github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Oracle support added

pull/1079/merge
Tomasz Borowiec 2016-11-03 16:01:18 +01:00 committed by Justin Richer
parent dea6044e77
commit 83a9fef14d
10 changed files with 897 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-server-webapp/pom.xml
View File

@ -133,6 +133,13 @@
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
</dependency>
<!-- uncomment for Oracle (manually install driver in Maven prior) -->
<!--<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>11.1.0.7.0</version>
</dependency>-->
</dependencies>
<description>Deployable package of the OpenID Connect server</description>
</project>

51
openid-connect-server-webapp/src/main/resources/db/clients_oracle.sql Normal file
View File

@ -0,0 +1,51 @@
--
-- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', 0, null, 3600, 600, 1);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals
ON (vals.client_id = client_details.client_id)
WHEN NOT MATCHED THEN
INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds,
id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered,
vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection);
MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals
ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope)
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);
MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals
ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri)
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals
ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type)
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);

27
openid-connect-server-webapp/src/main/resources/db/scopes_oracle.sql Normal file
View File

@ -0,0 +1,27 @@
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('openid', 'log in using your identity', 'user', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('profile', 'basic profile information', 'list-alt', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('email', 'email address', 'envelope', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('address', 'physical address', 'home', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('phone', 'telephone number', 'bell', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('offline_access', 'offline access', 'time', 0, 0, 0, null);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
MERGE INTO system_scope
USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) vals
ON (vals.scope = system_scope.scope)
WHEN NOT MATCHED THEN
INSERT (id, scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(system_scope_seq.nextval, vals.scope,
vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);

77
openid-connect-server-webapp/src/main/resources/db/tables/loading_temp_tables_oracle.sql Normal file
View File

@ -0,0 +1,77 @@
--
-- Temporary tables used during the bootstrapping process to safely load users and clients.
-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
--
CREATE GLOBAL TEMPORARY TABLE authorities_TEMP (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint ix_authority_TEMP unique (username,authority)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE users_TEMP (
username VARCHAR2(50) not null primary key,
password VARCHAR2(50) not null,
enabled NUMBER(1) not null
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE user_info_TEMP (
sub VARCHAR2(256) not null primary key,
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_details_TEMP (
client_description VARCHAR2(256),
dynamically_registered NUMBER(1),
id_token_validity_seconds NUMBER(19),
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
allow_introspection NUMBER(1),
client_name VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_scope_TEMP (
owner_id VARCHAR2(256),
scope VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_redirect_uri_TEMP (
owner_id VARCHAR2(256),
redirect_uri VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_grant_type_TEMP (
owner_id VARCHAR2(256),
grant_type VARCHAR2(2000)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE system_scope_TEMP (
scope VARCHAR2(256),
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1),
default_scope NUMBER(1),
structured NUMBER(1),
structured_param_description VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;

387
openid-connect-server-webapp/src/main/resources/db/tables/oracle_database_tables.sql Normal file
View File

@ -0,0 +1,387 @@
--
-- Tables for OIDC Server functionality, Oracle
--
CREATE TABLE access_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
token_type VARCHAR2(256),
refresh_token_id NUMBER(19),
client_id NUMBER(19),
auth_holder_id NUMBER(19),
id_token_id NUMBER(19),
approved_site_id NUMBER(19)
);
CREATE SEQUENCE access_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE access_token_permissions (
access_token_id NUMBER(19) NOT NULL,
permission_id NUMBER(19) NOT NULL
);
CREATE TABLE address (
id NUMBER(19) NOT NULL PRIMARY KEY,
formatted VARCHAR2(256),
street_address VARCHAR2(256),
locality VARCHAR2(256),
region VARCHAR2(256),
postal_code VARCHAR2(256),
country VARCHAR2(256)
);
CREATE SEQUENCE address_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_id VARCHAR2(256),
client_id VARCHAR2(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id NUMBER(19)
);
CREATE SEQUENCE approved_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE authentication_holder (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_auth_id NUMBER(19),
approved NUMBER(1),
redirect_uri VARCHAR2(2048),
client_id VARCHAR2(256)
);
CREATE SEQUENCE authentication_holder_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE auth_holder_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE auth_holder_resource_id (
owner_id NUMBER(19),
resource_id VARCHAR2(2048)
);
CREATE TABLE auth_holder_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2048)
);
CREATE TABLE auth_holder_extension (
owner_id NUMBER(19),
extension VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE authentication_holder_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE auth_holder_request_parameter (
owner_id NUMBER(19),
param VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE saved_user_auth (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
authenticated NUMBER(1),
source_class VARCHAR2(2048)
);
CREATE SEQUENCE saved_user_auth_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE saved_user_auth_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE client_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE authorization_code (
id NUMBER(19) NOT NULL PRIMARY KEY,
code VARCHAR2(256),
auth_holder_id NUMBER(19),
expiration TIMESTAMP
);
CREATE SEQUENCE authorization_code_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_grant_type (
owner_id NUMBER(19),
grant_type VARCHAR2(2000)
);
CREATE TABLE client_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2000)
);
CREATE TABLE blacklisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
uri VARCHAR2(2048)
);
CREATE SEQUENCE blacklisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_details (
id NUMBER(19) NOT NULL PRIMARY KEY,
client_description VARCHAR2(1024),
reuse_refresh_tokens NUMBER(1) DEFAULT 1 NOT NULL,
dynamically_registered NUMBER(1) DEFAULT 0 NOT NULL,
allow_introspection NUMBER(1) DEFAULT 0 NOT NULL,
id_token_validity_seconds NUMBER(19) DEFAULT 600 NOT NULL,
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
application_type VARCHAR2(256),
client_name VARCHAR2(256),
token_endpoint_auth_method VARCHAR2(256),
subject_type VARCHAR2(256),
logo_uri VARCHAR2(2048),
policy_uri VARCHAR2(2048),
client_uri VARCHAR2(2048),
tos_uri VARCHAR2(2048),
jwks_uri VARCHAR2(2048),
jwks CLOB,
sector_identifier_uri VARCHAR2(2048),
request_object_signing_alg VARCHAR2(256),
user_info_signed_response_alg VARCHAR2(256),
user_info_encrypted_resp_alg VARCHAR2(256),
user_info_encrypted_resp_enc VARCHAR2(256),
id_token_signed_response_alg VARCHAR2(256),
id_token_encrypted_resp_alg VARCHAR2(256),
id_token_encrypted_resp_enc VARCHAR2(256),
token_endpoint_auth_sign_alg VARCHAR2(256),
default_max_age NUMBER(19),
require_auth_time NUMBER(1),
created_at TIMESTAMP,
initiate_login_uri VARCHAR2(2048),
clear_access_tokens_on_refresh NUMBER(1) DEFAULT 1 NOT NULL,
software_statement VARCHAR2(4000),
code_challenge_method VARCHAR2(256),
CONSTRAINT client_details_unique UNIQUE (client_id)
);
CREATE SEQUENCE client_details_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_request_uri (
owner_id NUMBER(19),
request_uri VARCHAR2(2000)
);
CREATE TABLE client_post_logout_redir_uri (
owner_id NUMBER(19),
post_logout_redirect_uri VARCHAR2(2000)
);
CREATE TABLE client_default_acr_value (
owner_id NUMBER(19),
default_acr_value VARCHAR2(2000)
);
CREATE TABLE client_contact (
owner_id NUMBER(19),
contact VARCHAR2(256)
);
CREATE TABLE client_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE client_claims_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE refresh_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
auth_holder_id NUMBER(19),
client_id NUMBER(19)
);
CREATE SEQUENCE refresh_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_resource (
owner_id NUMBER(19),
resource_id VARCHAR2(256)
);
CREATE TABLE client_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE token_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE system_scope (
id NUMBER(19) NOT NULL PRIMARY KEY,
scope VARCHAR2(256) NOT NULL,
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1) DEFAULT 0 NOT NULL,
default_scope NUMBER(1) DEFAULT 0 NOT NULL,
structured NUMBER(1) DEFAULT 0 NOT NULL,
structured_param_description VARCHAR2(256),
CONSTRAINT system_scope_unique UNIQUE (scope)
);
CREATE SEQUENCE system_scope_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE user_info (
id NUMBER(19) NOT NULL PRIMARY KEY,
sub VARCHAR2(256),
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
phone_number_verified NUMBER(1),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256),
src VARCHAR2(4000)
);
CREATE SEQUENCE user_info_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
creator_user_id VARCHAR2(256),
client_id VARCHAR2(256)
);
CREATE SEQUENCE whitelisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE pairwise_identifier (
id NUMBER(19) NOT NULL PRIMARY KEY,
identifier VARCHAR2(256),
sub VARCHAR2(256),
sector_identifier VARCHAR2(2048)
);
CREATE SEQUENCE pairwise_identifier_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024) NOT NULL,
uri VARCHAR2(1024),
icon_uri VARCHAR2(1024),
rs_type VARCHAR2(256),
owner VARCHAR2(256) NOT NULL,
client_id VARCHAR2(256)
);
CREATE SEQUENCE resource_set_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE permission_ticket (
id NUMBER(19) NOT NULL PRIMARY KEY,
ticket VARCHAR2(256) NOT NULL,
permission_id NUMBER(19) NOT NULL,
expiration TIMESTAMP
);
CREATE SEQUENCE permission_ticket_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission (
id NUMBER(19) NOT NULL PRIMARY KEY,
resource_set_id NUMBER(19)
);
CREATE SEQUENCE permission_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(256),
friendly_name VARCHAR2(1024),
claim_type VARCHAR2(1024),
claim_value VARCHAR2(1024)
);
CREATE SEQUENCE claim_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE claim_to_policy (
policy_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE claim_to_permission_ticket (
permission_ticket_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE policy (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
resource_set_id NUMBER(19)
);
CREATE SEQUENCE policy_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE policy_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim_token_format (
owner_id NUMBER(19) NOT NULL,
claim_token_format VARCHAR2(1024) NOT NULL
);
CREATE TABLE claim_issuer (
owner_id NUMBER(19) NOT NULL,
issuer VARCHAR2(1024) NOT NULL
);
CREATE TABLE saved_registered_client (
id NUMBER(19) NOT NULL PRIMARY KEY,
issuer VARCHAR2(1024),
registered_client CLOB
);
CREATE SEQUENCE saved_registered_client_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE INDEX at_tv_idx ON access_token(token_value);
CREATE INDEX ts_oi_idx ON token_scope(owner_id);
CREATE INDEX at_exp_idx ON access_token(expiration);
CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);

16
openid-connect-server-webapp/src/main/resources/db/tables/security-schema_oracle.sql Normal file
View File

@ -0,0 +1,16 @@
--
-- Tables for Spring Security's user details service
--
create table users(
username varchar2(50) not null primary key,
password varchar2(50) not null,
enabled number(19) not null
);
create table authorities (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority)
);

39
openid-connect-server-webapp/src/main/resources/db/users_oracle.sql Normal file
View File

@ -0,0 +1,39 @@
--
-- Insert user information into the temporary tables. To add users to the Oracle database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1);
INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1);
INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN');
INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER');
INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1);
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
MERGE INTO users
USING (SELECT username, password, enabled FROM users_TEMP) vals
ON (vals.username = users.username)
WHEN NOT MATCHED THEN
INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
MERGE INTO authorities
USING (SELECT username, authority FROM authorities_TEMP) vals
ON (vals.username = authorities.username AND vals.authority = authorities.authority)
WHEN NOT MATCHED THEN
INSERT (username,authority) values (vals.username, vals.authority);
MERGE INTO user_info
USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals
ON (vals.preferred_username = user_info.preferred_username)
WHEN NOT MATCHED THEN
INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email,
vals.email_verified);

266
openid-connect-server-webapp/src/main/resources/entity-mappings_oracle.xml Normal file
View File

@ -0,0 +1,266 @@
<entity-mappings xmlns="http://xmlns.jcp.org/xml/ns/persistence/orm"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence/orm http://xmlns.jcp.org/xml/ns/persistence/orm_2_0.xsd"
version="2.1">
<description>OpenID Connect Server entities</description>
<entity class="org.mitre.oauth2.model.AuthenticationHolderEntity" name="AuthenticationHolderEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthenticationHolderSequenceGenerator"/>
<sequence-generator name="AuthenticationHolderSequenceGenerator" sequence-name="authentication_holder_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- table name too long: authentication_holder_authority -->
<element-collection fetch="EAGER" name="authorities">
<collection-table name="auth_holder_authority">
<join-column name="owner_id"/>
</collection-table>
<convert converter="org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter"/>
<column name="authority"/>
</element-collection>
<!-- table name too long: authentication_holder_resource_id -->
<element-collection fetch="EAGER" name="resourceIds">
<collection-table name="auth_holder_resource_id">
<join-column name="owner_id"/>
</collection-table>
<column name="resource_id"/>
</element-collection>
<!-- table name too long: authentication_holder_response_type -->
<element-collection fetch="EAGER" name="responseTypes">
<collection-table name="auth_holder_response_type">
<join-column name="owner_id"/>
</collection-table>
<column name="response_type"/>
</element-collection>
<!-- table name too long: authentication_holder_extension -->
<element-collection fetch="EAGER" name="extensions">
<collection-table name="auth_holder_extension">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="extension"/>
<convert converter="org.mitre.oauth2.model.convert.SerializableStringConverter"/>
</element-collection>
<!-- table name too long: authentication_holder_request_parameter -->
<element-collection fetch="EAGER" name="requestParameters">
<collection-table name="auth_holder_request_parameter">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="param"/>
</element-collection>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.AuthorizationCodeEntity" name="AuthorizationCodeEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthorizationCodeSequenceGenerator"/>
<sequence-generator name="AuthorizationCodeSequenceGenerator" sequence-name="authorization_code_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.ClientDetailsEntity" name="ClientDetailsEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClientDetailsSequenceGenerator"/>
<sequence-generator name="ClientDetailsSequenceGenerator" sequence-name="client_details_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- column name too long: user_info_encrypted_response_alg -->
<basic name="userInfoEncryptedResponseAlg">
<column name="user_info_encrypted_resp_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: user_info_encrypted_response_enc -->
<basic name="userInfoEncryptedResponseEnc">
<column name="user_info_encrypted_resp_enc"/>
<convert converter="org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_alg -->
<basic name="idTokenEncryptedResponseAlg">
<column name="id_token_encrypted_resp_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_enc -->
<basic name="idTokenEncryptedResponseEnc">
<column name="id_token_encrypted_resp_enc"/>
<convert converter="org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: token_endpoint_auth_signing_alg -->
<basic name="tokenEndpointAuthSigningAlg">
<column name="token_endpoint_auth_sign_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWSAlgorithmStringConverter"/>
</basic>
<!-- table name too long: client_post_logout_redirect_uri -->
<element-collection fetch="EAGER" name="postLogoutRedirectUris">
<collection-table name="client_post_logout_redir_uri">
<join-column name="owner_id"/>
</collection-table>
<column name="post_logout_redirect_uri"/>
</element-collection>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.OAuth2AccessTokenEntity" name="OAuth2AccessTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2AccessTokenSequenceGenerator"/>
<sequence-generator name="OAuth2AccessTokenSequenceGenerator" sequence-name="access_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.OAuth2RefreshTokenEntity" name="OAuth2RefreshTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2RefreshTokenSequenceGenerator"/>
<sequence-generator name="OAuth2RefreshTokenSequenceGenerator" sequence-name="refresh_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.SavedUserAuthentication" name="SavedUserAuthentication">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedUserAuthenticationSequenceGenerator"/>
<sequence-generator name="SavedUserAuthenticationSequenceGenerator" sequence-name="saved_user_auth_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.SystemScope" name="SystemScope">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SystemScopeSequenceGenerator"/>
<sequence-generator name="SystemScopeSequenceGenerator" sequence-name="system_scope_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.ApprovedSite" name="ApprovedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ApprovedSiteSequenceGenerator"/>
<sequence-generator name="ApprovedSiteSequenceGenerator" sequence-name="approved_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.BlacklistedSite" name="BlacklistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="BlacklistedSiteSequenceGenerator"/>
<sequence-generator name="BlacklistedSiteSequenceGenerator" sequence-name="blacklisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.PairwiseIdentifier" name="PairwiseIdentifier">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PairwiseIdentifierSequenceGenerator"/>
<sequence-generator name="PairwiseIdentifierSequenceGenerator" sequence-name="pairwise_identifier_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.WhitelistedSite" name="WhitelistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="WhitelistedSiteSequenceGenerator"/>
<sequence-generator name="WhitelistedSiteSequenceGenerator" sequence-name="whitelisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Claim" name="Claim">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClaimSequenceGenerator"/>
<sequence-generator name="ClaimSequenceGenerator" sequence-name="claim_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Permission" name="Permission">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionSequenceGenerator"/>
<sequence-generator name="PermissionSequenceGenerator" sequence-name="permission_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.PermissionTicket" name="PermissionTicket">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionTicketSequenceGenerator"/>
<sequence-generator name="PermissionTicketSequenceGenerator" sequence-name="permission_ticket_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Policy" name="Policy">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PolicySequenceGenerator"/>
<sequence-generator name="PolicySequenceGenerator" sequence-name="policy_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.ResourceSet" name="ResourceSet">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ResourceSetSequenceGenerator"/>
<sequence-generator name="ResourceSetSequenceGenerator" sequence-name="resource_set_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.SavedRegisteredClient" name="SavedRegisteredClient">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedRegisteredClientSequenceGenerator"/>
<sequence-generator name="SavedRegisteredClientSequenceGenerator" sequence-name="saved_registered_client_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
</entity-mappings>

25
openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
View File

@ -94,4 +94,29 @@
<property name="showSql" value="true" />
</bean>
-->
<!-- The following is for connecting to a Oracle database that has been initialized with
src/main/resources/db/tables/oracle_database_tables.sql -->
<!--<bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="jdbcUrl" value="jdbc:oracle:thin:@localhost:1521:XE" />
<property name="username" value="oic" />
<property name="password" value="oic" />
</bean>-->
<!-- Use the following to set up the OIC tables in the Oracle DB
Below scripts are intended to be run once at startup. -->
<!--<jdbc:initialize-database data-source="dataSource">
<jdbc:script location="classpath:/db/tables/oracle_database_tables.sql"/>
<jdbc:script location="classpath:/db/tables/security-schema_oracle.sql"/>
<jdbc:script location="classpath:/db/tables/loading_temp_tables_oracle.sql"/>
<jdbc:script location="classpath:/db/users_oracle.sql"/>
<jdbc:script location="classpath:/db/clients_oracle.sql"/>
<jdbc:script location="classpath:/db/scopes_oracle.sql"/>
</jdbc:initialize-database>-->
<!--<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.OraclePlatform" />
<property name="showSql" value="true" />
</bean>-->
</beans>

2
openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml
View File

@ -48,6 +48,8 @@
</map>
</property>
<property name="persistenceUnitName" value="defaultPersistenceUnit" />
<!-- uncomment for Oracle -->
<!--<property name="mappingResources" value="entity-mappings_oracle.xml" />-->
</bean>