added bootstrapping for clients, cleaned up sql files

12 years ago · ba7ddf17f9
parent cf7ceb74f3
commit ba7ddf17f9
4 changed files with 104 additions and 17 deletions
--- a/openid-connect-server/src/main/resources/db/clients.sql
+++ b/openid-connect-server/src/main/resources/db/clients.sql
@ -0,0 +1,67 @@
+--
+-- Turn off autocommit and start a transaction so that we can use the temp tables
+--
+
+SET AUTOCOMMIT FALSE;
+
+START TRANSACTION;
+
+--
+-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
+-- 
+
+INSERT INTO client_details_TEMP (client_id, client_secret, application_name, allow_refresh, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds) VALUES
+	('client', 'secret', 'Test Client', true, false, null, 3600, 600);
+
+INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
+	('client', 'openid'),
+	('client', 'profile'),
+	('client', 'email'),
+	('client', 'address'),
+	('client', 'phone'),
+	('client', 'offline');
+
+INSERT INTO redirect_uri_TEMP (owner_id, redirect_uri) VALUES
+	('client', 'http://localhost/'),
+	('client', 'http://localhost:8080/');
+	
+INSERT INTO authorized_grant_type_TEMP (owner_id, authorized_grant_type) VALUES
+	('client', 'autorization_code'),
+	('client', 'implicit');
+	
+--
+-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
+--
+
+MERGE INTO client_details 
+  USING (SELECT client_id, client_secret, application_name, allow_refresh, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds FROM client_details_TEMP) AS vals(client_id, client_secret, application_name, allow_refresh, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds)
+  ON vals.client_id = client_details.client_id
+  WHEN NOT MATCHED THEN 
+    INSERT (client_id, client_secret, application_name, allow_refresh, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds) VALUES(client_id, client_secret, application_name, allow_refresh, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds);
+
+MERGE INTO client_scope 
+  USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
+  ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
+  WHEN NOT MATCHED THEN 
+    INSERT (owner_id, scope) values (vals.id, vals.scope);
+
+MERGE INTO redirect_uri 
+  USING (SELECT id, redirect_uri FROM redirect_uri_TEMP, client_details WHERE client_details.client_id = redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
+  ON vals.id = redirect_uri.owner_id AND vals.redirect_uri = redirect_uri.redirect_uri
+  WHEN NOT MATCHED THEN 
+    INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
+
+MERGE INTO authorized_grant_type 
+  USING (SELECT id, authorized_grant_type FROM authorized_grant_type_TEMP, client_details WHERE client_details.client_id = authorized_grant_type_TEMP.owner_id) AS vals(id, authorized_grant_type)
+  ON vals.id = authorized_grant_type.owner_id AND vals.authorized_grant_type = authorized_grant_type.authorized_grant_type
+  WHEN NOT MATCHED THEN 
+    INSERT (owner_id, authorized_grant_type) values (vals.id, vals.authorized_grant_type);
+    
+-- 
+-- Close the transaction and turn autocommit back on
+-- 
+    
+COMMIT;
+
+SET AUTOCOMMIT TRUE;
+
--- a/openid-connect-server/src/main/resources/db/tables/database_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/database_tables.sql
@ -68,10 +68,10 @@ CREATE TABLE IF NOT EXISTS blacklisted_site (
 CREATE TABLE IF NOT EXISTS client_details (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	client_description VARCHAR(256),
-	allow_refresh TINYINT,
-	allow_multiple_access_tokens TINYINT,
-	reuse_refresh_tokens TINYINT,
-	dynamically_registered TINYINT,
+	allow_refresh BOOLEAN,
+	allow_multiple_access_tokens BOOLEAN,
+	reuse_refresh_tokens BOOLEAN,
+	dynamically_registered BOOLEAN,
 	id_token_validity_seconds BIGINT,
 	
 	client_id VARCHAR(256),
@ -105,7 +105,7 @@ CREATE TABLE IF NOT EXISTS client_details (
 	id_token_encrypted_response_int VARCHAR(256),
 	
 	default_max_age BIGINT,
-	require_auth_time TINYINT,
+	require_auth_time BOOLEAN,
 	default_acr VARCHAR(256)
 );

@ -142,17 +142,17 @@ CREATE TABLE IF NOT EXISTS refresh_token (
 );

 CREATE TABLE IF NOT EXISTS resource_id (
-	owner_id VARCHAR(256), 
+	owner_id BIGINT, 
 	resource_id VARCHAR(256) 
 );

 CREATE TABLE IF NOT EXISTS client_scope (
-	owner_id VARCHAR(4096),
+	owner_id BIGINT,
 	scope VARCHAR(2048)
 );

 CREATE TABLE IF NOT EXISTS token_scope (
-	owner_id VARCHAR(4096),
+	owner_id BIGINT,
 	scope VARCHAR(2048)
 );

--- a/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql
@ -35,13 +35,31 @@ CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
 	updated_time VARCHAR(256)
 );

-CREATE TEMPORARY TABLE IF NOT EXISTS address_TEMP (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	formatted VARCHAR(256),
-	street_address VARCHAR(256),
-	locality VARCHAR(256),
-	region VARCHAR(256),
-	postal_code VARCHAR(256),
-	country VARCHAR(256)
+CREATE TEMPORARY TABLE IF NOT EXISTS client_details_TEMP (
+	client_description VARCHAR(256),
+	allow_refresh BOOLEAN,
+	dynamically_registered BOOLEAN,
+	id_token_validity_seconds BIGINT,
+	
+	client_id VARCHAR(256),
+	client_secret VARCHAR(2048),
+	access_token_validity_seconds BIGINT,
+	refresh_token_validity_seconds BIGINT,
+	
+	application_name VARCHAR(256)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS client_scope_TEMP (
+	owner_id VARCHAR(256),
+	scope VARCHAR(2048)
 );

+CREATE TEMPORARY TABLE IF NOT EXISTS redirect_uri_TEMP (
+	owner_id VARCHAR(256),
+	redirect_uri VARCHAR(2048) 
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS authorized_grant_type_TEMP (
+	owner_id VARCHAR(256),
+	authorized_grant_type VARCHAR(2000)
+);
--- a/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml
@ -17,10 +17,12 @@
 		   If you are using a file based HSQLDB you should not run this every time. -->
 	<jdbc:initialize-database data-source="dataSource">
 		<jdbc:script location="classpath:/db/tables/database_tables.sql"/>
-		<!-- The following are for the jdbc-user-service spring security implementation -->
+		<!-- The following file is for the jdbc-user-service spring security implementation -->
 		<jdbc:script location="classpath:/db/tables/security-schema.sql"/>
+		<!-- The following files are for safely bootstrapping users and clients into the database -->
 		<jdbc:script location="classpath:/db/tables/loading_temp_tables.sql"/>
 		<jdbc:script location="classpath:/db/users.sql"/>
+		<jdbc:script location="classpath:/db/clients.sql"/>
 	</jdbc:initialize-database>
 	
 	<!--  The following is for connecting to a MySQL database that has been initialized with