Permalink
Browse files

[cfid-249] move any state needed across UAAs to shared storage

Added a JDBC store for the existing TokenStore and
AutorizationCodeServices.  The necessary tables are
created on startup.

[Fixes #38710949]

Change-Id: Ibaa299ef232d22fa7758a8cf26c40768c4c08913
  • Loading branch information...
1 parent b299a71 commit f4fb23ed95fee9661a1e3c502985c8ac38a53bde @dsyer dsyer committed Oct 31, 2012
View
4 .../src/main/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetails.java
@@ -12,6 +12,8 @@
*/
package org.cloudfoundry.identity.uaa.authentication;
+import java.io.Serializable;
+
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
@@ -22,7 +24,7 @@
* @author Luke Taylor
* @author Dave Syer
*/
-public class UaaAuthenticationDetails {
+public class UaaAuthenticationDetails implements Serializable {
private final String origin;
View
6 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-hsqldb.sql
@@ -16,4 +16,8 @@ DROP TABLE USERS IF EXISTS;
DROP TABLE SEC_AUDIT IF EXISTS;
DROP TABLE OAUTH_CLIENT_DETAILS IF EXISTS;
DROP TABLE GROUP_MEMBERSHIP IF EXISTS;
-DROP TABLE GROUPS IF EXISTS;
+DROP TABLE GROUPS IF EXISTS;
+DROP TABLE oauth_client_token IF EXISTS;
+DROP TABLE oauth_access_token IF EXISTS;
+DROP TABLE oauth_refresh_token IF EXISTS;
+DROP TABLE oauth_code IF EXISTS;
View
6 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-postgresql.sql
@@ -16,4 +16,8 @@ DROP TABLE USERS ;
DROP TABLE SEC_AUDIT ;
DROP TABLE OAUTH_CLIENT_DETAILS ;
DROP TABLE GROUP_MEMBERSHIP ;
-DROP TABLE GROUPS ;
+DROP TABLE GROUPS ;
+DROP TABLE oauth_client_token ;
+DROP TABLE oauth_access_token ;
+DROP TABLE oauth_refresh_token ;
+DROP TABLE oauth_code ;
View
29 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-hsqldb.sql
@@ -66,3 +66,32 @@ CREATE TABLE GROUP_MEMBERSHIP (
added TIMESTAMP default current_timestamp not null,
primary key (group_id, member_id)
) ;
+
+ create table oauth_client_token (
+ token_id VARCHAR(256),
+ token LONGVARBINARY,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256)
+) ;
+
+create table oauth_access_token (
+ token_id VARCHAR(256),
+ token LONGVARBINARY,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256),
+ authentication LONGVARBINARY,
+ refresh_token VARCHAR(256)
+) ;
+
+create table oauth_refresh_token (
+ token_id VARCHAR(256),
+ token LONGVARBINARY,
+ authentication LONGVARBINARY
+) ;
+
+create table oauth_code (
+ code VARCHAR(256), authentication LONGVARBINARY
+) ;
+
View
29 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-postgresql.sql
@@ -66,3 +66,32 @@ CREATE TABLE GROUP_MEMBERSHIP (
added TIMESTAMP default current_timestamp not null,
primary key (group_id, member_id)
) ;
+
+ create table oauth_client_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256)
+) ;
+
+create table oauth_access_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256),
+ authentication BYTEA,
+ refresh_token VARCHAR(256)
+) ;
+
+create table oauth_refresh_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication BYTEA
+) ;
+
+create table oauth_code (
+ code VARCHAR(256), authentication BYTEA
+) ;
+
View
6 common/src/main/sql/schema-drop.sql.vpp
@@ -16,4 +16,8 @@ DROP TABLE $!{IFEXISTSBEFORE} USERS $!{IFEXISTS};
DROP TABLE $!{IFEXISTSBEFORE} SEC_AUDIT $!{IFEXISTS};
DROP TABLE $!{IFEXISTSBEFORE} OAUTH_CLIENT_DETAILS $!{IFEXISTS};
DROP TABLE $!{IFEXISTSBEFORE} GROUP_MEMBERSHIP $!{IFEXISTS};
-DROP TABLE $!{IFEXISTSBEFORE} GROUPS $!{IFEXISTS};
+DROP TABLE $!{IFEXISTSBEFORE} GROUPS $!{IFEXISTS};
+DROP TABLE $!{IFEXISTSBEFORE} oauth_client_token $!{IFEXISTS};
+DROP TABLE $!{IFEXISTSBEFORE} oauth_access_token $!{IFEXISTS};
+DROP TABLE $!{IFEXISTSBEFORE} oauth_refresh_token $!{IFEXISTS};
+DROP TABLE $!{IFEXISTSBEFORE} oauth_code $!{IFEXISTS};
View
29 common/src/main/sql/schema.sql.vpp
@@ -66,3 +66,32 @@ CREATE TABLE GROUP_MEMBERSHIP (
added ${TIMESTAMP} default ${SYSDATE} not null,
primary key (group_id, member_id)
) ;
+
+create table oauth_client_token (
+ token_id ${VARCHAR}(256),
+ token ${BLOB},
+ authentication_id ${VARCHAR}(256),
+ user_name ${VARCHAR}(256),
+ client_id ${VARCHAR}(256)
+) $!{VOODOO};
+
+create table oauth_access_token (
+ token_id ${VARCHAR}(256),
+ token ${BLOB},
+ authentication_id ${VARCHAR}(256),
+ user_name ${VARCHAR}(256),
+ client_id ${VARCHAR}(256),
+ authentication ${BLOB},
+ refresh_token ${VARCHAR}(256)
+) $!{VOODOO};
+
+create table oauth_refresh_token (
+ token_id ${VARCHAR}(256),
+ token ${BLOB},
+ authentication ${BLOB}
+) $!{VOODOO};
+
+create table oauth_code (
+ code ${VARCHAR}(256), authentication ${BLOB}
+) $!{VOODOO};
+
View
3 uaa/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
View
28 uaa/src/main/resources/org/cloudfoundry/identity/uaa/schema-cloudfoundry.sql
@@ -80,3 +80,31 @@ CREATE TABLE GROUP_MEMBERSHIP (
added TIMESTAMP default current_timestamp not null,
primary key (group_id, member_id)
) ;
+
+create table oauth_client_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256)
+) ;
+
+create table oauth_access_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication_id VARCHAR(256),
+ user_name VARCHAR(256),
+ client_id VARCHAR(256),
+ authentication BYTEA,
+ refresh_token VARCHAR(256)
+) ;
+
+create table oauth_refresh_token (
+ token_id VARCHAR(256),
+ token BYTEA,
+ authentication BYTEA
+) ;
+
+create table oauth_code (
+ code VARCHAR(256), authentication BYTEA
+) ;
View
6 uaa/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-cloudfoundry.sql
@@ -16,4 +16,8 @@ DROP TABLE USERS ;
DROP TABLE SEC_AUDIT ;
DROP TABLE OAUTH_CLIENT_DETAILS ;
DROP TABLE GROUPS ;
-DROP TABLE GROUP_MEMBERSHIP ;
+DROP TABLE GROUP_MEMBERSHIP ;
+DROP TABLE oauth_client_token ;
+DROP TABLE oauth_access_token ;
+DROP TABLE oauth_refresh_token ;
+DROP TABLE oauth_code ;
View
4 uaa/src/main/webapp/WEB-INF/spring/data-source.xml
@@ -29,6 +29,10 @@
<property name="testOnBorrow" value="true"/>
</bean>
+ <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
+ <property name="dataSource" ref="dataSource" />
+ </bean>
+
<bean class="org.springframework.jmx.export.MBeanExporter">
<property name="server" ref="mbeanServer" />
<property name="registrationBehaviorName" value="REGISTRATION_REPLACE_EXISTING" />
View
39 uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml
@@ -4,19 +4,22 @@
This product includes a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents
is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. -->
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
- xmlns:sec="http://www.springframework.org/schema/security"
- xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
- http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth.xsd
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+ xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+ http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler" authorization-request-manager-ref="authorizationRequestManager">
- <oauth:authorization-code />
+ <oauth:authorization-code authorization-code-services-ref="authorizationCodeServices" />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
@@ -111,14 +114,30 @@
<!-- End -->
- <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore">
+ <tx:advice id="tokenAdvice">
+ <tx:attributes>
+ <tx:method name="createAccessToken" isolation="REPEATABLE_READ" />
+ <tx:method name="*" isolation="DEFAULT" />
+ </tx:attributes>
+ </tx:advice>
+
+ <aop:config>
+ <aop:advisor advice-ref="tokenAdvice" pointcut="execution(* org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices.*(..))"/>
+ </aop:config>
+
+ <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
+ <constructor-arg ref="dataSource"/>
<property name="authenticationKeyGenerator">
<bean class="org.cloudfoundry.identity.uaa.oauth.UaaAuthenticationKeyGenerator">
- <property name="clientDetailsService" ref="clientDetails"/>
+ <property name="clientDetailsService" ref="clientDetails" />
</bean>
</property>
</bean>
+ <bean id="authorizationCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
+ <constructor-arg ref="dataSource" />
+ </bean>
+
<bean id="userApprovalHandler" class="org.cloudfoundry.identity.uaa.oauth.UaaUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
<property name="autoApproveClients" value="#{(@config['oauth']==null or @config['oauth']['client']==null or @config['oauth']['client']['autoapprove']==null)?'vmc':(@config['oauth']['client']?.autoapprove?:'vmc')}" />

0 comments on commit f4fb23e

Please sign in to comment.