Refactor client details service to take a zone ID parameter

[#145827147] https://www.pivotaltracker.com/story/show/145827147

server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailAccountCreationService.java

@@ -15,10 +15,10 @@
 import org.cloudfoundry.identity.uaa.scim.util.ScimUtils;
 import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.util.StringUtils;
 import org.springframework.web.client.HttpClientErrorException;
@@ -47,15 +47,15 @@ public class EmailAccountCreationService implements AccountCreationService {
     private final MessageService messageService;
     private final ExpiringCodeStore codeStore;
     private final ScimUserProvisioning scimUserProvisioning;
-    private final ClientDetailsService clientDetailsService;
+    private final ClientServicesExtension clientDetailsService;
     private final PasswordValidator passwordValidator;
 
     public EmailAccountCreationService(
             SpringTemplateEngine templateEngine,
             MessageService messageService,
             ExpiringCodeStore codeStore,
             ScimUserProvisioning scimUserProvisioning,
-            ClientDetailsService clientDetailsService,
+            ClientServicesExtension clientDetailsService,
             PasswordValidator passwordValidator) {
 
         this.templateEngine = templateEngine;
@@ -121,7 +121,7 @@ public AccountCreationResponse completeActivation(String code) throws IOExceptio
     private String getRedirect(String clientId, String redirectUri) throws IOException {
         if (clientId != null) {
             try {
-                ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+                ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
 
                 Set<String> registeredRedirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() :
                         clientDetails.getRegisteredRedirectUri();

server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.java

@@ -23,10 +23,10 @@
 import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.util.StringUtils;
 import org.thymeleaf.TemplateEngine;
@@ -48,11 +48,15 @@ public class EmailChangeEmailService implements ChangeEmailService {
     private final MessageService messageService;
     private final ScimUserProvisioning scimUserProvisioning;
     private final ExpiringCodeStore codeStore;
-    private final ClientDetailsService clientDetailsService;
+    private final ClientServicesExtension clientDetailsService;
     private static final int EMAIL_CHANGE_LIFETIME = 30 * 60 * 1000;
     public static final String CHANGE_EMAIL_REDIRECT_URL = "change_email_redirect_url";
 
-    public EmailChangeEmailService(TemplateEngine templateEngine, MessageService messageService, ScimUserProvisioning scimUserProvisioning, ExpiringCodeStore codeStore, ClientDetailsService clientDetailsService) {
+    public EmailChangeEmailService(TemplateEngine templateEngine,
+                                   MessageService messageService,
+                                   ScimUserProvisioning scimUserProvisioning,
+                                   ExpiringCodeStore codeStore,
+                                   ClientServicesExtension clientDetailsService) {
         this.templateEngine = templateEngine;
         this.messageService = messageService;
         this.scimUserProvisioning = scimUserProvisioning;
@@ -116,7 +120,7 @@ public Map<String, String> completeVerification(String code) {
             String redirectUri = codeData.get("redirect_uri") == null ? "" : codeData.get("redirect_uri");
 
             try {
-                ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+                ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
                 Set<String> redirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() :
                         clientDetails.getRegisteredRedirectUri();
                 String changeEmailRedirectUrl = (String) clientDetails.getAdditionalInformation().get(CHANGE_EMAIL_REDIRECT_URL);

server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java

@@ -20,9 +20,10 @@
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
+import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -45,10 +46,10 @@ public class ProfileController {
     protected static Log logger = LogFactory.getLog(ProfileController.class);
 
     private final ApprovalsService approvalsService;
-    private final ClientDetailsService clientDetailsService;
+    private final ClientServicesExtension clientDetailsService;
 
     public ProfileController(ApprovalsService approvalsService,
-                             ClientDetailsService clientDetailsService) {
+                             ClientServicesExtension clientDetailsService) {
         this.approvalsService = approvalsService;
         this.clientDetailsService = clientDetailsService;
     }
@@ -69,7 +70,7 @@ public String get(Authentication authentication, Model model) {
     protected Map<String, String> getClientNames(Map<String, List<DescribedApproval>> approvals) {
         Map<String, String> clientNames = new LinkedHashMap<>();
         for (String clientId : approvals.keySet()) {
-            ClientDetails details = clientDetailsService.loadClientByClientId(clientId);
+            ClientDetails details = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
             String name = details.getClientId();
             if (details.getAdditionalInformation()!=null && details.getAdditionalInformation().get(ClientConstants.CLIENT_NAME)!=null) {
                 name = (String)details.getAdditionalInformation().get(ClientConstants.CLIENT_NAME);

server/src/main/java/org/cloudfoundry/identity/uaa/account/UaaResetPasswordService.java

@@ -30,6 +30,7 @@
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
@@ -38,7 +39,6 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 
 import java.sql.Timestamp;
@@ -59,11 +59,14 @@ public class UaaResetPasswordService implements ResetPasswordService, Applicatio
     private final ScimUserProvisioning scimUserProvisioning;
     private final ExpiringCodeStore expiringCodeStore;
     private final PasswordValidator passwordValidator;
-    private final ClientDetailsService clientDetailsService;
+    private final ClientServicesExtension clientDetailsService;
     private ResourcePropertySource resourcePropertySource;
     private ApplicationEventPublisher publisher;
 
-    public UaaResetPasswordService(ScimUserProvisioning scimUserProvisioning, ExpiringCodeStore expiringCodeStore, PasswordValidator passwordValidator, ClientDetailsService clientDetailsService,
+    public UaaResetPasswordService(ScimUserProvisioning scimUserProvisioning,
+                                   ExpiringCodeStore expiringCodeStore,
+                                   PasswordValidator passwordValidator,
+                                   ClientServicesExtension clientDetailsService,
                                    ResourcePropertySource resourcePropertySource) {
         this.scimUserProvisioning = scimUserProvisioning;
         this.expiringCodeStore = expiringCodeStore;
@@ -132,7 +135,7 @@ private ResetPasswordResponse changePasswordCodeAuthenticated(ExpiringCode expir
             String redirectLocation = "home";
             if (!isEmpty(clientId) && !isEmpty(redirectUri)) {
                 try {
-                    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+                    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
                     Set<String> redirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() :
                         clientDetails.getRegisteredRedirectUri();
                     String matchingRedirectUri = UaaUrlUtils.findMatchingRedirectUri(redirectUris, redirectUri, redirectLocation);

server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.java

@@ -22,14 +22,14 @@
 import org.cloudfoundry.identity.uaa.util.UaaPagingUtils;
 import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView;
 import org.cloudfoundry.identity.uaa.web.ExceptionReport;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.stereotype.Controller;
@@ -58,7 +58,7 @@ public class ApprovalsAdminEndpoints implements InitializingBean, ApprovalsContr
 
     private ApprovalStore approvalStore = null;
 
-    private ClientDetailsService clientDetailsService = null;
+    private ClientServicesExtension clientDetailsService = null;
 
     private UaaUserDatabase userDatabase;
 
@@ -111,7 +111,7 @@ public List<Approval> getApprovals(@RequestParam(required = false, defaultValue
         // Find the auto approved scopes for these clients
         Map<String, Set<String>> clientAutoApprovedScopes = new HashMap<String, Set<String>>();
         for (String clientId : clientIds) {
-            BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId);
+            BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
 
             Set<String> autoApproved = client.getAutoApproveScopes();
             Set<String> autoApprovedScopes = new HashSet<String>();
@@ -172,7 +172,7 @@ public List<Approval> updateApprovals(@RequestBody Approval[] approvals) {
     @ResponseBody
     @Override
     public List<Approval> updateClientApprovals(@PathVariable String clientId, @RequestBody Approval[] approvals) {
-        clientDetailsService.loadClientByClientId(clientId);
+        clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
         String currentUserId = getCurrentUserId();
         logger.debug("Updating approvals for user: " + currentUserId);
         approvalStore.revokeApprovalsForClientAndUser(clientId, currentUserId, IdentityZoneHolder.get().getId());
@@ -205,7 +205,7 @@ private boolean isValidUser(String userId) {
     @ResponseBody
     @Override
     public ActionResult revokeApprovals(@RequestParam(required = true) String clientId) {
-        clientDetailsService.loadClientByClientId(clientId);
+        clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
         String userId = getCurrentUserId();
         logger.debug("Revoking all existing approvals for user: " + userId + " and client " + clientId);
         approvalStore.revokeApprovalsForClientAndUser(clientId, userId, IdentityZoneHolder.get().getId());
@@ -239,7 +239,7 @@ public void afterPropertiesSet() throws Exception {
         Assert.notNull(userDatabase, "Please supply a user database");
     }
 
-    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
+    public void setClientDetailsService(ClientServicesExtension clientDetailsService) {
         this.clientDetailsService = clientDetailsService;
     }
 

server/src/main/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.java

@@ -2,8 +2,9 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
+import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
 import org.springframework.util.StringUtils;
@@ -23,7 +24,7 @@ public final class WhitelistLogoutHandler extends SimpleUrlLogoutSuccessHandler
 
     private List<String> whitelist = null;
 
-    private ClientDetailsService clientDetailsService;
+    private ClientServicesExtension clientDetailsService;
 
     public WhitelistLogoutHandler(List<String> whitelist) {
         this.whitelist = whitelist;
@@ -38,11 +39,11 @@ public void setWhitelist(List<String> whitelist) {
         this.whitelist = whitelist;
     }
 
-    public ClientDetailsService getClientDetailsService() {
+    public ClientServicesExtension getClientDetailsService() {
         return clientDetailsService;
     }
 
-    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
+    public void setClientDetailsService(ClientServicesExtension clientDetailsService) {
         this.clientDetailsService = clientDetailsService;
     }
 
@@ -52,7 +53,7 @@ private Set<String> getClientWhitelist(HttpServletRequest request) {
 
         if (StringUtils.hasText(clientId)) {
             try {
-                ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
+                ClientDetails client = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
                 redirectUris = client.getRegisteredRedirectUri();
             } catch (NoSuchClientException x) {
                 logger.debug(String.format("Unable to find client with ID:%s for logout redirect", clientId));

server/src/main/java/org/cloudfoundry/identity/uaa/authentication/ZoneAwareWhitelistLogoutHandler.java

@@ -15,23 +15,22 @@
 package org.cloudfoundry.identity.uaa.authentication;
 
 
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 public class ZoneAwareWhitelistLogoutHandler implements LogoutSuccessHandler {
 
-    private final ClientDetailsService clientDetailsService;
+    private final ClientServicesExtension clientDetailsService;
 
-    public ZoneAwareWhitelistLogoutHandler(ClientDetailsService clientDetailsService) {
+    public ZoneAwareWhitelistLogoutHandler(ClientServicesExtension clientDetailsService) {
         this.clientDetailsService = clientDetailsService;
     }
 

server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.java

@@ -28,14 +28,14 @@
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
+import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 
 import java.util.Map;
@@ -49,14 +49,14 @@ public class AutologinAuthenticationManager implements AuthenticationManager {
     private Log logger = LogFactory.getLog(getClass());
 
     private ExpiringCodeStore codeStore;
-    private ClientDetailsService clientDetailsService;
+    private ClientServicesExtension clientDetailsService;
     private UaaUserDatabase userDatabase;
 
     public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
         this.codeStore= expiringCodeStore;
     }
 
-    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
+    public void setClientDetailsService(ClientServicesExtension clientDetailsService) {
         this.clientDetailsService = clientDetailsService;
     }
 
@@ -105,7 +105,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
         }
 
         try {
-            clientDetailsService.loadClientByClientId(clientId);
+            clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
         } catch (NoSuchClientException x) {
             throw new BadCredentialsException("Cannot redeem provided code for user, client is missing");
         }