From 3ba0e06f2f52ca1959dccaa33e288369914571af Mon Sep 17 00:00:00 2001
From: Kai Moritz <kai@juplo.de>
Date: Mon, 1 Feb 2016 10:02:59 +0100
Subject: [PATCH] Switched from InMemoryUsers- to JdbcUsersConnectionRepository
 with H2

This only works, if you have the full strength version of the Java
Cryptographic Exctension (JCE) installed, since Spring Security is using
a 256-bit key.

See http://stackoverflow.com/a/17637354 for a full explanation.
---
 pom.xml                                       | 14 +++++++
 .../de/juplo/yourshouter/SocialConfig.java    | 41 ++++++++++++++-----
 src/main/resources/application.properties     |  3 ++
 src/main/resources/schema.sql                 | 19 +++++++++
 4 files changed, 67 insertions(+), 10 deletions(-)
 create mode 100644 src/main/resources/schema.sql

diff --git a/pom.xml b/pom.xml
index 5c70ea4..bff461f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,11 +28,15 @@
     <!-- settings for the Graph-API -->
     <facebook.app.id>NOT_SET</facebook.app.id>
     <facebook.app.secret>NOT_SET</facebook.app.secret>
+    <facebook.app.salt>NOT_SET</facebook.app.salt>
     <facebook.app.canvas>NOT_SET</facebook.app.canvas>
     <!-- settings for the Apache Commons Http-Client -->
     <httpclient.timeout.connection>60000</httpclient.timeout.connection>
     <httpclient.timeout.read>60000</httpclient.timeout.read>
     <httpclient.logging.level>ERROR</httpclient.logging.level>
+    <!-- database settings for tests -->
+    <jdbc.groupId>com.h2database</jdbc.groupId>
+    <jdbc.artifactId>h2</jdbc.artifactId>
   </properties>
 
   <dependencies>
@@ -61,6 +65,16 @@
       <groupId>org.apache.httpcomponents</groupId>
       <artifactId>httpclient</artifactId>
     </dependency>
+    <!-- Persistence -->
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-data-jpa</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>${jdbc.groupId}</groupId>
+      <artifactId>${jdbc.artifactId}</artifactId>
+      <scope>runtime</scope>
+    </dependency>
   </dependencies>
 
   <build>
diff --git a/src/main/java/de/juplo/yourshouter/SocialConfig.java b/src/main/java/de/juplo/yourshouter/SocialConfig.java
index 7cc9a63..466ed23 100644
--- a/src/main/java/de/juplo/yourshouter/SocialConfig.java
+++ b/src/main/java/de/juplo/yourshouter/SocialConfig.java
@@ -2,8 +2,11 @@ package de.juplo.yourshouter;
 
 
 
+import java.math.BigInteger;
 import javax.inject.Inject;
+import javax.sql.DataSource;
 import org.apache.http.HttpRequestFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
@@ -12,6 +15,7 @@ import org.springframework.social.UserIdSource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.crypto.encrypt.Encryptors;
 import org.springframework.social.config.annotation.ConnectionFactoryConfigurer;
 import org.springframework.social.config.annotation.EnableSocial;
 import org.springframework.social.config.annotation.SocialConfigurerAdapter;
@@ -20,7 +24,7 @@ import org.springframework.social.connect.ConnectionFactoryLocator;
 import org.springframework.social.connect.ConnectionRepository;
 import org.springframework.social.connect.ConnectionSignUp;
 import org.springframework.social.connect.UsersConnectionRepository;
-import org.springframework.social.connect.mem.InMemoryUsersConnectionRepository;
+import org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository;
 import org.springframework.social.connect.web.ConnectController;
 import org.springframework.social.connect.web.ProviderSignInController;
 import org.springframework.social.connect.web.SignInAdapter;
@@ -38,11 +42,18 @@ import org.springframework.social.facebook.web.CanvasSignInController;
 @EnableSocial
 public class SocialConfig extends SocialConfigurerAdapter
 {
+  @Inject
+  DataSource dataSource;
   @Inject
   ConnectionSignUp connectionSignUp;
   @Inject
   SignInAdapter signInAdapter;
 
+  @Value("${facebook.app.secret}")
+  String secret;
+  @Value("${facebook.app.salt}")
+  String salt;
+
 
   /**
    * Add a {@link FacebookConnectionFactory} to the configuration.
@@ -67,23 +78,33 @@ public class SocialConfig extends SocialConfigurerAdapter
   }
 
   /**
-   * Configure an instance of {@link InMemoryUsersConnection} as persistent
-   * store of user/connection-mappings.
+   * {@inheritDoc}
    *
-   * At the moment, no special configuration is needed.
+   * Configure an instance of {@link JdbcUsersConnection} as persistent
+   * store of user/connection-mappings.
+   * <p>
+   * The app-secret is reused as password for the encryption of the data.
+   * The salt can be changed in the <code>pom.xml</code>
+   * <p>
+   * This does only work, if you have the Java Crypto Extension (JCE) in
+   * full strength version, since Spring Security is using a 256-bit key.
    *
-   * @param connectionFactoryLocator
-   *     The {@link ConnectionFactoryLocator} will be injected by Spring.
-   * @return
-   *     The configured {@link UsersConnectionRepository}.
+   * @see http://stackoverflow.com/a/17637354
    */
   @Override
   public UsersConnectionRepository getUsersConnectionRepository(
       ConnectionFactoryLocator connectionFactoryLocator
       )
   {
-    InMemoryUsersConnectionRepository repository =
-        new InMemoryUsersConnectionRepository(connectionFactoryLocator);
+    JdbcUsersConnectionRepository repository =
+        new JdbcUsersConnectionRepository(
+            dataSource,
+            connectionFactoryLocator,
+            Encryptors.text(
+                secret,
+                String.format("%08x", new BigInteger(1, salt.getBytes()))
+                )
+            );
     repository.setConnectionSignUp(connectionSignUp);
     return repository;
   }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a66df89..2c78f2c 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,5 +1,6 @@
 facebook.app.id=@facebook.app.id@
 facebook.app.secret=@facebook.app.secret@
+facebook.app.salt=@facebook.app.salt@
 facebook.app.canvas=@facebook.app.canvas@
 
 server.port: 8443
@@ -12,6 +13,8 @@ httpclient.timeout.read=@httpclient.timeout.read@
 spring.thymeleaf.prefix=/thymeleaf/
 spring.thymeleaf.cache=false
 
+spring.datasource.continueOnError=true
+
 logging.level.org.springframework.social=debug
 logging.level.org.apache.http=@httpclient.logging.level@
 logging.level.org.apache.http.wire=ERROR
diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql
new file mode 100644
index 0000000..c3abb8f
--- /dev/null
+++ b/src/main/resources/schema.sql
@@ -0,0 +1,19 @@
+-- This SQL contains a "create table" that can be used to create a table that JdbcUsersConnectionRepository can persist
+-- connection in. It is, however, not to be assumed to be production-ready, all-purpose SQL. It is merely representative
+-- of the kind of table that JdbcUsersConnectionRepository works with. The table and column names, as well as the general
+-- column types, are what is important. Specific column types and sizes that work may vary across database vendors and
+-- the required sizes may vary across API providers. 
+
+create table UserConnection (userId varchar(255) not null,
+	providerId varchar(255) not null,
+	providerUserId varchar(255),
+	rank int not null,
+	displayName varchar(255),
+	profileUrl varchar(512),
+	imageUrl varchar(512),
+	accessToken varchar(512) not null,
+	secret varchar(512),
+	refreshToken varchar(512),
+	expireTime bigint,
+	primary key (userId, providerId, providerUserId));
+create unique index UserConnectionRank on UserConnection(userId, providerId, rank);
-- 
2.20.1