Merge remote branch 'origin/master'

openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java

@@ -0,0 +1,102 @@
+package org.mitre.oauth2.model;
+
+import javax.persistence.Basic;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Lob;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
+
+/**
+ * Entity class for authorization codes
+ * 
+ * @author aanganes
+ *
+ */
+@Entity
+@Table(name="authorization_code")
+@NamedQueries({
+	@NamedQuery(name = "AuthorizationCodeEntity.getByValue", query = "select a from AuthorizationCodeEntity a where a.code = :code")
+})
+public class AuthorizationCodeEntity {
+
+	private Long id;
+	
+	private String code;
+	
+	private AuthorizationRequestHolder authorizationRequestHolder;
+
+	/**
+	 * Default constructor.
+	 */
+	public AuthorizationCodeEntity() {
+		
+	}
+	
+	/**
+	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
+	 * 
+	 * @param code 			the authorization code
+	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
+	 */
+	public AuthorizationCodeEntity(String code, AuthorizationRequestHolder authRequest) {
+		this.code = code;
+		this.authorizationRequestHolder = authRequest;
+	}
+	
+	/**
+	 * @return the id
+	 */
+	@Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+	public Long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id the id to set
+	 */
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	/**
+	 * @return the code
+	 */
+	@Basic
+	public String getCode() {
+		return code;
+	}
+
+	/**
+	 * @param code the code to set
+	 */
+	public void setCode(String code) {
+		this.code = code;
+	}
+
+	/**
+	 * @return the authorizationRequestHolder
+	 */
+	@Lob
+	@Basic(fetch=FetchType.EAGER)
+	@Column(name="authorization_request_holder")
+	public AuthorizationRequestHolder getAuthorizationRequestHolder() {
+		return authorizationRequestHolder;
+	}
+
+	/**
+	 * @param authorizationRequestHolder the authorizationRequestHolder to set
+	 */
+	public void setAuthorizationRequestHolder(AuthorizationRequestHolder authorizationRequestHolder) {
+		this.authorizationRequestHolder = authorizationRequestHolder;
+	}
+	
+}

openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java

@@ -0,0 +1,32 @@
+package org.mitre.oauth2.repository;
+
+import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
+
+/**
+ * Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys. 
+ * 
+ * @author aanganes
+ *
+ */
+public interface AuthorizationCodeRepository {
+
+	/**
+	 * Save an AuthorizationCodeEntity to the repository
+	 * 
+	 * @param authorizationCode the AuthorizationCodeEntity to save
+	 * @return					the saved AuthorizationCodeEntity
+	 */
+	public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode);
+	
+	/**
+	 * Consume an authorization code.
+	 * 
+	 * @param code						the authorization code value
+	 * @return							the authentication associated with the code	
+	 * @throws InvalidGrantException	if no AuthorizationCodeEntity is found with the given value
+	 */
+	public AuthorizationRequestHolder consume(String code) throws InvalidGrantException;
+	
+}

openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java

@@ -165,10 +165,10 @@ public class ApprovedSite {
      */
     @ElementCollection(fetch = FetchType.EAGER)
     @CollectionTable(
-    		name="allowed_scope",
+    		name="approved_site_scope",
     		joinColumns=@JoinColumn(name="owner_id")
     )
-    @Column(name="allowed_scope")
+    @Column(name="scope")
     public Set<String> getAllowedScopes() {
     	return allowedScopes;
     }

openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java

@@ -103,10 +103,10 @@ public class WhitelistedSite {
 	 */
 	@ElementCollection(fetch = FetchType.EAGER)
 	@CollectionTable(
-    		name="allowed_scope",
+    		name="whitelisted_site_scope",
     		joinColumns=@JoinColumn(name="owner_id")
     )
-	@Column(name="allowed_scope")
+	@Column(name="scope")
 	public Set<String> getAllowedScopes() {
 		return allowedScopes;
 	}

openid-connect-server/db/tables/database_tables.sql

@@ -19,11 +19,6 @@ CREATE TABLE address (
 	country VARCHAR(256)
 );
 
-CREATE TABLE allowed_scope (
-	owner_id BIGINT, 
-	allowed_scope VARCHAR(256)
-);
-
 CREATE TABLE approved_site (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
 	user_id VARCHAR(4096),
@@ -34,6 +29,11 @@ CREATE TABLE approved_site (
 	whitelisted_site_id VARCHAR(256)
 );
 
+CREATE TABLE approved_site_scope (
+	owner_id BIGINT,
+	scope VARCHAR(256)
+);
+
 CREATE TABLE authentication_holder (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
 	owner_id BIGINT,
@@ -45,6 +45,12 @@ CREATE TABLE authority (
 	authority LONGBLOB
 );
 
+CREATE TABLE authorization_code (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	code VARCHAR(256),
+	authorization_request_holder LONGBLOB
+);
+
 CREATE TABLE authorized_grant_type (
 	owner_id BIGINT,
 	authorized_grant_type VARCHAR(2000)
@@ -169,3 +175,7 @@ CREATE TABLE whitelisted_site (
 	client_id VARCHAR(256)
 );
 
+CREATE TABLE whitelisted_site_scope (
+	owner_id BIGINT,
+	scope VARCHAR(256)
+);

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java

@@ -0,0 +1,66 @@
+/**
+ * 
+ */
+package org.mitre.oauth2.repository.impl;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.TypedQuery;
+
+import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.mitre.oauth2.repository.AuthorizationCodeRepository;
+import org.mitre.util.jpa.JpaUtil;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * JPA AuthorizationCodeRepository implementation.
+ * 
+ * @author aanganes
+ *
+ */
+@Repository
+@Transactional
+public class JpaAuthorizationCodeRepository implements AuthorizationCodeRepository {
+
+	@PersistenceContext
+	EntityManager manager;
+	
+	/* (non-Javadoc)
+	 * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#save(org.mitre.oauth2.model.AuthorizationCodeEntity)
+	 */
+	@Override
+	@Transactional
+	public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode) {
+		
+		return JpaUtil.saveOrUpdate(authorizationCode.getId(), manager, authorizationCode);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.oauth2.repository.AuthorizationCodeRepository#consume(java.lang.String)
+	 */
+	@Override
+	@Transactional
+	public AuthorizationRequestHolder consume(String code) throws InvalidGrantException {
+		
+		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery("AuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class);
+		query.setParameter("code", code);
+		
+		AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList());
+		
+		if (result == null) {
+			throw new InvalidGrantException("JpaAuthorizationCodeRepository: no authorization code found for value " + code);
+		}
+		
+		AuthorizationRequestHolder authRequest = result.getAuthorizationRequestHolder();
+		
+		manager.remove(result);
+		
+		return authRequest;
+
+	}
+
+}

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java

@@ -0,0 +1,78 @@
+/**
+ * 
+ */
+package org.mitre.oauth2.service.impl;
+
+import org.mitre.oauth2.model.AuthorizationCodeEntity;
+import org.mitre.oauth2.repository.AuthorizationCodeRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
+import org.springframework.stereotype.Service;
+
+/**
+ * Database-backed, random-value authorization code service implementation.
+ * 
+ * @author aanganes
+ *
+ */
+@Service
+public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeServices {
+
+	@Autowired
+	private AuthorizationCodeRepository repository;
+	
+	private RandomValueStringGenerator generator = new RandomValueStringGenerator();
+	
+	/**
+	 * Generate a random authorization code and create an AuthorizationCodeEntity,
+	 * which will be stored in the repository.
+	 * 
+	 * @param authentication 	the authentication of the current user, to be retrieved when the
+	 * 							code is consumed
+	 * @return 					the authorization code
+	 */
+	@Override
+	public String createAuthorizationCode(AuthorizationRequestHolder authentication) {
+		String code = generator.generate();
+		
+		AuthorizationCodeEntity entity = new AuthorizationCodeEntity(code, authentication);
+		repository.save(entity);
+		
+		return code;
+	}
+
+	/**
+	 * Consume a given authorization code. 
+	 * Match the provided string to an AuthorizationCodeEntity. If one is found, return 
+	 * the authentication associated with the code. If one is not found, throw an
+	 * InvalidGrantException.
+	 * 
+	 * @param code		the authorization code
+	 * @return			the authentication that made the original request
+	 * @throws 			InvalidGrantException, if an AuthorizationCodeEntity is not found with the given value
+	 */
+	@Override
+	public AuthorizationRequestHolder consumeAuthorizationCode(String code) throws InvalidGrantException {
+		
+		AuthorizationRequestHolder auth = repository.consume(code);
+		return auth;
+	}
+
+	/**
+	 * @return the repository
+	 */
+	public AuthorizationCodeRepository getRepository() {
+		return repository;
+	}
+
+	/**
+	 * @param repository the repository to set
+	 */
+	public void setRepository(AuthorizationCodeRepository repository) {
+		this.repository = repository;
+	}
+
+}

openid-connect-server/src/main/resources/META-INF/persistence.xml

@@ -9,6 +9,7 @@
         <class>org.mitre.oauth2.model.OAuth2AccessTokenEntity</class>
         <class>org.mitre.oauth2.model.OAuth2RefreshTokenEntity</class>
         <class>org.mitre.oauth2.model.AuthenticationHolder</class>
+        <class>org.mitre.oauth2.model.AuthorizationCodeEntity</class>
         <class>org.mitre.openid.connect.model.Address</class>
         <class>org.mitre.openid.connect.model.ApprovedSite</class>
         <class>org.mitre.openid.connect.model.Event</class>

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -85,7 +85,7 @@
 		authorization-endpoint-url="/authorize" 
 		token-endpoint-url="/token">
 		
-		<oauth:authorization-code />
+		<oauth:authorization-code authorization-code-services-ref="defaultOAuth2AuthorizationCodeService"/>
 		<oauth:implicit />
 		
 	</oauth:authorization-server>