Store client settings and token settings in JSON fields

rlewczuk · rlewczuk · commit e15bb580b681 · 2021-06-22T08:16:31.000+02:00
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.server.authorization.client;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.jdbc.core.*;
 import org.springframework.jdbc.support.lob.DefaultLobHandler;
 import org.springframework.jdbc.support.lob.LobCreator;
@@ -54,18 +56,15 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 			+ "authorization_grant_types, "
 			+ "redirect_uris, "
 			+ "scopes, "
-			+ "require_proof_key, "
-			+ "require_user_consent, "
-			+ "access_token_ttl, "
-			+ "reuse_refresh_tokens, "
-			+ "refresh_token_ttl";
+			+ "client_settings,"
+			+ "token_settings";
 
 	private static final String TABLE_NAME = "oauth2_registered_client";
 
 	private static final String LOAD_REGISTERED_CLIENT_SQL = "SELECT " + COLUMN_NAMES + " FROM " + TABLE_NAME + " WHERE ";
 
 	private static final String INSERT_REGISTERED_CLIENT_SQL = "INSERT INTO " + TABLE_NAME
-			+ "(" + COLUMN_NAMES + ") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+			+ "(" + COLUMN_NAMES + ") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
 
 	private RowMapper<RegisteredClient> registeredClientRowMapper;
 
@@ -75,9 +74,13 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 
 	private final LobHandler lobHandler = new DefaultLobHandler();
 
-	public JdbcRegisteredClientRepository(JdbcOperations jdbcOperations) {
+	private final ObjectMapper objectMapper;
+
+	public JdbcRegisteredClientRepository(JdbcOperations jdbcOperations, ObjectMapper objectMapper) {
 		Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
+		Assert.notNull(objectMapper, "objectMapper cannot be null");
 		this.jdbcOperations = jdbcOperations;
+		this.objectMapper = objectMapper;
 		this.registeredClientRowMapper = new DefaultRegisteredClientRowMapper();
 		this.registeredClientParametersMapper = new DefaultRegisteredClientParametersMapper();
 	}
@@ -145,7 +148,7 @@ private RegisteredClient findBy(String condStr, Object...args) {
 		return !lst.isEmpty() ? lst.get(0) : null;
 	}
 
-	private static class DefaultRegisteredClientRowMapper implements RowMapper<RegisteredClient> {
+	private class DefaultRegisteredClientRowMapper implements RowMapper<RegisteredClient> {
 
 		private final LobHandler lobHandler = new DefaultLobHandler();
 
@@ -154,6 +157,7 @@ private Collection<String> parseList(String s) {
 		}
 
 		@Override
+		@SuppressWarnings("unchecked")
 		public RegisteredClient mapRow(ResultSet rs, int rowNum) throws SQLException {
 			Collection<String> scopes = parseList(rs.getString("scopes"));
 			List<AuthorizationGrantType> authGrantTypes = parseList(rs.getString("authorization_grant_types"))
@@ -180,54 +184,102 @@ public RegisteredClient mapRow(ResultSet rs, int rowNum) throws SQLException {
 			RegisteredClient rc = builder.build();
 
 			TokenSettings ts = rc.getTokenSettings();
-			ts.accessTokenTimeToLive(Duration.ofMillis(rs.getLong("access_token_ttl")));
-			ts.refreshTokenTimeToLive(Duration.ofMillis(rs.getLong("refresh_token_ttl")));
-			ts.reuseRefreshTokens(rs.getBoolean("reuse_refresh_tokens"));
-
 			ClientSettings cs = rc.getClientSettings();
-			cs.requireProofKey(rs.getBoolean("require_proof_key"));
-			cs.requireUserConsent(rs.getBoolean("require_user_consent"));
+
+			try {
+				String tokenSettingsJson = rs.getString("token_settings");
+				if (tokenSettingsJson != null) {
+
+					Map<String, Object> m = JdbcRegisteredClientRepository.this.objectMapper.readValue(tokenSettingsJson, Map.class);
+
+					Number accessTokenTTL = (Number)m.get("access_token_ttl");
+					if (accessTokenTTL != null) {
+						ts.accessTokenTimeToLive(Duration.ofMillis(accessTokenTTL.longValue()));
+					}
+
+					Number refreshTokenTTL = (Number)m.get("refresh_token_ttl");
+					if (refreshTokenTTL != null) {
+						ts.refreshTokenTimeToLive(Duration.ofMillis(refreshTokenTTL.longValue()));
+					}
+
+					Boolean reuseRefreshTokens = (Boolean)m.get("reuse_refresh_tokens");
+					if (reuseRefreshTokens != null) {
+						ts.reuseRefreshTokens(reuseRefreshTokens);
+					}
+				}
+
+				String clientSettingsJson = rs.getString("client_settings");
+				if (clientSettingsJson != null) {
+
+					Map<String, Object> m = JdbcRegisteredClientRepository.this.objectMapper.readValue(clientSettingsJson, Map.class);
+
+					Boolean requireProofKey = (Boolean)m.get("require_proof_key");
+					if (requireProofKey != null) {
+						cs.requireProofKey(requireProofKey);
+					}
+
+					Boolean requireUserConsent = (Boolean)m.get("require_user_consent");
+					if (requireUserConsent != null) {
+						cs.requireUserConsent(requireUserConsent);
+					}
+				}
+
+
+			} catch (JsonProcessingException e) {
+				throw new IllegalArgumentException(e.getMessage(), e);
+			}
 
 			return rc;
 		}
 	}
 
-	private static class DefaultRegisteredClientParametersMapper implements Function<RegisteredClient, List<SqlParameterValue>> {
+	private class DefaultRegisteredClientParametersMapper implements Function<RegisteredClient, List<SqlParameterValue>> {
 		@Override
 		public List<SqlParameterValue> apply(RegisteredClient registeredClient) {
+			try {
+				List<String> clientAuthenticationMethodNames = new ArrayList<>(registeredClient.getClientAuthenticationMethods().size());
+				for (ClientAuthenticationMethod clientAuthenticationMethod : registeredClient.getClientAuthenticationMethods()) {
+					clientAuthenticationMethodNames.add(clientAuthenticationMethod.getValue());
+				}
 
-			List<String> clientAuthenticationMethodNames = new ArrayList<>(registeredClient.getClientAuthenticationMethods().size());
-			for (ClientAuthenticationMethod clientAuthenticationMethod : registeredClient.getClientAuthenticationMethods()) {
-				clientAuthenticationMethodNames.add(clientAuthenticationMethod.getValue());
-			}
+				List<String> authorizationGrantTypeNames = new ArrayList<>(registeredClient.getAuthorizationGrantTypes().size());
+				for (AuthorizationGrantType authorizationGrantType : registeredClient.getAuthorizationGrantTypes()) {
+					authorizationGrantTypeNames.add(authorizationGrantType.getValue());
+				}
 
-			List<String> authorizationGrantTypeNames = new ArrayList<>(registeredClient.getAuthorizationGrantTypes().size());
-			for (AuthorizationGrantType authorizationGrantType : registeredClient.getAuthorizationGrantTypes()) {
-				authorizationGrantTypeNames.add(authorizationGrantType.getValue());
+				Instant issuedAt = registeredClient.getClientIdIssuedAt() != null ?
+						registeredClient.getClientIdIssuedAt() : Instant.now();
+
+				Timestamp clientSecretExpiresAt = registeredClient.getClientSecretExpiresAt() != null ?
+						Timestamp.from(registeredClient.getClientSecretExpiresAt()) : null;
+
+				Map<String,Object> clientSettings = new HashMap<>();
+				clientSettings.put("require_proof_key", registeredClient.getClientSettings().requireProofKey());
+				clientSettings.put("require_user_consent", registeredClient.getClientSettings().requireUserConsent());
+				String clientSettingsJson = JdbcRegisteredClientRepository.this.objectMapper.writeValueAsString(clientSettings);
+
+				Map<String,Object> tokenSettings = new HashMap<>();
+				tokenSettings.put("access_token_ttl", registeredClient.getTokenSettings().accessTokenTimeToLive().toMillis());
+				tokenSettings.put("reuse_refresh_tokens", registeredClient.getTokenSettings().reuseRefreshTokens());
+				tokenSettings.put("refresh_token_ttl", registeredClient.getTokenSettings().refreshTokenTimeToLive().toMillis());
+				String tokenSettingsJson = JdbcRegisteredClientRepository.this.objectMapper.writeValueAsString(tokenSettings);
+
+				return Arrays.asList(
+						new SqlParameterValue(Types.VARCHAR, registeredClient.getId()),
+						new SqlParameterValue(Types.VARCHAR, registeredClient.getClientId()),
+						new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(issuedAt)),
+						new SqlParameterValue(Types.BLOB, registeredClient.getClientSecret().getBytes(StandardCharsets.UTF_8)),
+						new SqlParameterValue(Types.TIMESTAMP, clientSecretExpiresAt),
+						new SqlParameterValue(Types.VARCHAR, registeredClient.getClientName()),
+						new SqlParameterValue(Types.VARCHAR, String.join("|", clientAuthenticationMethodNames)),
+						new SqlParameterValue(Types.VARCHAR, String.join("|", authorizationGrantTypeNames)),
+						new SqlParameterValue(Types.VARCHAR, String.join("|", registeredClient.getRedirectUris())),
+						new SqlParameterValue(Types.VARCHAR, String.join("|", registeredClient.getScopes())),
+						new SqlParameterValue(Types.VARCHAR, clientSettingsJson),
+						new SqlParameterValue(Types.VARCHAR, tokenSettingsJson));
+			} catch (JsonProcessingException e) {
+				throw new IllegalArgumentException(e.getMessage(), e);
 			}
-
-			Instant issuedAt = registeredClient.getClientIdIssuedAt() != null ?
-					registeredClient.getClientIdIssuedAt() : Instant.now();
-
-			Timestamp clientSecretExpiresAt = registeredClient.getClientSecretExpiresAt() != null ?
-					Timestamp.from(registeredClient.getClientSecretExpiresAt()) : null;
-
-			return Arrays.asList(
-					new SqlParameterValue(Types.VARCHAR, registeredClient.getId()),
-					new SqlParameterValue(Types.VARCHAR, registeredClient.getClientId()),
-					new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(issuedAt)),
-					new SqlParameterValue(Types.BLOB, registeredClient.getClientSecret().getBytes(StandardCharsets.UTF_8)),
-					new SqlParameterValue(Types.TIMESTAMP, clientSecretExpiresAt),
-					new SqlParameterValue(Types.VARCHAR, registeredClient.getClientName()),
-					new SqlParameterValue(Types.VARCHAR, String.join("|", clientAuthenticationMethodNames)),
-					new SqlParameterValue(Types.VARCHAR, String.join("|", authorizationGrantTypeNames)),
-					new SqlParameterValue(Types.VARCHAR, String.join("|", registeredClient.getRedirectUris())),
-					new SqlParameterValue(Types.VARCHAR, String.join("|", registeredClient.getScopes())),
-					new SqlParameterValue(Types.BOOLEAN, registeredClient.getClientSettings().requireProofKey()),
-					new SqlParameterValue(Types.BOOLEAN, registeredClient.getClientSettings().requireUserConsent()),
-					new SqlParameterValue(Types.NUMERIC, registeredClient.getTokenSettings().accessTokenTimeToLive().toMillis()),
-					new SqlParameterValue(Types.BOOLEAN, registeredClient.getTokenSettings().reuseRefreshTokens()),
-					new SqlParameterValue(Types.NUMERIC, registeredClient.getTokenSettings().refreshTokenTimeToLive().toMillis()));
 		}
 	}
 
diff --git a/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2_registered_client.sql b/oauth2-authorization-server/src/main/resources/org/springframework/security/oauth2/server/authorization/client/oauth2_registered_client.sql
@@ -9,9 +9,6 @@ CREATE TABLE oauth2_registered_client (
     authorization_grant_types varchar(1000) NOT NULL,
     redirect_uris varchar(1000) NOT NULL,
     scopes varchar(1000) NOT NULL,
-    require_proof_key boolean NOT NULL,
-    require_user_consent boolean NOT NULL,
-    access_token_ttl integer DEFAULT 300000 NOT NULL,
-    reuse_refresh_tokens boolean DEFAULT true NOT NULL,
-    refresh_token_ttl integer DEFAULT 600000 NOT NULL,
+    client_settings varchar(1000) DEFAULT NULL,
+    token_settings varchar(1000) DEFAULT NULL,
     PRIMARY KEY (id));
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
@@ -15,6 +15,7 @@
  */
 package org.springframework.security.oauth2.server.authorization.client;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -70,7 +71,7 @@ public void setup() throws Exception {
 			}
 		}
 
-		this.clients = new JdbcRegisteredClientRepository(this.jdbc);
+		this.clients = new JdbcRegisteredClientRepository(this.jdbc, new ObjectMapper());
 		this.registration = TestRegisteredClients.registeredClient().build();
 
 		this.clients.save(this.registration);
@@ -86,11 +87,20 @@ public void destroyDatabase() {
 	public void whenJdbcOperationsNullThenThrow() {
 		// @formatter:off
 		assertThatIllegalArgumentException()
-				.isThrownBy(() -> new JdbcRegisteredClientRepository(null))
+				.isThrownBy(() -> new JdbcRegisteredClientRepository(null, new ObjectMapper()))
 				.withMessage("jdbcOperations cannot be null");
 		// @formatter:on
 	}
 
+	@Test
+	public void whenObjectMapperNullThenThrow() {
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JdbcRegisteredClientRepository(this.jdbc, null))
+				.withMessage("objectMapper cannot be null");
+		// @formatter:on
+	}
+
 	@Test
 	public void whenSetNullRegisteredClientRowMapperThenThrow() {
 		// @formatter:off
