refactor: 💡 Removed UMA package (not used)

Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:

```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```

Author: Dominik Frantisek Bucik

perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql

@@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
 	UNIQUE(token_value)
 );
 
-CREATE TABLE IF NOT EXISTS access_token_permissions (
-	access_token_id BIGINT NOT NULL,
-	permission_id BIGINT NOT NULL
-);
-
 CREATE TABLE IF NOT EXISTS address (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	formatted VARCHAR(256),
@@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
 	sector_identifier VARCHAR(2048)
 );
 
-CREATE TABLE IF NOT EXISTS resource_set (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	name VARCHAR(1024) NOT NULL,
-	uri VARCHAR(1024),
-	icon_uri VARCHAR(1024),
-	rs_type VARCHAR(256),
-	owner VARCHAR(256) NOT NULL,
-	client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
-	owner_id BIGINT NOT NULL,
-	scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	ticket VARCHAR(256) NOT NULL,
-	permission_id BIGINT NOT NULL,
-	expiration TIMESTAMP
-);
-
-CREATE TABLE IF NOT EXISTS permission (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
-	owner_id BIGINT NOT NULL,
-	scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	name VARCHAR(256),
-	friendly_name VARCHAR(1024),
-	claim_type VARCHAR(1024),
-	claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
-	policy_id BIGINT NOT NULL,
-	claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
-	permission_ticket_id BIGINT NOT NULL,
-	claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	name VARCHAR(1024),
-	resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
-	owner_id BIGINT NOT NULL,
-	scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
-	owner_id BIGINT NOT NULL,
-	claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
-	owner_id BIGINT NOT NULL,
-	issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
-	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	issuer VARCHAR(1024),
-	registered_client VARCHAR(8192)
-);
-
 CREATE TABLE IF NOT EXISTS device_code (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	device_code VARCHAR(1024),

perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql

@@ -13,11 +13,6 @@ CREATE TABLE IF NOT EXISTS access_token (
     approved_site_id BIGINT
 );
 
-CREATE TABLE IF NOT EXISTS access_token_permissions (
-    access_token_id BIGINT NOT NULL,
-    permission_id BIGINT NOT NULL
-);
-
 CREATE TABLE IF NOT EXISTS address (
     id BIGINT AUTO_INCREMENT PRIMARY KEY,
     formatted VARCHAR(256),
@@ -87,7 +82,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
     id BIGINT AUTO_INCREMENT PRIMARY KEY,
     acr VARCHAR(1024),
     name VARCHAR(1024),
-    authenticated BOOLEAN,
+    authenticated BOOLEAN
 );
 
 CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@@ -283,83 +278,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
     sector_identifier VARCHAR(2048)
 );
 
-CREATE TABLE IF NOT EXISTS resource_set (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(1024) NOT NULL,
-    uri VARCHAR(1024),
-    icon_uri VARCHAR(1024),
-    rs_type VARCHAR(256),
-    owner VARCHAR(256) NOT NULL,
-    client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    ticket VARCHAR(256) NOT NULL,
-    permission_id BIGINT NOT NULL,
-    expiration TIMESTAMP NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(256),
-    friendly_name VARCHAR(1024),
-    claim_type VARCHAR(1024),
-    claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
-    policy_id BIGINT NOT NULL,
-    claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
-    permission_ticket_id BIGINT NOT NULL,
-    claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(1024),
-    resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
-    owner_id BIGINT NOT NULL,
-    claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
-    owner_id BIGINT NOT NULL,
-    issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
-    issuer VARCHAR(1024),
-    registered_client VARCHAR(8192)
-);
-
 CREATE TABLE IF NOT EXISTS device_code (
     id BIGINT AUTO_INCREMENT PRIMARY KEY,
     device_code VARCHAR(1024),

perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql

@@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
     UNIQUE(token_value)
 );
 
-CREATE TABLE IF NOT EXISTS access_token_permissions (
-    access_token_id BIGINT NOT NULL,
-    permission_id BIGINT NOT NULL
-);
-
 CREATE TABLE IF NOT EXISTS address (
     id BIGSERIAL PRIMARY KEY,
     formatted VARCHAR(256),
@@ -88,7 +83,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
     id BIGSERIAL PRIMARY KEY,
     acr VARCHAR(1024),
     name VARCHAR(1024),
-    authenticated BOOLEAN,
+    authenticated BOOLEAN
 );
 
 CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
     sector_identifier VARCHAR(2048)
 );
 
-CREATE TABLE IF NOT EXISTS resource_set (
-    id BIGSERIAL PRIMARY KEY,
-    name VARCHAR(1024) NOT NULL,
-    uri VARCHAR(1024),
-    icon_uri VARCHAR(1024),
-    rs_type VARCHAR(256),
-    owner VARCHAR(256) NOT NULL,
-    client_id VARCHAR(256)
-);
-
-CREATE TABLE IF NOT EXISTS resource_set_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS permission_ticket (
-    id BIGSERIAL PRIMARY KEY,
-    ticket VARCHAR(256) NOT NULL,
-    permission_id BIGINT NOT NULL,
-    expiration TIMESTAMP
-);
-
-CREATE TABLE IF NOT EXISTS permission (
-    id BIGSERIAL PRIMARY KEY,
-    resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS permission_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim (
-    id BIGSERIAL PRIMARY KEY,
-    name VARCHAR(256),
-    friendly_name VARCHAR(1024),
-    claim_type VARCHAR(1024),
-    claim_value VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_policy (
-    policy_id BIGINT NOT NULL,
-    claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
-    permission_ticket_id BIGINT NOT NULL,
-    claim_id BIGINT NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS policy (
-    id BIGSERIAL PRIMARY KEY,
-    name VARCHAR(1024),
-    resource_set_id BIGINT
-);
-
-CREATE TABLE IF NOT EXISTS policy_scope (
-    owner_id BIGINT NOT NULL,
-    scope VARCHAR(256) NOT NULL
-);
-
-CREATE TABLE IF NOT EXISTS claim_token_format (
-    owner_id BIGINT NOT NULL,
-    claim_token_format VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS claim_issuer (
-    owner_id BIGINT NOT NULL,
-    issuer VARCHAR(1024)
-);
-
-CREATE TABLE IF NOT EXISTS saved_registered_client (
-    id BIGSERIAL PRIMARY KEY,
-    issuer VARCHAR(1024),
-    registered_client VARCHAR(8192)
-);
-
 CREATE TABLE IF NOT EXISTS device_code (
     id BIGSERIAL PRIMARY KEY,
     device_code VARCHAR(1024),
@@ -381,4 +299,3 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
     param VARCHAR(2048),
     val VARCHAR(2048)
 );
-

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java

@@ -20,20 +20,29 @@
  */
 package cz.muni.ics.oauth2.model;
 
-import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_APPROVED_SITE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_CLIENT;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_DATE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_NAME;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_ALL;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_CLIENT;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_NAME;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE;
+import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.nimbusds.jwt.JWT;
 import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
 import cz.muni.ics.openid.connect.model.ApprovedSite;
-import cz.muni.ics.uma.model.Permission;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.Convert;
@@ -44,11 +53,9 @@
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
 import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
@@ -96,9 +103,6 @@
 	@NamedQuery(name = QUERY_BY_APPROVED_SITE,
 				query = "SELECT a FROM OAuth2AccessTokenEntity a " +
 						"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
-	@NamedQuery(name = QUERY_BY_RESOURCE_SET,
-				query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
-						"WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
 	@NamedQuery(name = QUERY_BY_NAME,
 				query = "SELECT r FROM OAuth2AccessTokenEntity r " +
 						"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
@@ -160,12 +164,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	@CascadeOnDelete
 	private Set<String> scope;
 
-	@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
-	@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
-			inverseJoinColumns = @JoinColumn(name = "permission_id"))
-	@CascadeOnDelete
-	private Set<Permission> permissions;
-
 	@ManyToOne
 	@JoinColumn(name = "approved_site_id")
 	private ApprovedSite approvedSite;

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java

@@ -22,7 +22,6 @@
 import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
 import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
 import cz.muni.ics.openid.connect.model.ApprovedSite;
-import cz.muni.ics.uma.model.ResourceSet;
 import java.util.List;
 import java.util.Set;
 
@@ -68,8 +67,6 @@ public interface OAuth2TokenRepository {
 
 	Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
 
-	Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
-
 	/**
 	 * removes duplicate access tokens.
 	 *