4 Required Domain Classes - Reference Documentation
Authors: Brian Saville, Bobby Vandiver, Roy Willemse
Version: 3.0.0-RC2
Table of Contents
4 Required Domain Classes
The plugin uses regular Grails domain classes backed by GORM. There are four required domain classes representing clients, access tokens, refresh tokens and authorization codes that you'll need.The s2-init-oauth2-provider script will create the domain classes for you in a specified package and updategrails-app/conf/application.groovy
so the plugin recognizes them. You can customize the generated classes to fit your needs. If you change the default property names, you will need to update grails-app/conf/application.groovy
so the plugin is aware of the changes. See the section on domain class properties for more information.
The maxSize
constraints in the generated domain classes have been set to reasonable defaults. However, tweaking may
be required if you are using longer usernames (email addresses for example), or have many authorities attached to a
single user.
The below discussion assumes the s2-init-oauth2-provider script has been run with com.yourapp
specified as the package and Client
, AccessToken
, RefreshToken
and AuthorizationCode
as the names of your domain classes.
4.1 Client Class
Information from the Grails client domain class will be extracted to create aClientDetails
instance for the underlying Spring Security OAuth 2.0 implementation.The generated class will look like this:package com.yourappclass Client { private static final String NO_CLIENT_SECRET = '' transient springSecurityService String clientId String clientSecret Integer accessTokenValiditySeconds Integer refreshTokenValiditySeconds Map<String, Object> additionalInformation static hasMany = [ authorities: String, authorizedGrantTypes: String, resourceIds: String, scopes: String, autoApproveScopes: String, redirectUris: String ] static transients = ['springSecurityService'] static constraints = { clientId blank: false, unique: true clientSecret nullable: true accessTokenValiditySeconds nullable: true refreshTokenValiditySeconds nullable: true authorities nullable: true authorizedGrantTypes nullable: true resourceIds nullable: true scopes nullable: true autoApproveScopes nullable: true redirectUris nullable: true additionalInformation nullable: true } def beforeInsert() { encodeClientSecret() } def beforeUpdate() { if(isDirty('clientSecret')) { encodeClientSecret() } } protected void encodeClientSecret() { clientSecret = clientSecret ?: NO_CLIENT_SECRET clientSecret = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(clientSecret) : clientSecret } }
4.2 Access Token Class
This class represents an access token than has been issued to a client on behalf of a user. The authentication object serialized is an instance ofOAuth2Authentication
from Spring Security OAuth 2.0.package com.yourappclass AccessToken { String authenticationKey byte[] authentication String username String clientId String value String tokenType Date expiration Map<String, Object> additionalInformation static hasOne = [refreshToken: String] static hasMany = [scope: String] static constraints = { username nullable: true clientId nullable: false, blank: false value nullable: false, blank: false, unique: true tokenType nullable: false, blank: false expiration nullable: false scope nullable: false refreshToken nullable: true authenticationKey nullable: false, blank: false, unique: true authentication nullable: false, minSize: 1, maxSize: 1024 * 4 additionalInformation nullable: true } static mapping = { version false scope lazy: false } }
4.3 Refresh Token Class
This class represents a refresh token issued as part of one of the grants that supports issuing a refresh token. The length of time the refresh token is valid is determined by the token services and can be configured. See token services configuration for more. The authentication object serialized is an instance ofOAuth2Authentication
from Spring Security OAuth 2.0.package com.yourappclass RefreshToken { String value Date expiration byte[] authentication static constraints = { value nullable: false, blank: false, unique: true expiration nullable: true authentication nullable: false, minSize: 1, maxSize: 1024 * 4 } static mapping = { version false } }
null
expiration. When reading a GORM refresh token, if the expiration field is null
, an ExpiringOAuth2RefreshToken
instance will be created and returned for processing by Spring Security OAuth. Otherwise an instance of OAuth2RefreshToken
will be created and used.
4.4 Authorization Code Class
This class represents an authorization code that has been issued via the authorization endpoint as part of an authorization code grant. The authentication object serialized is an instance ofOAuth2Authentication
from Spring Security OAuth 2.0.package com.yourappclass AuthorizationCode { byte[] authentication String code static constraints = { code nullable: false, blank: false, unique: true authentication nullable: false, minSize: 1, maxSize: 1024 * 4 } static mapping = { version false } }