for authorization codes
 * 
 * @author aanganes
 *
 */
@Entity
@Table(name = "authorization_code")
@NamedQueries({
 	@NamedQuery(name = "DefaultAuthorizationCodeEntity.getByValue", query = "select a from DefaultAuthorizationCodeEntity a where a.code = :code")
 })
 public class DefaultAuthorizationCodeEntity implements AuthorizationCodeEntity {
 	private Long id;
 	private String code;
 	private OAuth2Authentication authentication;
 	/**
 	 * Default constructor.
 	 */
 	DefaultAuthorizationCodeEntity() {
 	}
 	/**
 	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
 	 * 
 	 * @param code 			the authorization code
 	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
 	 */
 	/*
 	public DefaultAuthorizationCodeEntity(String code, OAuth2Authentication authRequest) {
 		this.code = code;
 		this.authentication = authRequest;
 	}
 	*/
 	/**
 	 * @return the id
 	 */
 	@Id
 	@GeneratedValue(strategy = GenerationType.IDENTITY)
 	@Column(name = "id")
 	public Long getId() {
 		return id;
 	}
 	/**
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
 		this.id = id;
 	}
 	/**
 	 * @return the code
 	 */
 	@Basic
 	@Column(name = "code")
 	public String getCode() {
 		return code;
 	}
 	/**
 	 * @param code the code to set
 	 */
 	public void setCode(String code) {
 		this.code = code;
 	}
 	/**
 	 * @return the authentication
 	 */
 	@Lob
 	@Basic(fetch=FetchType.EAGER)
 	@Column(name="authentication")
 	public OAuth2Authentication getAuthentication() {
 		return authentication;
 	}
 	/**
 	 * @param authentication the authentication to set
 	 */
 	public void setAuthentication(OAuth2Authentication authentication) {
 		this.authentication = authentication;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultClientDetailsEntity.java
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2AccessTokenEntity.java
@ -14,10 +14,8 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
-/**
+
- * 
+package org.mitre.oauth2.model.impl;
 */
 package org.mitre.oauth2.model;
 import java.text.ParseException;
 import java.util.Date;
@ -44,6 +42,10 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
@ -57,42 +59,40 @@ import com.nimbusds.jwt.JWTParser;
@Entity
@Table(name = "access_token")
@NamedQueries({
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getAll", query = "select a from OAuth2AccessTokenEntity a"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getAll", query = "select a from DefaultOAuth2AccessTokenEntity a"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getAllExpiredByDate", query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :date"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getAllExpiredByDate", query = "select a from DefaultOAuth2AccessTokenEntity a where a.expiration <= :date"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByRefreshToken", query = "select a from DefaultOAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByClient", query = "select a from DefaultOAuth2AccessTokenEntity a where a.client = :client"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByAuthentication", query = "select a from DefaultOAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByIdToken", query = "select a from OAuth2AccessTokenEntity a where a.idToken = :idToken"),
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByIdToken", query = "select a from DefaultOAuth2AccessTokenEntity a where a.idToken = :idToken"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getByTokenValue", query = "select a from OAuth2AccessTokenEntity a where a.value = :tokenValue")
+	@NamedQuery(name = "DefaultOAuth2AccessTokenEntity.getByTokenValue", query = "select a from DefaultOAuth2AccessTokenEntity a where a.value = :tokenValue")
 })
-//@JsonSerialize(using = OAuth2AccessTokenSerializer.class)
+public class DefaultOAuth2AccessTokenEntity implements OAuth2AccessTokenEntity {
 //@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class)
 public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static String ID_TOKEN_FIELD_NAME = "id_token";
 	private Long id;
-	private ClientDetailsEntity client;
+	private DefaultClientDetailsEntity client;
-	private AuthenticationHolderEntity authenticationHolder; // the authentication that made this access
+	private DefaultAuthenticationHolderEntity authenticationHolder; // the authentication that made this access
 	private JWT jwtValue; // JWT-encoded access token value
-	private OAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
+	private DefaultOAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
 	private Date expiration;
 	private String tokenType = OAuth2AccessToken.BEARER_TYPE;
-	private OAuth2RefreshTokenEntity refreshToken;
+	private DefaultOAuth2RefreshTokenEntity refreshToken;
 	private Set<String> scope;
 	/**
 	 * Create a new, blank access token
 	 */
-	public OAuth2AccessTokenEntity() {
+	DefaultOAuth2AccessTokenEntity() {
 	}
@ -132,33 +132,49 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 */
 	@ManyToOne
 	@JoinColumn(name = "auth_holder_id")
-	public AuthenticationHolderEntity getAuthenticationHolder() {
+	public DefaultAuthenticationHolderEntity getAuthenticationHolder() {
 		return authenticationHolder;
 	}
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+	public void setAuthenticationHolder(DefaultAuthenticationHolderEntity authenticationHolder) {
 		this.authenticationHolder = authenticationHolder;
 	}
-
+	
 	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
 		if (!(authenticationHolder instanceof DefaultAuthenticationHolderEntity)) {
 			throw new IllegalArgumentException("Not a storable authentication holder entity!");
 		}
 		// force a pass through to the entity version
 		setAuthenticationHolder((DefaultAuthenticationHolderEntity)authenticationHolder);
 	}
 	/**
 	 * @return the client
 	 */
 	@ManyToOne
 	@JoinColumn(name = "client_id")
-	public ClientDetailsEntity getClient() {
+	public DefaultClientDetailsEntity getClient() {
 		return client;
 	}
-
+	
 	/**
 	 * @param client the client to set
 	 */
-	public void setClient(ClientDetailsEntity client) {
+	public void setClient(DefaultClientDetailsEntity client) {
 		this.client = client;
 	}
-
+	
 	public void setClient(ClientDetailsEntity client) {
 		if (!(client instanceof DefaultClientDetailsEntity)) {
 			throw new IllegalArgumentException("Not a storable client details entity!");
 		}
 		// force a pass through to the entity version
 		setClient((DefaultClientDetailsEntity)client);
 	}
 	/**
 	 * Get the string-encoded value of this access token.
 	 */
@ -205,20 +221,28 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	@Override
 	@ManyToOne
 	@JoinColumn(name="refresh_token_id")
-	public OAuth2RefreshTokenEntity getRefreshToken() {
+	public DefaultOAuth2RefreshTokenEntity getRefreshToken() {
 		return refreshToken;
 	}
-
+	
-	public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
+	public void setRefreshToken(DefaultOAuth2RefreshTokenEntity refreshToken) {
 		this.refreshToken = refreshToken;
 	}
-
+	
-	public void setRefreshToken(OAuth2RefreshToken refreshToken) {
+	public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
-		if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
+		if (!(refreshToken instanceof DefaultOAuth2RefreshTokenEntity)) {
 			throw new IllegalArgumentException("Not a storable refresh token entity!");
 		}
 		// force a pass through to the entity version
-		setRefreshToken((OAuth2RefreshTokenEntity)refreshToken);
+		setRefreshToken((DefaultOAuth2RefreshTokenEntity)refreshToken);
 	}
 	public void setRefreshToken(OAuth2RefreshToken refreshToken) {
 		if (!(refreshToken instanceof DefaultOAuth2RefreshTokenEntity)) {
 			throw new IllegalArgumentException("Not a storable refresh token entity!");
 		}
 		// force a pass through to the entity version
 		setRefreshToken((DefaultOAuth2RefreshTokenEntity)refreshToken);
 	}
 	@Override
@ -246,17 +270,25 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 */
 	@OneToOne(cascade=CascadeType.ALL) // one-to-one mapping for now
 	@JoinColumn(name = "id_token_id")
-	public OAuth2AccessTokenEntity getIdToken() {
+	public DefaultOAuth2AccessTokenEntity getIdToken() {
 		return idToken;
 	}
-
+	
 	/**
 	 * @param idToken the idToken to set
 	 */
-	public void setIdToken(OAuth2AccessTokenEntity idToken) {
+	public void setIdToken(DefaultOAuth2AccessTokenEntity idToken) {
 		this.idToken = idToken;
 	}
-
+	
 	public void setIdToken(OAuth2AccessTokenEntity idToken) {
 		if (!(idToken instanceof DefaultOAuth2AccessTokenEntity)) {
 			throw new IllegalArgumentException("Not a storable access token entity!");
 		}
 		// force a pass through to the entity version
 		setIdToken((DefaultOAuth2AccessTokenEntity)idToken);
 	}
 	/**
 	 * @return the idTokenString
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultOAuth2RefreshTokenEntity.java
@ -14,10 +14,8 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
-/**
+
- * 
+package org.mitre.oauth2.model.impl;
 */
 package org.mitre.oauth2.model;
 import java.text.ParseException;
 import java.util.Date;
@ -37,7 +35,9 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
@ -49,19 +49,19 @@ import com.nimbusds.jwt.JWTParser;
@Entity
@Table(name = "refresh_token")
@NamedQueries({
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getAll", query = "select r from OAuth2RefreshTokenEntity r"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getAll", query = "select r from DefaultOAuth2RefreshTokenEntity r"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getAllExpiredByDate", query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :date"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getAllExpiredByDate", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.expiration <= :date"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByClient", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.client = :client"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByTokenValue", query = "select r from OAuth2RefreshTokenEntity r where r.value = :tokenValue"),
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByTokenValue", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.value = :tokenValue"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByAuthentication", query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication")
+	@NamedQuery(name = "DefaultOAuth2RefreshTokenEntity.getByAuthentication", query = "select r from DefaultOAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication")
 })
-public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
+public class DefaultOAuth2RefreshTokenEntity implements OAuth2RefreshTokenEntity {
 	private Long id;
-	private AuthenticationHolderEntity authenticationHolder;
+	private DefaultAuthenticationHolderEntity authenticationHolder;
-
+	
-	private ClientDetailsEntity client;
+	private DefaultClientDetailsEntity client;
 	//JWT-encoded representation of this access token entity
 	private JWT jwt;
@ -72,7 +72,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	/**
 	 * 
 	 */
-	public OAuth2RefreshTokenEntity() {
+	DefaultOAuth2RefreshTokenEntity() {
 	}
@ -101,17 +101,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	 */
 	@ManyToOne
 	@JoinColumn(name = "auth_holder_id")
-	public AuthenticationHolderEntity getAuthenticationHolder() {
+	public DefaultAuthenticationHolderEntity getAuthenticationHolder() {
 		return authenticationHolder;
 	}
 	/**
 	 * @param authentication the authentication to set
 	 */
-	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
+	public void setAuthenticationHolder(DefaultAuthenticationHolderEntity authenticationHolder) {
 		this.authenticationHolder = authenticationHolder;
 	}
-
+	
 	public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
 		if (!(authenticationHolder instanceof DefaultAuthenticationHolderEntity)) {
 			throw new IllegalArgumentException("Not a storable authentication holder entity!");
 		}
 		// force a pass through to the entity version
 		setAuthenticationHolder((DefaultAuthenticationHolderEntity)authenticationHolder);
 	}
 	/**
 	 * Get the JWT-encoded value of this token
 	 */
@ -160,17 +168,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	 */
 	@ManyToOne(fetch = FetchType.EAGER)
 	@JoinColumn(name = "client_id")
-	public ClientDetailsEntity getClient() {
+	public DefaultClientDetailsEntity getClient() {
 		return client;
 	}
-
+	
 	/**
 	 * @param client the client to set
 	 */
-	public void setClient(ClientDetailsEntity client) {
+	public void setClient(DefaultClientDetailsEntity client) {
 		this.client = client;
 	}
-
+	
 	public void setClient(ClientDetailsEntity client) {
 		if (!(client instanceof DefaultClientDetailsEntity)) {
 			throw new IllegalArgumentException("Not a storable client details entity!");
 		}
 		// force a pass through to the entity version
 		setClient((DefaultClientDetailsEntity)client);
 	}
 	/**
 	 * Get the JWT object directly
 	 * @return the jwt
@ -186,5 +202,5 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	public void setJwt(JWT jwt) {
 		this.jwt = jwt;
 	}
-
+	
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultRegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultRegisteredClient.java
@ -0,0 +1,912 @@
 /*******************************************************************************
 * Copyright 2014 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
 package org.mitre.oauth2.model.impl;
 import java.util.Date;
 import java.util.Map;
 import java.util.Set;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.springframework.security.core.GrantedAuthority;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 /**
 * @author jricher
 *
 */
 public class DefaultRegisteredClient implements RegisteredClient {
 	// these fields are needed in addition to the ones in ClientDetailsEntity
 	private String registrationAccessToken;
 	private String registrationClientUri;
 	private Date clientSecretExpiresAt;
 	private Date clientIdIssuedAt;
 	private DefaultClientDetailsEntity client;
 	/**
 	 * 
 	 */
 	DefaultRegisteredClient() {
 		this.client = ModelFactory.instance().getClientDetailsInstance();
 	}
 	/**
 	 * @param client
 	 */
 	/*
 	public DefaultRegisteredClient(ClientDetailsEntity client) {
 		this.client = client;
 	}
 	*/
 	/**
 	 * @param client
 	 * @param registrationAccessToken
 	 * @param registrationClientUri
 	 */
 	/*
 	public DefaultRegisteredClient(ClientDetailsEntity client, String registrationAccessToken, String registrationClientUri) {
 		this.client = client;
 		this.registrationAccessToken = registrationAccessToken;
 		this.registrationClientUri = registrationClientUri;
 	}
 	*/
 	/**
 	 * @return the client
 	 */
 	public DefaultClientDetailsEntity getClient() {
 		return client;
 	}
 	/**
 	 * @param client the client to set
 	 */
 	public void setClient(DefaultClientDetailsEntity client) {
 		this.client = client;
 	}
 	public void setClient(ClientDetailsEntity client) {
 		if (!(client instanceof DefaultClientDetailsEntity)) {
 			throw new IllegalArgumentException("Not a storable client details entity!");
 		}
 		// force a pass through to the entity version
 		setClient((DefaultClientDetailsEntity)client);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientDescription()
 	 */
 	public String getClientDescription() {
 		return client.getClientDescription();
 	}
 	/**
 	 * @param clientDescription
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String)
 	 */
 	public void setClientDescription(String clientDescription) {
 		client.setClientDescription(clientDescription);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowRefresh()
 	 */
 	public boolean isAllowRefresh() {
 		return client.isAllowRefresh();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isReuseRefreshToken()
 	 */
 	public boolean isReuseRefreshToken() {
 		return client.isReuseRefreshToken();
 	}
 	/**
 	 * @param reuseRefreshToken
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setReuseRefreshToken(boolean)
 	 */
 	public void setReuseRefreshToken(boolean reuseRefreshToken) {
 		client.setReuseRefreshToken(reuseRefreshToken);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenValiditySeconds()
 	 */
 	public Integer getIdTokenValiditySeconds() {
 		return client.getIdTokenValiditySeconds();
 	}
 	/**
 	 * @param idTokenValiditySeconds
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenValiditySeconds(java.lang.Integer)
 	 */
 	public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
 		client.setIdTokenValiditySeconds(idTokenValiditySeconds);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isDynamicallyRegistered()
 	 */
 	public boolean isDynamicallyRegistered() {
 		return client.isDynamicallyRegistered();
 	}
 	/**
 	 * @param dynamicallyRegistered
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDynamicallyRegistered(boolean)
 	 */
 	public void setDynamicallyRegistered(boolean dynamicallyRegistered) {
 		client.setDynamicallyRegistered(dynamicallyRegistered);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowIntrospection()
 	 */
 	public boolean isAllowIntrospection() {
 		return client.isAllowIntrospection();
 	}
 	/**
 	 * @param allowIntrospection
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowIntrospection(boolean)
 	 */
 	public void setAllowIntrospection(boolean allowIntrospection) {
 		client.setAllowIntrospection(allowIntrospection);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isSecretRequired()
 	 */
 	public boolean isSecretRequired() {
 		return client.isSecretRequired();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#isScoped()
 	 */
 	public boolean isScoped() {
 		return client.isScoped();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId()
 	 */
 	public String getClientId() {
 		return client.getClientId();
 	}
 	/**
 	 * @param clientId
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String)
 	 */
 	public void setClientId(String clientId) {
 		client.setClientId(clientId);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret()
 	 */
 	public String getClientSecret() {
 		return client.getClientSecret();
 	}
 	/**
 	 * @param clientSecret
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientSecret(java.lang.String)
 	 */
 	public void setClientSecret(String clientSecret) {
 		client.setClientSecret(clientSecret);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getScope()
 	 */
 	public Set<String> getScope() {
 		return client.getScope();
 	}
 	/**
 	 * @param scope
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setScope(java.util.Set)
 	 */
 	public void setScope(Set<String> scope) {
 		client.setScope(scope);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getGrantTypes()
 	 */
 	public Set<String> getGrantTypes() {
 		return client.getGrantTypes();
 	}
 	/**
 	 * @param grantTypes
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setGrantTypes(java.util.Set)
 	 */
 	public void setGrantTypes(Set<String> grantTypes) {
 		client.setGrantTypes(grantTypes);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorizedGrantTypes()
 	 */
 	public Set<String> getAuthorizedGrantTypes() {
 		return client.getAuthorizedGrantTypes();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorities()
 	 */
 	public Set<GrantedAuthority> getAuthorities() {
 		return client.getAuthorities();
 	}
 	/**
 	 * @param authorities
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAuthorities(java.util.Set)
 	 */
 	public void setAuthorities(Set<GrantedAuthority> authorities) {
 		client.setAuthorities(authorities);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAccessTokenValiditySeconds()
 	 */
 	public Integer getAccessTokenValiditySeconds() {
 		return client.getAccessTokenValiditySeconds();
 	}
 	/**
 	 * @param accessTokenValiditySeconds
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenValiditySeconds(java.lang.Integer)
 	 */
 	public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
 		client.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRefreshTokenValiditySeconds()
 	 */
 	public Integer getRefreshTokenValiditySeconds() {
 		return client.getRefreshTokenValiditySeconds();
 	}
 	/**
 	 * @param refreshTokenValiditySeconds
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenValiditySeconds(java.lang.Integer)
 	 */
 	public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
 		client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRedirectUris()
 	 */
 	public Set<String> getRedirectUris() {
 		return client.getRedirectUris();
 	}
 	/**
 	 * @param redirectUris
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRedirectUris(java.util.Set)
 	 */
 	public void setRedirectUris(Set<String> redirectUris) {
 		client.setRedirectUris(redirectUris);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRegisteredRedirectUri()
 	 */
 	public Set<String> getRegisteredRedirectUri() {
 		return client.getRegisteredRedirectUri();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getResourceIds()
 	 */
 	public Set<String> getResourceIds() {
 		return client.getResourceIds();
 	}
 	/**
 	 * @param resourceIds
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setResourceIds(java.util.Set)
 	 */
 	public void setResourceIds(Set<String> resourceIds) {
 		client.setResourceIds(resourceIds);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getAdditionalInformation()
 	 */
 	public Map<String, Object> getAdditionalInformation() {
 		return client.getAdditionalInformation();
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getApplicationType()
 	 */
 	public AppType getApplicationType() {
 		return client.getApplicationType();
 	}
 	/**
 	 * @param applicationType
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setApplicationType(org.mitre.oauth2.model.ClientDetailsEntity.AppType)
 	 */
 	public void setApplicationType(AppType applicationType) {
 		client.setApplicationType(applicationType);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientName()
 	 */
 	public String getClientName() {
 		return client.getClientName();
 	}
 	/**
 	 * @param clientName
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientName(java.lang.String)
 	 */
 	public void setClientName(String clientName) {
 		client.setClientName(clientName);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthMethod()
 	 */
 	public AuthMethod getTokenEndpointAuthMethod() {
 		return client.getTokenEndpointAuthMethod();
 	}
 	/**
 	 * @param tokenEndpointAuthMethod
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthMethod(org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod)
 	 */
 	public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) {
 		client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getSubjectType()
 	 */
 	public SubjectType getSubjectType() {
 		return client.getSubjectType();
 	}
 	/**
 	 * @param subjectType
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setSubjectType(org.mitre.oauth2.model.ClientDetailsEntity.SubjectType)
 	 */
 	public void setSubjectType(SubjectType subjectType) {
 		client.setSubjectType(subjectType);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getContacts()
 	 */
 	public Set<String> getContacts() {
 		return client.getContacts();
 	}
 	/**
 	 * @param contacts
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setContacts(java.util.Set)
 	 */
 	public void setContacts(Set<String> contacts) {
 		client.setContacts(contacts);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getLogoUri()
 	 */
 	public String getLogoUri() {
 		return client.getLogoUri();
 	}
 	/**
 	 * @param logoUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setLogoUri(java.lang.String)
 	 */
 	public void setLogoUri(String logoUri) {
 		client.setLogoUri(logoUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPolicyUri()
 	 */
 	public String getPolicyUri() {
 		return client.getPolicyUri();
 	}
 	/**
 	 * @param policyUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPolicyUri(java.lang.String)
 	 */
 	public void setPolicyUri(String policyUri) {
 		client.setPolicyUri(policyUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientUri()
 	 */
 	public String getClientUri() {
 		return client.getClientUri();
 	}
 	/**
 	 * @param clientUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientUri(java.lang.String)
 	 */
 	public void setClientUri(String clientUri) {
 		client.setClientUri(clientUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTosUri()
 	 */
 	public String getTosUri() {
 		return client.getTosUri();
 	}
 	/**
 	 * @param tosUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTosUri(java.lang.String)
 	 */
 	public void setTosUri(String tosUri) {
 		client.setTosUri(tosUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwksUri()
 	 */
 	public String getJwksUri() {
 		return client.getJwksUri();
 	}
 	/**
 	 * @param jwksUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setJwksUri(java.lang.String)
 	 */
 	public void setJwksUri(String jwksUri) {
 		client.setJwksUri(jwksUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getSectorIdentifierUri()
 	 */
 	public String getSectorIdentifierUri() {
 		return client.getSectorIdentifierUri();
 	}
 	/**
 	 * @param sectorIdentifierUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setSectorIdentifierUri(java.lang.String)
 	 */
 	public void setSectorIdentifierUri(String sectorIdentifierUri) {
 		client.setSectorIdentifierUri(sectorIdentifierUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultMaxAge()
 	 */
 	public Integer getDefaultMaxAge() {
 		return client.getDefaultMaxAge();
 	}
 	/**
 	 * @param defaultMaxAge
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultMaxAge(java.lang.Integer)
 	 */
 	public void setDefaultMaxAge(Integer defaultMaxAge) {
 		client.setDefaultMaxAge(defaultMaxAge);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequireAuthTime()
 	 */
 	public Boolean getRequireAuthTime() {
 		return client.getRequireAuthTime();
 	}
 	/**
 	 * @param requireAuthTime
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequireAuthTime(java.lang.Boolean)
 	 */
 	public void setRequireAuthTime(Boolean requireAuthTime) {
 		client.setRequireAuthTime(requireAuthTime);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getResponseTypes()
 	 */
 	public Set<String> getResponseTypes() {
 		return client.getResponseTypes();
 	}
 	/**
 	 * @param responseTypes
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setResponseTypes(java.util.Set)
 	 */
 	public void setResponseTypes(Set<String> responseTypes) {
 		client.setResponseTypes(responseTypes);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultACRvalues()
 	 */
 	public Set<String> getDefaultACRvalues() {
 		return client.getDefaultACRvalues();
 	}
 	/**
 	 * @param defaultACRvalues
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultACRvalues(java.util.Set)
 	 */
 	public void setDefaultACRvalues(Set<String> defaultACRvalues) {
 		client.setDefaultACRvalues(defaultACRvalues);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getInitiateLoginUri()
 	 */
 	public String getInitiateLoginUri() {
 		return client.getInitiateLoginUri();
 	}
 	/**
 	 * @param initiateLoginUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setInitiateLoginUri(java.lang.String)
 	 */
 	public void setInitiateLoginUri(String initiateLoginUri) {
 		client.setInitiateLoginUri(initiateLoginUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUri()
 	 */
 	public String getPostLogoutRedirectUri() {
 		return client.getPostLogoutRedirectUri();
 	}
 	/**
 	 * @param postLogoutRedirectUri
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUri(java.lang.String)
 	 */
 	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
 		client.setPostLogoutRedirectUri(postLogoutRedirectUri);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestUris()
 	 */
 	public Set<String> getRequestUris() {
 		return client.getRequestUris();
 	}
 	/**
 	 * @param requestUris
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestUris(java.util.Set)
 	 */
 	public void setRequestUris(Set<String> requestUris) {
 		client.setRequestUris(requestUris);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
 		return client.getRequestObjectSigningAlgEmbed();
 	}
 	/**
 	 * @param requestObjectSigningAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
 		client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
 		return client.getUserInfoSignedResponseAlgEmbed();
 	}
 	/**
 	 * @param userInfoSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
 		client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed()
 	 */
 	public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
 		return client.getUserInfoEncryptedResponseAlgEmbed();
 	}
 	/**
 	 * @param userInfoEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
 	 */
 	public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
 		client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed()
 	 */
 	public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
 		return client.getUserInfoEncryptedResponseEncEmbed();
 	}
 	/**
 	 * @param userInfoEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
 	 */
 	public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
 		client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
 		return client.getIdTokenSignedResponseAlgEmbed();
 	}
 	/**
 	 * @param idTokenSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
 		client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed()
 	 */
 	public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
 		return client.getIdTokenEncryptedResponseAlgEmbed();
 	}
 	/**
 	 * @param idTokenEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
 	 */
 	public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
 		client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed()
 	 */
 	public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
 		return client.getIdTokenEncryptedResponseEncEmbed();
 	}
 	/**
 	 * @param idTokenEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
 	 */
 	public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
 		client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
 	 */
 	public JWSAlgorithm getRequestObjectSigningAlg() {
 		return client.getRequestObjectSigningAlg();
 	}
 	/**
 	 * @param requestObjectSigningAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm)
 	 */
 	public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
 		client.setRequestObjectSigningAlg(requestObjectSigningAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg()
 	 */
 	public JWSAlgorithm getUserInfoSignedResponseAlg() {
 		return client.getUserInfoSignedResponseAlg();
 	}
 	/**
 	 * @param userInfoSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
 	 */
 	public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
 		client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg()
 	 */
 	public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
 		return client.getUserInfoEncryptedResponseAlg();
 	}
 	/**
 	 * @param userInfoEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
 	 */
 	public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
 		client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc()
 	 */
 	public EncryptionMethod getUserInfoEncryptedResponseEnc() {
 		return client.getUserInfoEncryptedResponseEnc();
 	}
 	/**
 	 * @param userInfoEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
 	 */
 	public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
 		client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg()
 	 */
 	public JWSAlgorithm getIdTokenSignedResponseAlg() {
 		return client.getIdTokenSignedResponseAlg();
 	}
 	/**
 	 * @param idTokenSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
 	 */
 	public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
 		client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg()
 	 */
 	public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
 		return client.getIdTokenEncryptedResponseAlg();
 	}
 	/**
 	 * @param idTokenEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
 	 */
 	public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
 		client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc()
 	 */
 	public EncryptionMethod getIdTokenEncryptedResponseEnc() {
 		return client.getIdTokenEncryptedResponseEnc();
 	}
 	/**
 	 * @param idTokenEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
 	 */
 	public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
 		client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
 		return client.getTokenEndpointAuthSigningAlgEmbed();
 	}
 	/**
 	 * @param tokenEndpointAuthSigningAlgEmbed
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
 		client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
 	 */
 	public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
 		return client.getTokenEndpointAuthSigningAlg();
 	}
 	/**
 	 * @param tokenEndpointAuthSigningAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm)
 	 */
 	public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
 		client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getCreatedAt()
 	 */
 	public Date getCreatedAt() {
 		return client.getCreatedAt();
 	}
 	/**
 	 * @param createdAt
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setCreatedAt(java.util.Date)
 	 */
 	public void setCreatedAt(Date createdAt) {
 		client.setCreatedAt(createdAt);
 	}
 	/**
 	 * @return the registrationAccessToken
 	 */
 	public String getRegistrationAccessToken() {
 		return registrationAccessToken;
 	}
 	/**
 	 * @param registrationAccessToken the registrationAccessToken to set
 	 */
 	public void setRegistrationAccessToken(String registrationAccessToken) {
 		this.registrationAccessToken = registrationAccessToken;
 	}
 	/**
 	 * @return the registrationClientUri
 	 */
 	public String getRegistrationClientUri() {
 		return registrationClientUri;
 	}
 	/**
 	 * @param registrationClientUri the registrationClientUri to set
 	 */
 	public void setRegistrationClientUri(String registrationClientUri) {
 		this.registrationClientUri = registrationClientUri;
 	}
 	/**
 	 * @return the clientSecretExpiresAt
 	 */
 	public Date getClientSecretExpiresAt() {
 		return clientSecretExpiresAt;
 	}
 	/**
 	 * @param clientSecretExpiresAt the clientSecretExpiresAt to set
 	 */
 	public void setClientSecretExpiresAt(Date expiresAt) {
 		this.clientSecretExpiresAt = expiresAt;
 	}
 	/**
 	 * @return the clientIdIssuedAt
 	 */
 	public Date getClientIdIssuedAt() {
 		return clientIdIssuedAt;
 	}
 	/**
 	 * @param clientIdIssuedAt the clientIdIssuedAt to set
 	 */
 	public void setClientIdIssuedAt(Date issuedAt) {
 		this.clientIdIssuedAt = issuedAt;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultSystemScope.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/DefaultSystemScope.java
@ -14,10 +14,8 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/
-/**
+
- * 
+package org.mitre.oauth2.model.impl;
 */
 package org.mitre.oauth2.model;
 import javax.persistence.Basic;
 import javax.persistence.Column;
@ -30,6 +28,8 @@ import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import javax.persistence.Transient;
 import org.mitre.oauth2.model.SystemScope;
 /**
 * @author jricher
 *
@ -37,10 +37,10 @@ import javax.persistence.Transient;
@Entity
@Table(name = "system_scope")
@NamedQueries({
-	@NamedQuery(name = "SystemScope.findAll", query = "select s from SystemScope s ORDER BY s.id"),
+	@NamedQuery(name = "DefaultSystemScope.findAll", query = "select s from DefaultSystemScope s ORDER BY s.id"),
-	@NamedQuery(name = "SystemScope.getByValue", query = "select s from SystemScope s WHERE s.value = :value")
+	@NamedQuery(name = "DefaultSystemScope.getByValue", query = "select s from DefaultSystemScope s WHERE s.value = :value")
 })
-public class SystemScope {
+public class DefaultSystemScope implements SystemScope {
 	private Long id;
 	private String value; // scope value
@ -55,18 +55,20 @@ public class SystemScope {
 	/**
 	 * Make a blank system scope with no value
 	 */
-	public SystemScope() {
+	DefaultSystemScope() {
-
+		
 	}
 	/**
 	 * Make a system scope with the given scope value
 	 * @param value
 	 */
-	public SystemScope(String value) {
+	/*
 	public DefaultSystemScope(String value) {
 		this.value = value;
 	}
-
+	*/
 	/**
 	 * @return the id
 	 */
@ -76,12 +78,14 @@ public class SystemScope {
 	public Long getId() {
 		return id;
 	}
 	/**
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
 		this.id = id;
 	}
 	/**
 	 * @return the value
 	 */
@ -90,12 +94,14 @@ public class SystemScope {
 	public String getValue() {
 		return value;
 	}
 	/**
 	 * @param value the value to set
 	 */
 	public void setValue(String value) {
 		this.value = value;
 	}
 	/**
 	 * @return the description
 	 */
@ -104,12 +110,14 @@ public class SystemScope {
 	public String getDescription() {
 		return description;
 	}
 	/**
 	 * @param description the description to set
 	 */
 	public void setDescription(String description) {
 		this.description = description;
 	}
 	/**
 	 * @return the icon
 	 */
@ -118,12 +126,14 @@ public class SystemScope {
 	public String getIcon() {
 		return icon;
 	}
 	/**
 	 * @param icon the icon to set
 	 */
 	public void setIcon(String icon) {
 		this.icon = icon;
 	}
 	/**
 	 * @return the allowDynReg
 	 */
@ -132,6 +142,7 @@ public class SystemScope {
 	public boolean isAllowDynReg() {
 		return allowDynReg;
 	}
 	/**
 	 * @param allowDynReg the allowDynReg to set
 	 */
@ -184,7 +195,6 @@ public class SystemScope {
 		this.structuredParamDescription = d;
 	}
 	/**
 	 * @return the structuredValue
 	 */
@ -199,8 +209,7 @@ public class SystemScope {
 	public void setStructuredValue(String structuredValue) {
 		this.structuredValue = structuredValue;
 	}
-
+	
 	/* (non-Javadoc)
 	 * @see java.lang.Object#hashCode()
 	 */
@ -231,10 +240,10 @@ public class SystemScope {
 		if (obj == null) {
 			return false;
 		}
-		if (!(obj instanceof SystemScope)) {
+		if (!(obj instanceof DefaultSystemScope)) {
 			return false;
 		}
-		SystemScope other = (SystemScope) obj;
+		DefaultSystemScope other = (DefaultSystemScope) obj;
 		if (allowDynReg != other.allowDynReg) {
 			return false;
 		}
@ -294,7 +303,7 @@ public class SystemScope {
 	 */
 	@Override
 	public String toString() {
-		return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
+		return "DefaultSystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
 				+ structuredValue + "]";
 	}
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/ModelFactory.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/impl/ModelFactory.java
@ -0,0 +1,150 @@
 package org.mitre.oauth2.model.impl;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.AuthorizationCodeEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.SystemScope;
 public class ModelFactory {
 	private static ModelFactory factory = new ModelFactory();
 	private Class<? extends AuthenticationHolderEntity> authHolderType = DefaultAuthenticationHolderEntity.class;
 	private Class<? extends AuthorizationCodeEntity> authCodeType = DefaultAuthorizationCodeEntity.class;
 	private Class<? extends ClientDetailsEntity> clientDetailsType = DefaultClientDetailsEntity.class;
 	private Class<? extends OAuth2AccessTokenEntity> accessTokenType = DefaultOAuth2AccessTokenEntity.class;
 	private Class<? extends OAuth2RefreshTokenEntity> refreshTokenType = DefaultOAuth2RefreshTokenEntity.class;
 	private Class<? extends RegisteredClient> regClientType = DefaultRegisteredClient.class;
 	private Class<? extends SystemScope> sysScopeType = DefaultSystemScope.class;
 	private ModelFactory() {
 	}
 	public static ModelFactory instance() {
 		return factory;
 	}
 	@SuppressWarnings("unchecked")
 	public void setClientDetailsType(String type) {
 		try {
 			Class<?> localType = Class.forName(type);
 			setClientDetailsType((Class<? extends ClientDetailsEntity>)localType);
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed while setting class", ex);
 		}
 	}
 	@SuppressWarnings("unchecked")
 	public void setAccessTokenType(String type) {
 		try {
 			Class<?> localType = Class.forName(type);
 			setAccessTokenType((Class<? extends OAuth2AccessTokenEntity>)localType);
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed while setting class", ex);
 		}
 	}
 	@SuppressWarnings("unchecked")
 	public void setRefreshTokenType(String type) {
 		try {
 			Class<?> localType = Class.forName(type);
 			setRefreshTokenType((Class<? extends OAuth2RefreshTokenEntity>)localType);
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed while setting class", ex);
 		}
 	}
 	public void setClientDetailsType(Class<? extends ClientDetailsEntity> type) {
 		this.clientDetailsType = type;
 	}
 	public void setAccessTokenType(Class<? extends OAuth2AccessTokenEntity> type) {
 		this.accessTokenType = type;
 	}
 	public void setRefreshTokenType(Class<? extends OAuth2RefreshTokenEntity> type) {
 		this.refreshTokenType = type;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends ClientDetailsEntity> T getClientDetailsInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.clientDetailsType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate client details", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends OAuth2AccessTokenEntity> T getAccessTokenInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.accessTokenType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate access token", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends OAuth2RefreshTokenEntity> T getRefreshTokenInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.refreshTokenType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate refresh token", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends AuthorizationCodeEntity> T getAuthCodeInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.authCodeType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate authorization code", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends AuthenticationHolderEntity> T getAuthHolderInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.authHolderType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate authentication holder", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends RegisteredClient> T getRegisteredClientInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.regClientType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate registered client", ex);
 		}
 		return instance;
 	}
 	@SuppressWarnings("unchecked")
 	public <T extends SystemScope> T getSystemScopeInstance() {
 		T instance = null;
 		try {
 			instance = (T)this.sysScopeType.newInstance();
 		} catch (Throwable ex) {
 			throw new RuntimeException("failed to instanciate system scope", ex);
 		}
 		return instance;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
@ -32,6 +32,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.RegisteredClient;
 import com.google.common.base.Joiner;
@ -65,8 +66,8 @@ public class ClientDetailsEntityJsonProcessor {
 		if (jsonEl.isJsonObject()) {
 			JsonObject o = jsonEl.getAsJsonObject();
-			ClientDetailsEntity c = new ClientDetailsEntity();
+			ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
-
+			
 			// TODO: make these field names into constants
 			// these two fields should only be sent in the update request, and MUST match existing values
@ -162,7 +163,8 @@ public class ClientDetailsEntityJsonProcessor {
 			JsonObject o = jsonEl.getAsJsonObject();
 			ClientDetailsEntity c = parse(jsonEl);
-			RegisteredClient rc = new RegisteredClient(c);
+			RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
 			rc.setClient(c);
 			// get any fields from the registration
 			rc.setRegistrationAccessToken(getAsString(o, "registration_access_token"));
 			rc.setRegistrationClientUri(getAsString(o, "registration_client_uri"));
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
@ -16,6 +16,7 @@
 ******************************************************************************/
 package org.mitre.openid.connect.model;
 import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
@ -39,6 +40,7 @@ import javax.persistence.Temporal;
 import javax.persistence.Transient;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.impl.DefaultOAuth2AccessTokenEntity;
 import com.google.common.collect.Sets;
@ -78,7 +80,7 @@ public class ApprovedSite {
 	private WhitelistedSite whitelistedSite;
 	//Link to any access tokens approved through this stored decision
-	private Set<OAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
+	private Set<DefaultOAuth2AccessTokenEntity> approvedAccessTokens = Sets.newHashSet();
 	/**
 	 * Empty constructor
@ -189,7 +191,7 @@ public class ApprovedSite {
 	public void setAllowedScopes(Set<String> allowedScopes) {
 		this.allowedScopes = allowedScopes;
 	}
-
+	
 	/**
 	 * @return the timeoutDate
 	 */
@ -247,14 +249,25 @@ public class ApprovedSite {
 	@OneToMany(cascade=CascadeType.ALL, fetch=FetchType.EAGER)
 	@JoinColumn(name="approved_site_id")
-	public Set<OAuth2AccessTokenEntity> getApprovedAccessTokens() {
+	public Set<DefaultOAuth2AccessTokenEntity> getApprovedAccessTokens() {
 		return approvedAccessTokens;
 	}
-
+	
 	/**
 	 * @param approvedAccessTokens the approvedAccessTokens to set
 	 */
-	public void setApprovedAccessTokens(Set<OAuth2AccessTokenEntity> approvedAccessTokens) {
+	public void setApprovedAccessTokens(Set<DefaultOAuth2AccessTokenEntity> approvedAccessTokens) {
 		this.approvedAccessTokens = approvedAccessTokens;
 	}
 	public void setApprovedAccessTokens(Collection<OAuth2AccessTokenEntity> approvedAccessTokens) {
 		Set<DefaultOAuth2AccessTokenEntity> tmpTokens = Sets.newHashSet();
 		for(OAuth2AccessTokenEntity aToken : approvedAccessTokens) {
 			if(aToken instanceof DefaultOAuth2AccessTokenEntity) {
 				tmpTokens.add((DefaultOAuth2AccessTokenEntity)aToken);
 			}
 		}
 		setApprovedAccessTokens(tmpTokens);
 	}
 }
--- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java
@ -24,6 +24,7 @@ import static org.junit.Assert.assertEquals;
 import java.util.Date;
 import org.junit.Test;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import com.google.common.collect.ImmutableSet;
 import com.nimbusds.jose.EncryptionMethod;
@ -34,16 +35,16 @@ import com.nimbusds.jose.JWEAlgorithm;
 *
 */
 public class ClientDetailsEntityTest {
-
+	
 	/**
 	 * Test method for {@link org.mitre.oauth2.model.ClientDetailsEntity#ClientDetailsEntity()}.
 	 */
 	@Test
 	public void testClientDetailsEntity() {
 		Date now = new Date();
-
+		
-		ClientDetailsEntity c = new ClientDetailsEntity();
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
-
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setApplicationType(ClientDetailsEntity.AppType.WEB);
--- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java
@ -24,6 +24,7 @@ import static org.junit.Assert.assertEquals;
 import java.sql.Date;
 import org.junit.Test;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import com.google.common.collect.ImmutableSet;
 import com.nimbusds.jose.EncryptionMethod;
@ -34,7 +35,7 @@ import com.nimbusds.jose.JWEAlgorithm;
 *
 */
 public class RegisteredClientTest {
-
+	
 	/**
 	 * Test method for {@link org.mitre.oauth2.model.RegisteredClient#RegisteredClient()}.
 	 */
@ -42,9 +43,9 @@ public class RegisteredClientTest {
 	public void testRegisteredClient() {
 		// make sure all the pass-through getters and setters work
-
+		
-		RegisteredClient c = new RegisteredClient();
+		RegisteredClient c = ModelFactory.instance().getRegisteredClientInstance();
-
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
@ -87,7 +88,7 @@ public class RegisteredClientTest {
 	 */
 	@Test
 	public void testRegisteredClientClientDetailsEntity() {
-		ClientDetailsEntity c = new ClientDetailsEntity();
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
@ -105,7 +106,8 @@ public class RegisteredClientTest {
 		c.setRequestUris(ImmutableSet.of("https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"));
 		// Create a RegisteredClient based on a ClientDetailsEntity object and set several properties
-		RegisteredClient rc = new RegisteredClient(c);
+		RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
 		rc.setClient(c);
 		rc.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
 		rc.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
 		rc.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
@ -135,8 +137,8 @@ public class RegisteredClientTest {
 	 */
 	@Test
 	public void testRegisteredClientClientDetailsEntityStringString() {
-		ClientDetailsEntity c = new ClientDetailsEntity();
+		ClientDetailsEntity c = ModelFactory.instance().getClientDetailsInstance();
-
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setApplicationType(ClientDetailsEntity.AppType.WEB);
@ -153,8 +155,11 @@ public class RegisteredClientTest {
 		c.setRequestUris(ImmutableSet.of("https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"));
 		// Create a RegisteredClient based on a ClientDetails, a token, and a server URI
-		RegisteredClient rc = new RegisteredClient(c, "this.is.an.access.token.value.ffx83", "https://server.example.com/connect/register?client_id=s6BhdRkqt3");
+		RegisteredClient rc = ModelFactory.instance().getRegisteredClientInstance();
-
+		rc.setClient(c);
 		rc.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
 		rc.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
 		// make sure all the pass-throughs work
 		assertEquals("s6BhdRkqt3", rc.getClientId());
 		assertEquals("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk", rc.getClientSecret());
--- a/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java
@ -27,6 +27,7 @@ import java.sql.Date;
 import org.junit.Test;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.JsonElement;
@ -153,8 +154,8 @@ public class ClientDetailsEntityJsonProcessorTest {
 	 */
 	@Test
 	public void testSerialize() {
-		RegisteredClient c = new RegisteredClient();
+		RegisteredClient c = ModelFactory.instance().getRegisteredClientInstance();
-
+		
 		c.setClientId("s6BhdRkqt3");
 		c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
 		c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
@ -28,7 +28,13 @@
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
-
+		
 	<bean id="modelFactory" class="org.mitre.oauth2.model.impl.ModelFactory" factory-method="instance">
 		<property name="clientDetailsType" value="org.mitre.oauth2.model.impl.DefaultClientDetailsEntity" />
 		<property name="accessTokenType" value="org.mitre.oauth2.model.impl.DefaultOAuth2AccessTokenEntity" />
 		<property name="refreshTokenType" value="org.mitre.oauth2.model.impl.DefaultOAuth2RefreshTokenEntity" />
 	</bean>
 	<!-- Scan for components -->
 	<context:component-scan annotation-config="true" base-package="org.mitre" />
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
@ -45,7 +45,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
 	@Override
 	public AuthenticationHolderEntity getByAuthentication(OAuth2Authentication a) {
-		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getByAuthentication", AuthenticationHolderEntity.class);
+		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("DefaultAuthenticationHolderEntity.getByAuthentication", AuthenticationHolderEntity.class);
 		query.setParameter("authentication", a);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@ -81,7 +81,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
 	@Override
 	@Transactional
 	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders() {
-		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getUnusedAuthenticationHolders", AuthenticationHolderEntity.class);
+		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("DefaultAuthenticationHolderEntity.getUnusedAuthenticationHolders", AuthenticationHolderEntity.class);
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		List<AuthenticationHolderEntity> unusedAuthenticationHolders = query.getResultList();
 		return unusedAuthenticationHolders;
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
@ -62,7 +62,7 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
 	@Transactional
 	public OAuth2Authentication consume(String code) throws InvalidGrantException {
-		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery("AuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class);
+		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery("DefaultAuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class);
 		query.setParameter("code", code);
 		AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java
@ -57,7 +57,7 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository {
 	 */
 	@Override
 	public ClientDetailsEntity getClientByClientId(String clientId) {
-		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("ClientDetailsEntity.getByClientId", ClientDetailsEntity.class);
+		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("DefaultClientDetailsEntity.getByClientId", ClientDetailsEntity.class);
 		query.setParameter("clientId", clientId);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@ -93,7 +93,7 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository {
 	@Override
 	public Collection<ClientDetailsEntity> getAllClients() {
-		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("ClientDetailsEntity.findAll", ClientDetailsEntity.class);
+		TypedQuery<ClientDetailsEntity> query = manager.createNamedQuery("DefaultClientDetailsEntity.findAll", ClientDetailsEntity.class);
 		return query.getResultList();
 	}
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@ -44,20 +44,20 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllAccessTokens() {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class);
 		return new LinkedHashSet<OAuth2AccessTokenEntity>(query.getResultList());
 	}
 	@Override
 	public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class);
 		return new LinkedHashSet<OAuth2RefreshTokenEntity>(query.getResultList());
 	}
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByTokenValue", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByTokenValue", OAuth2AccessTokenEntity.class);
 		query.setParameter("tokenValue", accessTokenValue);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@ -87,7 +87,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	@Transactional
 	public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByRefreshToken", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByRefreshToken", OAuth2AccessTokenEntity.class);
 		query.setParameter("refreshToken", refreshToken);
 		List<OAuth2AccessTokenEntity> accessTokens = query.getResultList();
 		for (OAuth2AccessTokenEntity accessToken : accessTokens) {
@ -97,7 +97,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue) {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByTokenValue", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByTokenValue", OAuth2RefreshTokenEntity.class);
 		query.setParameter("tokenValue", refreshTokenValue);
 		return JpaUtil.getSingleResult(query.getResultList());
 	}
@ -127,13 +127,13 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	@Transactional
 	public void clearTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("client", client);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		for (OAuth2AccessTokenEntity accessToken : accessTokens) {
 			removeAccessToken(accessToken);
 		}
-		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
 		queryR.setParameter("client", client);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 		for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) {
@ -146,7 +146,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("client", client);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return accessTokens;
@ -157,7 +157,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client) {
-		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class);
 		queryR.setParameter("client", client);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 		return refreshTokens;
@ -165,7 +165,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("authentication", auth);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return JpaUtil.getSingleResult(accessTokens);
@ -176,7 +176,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByIdToken", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getByIdToken", OAuth2AccessTokenEntity.class);
 		queryA.setParameter("idToken", idToken);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
 		return JpaUtil.getSingleResult(accessTokens);
@ -184,7 +184,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
-		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAllExpiredByDate", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery("DefaultOAuth2AccessTokenEntity.getAllExpiredByDate", OAuth2AccessTokenEntity.class);
 		query.setParameter("date", new Date());
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		return new LinkedHashSet<OAuth2AccessTokenEntity>(query.getResultList());
@ -192,7 +192,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	@Override
 	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
-		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAllExpiredByDate", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery("DefaultOAuth2RefreshTokenEntity.getAllExpiredByDate", OAuth2RefreshTokenEntity.class);
 		query.setParameter("date", new Date());
 		query.setMaxResults(MAXEXPIREDRESULTS);
 		return new LinkedHashSet<OAuth2RefreshTokenEntity>(query.getResultList());
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java
@ -50,7 +50,7 @@ public class JpaSystemScopeRepository implements SystemScopeRepository {
 	@Override
 	@Transactional
 	public Set<SystemScope> getAll() {
-		TypedQuery<SystemScope> query = em.createNamedQuery("SystemScope.findAll", SystemScope.class);
+		TypedQuery<SystemScope> query = em.createNamedQuery("DefaultSystemScope.findAll", SystemScope.class);
 		return new LinkedHashSet<SystemScope>(query.getResultList());
 	}
@ -70,7 +70,7 @@ public class JpaSystemScopeRepository implements SystemScopeRepository {
 	@Override
 	@Transactional
 	public SystemScope getByValue(String value) {
-		TypedQuery<SystemScope> query = em.createNamedQuery("SystemScope.getByValue", SystemScope.class);
+		TypedQuery<SystemScope> query = em.createNamedQuery("DefaultSystemScope.getByValue", SystemScope.class);
 		query.setParameter("value", value);
 		return getSingleResult(query.getResultList());
 	}
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
@ -9,7 +9,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidRequestExcep
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
 import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
 import org.springframework.stereotype.Component;
 /**
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
@ -20,6 +20,7 @@
 package org.mitre.oauth2.service.impl;
 import org.mitre.oauth2.model.AuthorizationCodeEntity;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthorizationCodeRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
@ -54,7 +55,10 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 	public String createAuthorizationCode(OAuth2Authentication authentication) {
 		String code = generator.generate();
-		AuthorizationCodeEntity entity = new AuthorizationCodeEntity(code, authentication);
+		AuthorizationCodeEntity entity = ModelFactory.instance().getAuthCodeInstance();
 		entity.setCode(code);
 		entity.setAuthentication(authentication);
 		repository.save(entity);
 		return code;
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@ -30,6 +30,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@ -136,7 +137,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 				throw new InvalidClientException("Client not found: " + clientAuth.getClientId());
 			}
-			OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();
+			OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 			// attach the client
 			token.setClient(client);
@ -156,15 +157,15 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			}
 			// attach the authorization so that we can look it up later
-			AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+			AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 			authHolder.setAuthentication(authentication);
 			authHolder = authenticationHolderRepository.save(authHolder);
-
+			
 			token.setAuthenticationHolder(authHolder);
 			// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
 			if (client.isAllowRefresh() && scopes.contains(SystemScopeService.OFFLINE_ACCESS)) {
-				OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
+				OAuth2RefreshTokenEntity refreshToken = ModelFactory.instance().getRefreshTokenInstance();
 				JWTClaimsSet refreshClaims = new JWTClaimsSet();
@ -206,9 +207,13 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 				Long apId = (Long) originalAuthRequest.getExtensions().get("approved_site");
 				ApprovedSite ap = approvedSiteService.getById(apId);
-				Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
+				
-				apTokens.add(savedToken);
+				//TODO: FIX - JAVA GENERICS ISSUE
-				ap.setApprovedAccessTokens(apTokens);
+				Set<? extends OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
 				HashSet<OAuth2AccessTokenEntity> tmpTokens = Sets.newHashSet(apTokens);
 				tmpTokens.add(savedToken);
 				ap.setApprovedAccessTokens(tmpTokens);
 				approvedSiteService.save(ap);
 			}
@ -253,7 +258,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		// TODO: have the option to recycle the refresh token here, too
 		// for now, we just reuse it as long as it's valid, which is the original intent
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 		// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
 		Set<String> refreshScopes = new HashSet<String>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope());
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Set;
 import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.springframework.beans.factory.annotation.Autowired;
@ -86,7 +87,8 @@ public class DefaultSystemScopeService implements SystemScopeService {
 				SystemScope s = getByValue(base);
 				if (s == null) {
 					// make a fake one otherwise
-					s = new SystemScope(base);
+					s = ModelFactory.instance().getSystemScopeInstance();
 					s.setValue(base);
 					if (parts.size() > 1) {
 						s.setStructured(true);
 					}
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
@ -25,6 +25,7 @@ import java.util.Date;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
@ -99,7 +100,7 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 					//OAuth2AccessTokenEntity newIdToken = tokenServices.get
-					OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();
+					OAuth2AccessTokenEntity newIdTokenEntity = ModelFactory.instance().getAccessTokenInstance();
 					// copy over all existing claims
 					JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
@ -79,8 +79,8 @@ public class DefaultApprovedSiteService implements ApprovedSiteService {
 	@Transactional
 	public void remove(ApprovedSite approvedSite) {
-		//Remove any associated access and refresh tokens
+		//Remove any associated access and refresh tokens	
-		Set<OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
+		Set<? extends OAuth2AccessTokenEntity> accessTokens = approvedSite.getApprovedAccessTokens();
 		for (OAuth2AccessTokenEntity token : accessTokens) {
 			if (token.getRefreshToken() != null) {
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
@ -28,6 +28,7 @@ import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
@ -94,7 +95,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		}
-		OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity idTokenEntity = ModelFactory.instance().getAccessTokenInstance();
 		JWTClaimsSet idClaims = new JWTClaimsSet();
 		// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
@ -208,11 +209,11 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 				Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE), null, null, null, null);
 		OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 		token.setClient(client);
 		token.setScope(Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE));
-		AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+		AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 		authHolder.setAuthentication(authentication);
 		authHolder = authenticationHolderRepository.save(authHolder);
 		token.setAuthenticationHolder(authHolder);
@ -249,11 +250,11 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 				Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE), null, null, null, null);
 		OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);
-		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity token = ModelFactory.instance().getAccessTokenInstance();
 		token.setClient(client);
 		token.setScope(Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE));
-
+		
-		AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
+		AuthenticationHolderEntity authHolder = ModelFactory.instance().getAuthHolderInstance();
 		authHolder.setAuthentication(authentication);
 		authHolder = authenticationHolderRepository.save(authHolder);
 		token.setAuthenticationHolder(authHolder);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
@ -25,7 +25,6 @@ import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -43,7 +42,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 import com.google.common.base.Strings;
 import com.google.common.collect.Sets;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonDeserializationContext;
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
@ -26,6 +26,7 @@ import java.util.concurrent.TimeUnit;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.SystemScope;
@ -164,7 +165,12 @@ public class ClientDynamicRegistrationEndpoint {
 				// send it all out to the view
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
 				registered.setClient(savedClient);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.CREATED); // http 201
@ -209,8 +215,12 @@ public class ClientDynamicRegistrationEndpoint {
 			try {
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client);
-				RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
-
+				registered.setClient(client);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "register/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
@ -296,9 +306,13 @@ public class ClientDynamicRegistrationEndpoint {
 				ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient);
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient);
-
+				
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
-
+				registered.setClient(savedClient);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
@ -25,6 +25,7 @@ import java.util.Set;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.oauth2.model.SystemScope;
@ -169,8 +170,12 @@ public class ProtectedResourceRegistrationEndpoint {
 				tokenService.saveAccessToken(token);
 				// send it all out to the view
-
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				registered.setClient(savedClient);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.CREATED); // http 201
@ -238,9 +243,13 @@ public class ProtectedResourceRegistrationEndpoint {
 			try {
 				// possibly update the token
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client);
-
+				
-				RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
-
+				registered.setClient(client);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "resource/" +  UriUtils.encodePathSegment(client.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
@ -349,9 +358,13 @@ public class ProtectedResourceRegistrationEndpoint {
 				// possibly update the token
 				OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient);
-
+				
-				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
+				RegisteredClient registered = ModelFactory.instance().getRegisteredClientInstance();
-
+				registered.setClient(savedClient);
 				registered.setRegistrationAccessToken(token.getValue());
 				String clientUri = config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8");
 				registered.setRegistrationClientUri(clientUri);
 				// send it all out to the view
 				m.addAttribute("client", registered);
 				m.addAttribute("code", HttpStatus.OK); // http 200
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
@ -16,6 +16,12 @@
 ******************************************************************************/
 package org.mitre.oauth2.service.impl;
 import static com.google.common.collect.Sets.newHashSet;
 import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import java.util.Set;
 import org.junit.Test;
@ -26,12 +32,6 @@ import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import static com.google.common.collect.Sets.newHashSet;
 import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@RunWith(MockitoJUnitRunner.class)
 public class TestDefaultIntrospectionAuthorizer {
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
@ -34,6 +34,9 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.model.impl.DefaultAuthenticationHolderEntity;
 import org.mitre.oauth2.model.impl.DefaultClientDetailsEntity;
 import org.mitre.oauth2.model.impl.DefaultOAuth2RefreshTokenEntity;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@ -113,14 +116,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null);
 		Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth);
-		client = Mockito.mock(ClientDetailsEntity.class);
+		client = Mockito.mock(DefaultClientDetailsEntity.class);
 		Mockito.when(client.getClientId()).thenReturn(clientId);
 		Mockito.when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(client);
 		// by default in tests, allow refresh tokens
 		Mockito.when(client.isAllowRefresh()).thenReturn(true);
-		refreshToken = Mockito.mock(OAuth2RefreshTokenEntity.class);
+		refreshToken = Mockito.mock(DefaultOAuth2RefreshTokenEntity.class);
 		Mockito.when(tokenRepository.getRefreshTokenByValue(refreshTokenValue)).thenReturn(refreshToken);
 		Mockito.when(refreshToken.getClient()).thenReturn(client);
 		Mockito.when(refreshToken.isExpired()).thenReturn(false);
@ -129,14 +132,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 		storedAuthentication = authentication;
 		storedAuthRequest = clientAuth;
-		storedAuthHolder = Mockito.mock(AuthenticationHolderEntity.class);
+		storedAuthHolder = Mockito.mock(DefaultAuthenticationHolderEntity.class);
 		storedScope = Sets.newHashSet(scope);
 		Mockito.when(refreshToken.getAuthenticationHolder()).thenReturn(storedAuthHolder);
 		Mockito.when(storedAuthHolder.getAuthentication()).thenReturn(storedAuthentication);
 		Mockito.when(storedAuthentication.getOAuth2Request()).thenReturn(storedAuthRequest);
-		Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder);
+		Mockito.when(authenticationHolderRepository.save(Matchers.any(DefaultAuthenticationHolderEntity.class))).thenReturn(storedAuthHolder);
 		Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
@ -215,7 +218,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 		Mockito.verify(clientDetailsService).loadClientByClientId(Matchers.anyString());
-		Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
+		Mockito.verify(authenticationHolderRepository).save(Matchers.any(DefaultAuthenticationHolderEntity.class));
 		Mockito.verify(tokenEnhancer).enhance(Matchers.any(OAuth2AccessTokenEntity.class), Mockito.eq(authentication));
 		Mockito.verify(tokenRepository).saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class));
@ -286,15 +289,15 @@ public class TestDefaultOAuth2ProviderTokenService {
 	@Test
 	public void createAccessToken_checkAttachedAuthentication() {
-		AuthenticationHolderEntity authHolder = Mockito.mock(AuthenticationHolderEntity.class);
+		AuthenticationHolderEntity authHolder = Mockito.mock(DefaultAuthenticationHolderEntity.class);
 		Mockito.when(authHolder.getAuthentication()).thenReturn(authentication);
-		Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(authHolder);
+		Mockito.when(authenticationHolderRepository.save(Matchers.any(DefaultAuthenticationHolderEntity.class))).thenReturn(authHolder);
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 		assertThat(token.getAuthenticationHolder().getAuthentication(), equalTo(authentication));
-		Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
+		Mockito.verify(authenticationHolderRepository).save(Matchers.any(DefaultAuthenticationHolderEntity.class));
 	}
 	@Test(expected = InvalidTokenException.class)
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
@ -77,36 +78,44 @@ public class TestDefaultSystemScopeService {
 	 */
 	@Before
 	public void prepare() {
-
+		
 		Mockito.reset(repository);
-
+		
 		// two default and dynamically registerable scopes
-		defaultDynScope1 = new SystemScope(defaultDynScope1String);
+		defaultDynScope1 = ModelFactory.instance().getSystemScopeInstance();
-		defaultDynScope2 = new SystemScope(defaultDynScope2String);
+		defaultDynScope1.setValue(defaultDynScope1String);
 		defaultDynScope2 = ModelFactory.instance().getSystemScopeInstance();
 		defaultDynScope2.setValue(defaultDynScope2String);
 		defaultDynScope1.setAllowDynReg(true);
 		defaultDynScope2.setAllowDynReg(true);
 		defaultDynScope1.setDefaultScope(true);
 		defaultDynScope2.setDefaultScope(true);
 		// two strictly default scopes (isAllowDynReg false)
-		defaultScope1 = new SystemScope(defaultScope1String);
+		defaultScope1 = ModelFactory.instance().getSystemScopeInstance();
-		defaultScope2 = new SystemScope(defaultScope2String);
+		defaultScope1.setValue(defaultScope1String);
 		defaultScope2 = ModelFactory.instance().getSystemScopeInstance();
 		defaultScope2.setValue(defaultScope2String);
 		defaultScope1.setDefaultScope(true);
 		defaultScope2.setDefaultScope(true);
 		// one strictly dynamically registerable scope (isDefault false)
-		dynScope1 = new SystemScope(dynScope1String);
+		dynScope1 = ModelFactory.instance().getSystemScopeInstance();
 		dynScope1.setValue(dynScope1String);
 		dynScope1.setAllowDynReg(true);
 		// extraScope1 : extra scope that is neither (defaults to false/false)
-		extraScope1 = new SystemScope(extraScope1String);
+		extraScope1 = ModelFactory.instance().getSystemScopeInstance();
 		extraScope1.setValue(extraScope1String);
 		// structuredScope1 : structured scope
-		structuredScope1 = new SystemScope(structuredScope1String);
+		structuredScope1 = ModelFactory.instance().getSystemScopeInstance();
 		structuredScope1.setValue(structuredScope1String);
 		structuredScope1.setStructured(true);
 		// structuredScope1Value : structured scope with value
-		structuredScope1Value = new SystemScope(structuredScope1String);
+		structuredScope1Value = ModelFactory.instance().getSystemScopeInstance();
 		structuredScope1Value.setValue(structuredScope1String);
 		structuredScope1Value.setStructured(true);
 		structuredScope1Value.setStructuredValue(structuredValue);
@ -123,7 +132,8 @@ public class TestDefaultSystemScopeService {
 		Mockito.when(repository.getByValue(structuredScope1String)).thenAnswer(new Answer<SystemScope>() {
 			@Override
 			public SystemScope answer(InvocationOnMock invocation) throws Throwable {
-				SystemScope s = new SystemScope(structuredScope1String);
+				SystemScope s = ModelFactory.instance().getSystemScopeInstance();
 				s.setValue(structuredScope1String);
 				s.setStructured(true);
 				return s;
 			}
@ -201,7 +211,8 @@ public class TestDefaultSystemScopeService {
 		Mockito.when(repository.getByValue("foo")).thenAnswer(new Answer<SystemScope>() {
 			@Override
 			public SystemScope answer(InvocationOnMock invocation) throws Throwable {
-				SystemScope foo = new SystemScope("foo");
+				SystemScope foo = ModelFactory.instance().getSystemScopeInstance();
 				foo.setValue("foo");
 				foo.setStructured(true);
 				return foo;
 			}
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java
@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.mitre.openid.connect.service.ApprovedSiteService;
@ -66,7 +67,7 @@ public class TestDefaultApprovedSiteService {
 	@Before
 	public void prepare() {
-		client = new ClientDetailsEntity();
+		client = ModelFactory.instance().getClientDetailsInstance();
 		client.setClientId(clientId);
 		site1 = new ApprovedSite();
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java
@ -27,6 +27,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.DefaultUserInfo;
 import org.mitre.openid.connect.model.UserInfo;
@ -88,9 +89,6 @@ public class TestDefaultUserInfoService {
 	private String sectorIdentifier2 = "https://sector-identifier-12/url2";
 	private String sectorIdentifier3 = "https://sector-identifier-3/url";
 	/**
 	 * Initialize the service and the mocked repository.
 	 * Initialize 2 users, one of them an admin, for use in unit tests.
@ -98,7 +96,6 @@ public class TestDefaultUserInfoService {
 	@Before
 	public void prepare() {
 		userInfoAdmin = new DefaultUserInfo();
 		userInfoAdmin.setPreferredUsername(adminUsername);
 		userInfoAdmin.setSub(adminSub);
@ -107,38 +104,35 @@ public class TestDefaultUserInfoService {
 		userInfoRegular.setPreferredUsername(regularUsername);
 		userInfoRegular.setSub(regularSub);
-		publicClient1 = new ClientDetailsEntity();
+		publicClient1 = ModelFactory.instance().getClientDetailsInstance();
 		publicClient1.setClientId(publicClientId1);
-		publicClient2 = new ClientDetailsEntity();
+		publicClient2 = ModelFactory.instance().getClientDetailsInstance();
 		publicClient2.setClientId(publicClientId2);
 		publicClient2.setSubjectType(SubjectType.PUBLIC);
 		// pairwise set 1
-		pairwiseClient1 = new ClientDetailsEntity();
+		pairwiseClient1 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient1.setClientId(pairwiseClientId1);
 		pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
-		pairwiseClient2 = new ClientDetailsEntity();
+		pairwiseClient2 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient2.setClientId(pairwiseClientId2);
 		pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
 		// pairwise set 2
-		pairwiseClient3 = new ClientDetailsEntity();
+		pairwiseClient3 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient3.setClientId(pairwiseClientId3);
 		pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
 		// pairwise with null sector
-		pairwiseClient4 = new ClientDetailsEntity();
+		pairwiseClient4 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient4.setClientId(pairwiseClientId4);
 		pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);
 	}
 	/**
@ -236,6 +230,4 @@ public class TestDefaultUserInfoService {
 	}
 }
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java
@ -30,6 +30,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.impl.ModelFactory;
 import org.mitre.openid.connect.model.DefaultUserInfo;
 import org.mitre.openid.connect.model.PairwiseIdentifier;
 import org.mitre.openid.connect.model.UserInfo;
@ -95,31 +96,31 @@ public class TestUUIDPairwiseIdentiferService {
 		userInfoRegular.setSub(regularSub);
 		// pairwise set 1
-		pairwiseClient1 = new ClientDetailsEntity();
+		pairwiseClient1 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient1.setClientId(pairwiseClientId1);
 		pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
-		pairwiseClient2 = new ClientDetailsEntity();
+		pairwiseClient2 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient2.setClientId(pairwiseClientId2);
 		pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
 		// pairwise set 2
-		pairwiseClient3 = new ClientDetailsEntity();
+		pairwiseClient3 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient3.setClientId(pairwiseClientId3);
 		pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
 		pairwiseClient3.setRedirectUris(pairwiseClient3RedirectUris);
 		// pairwise with null sector
-		pairwiseClient4 = new ClientDetailsEntity();
+		pairwiseClient4 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient4.setClientId(pairwiseClientId4);
 		pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient4.setRedirectUris(pairwiseClient4RedirectUris);
 		// pairwise with multiple redirects and no sector (error)
-		pairwiseClient5 = new ClientDetailsEntity();
+		pairwiseClient5 = ModelFactory.instance().getClientDetailsInstance();
 		pairwiseClient5.setClientId(pairwiseClientId5);
 		pairwiseClient5.setSubjectType(SubjectType.PAIRWISE);
 		pairwiseClient5.setRedirectUris(pairwiseClient5RedirectUris);