github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: 💡 Merge DB files

pull/1580/head
Dominik Frantisek Bucik 2021-11-15 08:24:53 +01:00
parent f8f499c17a
commit fc04fbe6a4
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
22 changed files with 491 additions and 1672 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
View File

@ -81,7 +81,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder_scope (
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth (

61
perun-oidc-server-webapp/src/main/resources/db/mysql/clients.sql
View File

@ -1,61 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT = 0;
START TRANSACTION;
--
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP
ON DUPLICATE KEY UPDATE client_details.client_id = client_details.client_id;
INSERT INTO client_scope (owner_id, scope)
SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_scope.owner_id = client_scope.owner_id;
INSERT INTO client_redirect_uri (owner_id, redirect_uri)
SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_redirect_uri.owner_id = client_redirect_uri.owner_id;
INSERT INTO client_grant_type (owner_id, grant_type)
SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_grant_type.owner_id = client_grant_type.owner_id;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT = 1;

448
perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
View File

@ -3,380 +3,380 @@
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS approved_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP NULL,
access_date TIMESTAMP NULL,
timeout_date TIMESTAMP NULL,
whitelisted_site_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP NULL,
access_date TIMESTAMP NULL,
timeout_date TIMESTAMP NULL,
whitelisted_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
owner_id BIGINT,
resource_id VARCHAR(2048)
owner_id BIGINT,
resource_id VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
owner_id BIGINT,
response_type VARCHAR(2048)
owner_id BIGINT,
response_type VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_extension (
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
param VARCHAR(2048),
val TEXT
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP NULL
id BIGINT AUTO_INCREMENT PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT,
grant_type VARCHAR(2000)
owner_id BIGINT,
grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
uri VARCHAR(2048)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
id BIGINT AUTO_INCREMENT PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP NULL,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP NULL,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
);
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
owner_id BIGINT,
request_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_default_acr_value (
owner_id BIGINT,
default_acr_value VARCHAR(2000)
owner_id BIGINT,
default_acr_value VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT,
contact VARCHAR(256)
owner_id BIGINT,
contact VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
auth_holder_id BIGINT,
client_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
auth_holder_id BIGINT,
client_id BIGINT
);
CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT,
resource_id VARCHAR(256)
owner_id BIGINT,
resource_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS system_scope (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
);
CREATE TABLE IF NOT EXISTS user_info (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP NULL
id BIGINT AUTO_INCREMENT PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
resource_set_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
id BIGINT AUTO_INCREMENT PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);

31
perun-oidc-server-webapp/src/main/resources/db/mysql/scopes.sql
View File

@ -6,26 +6,35 @@ SET AUTOCOMMIT = 0;
START TRANSACTION;
CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP (
scope VARCHAR(256),
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN,
default_scope BOOLEAN
);
--
-- Insert scope information into the temporary tables.
--
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false);
('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false),
('perun_api', 'calls to Perun API in your roles', 'cog', true, false);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope;
INSERT INTO system_scope (scope, description, icon, restricted, default_scope)
SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP
ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope;
COMMIT;
SET AUTOCOMMIT = 1;

14
perun-oidc-server-webapp/src/main/resources/db/mysql/security-schema.sql
View File

@ -1,14 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority));

6
perun-oidc-server-webapp/src/main/resources/db/mysql/shedlock.sql Normal file
View File

@ -0,0 +1,6 @@
CREATE TABLE shedlock (
name VARCHAR(64) PRIMARY KEY,
lock_until TIMESTAMP(3) NULL,
locked_at TIMESTAMP(3) NULL,
locked_by VARCHAR(255)
);

52
perun-oidc-server-webapp/src/main/resources/db/mysql/users.sql
View File

@ -1,52 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT = 0;
START TRANSACTION;
--
-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES
('admin','password',true),
('user','password',true);
INSERT INTO authorities_TEMP (username, authority) VALUES
('admin','ROLE_ADMIN'),
('admin','ROLE_USER'),
('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
('01921.FLANRJQW','user','Demo User','user@example.com', true);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
INSERT INTO users (username, password, enabled)
SELECT username, password, enabled FROM users_TEMP
ON DUPLICATE KEY UPDATE users.username = users.username;
INSERT INTO authorities (username,authority)
SELECT username, authority FROM authorities_TEMP
ON DUPLICATE KEY UPDATE authorities.username = authorities.username;
INSERT INTO user_info (sub, preferred_username, name, email, email_verified)
SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP
ON DUPLICATE KEY UPDATE user_info.preferred_username = user_info.preferred_username;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT = 1;

51
perun-oidc-server-webapp/src/main/resources/db/oracle/clients_oracle.sql
View File

@ -1,51 +0,0 @@
--
-- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', 0, null, 3600, 600, 1);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals
ON (vals.client_id = client_details.client_id)
WHEN NOT MATCHED THEN
INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds,
id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered,
vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection);
MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals
ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope)
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);
MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals
ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri)
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals
ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type)
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);

15
perun-oidc-server-webapp/src/main/resources/db/oracle/create_db-user
View File

@ -1,15 +0,0 @@
drop user oauth cascade;
drop tablespace data_ts INCLUDING CONTENTS AND DATAFILES;
drop tablespace temp_ts INCLUDING CONTENTS AND DATAFILES;
CREATE TABLESPACE data_ts DATAFILE 'data_ts.dat' SIZE 40M ONLINE;
CREATE TEMPORARY TABLESPACE temp_ts TEMPFILE 'temp_ts.dbf' SIZE 5M AUTOEXTEND ON;
create user oauth identified by test DEFAULT TABLESPACE data_ts QUOTA 500K ON data_ts TEMPORARY TABLESPACE temp_ts;
GRANT CONNECT TO oauth;
GRANT UNLIMITED TABLESPACE TO oauth;
grant create session to oauth;
grant create table to oauth;
GRANT CREATE TABLESPACE TO oauth;
GRANT CREATE VIEW TO oauth;
GRANT CREATE ANY INDEX TO oauth;
GRANT CREATE SEQUENCE TO oauth;
GRANT CREATE SYNONYM TO oauth;

281
perun-oidc-server-webapp/src/main/resources/db/oracle/entity-mappings_oracle.xml
View File

@ -1,281 +0,0 @@
<!--
Copyright 2018 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<entity-mappings xmlns="http://xmlns.jcp.org/xml/ns/persistence/orm"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence/orm http://xmlns.jcp.org/xml/ns/persistence/orm_2_0.xsd"
version="2.1">
<description>OpenID Connect Server entities</description>
<entity class="cz.muni.ics.oauth2.model.AuthenticationHolderEntity" name="AuthenticationHolderEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthenticationHolderSequenceGenerator"/>
<sequence-generator name="AuthenticationHolderSequenceGenerator" sequence-name="authentication_holder_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- table name too long: authentication_holder_authority -->
<element-collection fetch="EAGER" name="authorities">
<collection-table name="auth_holder_authority">
<join-column name="owner_id"/>
</collection-table>
<convert converter="cz.muni.ics.oauth2.model.convert.SimpleGrantedAuthorityStringConverter"/>
<column name="authority"/>
</element-collection>
<!-- table name too long: authentication_holder_resource_id -->
<element-collection fetch="EAGER" name="resourceIds">
<collection-table name="auth_holder_resource_id">
<join-column name="owner_id"/>
</collection-table>
<column name="resource_id"/>
</element-collection>
<!-- table name too long: authentication_holder_response_type -->
<element-collection fetch="EAGER" name="responseTypes">
<collection-table name="auth_holder_response_type">
<join-column name="owner_id"/>
</collection-table>
<column name="response_type"/>
</element-collection>
<!-- table name too long: authentication_holder_extension -->
<element-collection fetch="EAGER" name="extensions">
<collection-table name="auth_holder_extension">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="extension"/>
<convert converter="cz.muni.ics.oauth2.model.convert.SerializableStringConverter"/>
</element-collection>
<!-- table name too long: authentication_holder_request_parameter -->
<element-collection fetch="EAGER" name="requestParameters">
<collection-table name="auth_holder_request_parameter">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="param"/>
</element-collection>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.AuthorizationCodeEntity" name="AuthorizationCodeEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthorizationCodeSequenceGenerator"/>
<sequence-generator name="AuthorizationCodeSequenceGenerator" sequence-name="authorization_code_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.ClientDetailsEntity" name="ClientDetailsEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClientDetailsSequenceGenerator"/>
<sequence-generator name="ClientDetailsSequenceGenerator" sequence-name="client_details_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- column name too long: user_info_encrypted_response_alg -->
<basic name="userInfoEncryptedResponseAlg">
<column name="user_info_encrypted_resp_alg"/>
<convert converter="cz.muni.ics.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: user_info_encrypted_response_enc -->
<basic name="userInfoEncryptedResponseEnc">
<column name="user_info_encrypted_resp_enc"/>
<convert converter="cz.muni.ics.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_alg -->
<basic name="idTokenEncryptedResponseAlg">
<column name="id_token_encrypted_resp_alg"/>
<convert converter="cz.muni.ics.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_enc -->
<basic name="idTokenEncryptedResponseEnc">
<column name="id_token_encrypted_resp_enc"/>
<convert converter="cz.muni.ics.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: token_endpoint_auth_signing_alg -->
<basic name="tokenEndpointAuthSigningAlg">
<column name="token_endpoint_auth_sign_alg"/>
<convert converter="cz.muni.ics.oauth2.model.convert.JWSAlgorithmStringConverter"/>
</basic>
<!-- table name too long: client_post_logout_redirect_uri -->
<element-collection fetch="EAGER" name="postLogoutRedirectUris">
<collection-table name="client_post_logout_redir_uri">
<join-column name="owner_id"/>
</collection-table>
<column name="post_logout_redirect_uri"/>
</element-collection>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity" name="OAuth2AccessTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2AccessTokenSequenceGenerator"/>
<sequence-generator name="OAuth2AccessTokenSequenceGenerator" sequence-name="access_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity" name="OAuth2RefreshTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2RefreshTokenSequenceGenerator"/>
<sequence-generator name="OAuth2RefreshTokenSequenceGenerator" sequence-name="refresh_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.SavedUserAuthentication" name="SavedUserAuthentication">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedUserAuthenticationSequenceGenerator"/>
<sequence-generator name="SavedUserAuthenticationSequenceGenerator" sequence-name="saved_user_auth_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.oauth2.model.SystemScope" name="SystemScope">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SystemScopeSequenceGenerator"/>
<sequence-generator name="SystemScopeSequenceGenerator" sequence-name="system_scope_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.openid.connect.model.ApprovedSite" name="ApprovedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ApprovedSiteSequenceGenerator"/>
<sequence-generator name="ApprovedSiteSequenceGenerator" sequence-name="approved_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.openid.connect.model.BlacklistedSite" name="BlacklistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="BlacklistedSiteSequenceGenerator"/>
<sequence-generator name="BlacklistedSiteSequenceGenerator" sequence-name="blacklisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.openid.connect.model.PairwiseIdentifier" name="PairwiseIdentifier">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PairwiseIdentifierSequenceGenerator"/>
<sequence-generator name="PairwiseIdentifierSequenceGenerator" sequence-name="pairwise_identifier_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.openid.connect.model.WhitelistedSite" name="WhitelistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="WhitelistedSiteSequenceGenerator"/>
<sequence-generator name="WhitelistedSiteSequenceGenerator" sequence-name="whitelisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.Claim" name="Claim">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClaimSequenceGenerator"/>
<sequence-generator name="ClaimSequenceGenerator" sequence-name="claim_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.Permission" name="Permission">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionSequenceGenerator"/>
<sequence-generator name="PermissionSequenceGenerator" sequence-name="permission_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.PermissionTicket" name="PermissionTicket">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionTicketSequenceGenerator"/>
<sequence-generator name="PermissionTicketSequenceGenerator" sequence-name="permission_ticket_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.Policy" name="Policy">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PolicySequenceGenerator"/>
<sequence-generator name="PolicySequenceGenerator" sequence-name="policy_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.ResourceSet" name="ResourceSet">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ResourceSetSequenceGenerator"/>
<sequence-generator name="ResourceSetSequenceGenerator" sequence-name="resource_set_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="cz.muni.ics.uma.model.SavedRegisteredClient" name="SavedRegisteredClient">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedRegisteredClientSequenceGenerator"/>
<sequence-generator name="SavedRegisteredClientSequenceGenerator" sequence-name="saved_registered_client_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
</entity-mappings>

77
perun-oidc-server-webapp/src/main/resources/db/oracle/loading_temp_tables_oracle.sql
View File

@ -1,77 +0,0 @@
--
-- Temporary tables used during the bootstrapping process to safely load users and clients.
-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
--
CREATE GLOBAL TEMPORARY TABLE authorities_TEMP (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint ix_authority_TEMP unique (username,authority)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE users_TEMP (
username VARCHAR2(50) not null primary key,
password VARCHAR2(50) not null,
enabled NUMBER(1) not null
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE user_info_TEMP (
sub VARCHAR2(256) not null primary key,
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_details_TEMP (
client_description VARCHAR2(256),
dynamically_registered NUMBER(1),
id_token_validity_seconds NUMBER(19),
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
allow_introspection NUMBER(1),
client_name VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_scope_TEMP (
owner_id VARCHAR2(256),
scope VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_redirect_uri_TEMP (
owner_id VARCHAR2(256),
redirect_uri VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_grant_type_TEMP (
owner_id VARCHAR2(256),
grant_type VARCHAR2(2000)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE system_scope_TEMP (
scope VARCHAR2(256),
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1),
default_scope NUMBER(1),
structured NUMBER(1),
structured_param_description VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;

18
perun-oidc-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql
View File

@ -1,18 +0,0 @@
--
-- Indexes for Oracle
--
CREATE INDEX at_tv_idx ON access_token(token_value);
CREATE INDEX ts_oi_idx ON token_scope(owner_id);
CREATE INDEX at_exp_idx ON access_token(expiration);
CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
CREATE INDEX rf_tv_idx ON refresh_token(token_value);
CREATE INDEX at_ahi_idx ON access_token(auth_holder_id);
CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id);
CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id);
CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id);
CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id);
CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id);
CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id);
CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id);

416
perun-oidc-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql
View File

@ -1,416 +0,0 @@
--
-- Tables for OIDC Server functionality, Oracle
--
CREATE TABLE access_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
token_type VARCHAR2(256),
refresh_token_id NUMBER(19),
client_id NUMBER(19),
auth_holder_id NUMBER(19),
approved_site_id NUMBER(19)
);
CREATE SEQUENCE access_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE access_token_permissions (
access_token_id NUMBER(19) NOT NULL,
permission_id NUMBER(19) NOT NULL
);
CREATE TABLE address (
id NUMBER(19) NOT NULL PRIMARY KEY,
formatted VARCHAR2(256),
street_address VARCHAR2(256),
locality VARCHAR2(256),
region VARCHAR2(256),
postal_code VARCHAR2(256),
country VARCHAR2(256)
);
CREATE SEQUENCE address_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_id VARCHAR2(256),
client_id VARCHAR2(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id NUMBER(19)
);
CREATE SEQUENCE approved_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE authentication_holder (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_auth_id NUMBER(19),
approved NUMBER(1),
redirect_uri VARCHAR2(2048),
client_id VARCHAR2(256),
CONSTRAINT approved_check CHECK (approved in (1,0))
);
CREATE SEQUENCE authentication_holder_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE auth_holder_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE auth_holder_resource_id (
owner_id NUMBER(19),
resource_id VARCHAR2(2048)
);
CREATE TABLE auth_holder_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2048)
);
CREATE TABLE auth_holder_extension (
owner_id NUMBER(19),
extension VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE authentication_holder_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE auth_holder_request_parameter (
owner_id NUMBER(19),
param VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE saved_user_auth (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
authenticated NUMBER(1),
source_class VARCHAR2(2048),
CONSTRAINT authenticated_check CHECK (authenticated in (1,0))
);
CREATE SEQUENCE saved_user_auth_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE saved_user_auth_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE client_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE authorization_code (
id NUMBER(19) NOT NULL PRIMARY KEY,
code VARCHAR2(256),
auth_holder_id NUMBER(19),
expiration TIMESTAMP
);
CREATE SEQUENCE authorization_code_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_grant_type (
owner_id NUMBER(19),
grant_type VARCHAR2(2000)
);
CREATE TABLE client_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2000)
);
CREATE TABLE blacklisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
uri VARCHAR2(2048)
);
CREATE SEQUENCE blacklisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_details (
id NUMBER(19) NOT NULL PRIMARY KEY,
client_description VARCHAR2(1024),
reuse_refresh_tokens NUMBER(1) DEFAULT 1 NOT NULL,
dynamically_registered NUMBER(1) DEFAULT 0 NOT NULL,
allow_introspection NUMBER(1) DEFAULT 0 NOT NULL,
id_token_validity_seconds NUMBER(19) DEFAULT 600 NOT NULL,
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
device_code_validity_seconds NUMBER(19),
application_type VARCHAR2(256),
client_name VARCHAR2(256),
token_endpoint_auth_method VARCHAR2(256),
subject_type VARCHAR2(256),
policy_uri VARCHAR2(2048),
client_uri VARCHAR2(2048),
tos_uri VARCHAR2(2048),
jwks_uri VARCHAR2(2048),
jwks CLOB,
sector_identifier_uri VARCHAR2(2048),
request_object_signing_alg VARCHAR2(256),
user_info_signed_response_alg VARCHAR2(256),
user_info_encrypted_resp_alg VARCHAR2(256),
user_info_encrypted_resp_enc VARCHAR2(256),
id_token_signed_response_alg VARCHAR2(256),
id_token_encrypted_resp_alg VARCHAR2(256),
id_token_encrypted_resp_enc VARCHAR2(256),
token_endpoint_auth_sign_alg VARCHAR2(256),
default_max_age NUMBER(19),
require_auth_time NUMBER(1),
created_at TIMESTAMP,
initiate_login_uri VARCHAR2(2048),
clear_access_tokens_on_refresh NUMBER(1) DEFAULT 1 NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_statement VARCHAR2(4000),
code_challenge_method VARCHAR2(256),
CONSTRAINT client_details_unique UNIQUE (client_id),
CONSTRAINT reuse_refresh_tokens_check CHECK (reuse_refresh_tokens in (1,0)),
CONSTRAINT dynamically_registered_check CHECK (dynamically_registered in (1,0)),
CONSTRAINT allow_introspection_check CHECK (allow_introspection in (1,0)),
CONSTRAINT require_auth_time_check CHECK (require_auth_time in (1,0)),
CONSTRAINT clear_acc_tok_on_refresh_check CHECK (clear_access_tokens_on_refresh in (1,0))
);
CREATE SEQUENCE client_details_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_request_uri (
owner_id NUMBER(19),
request_uri VARCHAR2(2000)
);
CREATE TABLE client_post_logout_redir_uri (
owner_id NUMBER(19),
post_logout_redirect_uri VARCHAR2(2000)
);
CREATE TABLE client_default_acr_value (
owner_id NUMBER(19),
default_acr_value VARCHAR2(2000)
);
CREATE TABLE client_contact (
owner_id NUMBER(19),
contact VARCHAR2(256)
);
CREATE TABLE client_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE client_claims_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE refresh_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
auth_holder_id NUMBER(19),
client_id NUMBER(19)
);
CREATE SEQUENCE refresh_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_resource (
owner_id NUMBER(19),
resource_id VARCHAR2(256)
);
CREATE TABLE client_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE token_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE system_scope (
id NUMBER(19) NOT NULL PRIMARY KEY,
scope VARCHAR2(256) NOT NULL,
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1) DEFAULT 0 NOT NULL,
default_scope NUMBER(1) DEFAULT 0 NOT NULL
CONSTRAINT system_scope_unique UNIQUE (scope),
CONSTRAINT default_scope_check CHECK (default_scope in (1,0)),
CONSTRAINT restricted_check CHECK (restricted in (1,0))
);
CREATE SEQUENCE system_scope_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE user_info (
id NUMBER(19) NOT NULL PRIMARY KEY,
sub VARCHAR2(256),
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
phone_number_verified NUMBER(1),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256),
src VARCHAR2(4000),
CONSTRAINT email_verified_check CHECK (email_verified in (1,0)),
CONSTRAINT phone_number_verified_check CHECK (phone_number_verified in (1,0))
);
CREATE SEQUENCE user_info_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
creator_user_id VARCHAR2(256),
client_id VARCHAR2(256)
);
CREATE SEQUENCE whitelisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE pairwise_identifier (
id NUMBER(19) NOT NULL PRIMARY KEY,
identifier VARCHAR2(256),
sub VARCHAR2(256),
sector_identifier VARCHAR2(2048)
);
CREATE SEQUENCE pairwise_identifier_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024) NOT NULL,
uri VARCHAR2(1024),
icon_uri VARCHAR2(1024),
rs_type VARCHAR2(256),
owner VARCHAR2(256) NOT NULL,
client_id VARCHAR2(256)
);
CREATE SEQUENCE resource_set_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE permission_ticket (
id NUMBER(19) NOT NULL PRIMARY KEY,
ticket VARCHAR2(256) NOT NULL,
permission_id NUMBER(19) NOT NULL,
expiration TIMESTAMP
);
CREATE SEQUENCE permission_ticket_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission (
id NUMBER(19) NOT NULL PRIMARY KEY,
resource_set_id NUMBER(19)
);
CREATE SEQUENCE permission_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(256),
friendly_name VARCHAR2(1024),
claim_type VARCHAR2(1024),
claim_value VARCHAR2(1024)
);
CREATE SEQUENCE claim_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE claim_to_policy (
policy_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE claim_to_permission_ticket (
permission_ticket_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE policy (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
resource_set_id NUMBER(19)
);
CREATE SEQUENCE policy_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE policy_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim_token_format (
owner_id NUMBER(19) NOT NULL,
claim_token_format VARCHAR2(1024) NOT NULL
);
CREATE TABLE claim_issuer (
owner_id NUMBER(19) NOT NULL,
issuer VARCHAR2(1024) NOT NULL
);
CREATE TABLE saved_registered_client (
id NUMBER(19) NOT NULL PRIMARY KEY,
issuer VARCHAR2(1024),
registered_client CLOB
);
CREATE SEQUENCE saved_registered_client_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE IF NOT EXISTS device_code (
id NUMBER(19) NOT NULL PRIMARY KEY,
device_code VARCHAR2(1024),
user_code VARCHAR2(1024),
expiration TIMESTAMP,
client_id VARCHAR2(256),
approved BOOLEAN,
auth_holder_id NUMBER(19)
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id NUMBER(19),
param VARCHAR2(2048),
val VARCHAR2(2048)
);

26
perun-oidc-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql
View File

@ -1,26 +0,0 @@
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('openid', 'log in using your identity', 'user', 0, 1);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('profile', 'basic profile information', 'list-alt', 0, 1);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('email', 'email address', 'envelope', 0, 1);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('address', 'physical address', 'home', 0, 1);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('phone', 'telephone number', 'bell', 0, 1, 0);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('offline_access', 'offline access', 'time', 0, 0);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
MERGE INTO system_scope
USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) vals
ON (vals.scope = system_scope.scope)
WHEN NOT MATCHED THEN
INSERT (id, scope, description, icon, restricted, default_scope) VALUES(system_scope_seq.nextval, vals.scope,
vals.description, vals.icon, vals.restricted, vals.default_scope);

18
perun-oidc-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql
View File

@ -1,18 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table users(
username varchar2(50) not null primary key,
password varchar2(50) not null,
enabled number(1) not null,
constraint enabled_check check (enabled in (1, 0))
);
create table authorities (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority)
);

39
perun-oidc-server-webapp/src/main/resources/db/oracle/users_oracle.sql
View File

@ -1,39 +0,0 @@
--
-- Insert user information into the temporary tables. To add users to the Oracle database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1);
INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1);
INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN');
INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER');
INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1);
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
MERGE INTO users
USING (SELECT username, password, enabled FROM users_TEMP) vals
ON (vals.username = users.username)
WHEN NOT MATCHED THEN
INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
MERGE INTO authorities
USING (SELECT username, authority FROM authorities_TEMP) vals
ON (vals.username = authorities.username AND vals.authority = authorities.authority)
WHEN NOT MATCHED THEN
INSERT (username,authority) values (vals.username, vals.authority);
MERGE INTO user_info
USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals
ON (vals.preferred_username = user_info.preferred_username)
WHEN NOT MATCHED THEN
INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email,
vals.email_verified);

66
perun-oidc-server-webapp/src/main/resources/db/psql/clients.sql
View File

@ -1,66 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT = OFF;
START TRANSACTION;
--
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP
ON CONFLICT
DO NOTHING;
INSERT INTO client_scope (scope)
SELECT scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id
ON CONFLICT
DO NOTHING;
INSERT INTO client_redirect_uri (redirect_uri)
SELECT redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id
ON CONFLICT
DO NOTHING;
INSERT INTO client_grant_type (grant_type)
SELECT grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id
ON CONFLICT
DO NOTHING;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
--SET AUTOCOMMIT = ON;

429
perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
View File

@ -3,381 +3,382 @@
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT,
UNIQUE(token_value)
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT,
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS approved_site (
id BIGSERIAL PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id BIGINT
id BIGSERIAL PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGSERIAL PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
id BIGSERIAL PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
owner_id BIGINT,
resource_id VARCHAR(2048)
owner_id BIGINT,
resource_id VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
owner_id BIGINT,
response_type VARCHAR(2048)
owner_id BIGINT,
response_type VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_extension (
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
param VARCHAR(2048),
val TEXT
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
authority VARCHAR(256)
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
id BIGSERIAL PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP
id BIGSERIAL PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT,
grant_type VARCHAR(2000)
owner_id BIGINT,
grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGSERIAL PRIMARY KEY,
uri VARCHAR(2048)
id BIGSERIAL PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
id BIGSERIAL PRIMARY KEY,
id BIGSERIAL PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
UNIQUE (client_id)
);
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
owner_id BIGINT,
request_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_default_acr_value (
owner_id BIGINT,
default_acr_value VARCHAR(2000)
owner_id BIGINT,
default_acr_value VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT,
contact VARCHAR(256)
owner_id BIGINT,
contact VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
auth_holder_id BIGINT,
client_id BIGINT
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
auth_holder_id BIGINT,
client_id BIGINT
);
CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT,
resource_id VARCHAR(256)
owner_id BIGINT,
resource_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT,
scope VARCHAR(2048)
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS system_scope (
id BIGSERIAL PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
id BIGSERIAL PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
);
CREATE TABLE IF NOT EXISTS user_info (
id BIGSERIAL PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
id BIGSERIAL PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGSERIAL PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
id BIGSERIAL PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
id BIGSERIAL PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
id BIGSERIAL PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);

38
perun-oidc-server-webapp/src/main/resources/db/psql/scopes.sql
View File

@ -1,33 +1,33 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT = OFF;
START TRANSACTION;
CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP (
scope VARCHAR(256),
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN,
default_scope BOOLEAN
);
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false);
('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false),
('perun_api', 'calls to Perun API in your roles', 'cog', true, false)
;
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
INSERT INTO system_scope (scope, description, icon, restricted, default_scope)
SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP
ON CONFLICT(scope)
DO NOTHING;
SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP
ON CONFLICT(scope) DO NOTHING;
COMMIT;
--SET AUTOCOMMIT = ON;

14
perun-oidc-server-webapp/src/main/resources/db/psql/security-schema.sql
View File

@ -1,14 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority));

6
perun-oidc-server-webapp/src/main/resources/db/psql/shedlock.sql Normal file
View File

@ -0,0 +1,6 @@
CREATE TABLE shedlock (
name VARCHAR(64) PRIMARY KEY,
lock_until TIMESTAMP(3) NULL,
locked_at TIMESTAMP(3) NULL,
locked_by VARCHAR(255)
);

55
perun-oidc-server-webapp/src/main/resources/db/psql/users.sql
View File

@ -1,55 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT FALSE;
START TRANSACTION;
--
-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES
('admin','password',true),
('user','password',true);
INSERT INTO authorities_TEMP (username, authority) VALUES
('admin','ROLE_ADMIN'),
('admin','ROLE_USER'),
('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
('01921.FLANRJQW','user','Demo User','user@example.com', true);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
INSERT INTO users
SELECT username, password, enabled FROM users_TEMP
ON CONFLICT(username)
DO NOTHING;
INSERT INTO authorities
SELECT username, authority FROM authorities_TEMP
ON CONFLICT(username, authority)
DO NOTHING;
INSERT INTO user_info (sub, preferred_username, name, email, email_verified)
SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP
ON CONFLICT
DO NOTHING;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
--SET AUTOCOMMIT TRUE;