clean up resource sets when clients are deleted

Author: jricher

openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java

@@ -41,12 +41,14 @@
 @NamedQueries ({
 @NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
 @NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
+@NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
 @NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
 })
 public class ResourceSet {
 
 public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner";
 public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient";
+public static final String QUERY_BY_CLIENT = "ResourceSet.queryByClient";
 public static final String QUERY_ALL = "ResourceSet.queryAll";
 
 public static final String PARAM_OWNER = "owner";

openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java

@@ -39,4 +39,6 @@ public interface ResourceSetRepository {
 
 public Collection<ResourceSet> getAll();
 
+public Collection<ResourceSet> getAllForClient(String clientId);
+
 }

openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java

@@ -18,6 +18,7 @@
 
 import java.util.Collection;
 
+import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.uma.model.ResourceSet;
 
 /**
@@ -41,4 +42,6 @@ public interface ResourceSetService {
 
 public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId);
 
+public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client);
+
 }

openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml

@@ -38,8 +38,8 @@
 <!-- The following files are for safely bootstrapping users and clients into the database -->
 <jdbc:script location="classpath:/db/tables/loading_temp_tables.sql"/>
 <jdbc:script location="classpath:/db/users.sql"/>
-<jdbc:script location="classpath:/db/clients.sql"/>
-<jdbc:script location="classpath:/db/scopes.sql"/>
+<!-- <jdbc:script location="classpath:/db/clients.sql"/> -->
+<!-- <jdbc:script location="classpath:/db/scopes.sql"/> -->
 </jdbc:initialize-database>
 
 <bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java

@@ -42,6 +42,8 @@
 import org.mitre.openid.connect.service.BlacklistedSiteService;
 import org.mitre.openid.connect.service.StatsService;
 import org.mitre.openid.connect.service.WhitelistedSiteService;
+import org.mitre.uma.model.ResourceSet;
+import org.mitre.uma.service.ResourceSetService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -88,6 +90,9 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 @Autowired
 private StatsService statsService;
 
+@Autowired
+private ResourceSetService resourceSetService;
+
 @Autowired
 private ConfigurationPropertiesBean config;
 
@@ -235,6 +240,12 @@ public void deleteClient(ClientDetailsEntity client) throws InvalidClientExcepti
 if (whitelistedSite != null) {
 whitelistedSiteService.remove(whitelistedSite);
 }
+
+// clear out resource sets registered for this client
+Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client);
+for (ResourceSet rs : resourceSets) {
+resourceSetService.remove(rs);
+}
 
 // take care of the client itself
 clientRepository.deleteClient(client);

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java

@@ -20,6 +20,7 @@
 import java.util.Collection;
 import java.util.Collections;
 
+import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.service.ResourceSetService;
 import org.springframework.stereotype.Service;
@@ -64,4 +65,9 @@ public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String auth
 return Collections.emptySet();
 }
 
+@Override
+public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
+return Collections.emptySet();
+}
+
 }

uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java

@@ -885,7 +885,9 @@ private void readPermissionTickets(JsonReader reader) throws IOException {
 reader.endObject();
 Permission saved = permissionRepository.saveRawPermission(p);
 permissionToResourceRefs.put(saved.getId(), rsid);
+ticket.setPermission(saved);
 } else if (name.equals(TICKET)) {
+ticket.setTicket(reader.nextString());
 } else {
 logger.debug("Found unexpected entry");
 reader.skipValue();
@@ -1225,6 +1227,7 @@ private void readAccessTokens(JsonReader reader) throws IOException {
 continue;
 }
 }
+reader.endObject();
 p.setScopes(scope);
 Permission saved = permissionRepository.saveRawPermission(p);
 permissionToResourceRefs.put(saved.getId(), rsid);
@@ -1807,6 +1810,7 @@ private void fixObjectReferences() {
 ResourceSet rs = resourceSetRepository.getById(newResourceId);
 p.setResourceSet(rs);
 permissionRepository.saveRawPermission(p);
+logger.debug("Mapping rsid " + oldResourceId + " to " + newResourceId + " for permission " + permissionId);
 }
 permissionToResourceRefs.clear();
 resourceSetOldToNewIdMap.clear();

uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java

@@ -85,4 +85,14 @@ public Collection<ResourceSet> getAll() {
 return query.getResultList();
 }
 
+/* (non-Javadoc)
+ * @see org.mitre.uma.repository.ResourceSetRepository#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity)
+ */
+@Override
+public Collection<ResourceSet> getAllForClient(String clientId) {
+TypedQuery<ResourceSet> query = em.createNamedQuery(ResourceSet.QUERY_BY_CLIENT, ResourceSet.class);
+query.setParameter(ResourceSet.PARAM_CLIENTID, clientId);
+return query.getResultList();
+}
+
 }

uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java

@@ -19,6 +19,7 @@
 
 import java.util.Collection;
 
+import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.uma.model.PermissionTicket;
@@ -137,5 +138,13 @@ private boolean checkScopeConsistency(ResourceSet rs) {
 // we've checked everything, we're good
 return true;
 }
+
+/* (non-Javadoc)
+ * @see org.mitre.uma.service.ResourceSetService#getAllForClient(org.mitre.oauth2.model.ClientDetailsEntity)
+ */
+@Override
+public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
+return repository.getAllForClient(client.getClientId());
+}
 
 }