From ec283276053e00df520b09573722c67e74add48d Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 1 Sep 2016 18:35:06 +0200 Subject: [PATCH] A new service for AuthenticationHolder management - The logic to create and query AuthenticationHolder entities have been moved to a service, and other services that depended on AuthenticationHolderRepository now depend on AuthenticationHolderEntityService - An additionalInfo map collection has been added to SavedUserAuthentication. This map can be used to store other information related to user authentication (like authn type, attributes etc.) --- .../oauth2/model/SavedUserAuthentication.java | 268 ++++++++++-------- .../AuthenticationHolderEntityService.java | 15 + ...aultAuthenticationHolderEntityService.java | 41 +++ .../db/tables/hsql_database_tables.sql | 7 + .../db/tables/mysql_database_tables.sql | 7 + .../db/tables/psql_database_tables.sql | 7 + ...DefaultOAuth2AuthorizationCodeService.java | 8 +- .../DefaultOAuth2ProviderTokenService.java | 12 +- .../service/impl/DefaultOIDCTokenService.java | 22 +- ...TestDefaultOAuth2ProviderTokenService.java | 38 ++- .../service/impl/DefaultUmaTokenService.java | 109 ++++--- 11 files changed, 307 insertions(+), 227 deletions(-) create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java index c83859fc5..1a8e95bb7 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java @@ -1,24 +1,23 @@ /******************************************************************************* - * Copyright 2016 The MITRE Corporation - * and the MIT Internet Trust Consortium + * Copyright 2016 The MITRE Corporation and the MIT Internet Trust Consortium * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. *******************************************************************************/ package org.mitre.oauth2.model; import java.util.Collection; +import java.util.HashMap; import java.util.HashSet; +import java.util.Map; import javax.persistence.Basic; import javax.persistence.CollectionTable; @@ -31,6 +30,7 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; +import javax.persistence.MapKeyColumn; import javax.persistence.Table; import javax.persistence.Transient; @@ -45,143 +45,163 @@ import org.springframework.security.core.GrantedAuthority; * */ @Entity -@Table(name="saved_user_auth") +@Table(name = "saved_user_auth") public class SavedUserAuthentication implements Authentication { - private static final long serialVersionUID = -1804249963940323488L; + private static final long serialVersionUID = -1804249963940323488L; - private Long id; + private Long id; - private String name; + private String name; - private Collection authorities; + private Collection authorities; - private boolean authenticated; + private boolean authenticated; - private String sourceClass; + private String sourceClass; - /** - * Create a Saved Auth from an existing Auth token - */ - public SavedUserAuthentication(Authentication src) { - setName(src.getName()); - setAuthorities(src.getAuthorities()); - setAuthenticated(src.isAuthenticated()); + private Map additionalInfo = new HashMap<>(); - if (src instanceof SavedUserAuthentication) { - // if we're copying in a saved auth, carry over the original class name - setSourceClass(((SavedUserAuthentication) src).getSourceClass()); - } else { - setSourceClass(src.getClass().getName()); - } - } + /** + * Create a Saved Auth from an existing Auth token + */ + public SavedUserAuthentication(Authentication src) { + setName(src.getName()); + setAuthorities(src.getAuthorities()); + setAuthenticated(src.isAuthenticated()); - /** - * Create an empty saved auth - */ - public SavedUserAuthentication() { + if (src instanceof SavedUserAuthentication) { + // if we're copying in a saved auth, carry over the original class name + setSourceClass(((SavedUserAuthentication) src).getSourceClass()); + additionalInfo.putAll(((SavedUserAuthentication) src).getAdditionalInfo()); + + } else { + setSourceClass(src.getClass().getName()); + } + } - } + /** + * Create an empty saved auth + */ + public SavedUserAuthentication() { - /** - * @return the id - */ - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - public Long getId() { - return id; - } + } - /** - * @param id the id to set - */ - public void setId(Long id) { - this.id = id; - } + /** + * @return the id + */ + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + public Long getId() { + return id; + } - @Override - @Basic - @Column(name="name") - public String getName() { - return name; - } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } - @Override - @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="saved_user_auth_authority", - joinColumns=@JoinColumn(name="owner_id") - ) - @Convert(converter = SimpleGrantedAuthorityStringConverter.class) - @Column(name="authority") - public Collection getAuthorities() { - return authorities; - } + @Override + @Basic + @Column(name = "name") + public String getName() { + return name; + } - @Override - @Transient - public Object getCredentials() { - return ""; - } + @Override + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "saved_user_auth_authority", + joinColumns = @JoinColumn(name = "owner_id") ) + @Convert(converter = SimpleGrantedAuthorityStringConverter.class) + @Column(name = "authority") + public Collection getAuthorities() { + return authorities; + } - @Override - @Transient - public Object getDetails() { - return null; - } + @Override + @Transient + public Object getCredentials() { + return ""; + } - @Override - @Transient - public Object getPrincipal() { - return getName(); - } + @Override + @Transient + public Object getDetails() { + return null; + } - @Override - @Basic - @Column(name="authenticated") - public boolean isAuthenticated() { - return authenticated; - } + @Override + @Transient + public Object getPrincipal() { + return getName(); + } - @Override - public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { - this.authenticated = isAuthenticated; - } + @Override + @Basic + @Column(name = "authenticated") + public boolean isAuthenticated() { + return authenticated; + } - /** - * @return the sourceClass - */ - @Basic - @Column(name="source_class") - public String getSourceClass() { - return sourceClass; - } + @Override + public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { + this.authenticated = isAuthenticated; + } - /** - * @param sourceClass the sourceClass to set - */ - public void setSourceClass(String sourceClass) { - this.sourceClass = sourceClass; - } + /** + * @return the sourceClass + */ + @Basic + @Column(name = "source_class") + public String getSourceClass() { + return sourceClass; + } - /** - * @param name the name to set - */ - public void setName(String name) { - this.name = name; - } + /** + * @param sourceClass the sourceClass to set + */ + public void setSourceClass(String sourceClass) { + this.sourceClass = sourceClass; + } - /** - * @param authorities the authorities to set - */ - public void setAuthorities(Collection authorities) { - if (authorities != null) { - this.authorities = new HashSet<>(authorities); - } else { - this.authorities = null; - } - } + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @param authorities the authorities to set + */ + public void setAuthorities(Collection authorities) { + if (authorities != null) { + this.authorities = new HashSet<>(authorities); + } else { + this.authorities = null; + } + } + + @ElementCollection(fetch = FetchType.EAGER) + @MapKeyColumn(name = "info_key") + @Column(name = "info_val", length = 256) + @CollectionTable(name = "saved_user_auth_info", joinColumns = @JoinColumn(name = "owner_id") ) + /** + * @return the additionalInfo + */ + public Map getAdditionalInfo() { + return additionalInfo; + } + + /** + * @param additionalInfo the additionalInfo to set + */ + public void setAdditionalInfo(Map additionalInfo) { + this.additionalInfo = additionalInfo; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java new file mode 100644 index 000000000..17d4bec03 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java @@ -0,0 +1,15 @@ +package org.mitre.oauth2.service; + +import java.util.List; + +import org.mitre.oauth2.model.AuthenticationHolderEntity; +import org.springframework.security.oauth2.provider.OAuth2Authentication; + +public interface AuthenticationHolderEntityService { + + AuthenticationHolderEntity create(OAuth2Authentication authn); + + void remove(AuthenticationHolderEntity holder); + + List getOrphanedAuthenticationHolders(); +} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java new file mode 100644 index 000000000..c31b412e2 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java @@ -0,0 +1,41 @@ +package org.mitre.oauth2.service.impl; + +import java.util.List; + +import org.mitre.oauth2.model.AuthenticationHolderEntity; +import org.mitre.oauth2.repository.AuthenticationHolderRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.stereotype.Service; + +@Service("authenticationHolderEntityService") +public class DefaultAuthenticationHolderEntityService implements AuthenticationHolderEntityService { + + private final AuthenticationHolderRepository repo; + + @Autowired + public DefaultAuthenticationHolderEntityService(AuthenticationHolderRepository repo) { + this.repo = repo; + } + + @Override + public AuthenticationHolderEntity create(OAuth2Authentication authn) { + AuthenticationHolderEntity holder = new AuthenticationHolderEntity(); + holder.setAuthentication(authn); + + return repo.save(holder); + } + + @Override + public void remove(AuthenticationHolderEntity holder) { + repo.remove(holder); + } + + @Override + public List getOrphanedAuthenticationHolders() { + + return repo.getOrphanedAuthenticationHolders(); + } + +} diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql index 382a1934c..a6dfca684 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql @@ -96,6 +96,13 @@ CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( authority VARCHAR(256) ); +CREATE TABLE IF NOT EXISTS saved_user_auth_info ( + owner_id BIGINT, + info_key VARCHAR(256), + info_val VARCHAR(256), + UNIQUE(owner_id,info_key) +); + CREATE TABLE IF NOT EXISTS client_authority ( owner_id BIGINT, authority VARCHAR(256) diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql index ee145bac8..cc1036cfc 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql @@ -96,6 +96,13 @@ CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( authority VARCHAR(256) ); +CREATE TABLE IF NOT EXISTS saved_user_auth_info ( + owner_id BIGINT, + info_key VARCHAR(256), + info_val VARCHAR(256), + UNIQUE(owner_id, info_key) +); + CREATE TABLE IF NOT EXISTS client_authority ( owner_id BIGINT, authority VARCHAR(256) diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/psql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/psql_database_tables.sql index da7e69767..fdbfe3dcd 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/psql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/psql_database_tables.sql @@ -96,6 +96,13 @@ CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( authority VARCHAR(256) ); +CREATE TABLE IF NOT EXISTS saved_user_auth_info ( + owner_id BIGINT, + info_key VARCHAR(256), + info_val VARCHAR(256), + UNIQUE(owner_id, info_key) +); + CREATE TABLE IF NOT EXISTS client_authority ( owner_id BIGINT, authority VARCHAR(256) diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java index b4089c8a4..6f50eac8d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java @@ -24,8 +24,8 @@ import java.util.Date; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.AuthorizationCodeEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.AuthorizationCodeRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -51,7 +51,7 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS private AuthorizationCodeRepository repository; @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; + private AuthenticationHolderEntityService authenticationHolderService; private int authCodeExpirationSeconds = 60 * 5; // expire in 5 minutes by default @@ -70,9 +70,7 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS String code = generator.generate(); // attach the authorization so that we can look it up later - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); + AuthenticationHolderEntity authHolder = authenticationHolderService.create(authentication); // set the auth code to expire Date expiration = new Date(System.currentTimeMillis() + (getAuthCodeExpirationSeconds() * 1000L)); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index ee66603f7..d2798e0e3 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -39,8 +39,8 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.PKCEAlgorithm; import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2TokenRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.SystemScopeService; @@ -83,7 +83,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi private OAuth2TokenRepository tokenRepository; @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; + private AuthenticationHolderEntityService authenticationHolderService; @Autowired private ClientDetailsEntityService clientDetailsService; @@ -237,9 +237,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi } // attach the authorization so that we can look it up later - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); + AuthenticationHolderEntity authHolder = authenticationHolderService.create(authentication); token.setAuthenticationHolder(authHolder); @@ -524,7 +522,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi logger.info("Found " + authHolders.size() + " orphaned authentication holders"); } for(AuthenticationHolderEntity authHolder : authHolders) { - authenticationHolderRepository.remove(authHolder); + authenticationHolderService.remove(authHolder); } } @@ -537,7 +535,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi } private Collection getOrphanedAuthenticationHolders() { - return Sets.newHashSet(authenticationHolderRepository.getOrphanedAuthenticationHolders()); + return Sets.newHashSet(authenticationHolderService.getOrphanedAuthenticationHolders()); } /* (non-Javadoc) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java index 1ec1fa914..f8d1c5c6b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java @@ -31,7 +31,7 @@ import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.SystemScopeService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; @@ -41,7 +41,6 @@ import org.mitre.openid.connect.web.AuthenticationTimeStamper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; @@ -79,7 +78,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService { private JWTSigningAndValidationService jwtService; @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; + private AuthenticationHolderEntityService authenticationHolderService; @Autowired private ConfigurationPropertiesBean configBean; @@ -279,9 +278,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService { token.setClient(client); token.setScope(scope); - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(authentication); - authHolder = authenticationHolderRepository.save(authHolder); + AuthenticationHolderEntity authHolder = authenticationHolderService.create(authentication); + token.setAuthenticationHolder(authHolder); JWTClaimsSet claims = new JWTClaimsSet.Builder() @@ -336,16 +334,10 @@ public class DefaultOIDCTokenService implements OIDCTokenService { /** * @return the authenticationHolderRepository */ - public AuthenticationHolderRepository getAuthenticationHolderRepository() { - return authenticationHolderRepository; + public AuthenticationHolderEntityService getAuthenticationHolderService() { + return authenticationHolderService; } - /** - * @param authenticationHolderRepository the authenticationHolderRepository to set - */ - public void setAuthenticationHolderRepository( - AuthenticationHolderRepository authenticationHolderRepository) { - this.authenticationHolderRepository = authenticationHolderRepository; - } + } diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java index a152d10fe..65a8362cb 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java @@ -16,6 +16,17 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.not; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.when; + import java.util.Date; import java.util.HashSet; import java.util.Set; @@ -28,8 +39,8 @@ import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.SystemScope; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2TokenRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.SystemScopeService; import org.mockito.AdditionalAnswers; @@ -51,19 +62,6 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancer; import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; - -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.when; - -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - /** * @author wkim * @@ -95,7 +93,7 @@ public class TestDefaultOAuth2ProviderTokenService { private OAuth2TokenRepository tokenRepository; @Mock - private AuthenticationHolderRepository authenticationHolderRepository; + private AuthenticationHolderEntityService authenticationHolderService; @Mock private ClientDetailsEntityService clientDetailsService; @@ -114,7 +112,7 @@ public class TestDefaultOAuth2ProviderTokenService { */ @Before public void prepare() { - Mockito.reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer); + Mockito.reset(tokenRepository, authenticationHolderService, clientDetailsService, tokenEnhancer); @@ -153,7 +151,7 @@ public class TestDefaultOAuth2ProviderTokenService { Mockito.when(storedAuthHolder.getAuthentication()).thenReturn(storedAuthentication); Mockito.when(storedAuthentication.getOAuth2Request()).thenReturn(storedAuthRequest); - Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder); + Mockito.when(authenticationHolderService.create(Matchers.any(OAuth2Authentication.class))).thenReturn(storedAuthHolder); Mockito.when(scopeService.fromStrings(Matchers.anySet())).thenAnswer(new Answer>() { @Override @@ -260,7 +258,7 @@ public class TestDefaultOAuth2ProviderTokenService { OAuth2AccessTokenEntity token = service.createAccessToken(authentication); Mockito.verify(clientDetailsService).loadClientByClientId(Matchers.anyString()); - Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class)); + Mockito.verify(authenticationHolderService).create(Matchers.any(OAuth2Authentication.class)); Mockito.verify(tokenEnhancer).enhance(Matchers.any(OAuth2AccessTokenEntity.class), Matchers.eq(authentication)); Mockito.verify(tokenRepository).saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class)); Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet()); @@ -344,12 +342,12 @@ public class TestDefaultOAuth2ProviderTokenService { AuthenticationHolderEntity authHolder = Mockito.mock(AuthenticationHolderEntity.class); Mockito.when(authHolder.getAuthentication()).thenReturn(authentication); - Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(authHolder); + Mockito.when(authenticationHolderService.create(Matchers.any(OAuth2Authentication.class))).thenReturn(authHolder); OAuth2AccessTokenEntity token = service.createAccessToken(authentication); assertThat(token.getAuthenticationHolder().getAuthentication(), equalTo(authentication)); - Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class)); + Mockito.verify(authenticationHolderService).create(Matchers.any(OAuth2Authentication.class)); Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet()); } diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java index c9c104ee0..463f29539 100644 --- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java +++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java @@ -1,18 +1,15 @@ /******************************************************************************* - * Copyright 2016 The MITRE Corporation - * and the MIT Internet Trust Consortium + * Copyright 2016 The MITRE Corporation and the MIT Internet Trust Consortium * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. *******************************************************************************/ package org.mitre.uma.service.impl; @@ -26,7 +23,7 @@ import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.repository.AuthenticationHolderRepository; +import org.mitre.oauth2.service.AuthenticationHolderEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; @@ -52,70 +49,70 @@ import com.nimbusds.jwt.SignedJWT; @Service("defaultUmaTokenService") public class DefaultUmaTokenService implements UmaTokenService { - @Autowired - private AuthenticationHolderRepository authenticationHolderRepository; + @Autowired + private AuthenticationHolderEntityService authenticationHolderService; - @Autowired - private OAuth2TokenEntityService tokenService; + @Autowired + private OAuth2TokenEntityService tokenService; - @Autowired - private ClientDetailsEntityService clientService; + @Autowired + private ClientDetailsEntityService clientService; - @Autowired - private ConfigurationPropertiesBean config; + @Autowired + private ConfigurationPropertiesBean config; - @Autowired - private JWTSigningAndValidationService jwtService; + @Autowired + private JWTSigningAndValidationService jwtService; - @Override - public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy) { - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); - authHolder.setAuthentication(o2auth); - authHolder = authenticationHolderRepository.save(authHolder); + @Override + public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, + PermissionTicket ticket, Policy policy) { + OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - token.setAuthenticationHolder(authHolder); + AuthenticationHolderEntity authHolder = authenticationHolderService.create(o2auth); - ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId()); - token.setClient(client); + token.setAuthenticationHolder(authHolder); - Set ticketScopes = ticket.getPermission().getScopes(); - Set policyScopes = policy.getScopes(); + ClientDetailsEntity client = + clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId()); + token.setClient(client); - Permission perm = new Permission(); - perm.setResourceSet(ticket.getPermission().getResourceSet()); - perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes))); + Set ticketScopes = ticket.getPermission().getScopes(); + Set policyScopes = policy.getScopes(); - token.setPermissions(Sets.newHashSet(perm)); + Permission perm = new Permission(); + perm.setResourceSet(ticket.getPermission().getResourceSet()); + perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes))); - JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder(); + token.setPermissions(Sets.newHashSet(perm)); - claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); - claims.issuer(config.getIssuer()); - claims.jwtID(UUID.randomUUID().toString()); + JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder(); - if (config.getRqpTokenLifeTime() != null) { - Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L); + claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); + claims.issuer(config.getIssuer()); + claims.jwtID(UUID.randomUUID().toString()); - claims.expirationTime(exp); - token.setExpiration(exp); - } + if (config.getRqpTokenLifeTime() != null) { + Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L); + + claims.expirationTime(exp); + token.setExpiration(exp); + } - JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm(); - JWSHeader header = new JWSHeader(signingAlgorithm, null, null, null, null, null, null, null, null, null, - jwtService.getDefaultSignerKeyId(), - null, null); - SignedJWT signed = new SignedJWT(header, claims.build()); + JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm(); + JWSHeader header = new JWSHeader(signingAlgorithm, null, null, null, null, null, null, null, + null, null, jwtService.getDefaultSignerKeyId(), null, null); + SignedJWT signed = new SignedJWT(header, claims.build()); - jwtService.signJwt(signed); + jwtService.signJwt(signed); - token.setJwt(signed); + token.setJwt(signed); - tokenService.saveAccessToken(token); + tokenService.saveAccessToken(token); - return token; - } + return token; + } }