auto load test client for XYZ

pull/1536/head
Justin Richer 5 years ago
parent a943f1a725
commit be95f8a781

@ -10,59 +10,30 @@ START TRANSACTION;
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'urn:ietf:params:oauth:grant-type:device_code'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
ON vals.client_id = client_details.client_id
WHEN NOT MATCHED THEN
INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection);
MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);
MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type)
ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);
--
-- Close the transaction and turn autocommit back on
--
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection, jwks, token_endpoint_auth_method) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true,
'{"keys": [{ "kty": "RSA", "d": "m1M7uj1uZMgQqd2qwqBk07rgFzbzdCAbsfu5kvqoALv3oRdyi_UVHXDhos3DZVQ3M6mKgb30XXESykY8tpWcQOU-qx6MwtSFbo-3SNx9fBtylyQosHECGyleVP79YTE4mC0odRoUIDS90J9AcFsdVtC6M2oJ3CCL577a-lJg6eYyQoRmbjdzqMnBFJ99TCfR6wBQQbzXi1K_sN6gcqhxMmQXHWlqfT7-AJIxX9QUF0rrXMMX9fPh-HboGKs2Dqoo3ofJ2XuePpmpVDvtGy_jenXmUdpsRleqnMrEI2qkBonJQSKL4HPNpsylbQyXt2UtYrzcopCp7jL-j56kRPpQAQ", "e": "AQAB", "kid": "xyz-client", "alg": "RS256", "n": "zwCT_3bx-glbbHrheYpYpRWiY9I-nEaMRpZnRrIjCs6b_emyTkBkDDEjSysi38OC73hj1-WgxcPdKNGZyIoH3QZen1MKyyhQpLJG1-oLNLqm7pXXtdYzSdC9O3-oiyy8ykO4YUyNZrRRfPcihdQCbO_OC8Qugmg9rgNDOSqppdaNeas1ov9PxYvxqrz1-8Ha7gkD00YECXHaB05uMaUadHq-O_WIvYXicg6I5j6S44VNU65VBwu-AlynTxQdMAWP3bYxVVy6p3-7eTJokvjYTFqgDVDZ8lUXbr5yCTnRhnhJgvf3VjD_malNe8-tOqK5OSDlHTy6gD9NqdGCm-Pm3Q" }]}',
'PRIVATE_KEY');
INSERT INTO client_scope (owner_id, scope) VALUES
(1, 'openid'),
(1, 'profile'),
(1, 'email'),
(1, 'address'),
(1, 'phone'),
(1, 'offline_access');
INSERT INTO client_redirect_uri (owner_id, redirect_uri) VALUES
(1, 'http://localhost/'),
(1, 'http://localhost:8080/'),
(1, 'http://host.docker.internal:9834/api/client/callback');
INSERT INTO client_grant_type (owner_id, grant_type) VALUES
(1, 'authorization_code'),
(1, 'urn:ietf:params:oauth:grant_type:redelegate'),
(1, 'urn:ietf:params:oauth:grant-type:device_code'),
(1, 'implicit'),
(1, 'refresh_token');
COMMIT;

@ -121,6 +121,18 @@
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/transaction"
create-session="stateless"
use-expressions="true"
entry-point-ref="http403EntryPoint"
>
<security:intercept-url pattern="/token" access="permitAll" /> <!-- handle authentication internally for now -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<!-- Allow open access to discovery endpoints -->
<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>

Loading…
Cancel
Save