auto load test client for XYZ

openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql

@@ -10,60 +10,31 @@ START TRANSACTION;
 -- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
 -- 
 
-INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
-	('client', 'secret', 'Test Client', false, null, 3600, 600, true);
-
-INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
-	('client', 'openid'),
-	('client', 'profile'),
-	('client', 'email'),
-	('client', 'address'),
-	('client', 'phone'),
-	('client', 'offline_access');
-
-INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
-	('client', 'http://localhost/'),
-	('client', 'http://localhost:8080/');
+INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection, jwks, token_endpoint_auth_method) VALUES
+	('client', 'secret', 'Test Client', false, null, 3600, 600, true, 
+	'{"keys": [{ "kty": "RSA", "d": "m1M7uj1uZMgQqd2qwqBk07rgFzbzdCAbsfu5kvqoALv3oRdyi_UVHXDhos3DZVQ3M6mKgb30XXESykY8tpWcQOU-qx6MwtSFbo-3SNx9fBtylyQosHECGyleVP79YTE4mC0odRoUIDS90J9AcFsdVtC6M2oJ3CCL577a-lJg6eYyQoRmbjdzqMnBFJ99TCfR6wBQQbzXi1K_sN6gcqhxMmQXHWlqfT7-AJIxX9QUF0rrXMMX9fPh-HboGKs2Dqoo3ofJ2XuePpmpVDvtGy_jenXmUdpsRleqnMrEI2qkBonJQSKL4HPNpsylbQyXt2UtYrzcopCp7jL-j56kRPpQAQ", "e": "AQAB",  "kid": "xyz-client",  "alg": "RS256", "n": "zwCT_3bx-glbbHrheYpYpRWiY9I-nEaMRpZnRrIjCs6b_emyTkBkDDEjSysi38OC73hj1-WgxcPdKNGZyIoH3QZen1MKyyhQpLJG1-oLNLqm7pXXtdYzSdC9O3-oiyy8ykO4YUyNZrRRfPcihdQCbO_OC8Qugmg9rgNDOSqppdaNeas1ov9PxYvxqrz1-8Ha7gkD00YECXHaB05uMaUadHq-O_WIvYXicg6I5j6S44VNU65VBwu-AlynTxQdMAWP3bYxVVy6p3-7eTJokvjYTFqgDVDZ8lUXbr5yCTnRhnhJgvf3VjD_malNe8-tOqK5OSDlHTy6gD9NqdGCm-Pm3Q" }]}',
+	'PRIVATE_KEY');
+
+INSERT INTO client_scope (owner_id, scope) VALUES
+	(1, 'openid'),
+	(1, 'profile'),
+	(1, 'email'),
+	(1, 'address'),
+	(1, 'phone'),
+	(1, 'offline_access');
+
+INSERT INTO client_redirect_uri (owner_id, redirect_uri) VALUES
+	(1, 'http://localhost/'),
+	(1, 'http://localhost:8080/'),
+	(1, 'http://host.docker.internal:9834/api/client/callback');
 	
-INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
-	('client', 'authorization_code'),
-	('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
-	('client', 'urn:ietf:params:oauth:grant-type:device_code'),
-	('client', 'implicit'),
-	('client', 'refresh_token');
+INSERT INTO client_grant_type (owner_id, grant_type) VALUES
+	(1, 'authorization_code'),
+	(1, 'urn:ietf:params:oauth:grant_type:redelegate'),
+	(1, 'urn:ietf:params:oauth:grant-type:device_code'),
+	(1, 'implicit'),
+	(1, 'refresh_token');
 	
---
--- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
---
-
-MERGE INTO client_details 
-  USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
-  ON vals.client_id = client_details.client_id
-  WHEN NOT MATCHED THEN 
-    INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection);
-
-MERGE INTO client_scope 
-  USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
-  ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
-  WHEN NOT MATCHED THEN 
-    INSERT (owner_id, scope) values (vals.id, vals.scope);
-
-MERGE INTO client_redirect_uri 
-  USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
-  ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri
-  WHEN NOT MATCHED THEN 
-    INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
-
-MERGE INTO client_grant_type 
-  USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type)
-  ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type
-  WHEN NOT MATCHED THEN 
-    INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);
-    
--- 
--- Close the transaction and turn autocommit back on
--- 
-    
 COMMIT;
 
 SET AUTOCOMMIT TRUE;

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

@@ -120,6 +120,18 @@
 		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
 		<security:csrf disabled="true"/>
 	</security:http>
+	
+	<security:http pattern="/transaction"
+		create-session="stateless"
+		use-expressions="true"
+		entry-point-ref="http403EntryPoint"
+		>
+	
+		<security:intercept-url pattern="/token" access="permitAll" /> <!--  handle authentication internally for now  -->
+		<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
+		<security:csrf disabled="true"/>
+		
+	</security:http>
 
 	<!-- Allow open access to discovery endpoints -->
 	<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">