From c80b1081cc17a54795949c8aeec52c709f1d9af0 Mon Sep 17 00:00:00 2001 From: Amanda Anganes Date: Wed, 24 Apr 2013 11:52:03 -0400 Subject: [PATCH] Cleaning up approvedsite => token linkage --- .../oauth2/model/OAuth2AccessTokenEntity.java | 19 ---- .../openid/connect/model/ApprovedSite.java | 103 +----------------- .../openid/connect/model/WhitelistedSite.java | 68 +----------- .../DefaultOAuth2ProviderTokenService.java | 1 - .../impl/DefaultApprovedSiteService.java | 17 ++- .../openid/connect/web/ApprovedSiteAPI.java | 16 +-- 6 files changed, 19 insertions(+), 205 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index ad713b761..75b7eef24 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -43,7 +43,6 @@ import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; -import org.mitre.openid.connect.model.ApprovedSite; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; @@ -91,24 +90,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { private Set scope; -// private ApprovedSite approvedSite; -// -// /** -// * @return the approvedSite -// */ -// @ManyToOne(fetch=FetchType.EAGER) -// @JoinColumn(name="approved_site_id", referencedColumnName="id") -// public ApprovedSite getApprovedSite() { -// return approvedSite; -// } -// -// /** -// * @param approvedSite the approvedSite to set -// */ -// public void setApprovedSite(ApprovedSite approvedSite) { -// this.approvedSite = approvedSite; -// } - /** * Create a new, blank access token */ diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java index 2e0205697..f59938ddd 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java @@ -15,7 +15,6 @@ ******************************************************************************/ package org.mitre.openid.connect.model; -import java.io.Serializable; import java.util.Date; import java.util.Set; @@ -50,9 +49,7 @@ import com.google.common.collect.Sets; @NamedQuery(name = "ApprovedSite.getByClientId", query = "select a from ApprovedSite a where a.clientId = :clientId"), @NamedQuery(name = "ApprovedSite.getByClientIdAndUserId", query = "select a from ApprovedSite a where a.clientId = :clientId and a.userId = :userId") }) -public class ApprovedSite implements Serializable { - - private static final long serialVersionUID = 1L; +public class ApprovedSite { // unique id private Long id; @@ -258,103 +255,5 @@ public class ApprovedSite implements Serializable { public void setApprovedAccessTokens(Set approvedAccessTokens) { this.approvedAccessTokens = approvedAccessTokens; } - - /* (non-Javadoc) - * @see java.lang.Object#hashCode() - */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((accessDate == null) ? 0 : accessDate.hashCode()); - result = prime * result - + ((allowedScopes == null) ? 0 : allowedScopes.hashCode()); - result = prime * result - + ((clientId == null) ? 0 : clientId.hashCode()); - result = prime * result - + ((creationDate == null) ? 0 : creationDate.hashCode()); - result = prime * result + ((id == null) ? 0 : id.hashCode()); - result = prime * result - + ((timeoutDate == null) ? 0 : timeoutDate.hashCode()); - result = prime * result + ((userId == null) ? 0 : userId.hashCode()); - result = prime * result - + ((whitelistedSite == null) ? 0 : whitelistedSite.hashCode()); - return result; - } - - /* (non-Javadoc) - * @see java.lang.Object#equals(java.lang.Object) - */ - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (!(obj instanceof ApprovedSite)) { - return false; - } - ApprovedSite other = (ApprovedSite) obj; - if (accessDate == null) { - if (other.accessDate != null) { - return false; - } - } else if (!accessDate.equals(other.accessDate)) { - return false; - } - if (allowedScopes == null) { - if (other.allowedScopes != null) { - return false; - } - } else if (!allowedScopes.equals(other.allowedScopes)) { - return false; - } - if (clientId == null) { - if (other.clientId != null) { - return false; - } - } else if (!clientId.equals(other.clientId)) { - return false; - } - if (creationDate == null) { - if (other.creationDate != null) { - return false; - } - } else if (!creationDate.equals(other.creationDate)) { - return false; - } - if (id == null) { - if (other.id != null) { - return false; - } - } else if (!id.equals(other.id)) { - return false; - } - if (timeoutDate == null) { - if (other.timeoutDate != null) { - return false; - } - } else if (!timeoutDate.equals(other.timeoutDate)) { - return false; - } - if (userId == null) { - if (other.userId != null) { - return false; - } - } else if (!userId.equals(other.userId)) { - return false; - } - if (whitelistedSite == null) { - if (other.whitelistedSite != null) { - return false; - } - } else if (!whitelistedSite.equals(other.whitelistedSite)) { - return false; - } - return true; - } } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java index a007dd102..10e84d9ce 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java @@ -15,7 +15,6 @@ ******************************************************************************/ package org.mitre.openid.connect.model; -import java.io.Serializable; import java.util.Set; import javax.persistence.Basic; @@ -45,9 +44,7 @@ import javax.persistence.Table; @NamedQuery(name = "WhitelistedSite.getByClientId", query = "select w from WhitelistedSite w where w.clientId = :clientId"), @NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId") }) -public class WhitelistedSite implements Serializable { - - private static final long serialVersionUID = 1L; +public class WhitelistedSite { // unique id private Long id; @@ -130,67 +127,4 @@ public class WhitelistedSite implements Serializable { public void setCreatorUserId(String creatorUserId) { this.creatorUserId = creatorUserId; } - - /* (non-Javadoc) - * @see java.lang.Object#hashCode() - */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((allowedScopes == null) ? 0 : allowedScopes.hashCode()); - result = prime * result - + ((clientId == null) ? 0 : clientId.hashCode()); - result = prime * result - + ((creatorUserId == null) ? 0 : creatorUserId.hashCode()); - result = prime * result + ((id == null) ? 0 : id.hashCode()); - return result; - } - - /* (non-Javadoc) - * @see java.lang.Object#equals(java.lang.Object) - */ - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (!(obj instanceof WhitelistedSite)) { - return false; - } - WhitelistedSite other = (WhitelistedSite) obj; - if (allowedScopes == null) { - if (other.allowedScopes != null) { - return false; - } - } else if (!allowedScopes.equals(other.allowedScopes)) { - return false; - } - if (clientId == null) { - if (other.clientId != null) { - return false; - } - } else if (!clientId.equals(other.clientId)) { - return false; - } - if (creatorUserId == null) { - if (other.creatorUserId != null) { - return false; - } - } else if (!creatorUserId.equals(other.creatorUserId)) { - return false; - } - if (id == null) { - if (other.id != null) { - return false; - } - } else if (!id.equals(other.id)) { - return false; - } - return true; - } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index 559cac112..d46322ea1 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -157,7 +157,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi Long apId = (Long) originalAuthRequest.getExtensionProperties().get("approved_site"); ApprovedSite ap = approvedSiteService.getById(apId); - //token.setApprovedSite(ap); Set apTokens = ap.getApprovedAccessTokens(); apTokens.add(token); ap.setApprovedAccessTokens(apTokens); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java index 4c127c75f..7217b4c6f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java @@ -19,7 +19,8 @@ import java.util.Collection; import java.util.Date; import java.util.Set; -import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.repository.OAuth2TokenRepository; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.model.WhitelistedSite; import org.mitre.openid.connect.repository.ApprovedSiteRepository; @@ -41,6 +42,9 @@ public class DefaultApprovedSiteService implements ApprovedSiteService { @Autowired private ApprovedSiteRepository approvedSiteRepository; + + @Autowired + private OAuth2TokenRepository tokenRepository; /** * Default constructor @@ -77,6 +81,17 @@ public class DefaultApprovedSiteService implements ApprovedSiteService { @Override @Transactional public void remove(ApprovedSite approvedSite) { + + //Remove any associated access and refresh tokens + Set accessTokens = approvedSite.getApprovedAccessTokens(); + + for (OAuth2AccessTokenEntity token : accessTokens) { + if (token.getRefreshToken() != null) { + tokenRepository.removeRefreshToken(token.getRefreshToken()); + } + tokenRepository.removeAccessToken(token); + } + approvedSiteRepository.remove(approvedSite); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 5049fb48e..7305536c0 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -5,9 +5,7 @@ package org.mitre.openid.connect.web; import java.security.Principal; import java.util.Collection; -import java.util.Set; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.service.ApprovedSiteService; @@ -75,19 +73,7 @@ public class ApprovedSiteAPI { return "jsonErrorView"; } else { m.put("code", HttpStatus.OK); - - Set accessTokens = approvedSite.getApprovedAccessTokens(); - - for (OAuth2AccessTokenEntity token : accessTokens) { - if (token.getRefreshToken() != null) { - //TODO: how should refresh tokens be handled if you delete an approved site? - //tokenServices.revokeRefreshToken(token.getRefreshToken()); - } - tokenServices.revokeAccessToken(token); - } - - approvedSiteService.remove(approvedSite); - + approvedSiteService.remove(approvedSite); } return "httpCodeView";