Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.

openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolder.java

@@ -0,0 +1,64 @@
+package org.mitre.oauth2.model;
+
+import javax.persistence.Basic;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Lob;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+
+@Entity
+@Table(name="authentication_holder")
+@NamedQueries ({
+	@NamedQuery(name = "AuthenticationHolder.getByAuthentication", query = "select a from AuthenticationHolder a where a.authentication = :authentication")
+})
+public class AuthenticationHolder {
+
+	private Long id;
+	
+	private Long owner_id;
+	
+	private OAuth2Authentication authentication;
+	
+	public AuthenticationHolder() {
+		
+	}
+
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	public Long getId() {
+		return id;
+	}
+
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	@Basic
+	public Long getOwner_id() {
+		return owner_id;
+	}
+
+	public void setOwner_id(Long owner_id) {
+		this.owner_id = owner_id;
+	}
+
+	@Lob
+	@Basic(fetch=FetchType.LAZY)
+	public OAuth2Authentication getAuthentication() {
+		return authentication;
+	}
+
+	public void setAuthentication(OAuth2Authentication authentication) {
+		this.authentication = authentication;
+	}
+	
+	
+	
+}

openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java

@@ -149,7 +149,9 @@ public class ClientDetailsEntity implements ClientDetails {
 	public static ClientDetailsEntityBuilder makeBuilder() {
     	return new ClientDetailsEntityBuilder();
     }
-    
+
+	//TODO or FIXME: This builder is currently unused. If we want to keep it, it needs
+	//to be updated with the current fieldset.
 	public static class ClientDetailsEntityBuilder {
 		private ClientDetailsEntity instance;
 		
@@ -157,6 +159,35 @@ public class ClientDetailsEntity implements ClientDetails {
 			instance = new ClientDetailsEntity();
 		}
 
+		/**
+         * @param clientDescription
+         * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String)
+         */
+        public ClientDetailsEntityBuilder setClientDescription(String clientDescription) {
+	        instance.setClientDescription(clientDescription);
+			return this;
+        }
+		
+        /**
+         * @param allowRefresh
+         * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowRefresh(Boolean)
+         */
+        public ClientDetailsEntityBuilder setAllowRefresh(Boolean allowRefresh) {
+	        instance.setAllowRefresh(allowRefresh);
+			return this;
+        }
+        
+        /**
+         * @param allow
+         * @see 
+         */
+        public ClientDetailsEntityBuilder setAllowMultipleAccessTokens(Boolean allow) {
+        	instance.setAllowMultipleAccessTokens(allow);
+        	return this;
+        }
+        
+        
+        
 		/**
          * @param clientId
          * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String)
@@ -202,23 +233,9 @@ public class ClientDetailsEntity implements ClientDetails {
 			return this;
         }
 
-		/**
+		
-         * @param clientDescription
-         * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String)
-         */
-        public ClientDetailsEntityBuilder setClientDescription(String clientDescription) {
-	        instance.setClientDescription(clientDescription);
-			return this;
-        }
 
-		/**
+		
-         * @param allowRefresh
-         * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowRefresh(Boolean)
-         */
-        public ClientDetailsEntityBuilder setAllowRefresh(Boolean allowRefresh) {
-	        instance.setAllowRefresh(allowRefresh);
-			return this;
-        }
 
 		/**
          * @param accessTokenTimeout
@@ -842,8 +859,6 @@ public class ClientDetailsEntity implements ClientDetails {
 				+ (defaultACR != null ? "defaultACR=" + defaultACR : "") + "]";
 	}
 
-    
-
 	/* (non-Javadoc)
 	 * @see java.lang.Object#hashCode()
 	 */
@@ -961,8 +976,6 @@ public class ClientDetailsEntity implements ClientDetails {
 		return result;
 	}
 
-
-
 	/* (non-Javadoc)
 	 * @see java.lang.Object#equals(java.lang.Object)
 	 */

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java

@@ -45,7 +45,6 @@ import org.mitre.jwt.model.Jwt;
 import org.mitre.openid.connect.model.IdToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
 
 /**
  * @author jricher
@@ -70,7 +69,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	
 	private ClientDetailsEntity client;
 	
-	private OAuth2Authentication authentication; // the authentication that made this access
+	private AuthenticationHolder authenticationHolder; // the authentication that made this access
 	
 	private Jwt jwtValue; // JWT-encoded access token value
 
@@ -121,17 +120,17 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 * The authentication in place when this token was created.
      * @return the authentication
      */
-	@Lob
+	@ManyToOne
-	@Basic
+	@JoinColumn(name = "owner_id")
-    public OAuth2Authentication getAuthentication() {
+    public AuthenticationHolder getAuthenticationHolder() {
-    	return authentication;
+    	return authenticationHolder;
     }
 
 	/**
      * @param authentication the authentication to set
      */
-    public void setAuthentication(OAuth2Authentication authentication) {
+    public void setAuthenticationHolder(AuthenticationHolder authenticationHolder) {
-    	this.authentication = authentication;
+    	this.authenticationHolder = authenticationHolder;
     }
 
 	/**

openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java

@@ -0,0 +1,18 @@
+package org.mitre.oauth2.repository;
+
+import org.mitre.oauth2.model.AuthenticationHolder;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+
+public interface AuthenticationHolderRepository {
+
+	public AuthenticationHolder getById(Long id);
+	
+	public AuthenticationHolder getByAuthentication(OAuth2Authentication a);
+	
+	public AuthenticationHolder removeById(Long id);
+	
+	public AuthenticationHolder remove(AuthenticationHolder a);
+	
+	public AuthenticationHolder save(AuthenticationHolder a);
+	
+}

openid-connect-server/db/tables/authentication_holder.sql

@@ -0,0 +1,5 @@
+CREATE TABLE authentication_holder {
+	id VARCHAR(256),
+	owner_id VARCHAR(256),
+	authentication LONGBLOB
+}

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -22,9 +22,11 @@ import java.util.Date;
 import java.util.List;
 import java.util.Set;
 
+import org.mitre.oauth2.model.AuthenticationHolder;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
@@ -56,6 +58,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	@Autowired
 	private OAuth2TokenRepository tokenRepository;
 	
+	@Autowired
+	private AuthenticationHolderRepository authenticationHolderRepository;
+	
 	@Autowired
 	private ClientDetailsEntityService clientDetailsService;
 	
@@ -90,7 +95,11 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    	}
 		    
 	    	// attach the authorization so that we can look it up later
-	    	token.setAuthentication(authentication);
+	    	AuthenticationHolder authHolder = new AuthenticationHolder();
+	    	authHolder.setAuthentication(authentication);
+	    	authHolder = authenticationHolderRepository.save(authHolder);
+	    	
+	    	token.setAuthenticationHolder(authHolder);
 	    	
 	    	// TODO: tie this to the offline_access scope
 	    	// attach a refresh token, if this client is allowed to request them
@@ -207,7 +216,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			throw new InvalidTokenException("Expired access token: " + accessTokenValue);
 		}
 		
-	    return accessToken.getAuthentication();
+	    return accessToken.getAuthenticationHolder().getAuthentication();
     }