Use JDBC store for OAuth2 tokens by default jmix-framework/jmix#214

security-oauth2-starter/src/main/java/io/jmix/autoconfigure/securityoauth2/SecurityOAuth2AutoConfiguration.java

@@ -25,6 +25,7 @@
 import io.jmix.securityoauth2.configurer.OAuth2ResourceServerConfigurer;
 import io.jmix.securityoauth2.impl.UniqueAuthenticationKeyGenerator;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -34,16 +35,40 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
+
+import javax.sql.DataSource;
 
 @Configuration
-@Import({CoreConfiguration.class, SecurityConfiguration.class, SecurityOAuth2Configuration.class})
+@Import({CoreConfiguration.class, SecurityConfiguration.class, SecurityOAuth2Configuration.class,
+        SecurityOAuth2AutoConfiguration.JdbcTokenStoreConfiguration.class,
+        SecurityOAuth2AutoConfiguration.InMemoryTokenStoreConfiguration.class})
 public class SecurityOAuth2AutoConfiguration {
-    @Bean(name = "sec_TokenStore")
-    @ConditionalOnMissingBean(TokenStore.class)
-    protected TokenStore tokenStore() {
-        InMemoryTokenStore tokenStore = new InMemoryTokenStore();
-        tokenStore.setAuthenticationKeyGenerator(new UniqueAuthenticationKeyGenerator());
-        return tokenStore;
+
+    @Configuration(proxyBeanMethods = false)
+    @ConditionalOnClass(DataSource.class)
+    @ConditionalOnBean(DataSource.class)
+    @Order(JmixOrder.HIGHEST_PRECEDENCE)
+    public static class JdbcTokenStoreConfiguration {
+        @Bean(name = "sec_TokenStore")
+        @ConditionalOnMissingBean(TokenStore.class)
+        public TokenStore tokenStore(DataSource dataSource) {
+            JdbcTokenStore tokenStore = new JdbcTokenStore(dataSource);
+            tokenStore.setAuthenticationKeyGenerator(new UniqueAuthenticationKeyGenerator());
+            return tokenStore;
+        }
+    }
+
+    @Configuration(proxyBeanMethods = false)
+    @Order(JmixOrder.LOWEST_PRECEDENCE)
+    public static class InMemoryTokenStoreConfiguration {
+        @Bean(name = "sec_TokenStore")
+        @ConditionalOnMissingBean(TokenStore.class)
+        public TokenStore tokenStore(DataSource dataSource) {
+            InMemoryTokenStore tokenStore = new InMemoryTokenStore();
+            tokenStore.setAuthenticationKeyGenerator(new UniqueAuthenticationKeyGenerator());
+            return tokenStore;
+        }
     }
 
     @Configuration(proxyBeanMethods = false)

security-oauth2/src/main/java/io/jmix/securityoauth2/SecurityOAuth2Configuration.java

@@ -21,11 +21,13 @@
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
 
 
 @Configuration
 @JmixModule(dependsOn = SecurityConfiguration.class)
 @ComponentScan
 @ConfigurationPropertiesScan
+@PropertySource(name = "io.jmix.securityoauth2", value = "classpath:/io/jmix/securityoauth2/module.properties")
 public class SecurityOAuth2Configuration {
 }

security-oauth2/src/main/resources/io/jmix/securityoauth2/liquibase/changelog.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2020 Haulmont.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <property name="uuid.type" dbms="oracle" value="varchar2(32)"/>
+    <property name="uuid.type" dbms="!oracle" value="uuid"/>
+    <property name="byte[].type" dbms="mysql" value="BLOB"/>
+    <property name="byte[].type" dbms="mariadb" value="BLOB"/>
+    <property name="byte[].type" dbms="postgresql" value="bytea"/>
+    <property name="byte[].type" dbms="mssql" value="varbinary(max)"/>
+    <property name="byte[].type" dbms="oracle" value="BLOB"/>
+    <property name="byte[].type" dbms="hsqldb" value="BLOB"/>
+
+    <include file="/io/jmix/securityoauth2/liquibase/changelog/001-security-oauth2.xml"/>
+
+</databaseChangeLog>

security-oauth2/src/main/resources/io/jmix/securityoauth2/liquibase/changelog/001-security-oauth2.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2020 Haulmont.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet author="security-oauth2" id="1">
+        <createTable tableName="oauth_access_token">
+            <column name="authentication_id" type="varchar(255)">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="token_id" type="varchar(255)">
+                <constraints  nullable="false"/>
+            </column>
+            <column name="token" type="${byte[].type}"/>
+            <column name="user_name" type="varchar(255)"/>
+            <column name="client_id" type="varchar(255)"/>
+            <column name="authentication" type="${byte[].type}"/>
+            <column name="refresh_token" type="varchar(255)"/>
+        </createTable>
+        <createTable tableName="oauth_refresh_token">
+            <column name="token_id" type="varchar(255)">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="token" type="${byte[].type}"/>
+            <column name="authentication" type="${byte[].type}"/>
+        </createTable>
+    </changeSet>
+</databaseChangeLog>

security-oauth2/src/main/resources/io/jmix/securityoauth2/module.properties

@@ -0,0 +1,17 @@
+#
+# Copyright 2020 Haulmont.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+main.datasource.studio.liquibase.excludePrefixes=oauth_access_token,oauth_refresh_token