Repository: cxf Updated Branches: refs/heads/master b2e5fb658 -> e9fa213b9
Experimenting with saving the access tokens Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b66bb192 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b66bb192 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b66bb192 Branch: refs/heads/master Commit: b66bb192efca493f376f09c99f06666d8630bf1c Parents: 0b9cb3d Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Tue Apr 5 16:50:56 2016 +0100 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Tue Apr 5 16:50:56 2016 +0100 ---------------------------------------------------------------------- .../rs/security/oauth2/common/AccessToken.java | 9 +++++++ .../oauth2/common/ServerAccessToken.java | 13 +++++++++- .../oauth2/provider/JPAOAuthDataProvider.java | 27 ++++++++++++++++++-- .../oauth2/tokens/bearer/BearerAccessToken.java | 3 +++ .../grants/code/JPACodeDataProviderTest.java | 26 +++++++++++++++++++ .../src/test/resources/META-INF/persistence.xml | 4 +++ 6 files changed, 79 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java index dd0415f..ade93b4 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java @@ -22,9 +22,15 @@ import java.io.Serializable; import java.util.LinkedHashMap; import java.util.Map; +import javax.persistence.ElementCollection; +import javax.persistence.Id; +import javax.persistence.MapKeyColumn; +import javax.persistence.MappedSuperclass; + /** * Base Access Token representation */ +@MappedSuperclass public abstract class AccessToken implements Serializable { private static final long serialVersionUID = -5750544301887053480L; @@ -80,6 +86,7 @@ public abstract class AccessToken implements Serializable { * Returns the token key * @return the key */ + @Id public String getTokenKey() { return tokenKey; } @@ -110,6 +117,8 @@ public abstract class AccessToken implements Serializable { * Gets token parameters * @return */ + @ElementCollection + @MapKeyColumn(name = "propName") public Map<String, String> getParameters() { return parameters; } http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java index 1f13877..ac2ae7b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java @@ -23,6 +23,11 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import javax.persistence.ElementCollection; +import javax.persistence.MapKeyColumn; +import javax.persistence.MappedSuperclass; +import javax.persistence.OneToOne; + import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; @@ -30,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; /** * Server Access Token representation */ +@MappedSuperclass public abstract class ServerAccessToken extends AccessToken { private static final long serialVersionUID = 638776204861456064L; @@ -86,6 +92,7 @@ public abstract class ServerAccessToken extends AccessToken { * Returns the Client associated with this token * @return the client */ + @OneToOne public Client getClient() { return client; } @@ -98,6 +105,7 @@ public abstract class ServerAccessToken extends AccessToken { * Returns a list of opaque permissions/scopes * @return the scopes */ + @ElementCollection public List<OAuthPermission> getScopes() { return scopes; } @@ -126,6 +134,7 @@ public abstract class ServerAccessToken extends AccessToken { * when authorizing a given client request * @return UserSubject */ + @OneToOne public UserSubject getSubject() { return subject; } @@ -162,7 +171,7 @@ public abstract class ServerAccessToken extends AccessToken { return responseType; } - + @ElementCollection public List<String> getAudiences() { return audiences; } @@ -194,6 +203,8 @@ public abstract class ServerAccessToken extends AccessToken { this.nonce = nonce; } + @ElementCollection + @MapKeyColumn(name = "extraPropName") public Map<String, String> getExtraProperties() { return extraProperties; } http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java index f3bb53d..4045f91 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java @@ -29,10 +29,13 @@ import javax.persistence.TypedQuery; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; public class JPAOAuthDataProvider extends AbstractOAuthDataProvider { private static final String CLIENT_TABLE_NAME = Client.class.getSimpleName(); + private static final String BEARER_TOKEN_TABLE_NAME = BearerAccessToken.class.getSimpleName(); + private static final String REFRESH_TOKEN_TABLE_NAME = BearerAccessToken.class.getSimpleName(); private EntityManager entityManager; public JPAOAuthDataProvider() { @@ -74,17 +77,27 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider { @Override public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException { - return null; + try { + return getTokenQuery(accessToken).getSingleResult(); + } catch (NoResultException ex) { + return null; + } } @Override protected void doRevokeAccessToken(ServerAccessToken at) { + removeEntity(at); } @Override protected RefreshToken getRefreshToken(String refreshTokenKey) { - return null; + try { + return getRefreshTokenQuery(refreshTokenKey).getSingleResult(); + } catch (NoResultException ex) { + return null; + } } @Override protected void doRevokeRefreshToken(RefreshToken rt) { + removeEntity(rt); } protected void saveAccessToken(ServerAccessToken serverToken) { @@ -111,6 +124,16 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider { return entityManager.createQuery( "SELECT c FROM " + CLIENT_TABLE_NAME + " c WHERE c.clientId = '" + clientId + "'", Client.class); } + protected TypedQuery<ServerAccessToken> getTokenQuery(String tokenKey) { + return entityManager.createQuery( + "SELECT t FROM " + BEARER_TOKEN_TABLE_NAME + " t WHERE t.tokenKey = '" + tokenKey + "'", + ServerAccessToken.class); + } + protected TypedQuery<RefreshToken> getRefreshTokenQuery(String tokenKey) { + return entityManager.createQuery( + "SELECT t FROM " + REFRESH_TOKEN_TABLE_NAME + " t WHERE t.tokenKey = '" + tokenKey + "'", + RefreshToken.class); + } protected TypedQuery<Client> getClientsQuery(UserSubject resourceOwnerSubject) { if (resourceOwnerSubject == null) { return entityManager.createQuery("SELECT c FROM " + CLIENT_TABLE_NAME + " c", Client.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java index c0ecd61..1128c32 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java @@ -18,6 +18,8 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.bearer; +import javax.persistence.Entity; + import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; @@ -26,6 +28,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; /** * Simple Bearer Access Token implementations */ +@Entity public class BearerAccessToken extends ServerAccessToken { private static final long serialVersionUID = -3614732043728799245L; http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProviderTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProviderTest.java index 120d261..9cf80e5 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProviderTest.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProviderTest.java @@ -27,8 +27,12 @@ import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; import javax.persistence.Persistence; +import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; +import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.junit.After; import org.junit.Assert; @@ -53,6 +57,7 @@ public class JPACodeDataProviderTest extends Assert { EntityManager em = emFactory.createEntityManager(); provider = new JPACodeDataProvider(); provider.setEntityManager(em); + provider.setSupportedScopes(Collections.singletonMap("a", "A Scope")); } catch (Exception ex) { ex.printStackTrace(); fail("Exception during JPA EntityManager creation."); @@ -96,6 +101,27 @@ public class JPACodeDataProviderTest extends Assert { } + @Test + public void testAddGetDeleteAccessToken() { + Client c = addClient("101", "bob"); + + AccessTokenRegistration atr = new AccessTokenRegistration(); + atr.setClient(c); + atr.setApprovedScope(Collections.singletonList("a")); + atr.setSubject(c.getResourceOwnerSubject()); + + ServerAccessToken at = provider.createAccessToken(atr); + ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey()); + assertEquals(at.getTokenKey(), at2.getTokenKey()); + List<OAuthPermission> scopes = at2.getScopes(); + assertNotNull(scopes); + assertEquals(1, scopes.size()); + OAuthPermission perm = scopes.get(0); + assertEquals("a", perm.getPermission()); + provider.revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN); + assertNull(provider.getAccessToken(at.getTokenKey())); + } + private Client addClient(String clientId, String userLogin) { Client c = new Client(); c.setRedirectUris(Collections.singletonList("http://client/redirect";)); http://git-wip-us.apache.org/repos/asf/cxf/blob/b66bb192/rt/rs/security/oauth-parent/oauth2/src/test/resources/META-INF/persistence.xml ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/resources/META-INF/persistence.xml b/rt/rs/security/oauth-parent/oauth2/src/test/resources/META-INF/persistence.xml index 78744d5..eb413f0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/resources/META-INF/persistence.xml +++ b/rt/rs/security/oauth-parent/oauth2/src/test/resources/META-INF/persistence.xml @@ -6,6 +6,8 @@ <provider>org.hibernate.ejb.HibernatePersistence</provider> <class>org.apache.cxf.rs.security.oauth2.common.Client</class> <class>org.apache.cxf.rs.security.oauth2.common.UserSubject</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken</class> <exclude-unlisted-classes>true</exclude-unlisted-classes> <properties> <property name="hibernate.connection.url" value="jdbc:hsqldb:mem:oauth-jpa"/> @@ -21,6 +23,8 @@ <provider>org.apache.openjpa.persistence.PersistenceProviderImpl</provider> <class>org.apache.cxf.rs.security.oauth2.common.Client</class> <class>org.apache.cxf.rs.security.oauth2.common.UserSubject</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken</class> <exclude-unlisted-classes>true</exclude-unlisted-classes> <properties> <property name="openjpa.ConnectionURL" value="jdbc:hsqldb:mem:oauth-jpa"/>
