Change blob datatype to varchar when saving Oauth2Authorization to th…

…e database Use CLOB instead of BLOB. With CLOB type the underlying schema can store varchars and clobs as well (if this is supported by the database) Closes spring-projectsgh-480
ovidiupopa07 · Nov 16, 2021 · aa0b057 · aa0b057
1 parent 666d569
commit aa0b057
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 36 deletions.
diff --git a/.../springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java b/.../springframework/security/oauth2/server/authorization/JdbcOAuth2AuthorizationService.java
@@ -15,7 +15,6 @@
  */
 package org.springframework.security.oauth2.server.authorization;
 
-import java.nio.charset.StandardCharsets;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
@@ -232,21 +231,21 @@ public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType t
 		List<SqlParameterValue> parameters = new ArrayList<>();
 		if (tokenType == null) {
 			parameters.add(new SqlParameterValue(Types.VARCHAR, token));
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
 			return findBy(UNKNOWN_TOKEN_TYPE_FILTER, parameters);
 		} else if (OAuth2ParameterNames.STATE.equals(tokenType.getValue())) {
 			parameters.add(new SqlParameterValue(Types.VARCHAR, token));
 			return findBy(STATE_FILTER, parameters);
 		} else if (OAuth2ParameterNames.CODE.equals(tokenType.getValue())) {
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
 			return findBy(AUTHORIZATION_CODE_FILTER, parameters);
 		} else if (OAuth2TokenType.ACCESS_TOKEN.equals(tokenType)) {
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
 			return findBy(ACCESS_TOKEN_FILTER, parameters);
 		} else if (OAuth2TokenType.REFRESH_TOKEN.equals(tokenType)) {
-			parameters.add(new SqlParameterValue(Types.BLOB, token.getBytes(StandardCharsets.UTF_8)));
+			parameters.add(new SqlParameterValue(Types.CLOB, token));
 			return findBy(REFRESH_TOKEN_FILTER, parameters);
 		}
 		return null;
@@ -352,22 +351,20 @@ public OAuth2Authorization mapRow(ResultSet rs, int rowNum) throws SQLException
 			String tokenValue;
 			Instant tokenIssuedAt;
 			Instant tokenExpiresAt;
-			byte[] authorizationCodeValue = this.lobHandler.getBlobAsBytes(rs, "authorization_code_value");
+			String authorizationCodeValue = this.lobHandler.getClobAsString(rs, "authorization_code_value");
 
-			if (authorizationCodeValue != null) {
-				tokenValue = new String(authorizationCodeValue, StandardCharsets.UTF_8);
+			if (StringUtils.hasText(authorizationCodeValue)) {
 				tokenIssuedAt = rs.getTimestamp("authorization_code_issued_at").toInstant();
 				tokenExpiresAt = rs.getTimestamp("authorization_code_expires_at").toInstant();
 				Map<String, Object> authorizationCodeMetadata = parseMap(rs.getString("authorization_code_metadata"));
 
 				OAuth2AuthorizationCode authorizationCode = new OAuth2AuthorizationCode(
-						tokenValue, tokenIssuedAt, tokenExpiresAt);
+						authorizationCodeValue, tokenIssuedAt, tokenExpiresAt);
 				builder.token(authorizationCode, (metadata) -> metadata.putAll(authorizationCodeMetadata));
 			}
 
-			byte[] accessTokenValue = this.lobHandler.getBlobAsBytes(rs, "access_token_value");
-			if (accessTokenValue != null) {
-				tokenValue = new String(accessTokenValue, StandardCharsets.UTF_8);
+			String accessTokenValue = this.lobHandler.getClobAsString(rs, "access_token_value");
+			if (StringUtils.hasText(accessTokenValue)) {
 				tokenIssuedAt = rs.getTimestamp("access_token_issued_at").toInstant();
 				tokenExpiresAt = rs.getTimestamp("access_token_expires_at").toInstant();
 				Map<String, Object> accessTokenMetadata = parseMap(rs.getString("access_token_metadata"));
@@ -381,25 +378,23 @@ public OAuth2Authorization mapRow(ResultSet rs, int rowNum) throws SQLException
 				if (accessTokenScopes != null) {
 					scopes = StringUtils.commaDelimitedListToSet(accessTokenScopes);
 				}
-				OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, tokenValue, tokenIssuedAt, tokenExpiresAt, scopes);
+				OAuth2AccessToken accessToken = new OAuth2AccessToken(tokenType, accessTokenValue, tokenIssuedAt, tokenExpiresAt, scopes);
 				builder.token(accessToken, (metadata) -> metadata.putAll(accessTokenMetadata));
 			}
 
-			byte[] oidcIdTokenValue = this.lobHandler.getBlobAsBytes(rs, "oidc_id_token_value");
-			if (oidcIdTokenValue != null) {
-				tokenValue = new String(oidcIdTokenValue, StandardCharsets.UTF_8);
+			String oidcIdTokenValue = this.lobHandler.getClobAsString(rs, "oidc_id_token_value");
+			if (StringUtils.hasText(oidcIdTokenValue)) {
 				tokenIssuedAt = rs.getTimestamp("oidc_id_token_issued_at").toInstant();
 				tokenExpiresAt = rs.getTimestamp("oidc_id_token_expires_at").toInstant();
 				Map<String, Object> oidcTokenMetadata = parseMap(rs.getString("oidc_id_token_metadata"));
 
 				OidcIdToken oidcToken = new OidcIdToken(
-						tokenValue, tokenIssuedAt, tokenExpiresAt, (Map<String, Object>) oidcTokenMetadata.get(OAuth2Authorization.Token.CLAIMS_METADATA_NAME));
+						oidcIdTokenValue, tokenIssuedAt, tokenExpiresAt, (Map<String, Object>) oidcTokenMetadata.get(OAuth2Authorization.Token.CLAIMS_METADATA_NAME));
 				builder.token(oidcToken, (metadata) -> metadata.putAll(oidcTokenMetadata));
 			}
 
-			byte[] refreshTokenValue = this.lobHandler.getBlobAsBytes(rs, "refresh_token_value");
-			if (refreshTokenValue != null) {
-				tokenValue = new String(refreshTokenValue, StandardCharsets.UTF_8);
+			String refreshTokenValue = this.lobHandler.getClobAsString(rs, "refresh_token_value");
+			if (StringUtils.hasText(refreshTokenValue)) {
 				tokenIssuedAt = rs.getTimestamp("refresh_token_issued_at").toInstant();
 				tokenExpiresAt = null;
 				Timestamp refreshTokenExpiresAt = rs.getTimestamp("refresh_token_expires_at");
@@ -409,7 +404,7 @@ public OAuth2Authorization mapRow(ResultSet rs, int rowNum) throws SQLException
 				Map<String, Object> refreshTokenMetadata = parseMap(rs.getString("refresh_token_metadata"));
 
 				OAuth2RefreshToken refreshToken = new OAuth2RefreshToken(
-						tokenValue, tokenIssuedAt, tokenExpiresAt);
+						refreshTokenValue, tokenIssuedAt, tokenExpiresAt);
 				builder.token(refreshToken, (metadata) -> metadata.putAll(refreshTokenMetadata));
 			}
 			return builder.build();
@@ -520,12 +515,12 @@ protected final ObjectMapper getObjectMapper() {
 
 		private <T extends AbstractOAuth2Token> List<SqlParameterValue> toSqlParameterList(OAuth2Authorization.Token<T> token) {
 			List<SqlParameterValue> parameters = new ArrayList<>();
-			byte[] tokenValue = null;
+			String tokenValue = null;
 			Timestamp tokenIssuedAt = null;
 			Timestamp tokenExpiresAt = null;
 			String metadata = null;
 			if (token != null) {
-				tokenValue = token.getToken().getTokenValue().getBytes(StandardCharsets.UTF_8);
+				tokenValue = token.getToken().getTokenValue();
 				if (token.getToken().getIssuedAt() != null) {
 					tokenIssuedAt = Timestamp.from(token.getToken().getIssuedAt());
 				}
@@ -534,7 +529,7 @@ private <T extends AbstractOAuth2Token> List<SqlParameterValue> toSqlParameterLi
 				}
 				metadata = writeMap(token.getMetadata());
 			}
-			parameters.add(new SqlParameterValue(Types.BLOB, tokenValue));
+			parameters.add(new SqlParameterValue(Types.CLOB, tokenValue));
 			parameters.add(new SqlParameterValue(Types.TIMESTAMP, tokenIssuedAt));
 			parameters.add(new SqlParameterValue(Types.TIMESTAMP, tokenExpiresAt));
 			parameters.add(new SqlParameterValue(Types.VARCHAR, metadata));
@@ -563,13 +558,13 @@ private LobCreatorArgumentPreparedStatementSetter(LobCreator lobCreator, Object[
 		protected void doSetValue(PreparedStatement ps, int parameterPosition, Object argValue) throws SQLException {
 			if (argValue instanceof SqlParameterValue) {
 				SqlParameterValue paramValue = (SqlParameterValue) argValue;
-				if (paramValue.getSqlType() == Types.BLOB) {
+				if (paramValue.getSqlType() == Types.CLOB) {
 					if (paramValue.getValue() != null) {
-						Assert.isInstanceOf(byte[].class, paramValue.getValue(),
-								"Value of blob parameter must be byte[]");
+						Assert.isInstanceOf(String.class, paramValue.getValue(),
+								"Value of clob parameter must be String");
 					}
-					byte[] valueBytes = (byte[]) paramValue.getValue();
-					this.lobCreator.setBlobAsBytes(ps, parameterPosition, valueBytes);
+					String valueString = (String) paramValue.getValue();
+					this.lobCreator.setClobAsString(ps, parameterPosition, valueString);
 					return;
 				}
 			}

diff --git a/.../org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql b/.../org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql
@@ -3,23 +3,23 @@ CREATE TABLE oauth2_authorization (
     registered_client_id varchar(100) NOT NULL,
     principal_name varchar(200) NOT NULL,
     authorization_grant_type varchar(100) NOT NULL,
-    attributes varchar(4000) DEFAULT NULL,
+    attributes varchar(12000) DEFAULT NULL,
     state varchar(500) DEFAULT NULL,
-    authorization_code_value blob DEFAULT NULL,
+    authorization_code_value varchar(1000) DEFAULT NULL,
     authorization_code_issued_at timestamp DEFAULT NULL,
     authorization_code_expires_at timestamp DEFAULT NULL,
     authorization_code_metadata varchar(2000) DEFAULT NULL,
-    access_token_value blob DEFAULT NULL,
+    access_token_value varchar(1000) DEFAULT NULL,
     access_token_issued_at timestamp DEFAULT NULL,
     access_token_expires_at timestamp DEFAULT NULL,
     access_token_metadata varchar(2000) DEFAULT NULL,
     access_token_type varchar(100) DEFAULT NULL,
     access_token_scopes varchar(1000) DEFAULT NULL,
-    oidc_id_token_value blob DEFAULT NULL,
+    oidc_id_token_value varchar(1000) DEFAULT NULL,
     oidc_id_token_issued_at timestamp DEFAULT NULL,
     oidc_id_token_expires_at timestamp DEFAULT NULL,
     oidc_id_token_metadata varchar(2000) DEFAULT NULL,
-    refresh_token_value blob DEFAULT NULL,
+    refresh_token_value varchar(1000) DEFAULT NULL,
     refresh_token_issued_at timestamp DEFAULT NULL,
     refresh_token_expires_at timestamp DEFAULT NULL,
     refresh_token_metadata varchar(2000) DEFAULT NULL,