fix(Admin): fix OAuth Client deserialization and database operations

Author: duonglq-tsdv

libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/cloudantclient/DatabaseConnectorCloudant.java

@@ -9,6 +9,11 @@
  */
 package org.eclipse.sw360.datahandler.cloudantclient;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
@@ -30,6 +35,8 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.lang.reflect.Type;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
@@ -665,17 +672,25 @@ public Document getDocumentFromPojo(Object document) {
             return (Document) document;
         }
         Document doc = new Document();
-        Gson gson = this.instance.getGson();
-        Type t = new TypeToken<Map<String, Object>>() {}.getType();
-        Map<String, Object> map = gson.fromJson(gson.toJson(document), t);
+        Map<String, Object> map;
+
+        if (isInstanceOfOAuthClientEntity(document)) {
+            ObjectMapper objectMapper = new ObjectMapper();
+            map = objectMapper.convertValue(document, new TypeReference<Map<String, Object>>() {});
+        } else {
+            Gson gson = this.instance.getGson();
+            Type type = new TypeToken<Map<String, Object>>() {}.getType();
+            map = gson.fromJson(gson.toJson(document), type);
+        }
+
         if (map.containsKey("id")) {
             if (!((String) map.get("id")).isEmpty()) {
                 doc.setId((String) map.get("id"));
             }
             map.remove("id");
         }
         if (map.containsKey("_id")) {
-            if (!((String) map.get("_id")).isEmpty()) {
+            if (map.get("_id") != null && !((String) map.get("_id")).isEmpty()) {
                 doc.setId((String) map.get("_id"));
             }
             map.remove("_id");
@@ -693,7 +708,7 @@ public Document getDocumentFromPojo(Object document) {
             map.remove("revision");
         }
         if (map.containsKey("_rev")) {
-            if (!((String) map.get("_rev")).isEmpty()) {
+            if (map.get("_rev") != null && !((String) map.get("_rev")).isEmpty()) {
                 doc.setRev((String) map.get("_rev"));
             }
             map.remove("_rev");
@@ -703,8 +718,18 @@ public Document getDocumentFromPojo(Object document) {
     }
 
     public <T> T getPojoFromDocument(@NotNull Document document, Class<T> type) {
-        T doc = this.instance.getGson().fromJson(document.toString(), type);
-        updateIdAndRev(doc, document.getId(), document.getRev());
+        T doc = null;
+        try {
+            if (type.getSimpleName().equals("OAuthClientEntity"))  {
+                ObjectMapper objectMapper = new ObjectMapper();
+                doc = objectMapper.readValue(document.toString(), type);
+            } else {
+                doc = this.instance.getGson().fromJson(document.toString(), type);
+            }
+            updateIdAndRev(doc, document.getId(), document.getRev());
+        } catch (JsonProcessingException e) {
+            log.error(e.getMessage());
+        }
         return doc;
     }
 
@@ -715,9 +740,24 @@ private <T> void updateIdAndRev(@NotNull T doc, String docId, String docRev) {
             TFieldIdEnum rev = tbase.fieldForId(2);
             tbase.setFieldValue(id, docId);
             tbase.setFieldValue(rev, docRev);
+        }  else if (isInstanceOfOAuthClientEntity(doc)) {
+            Class<?> clazz = doc.getClass();
+            try {
+                Method setIdMethod = clazz.getMethod("setId", String.class);
+                setIdMethod.invoke(doc, docId);
+
+                Method setRevMethod = clazz.getMethod("setRev", String.class);
+                setRevMethod.invoke(doc, docRev);
+            } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) {
+                log.error(e.getMessage());
+            }
         }
     }
 
+    private <T> boolean isInstanceOfOAuthClientEntity(T doc) {    
+        return doc.getClass().getSimpleName().equals("OAuthClientEntity");
+    }
+
     public boolean contains(@NotNull String docId) {
         if (docId.isEmpty()) {
             return false;

libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/cloudantclient/DatabaseRepositoryCloudantClient.java

@@ -9,6 +9,8 @@
  */
 package org.eclipse.sw360.datahandler.cloudantclient;
 
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.lang.reflect.Type;
 import java.util.Arrays;
 import java.util.Collection;
@@ -370,6 +372,15 @@ public boolean remove(T doc) {
             TFieldIdEnum id = tbase.fieldForId(1);
             String docId = (String) tbase.getFieldValue(id);
             return connector.deleteById(docId);
+        } else if (doc.getClass().getSimpleName().equals("OAuthClientEntity")) {
+            Class<?> clazz = doc.getClass();
+            try {
+                Method getIdMethod = clazz.getMethod("getId");
+                String id = (String) getIdMethod.invoke(doc);
+                return connector.deleteById(id);
+            } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) {
+                log.error(e.getMessage());
+            }
         }
         return connector.remove(doc);
     }

rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/persistence/OAuthClientDeserializer.java

@@ -0,0 +1,76 @@
+// Copyright (C) TOSHIBA CORPORATION, 2025. Part of the SW360 Frontend Project.
+// Copyright (C) Toshiba Software Development (Vietnam) Co., Ltd., 2025. Part of the SW360 Frontend Project.
+
+// This program and the accompanying materials are made
+// available under the terms of the Eclipse Public License 2.0
+// which is available at https://www.eclipse.org/legal/epl-2.0/
+
+// SPDX-License-Identifier: EPL-2.0
+// License-Filename: LICENSE
+package org.eclipse.sw360.rest.authserver.client.persistence;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+public class OAuthClientDeserializer extends JsonDeserializer<OAuthClientEntity> {
+
+    @Override
+    public OAuthClientEntity deserialize(JsonParser p, DeserializationContext ctxt)
+            throws IOException, JsonProcessingException {
+
+        JsonNode node = p.getCodec().readTree(p);
+        OAuthClientEntity client = new OAuthClientEntity();
+
+        client.setId(node.get("_id").asText());
+        client.setRev(node.get("_rev").asText());
+        client.setClientId(node.get("client_id").asText());
+        client.setClientSecret(node.get("client_secret").asText());
+        client.setDescription(node.get("description").asText());
+
+        client.setSecretRequired(node.get("secretRequired").asBoolean());
+        client.setScoped(node.get("scoped").asBoolean());
+
+        client.setResourceIds(jsonNodeToSet(node.get("resource_ids")));
+        client.setAuthorizedGrantTypes(jsonNodeToSet(node.get("authorized_grant_types")));
+        client.setScope(jsonNodeToSet(node.get("scope")));
+        client.setRegisteredRedirectUri(jsonNodeToSet(node.get("redirect_uri")));
+        client.setAutoApproveScopes(jsonNodeToSet(node.get("autoapprove")));
+
+        if (node.has("access_token_validity")) {
+            client.setAccessTokenValiditySeconds(node.get("access_token_validity").asInt());
+        }
+        if (node.has("refresh_token_validity")) {
+            client.setRefreshTokenValiditySeconds(node.get("refresh_token_validity").asInt());
+        }
+
+        Set<String> authorities = jsonNodeToSet(node.get("authorities"));
+        client.setAuthorities(authorities);
+
+        return client;
+    }
+
+    private Set<String> jsonNodeToSet(JsonNode node) {
+        if (node == null || !node.isArray()) {
+            return new HashSet<>();
+        }
+        Set<String> result = new HashSet<>();
+        for (JsonNode element : node) {
+            if (element.isTextual()) {
+                result.add(element.asText());
+            } else if (element.isObject() && element.has("role")) {
+                result.add(element.get("role").asText());
+            }
+        }
+        return result;
+    }
+}

rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/persistence/OAuthClientEntity.java

@@ -11,15 +11,12 @@
 
 import java.io.Serial;
 import java.io.Serializable;
-import java.util.Collection;
 import java.util.Set;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
-
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
+@JsonDeserialize(using = OAuthClientDeserializer.class)
 public class OAuthClientEntity implements Serializable {
 
     @Serial
@@ -31,7 +28,7 @@ public class OAuthClientEntity implements Serializable {
     private String description;
     private Set<String> resourceIds;
     private Set<String> authorizedGrantTypes;
-    private Collection<GrantedAuthority> authorities;
+    private Set<String> authorities;
     private Set<String> scope;
     private boolean secretRequired;
     private boolean scoped;
@@ -51,12 +48,12 @@ public String getId() {
     }
 
     @JsonProperty("_rev")
-    public void setRevision(String revision) {
+    public void setRev(String revision) {
         this.revision = revision;
     }
 
     @JsonProperty("_rev")
-    public String getRevision() {
+    public String getRev() {
         return revision;
     }
 
@@ -122,23 +119,14 @@ public void setAuthorizedGrantTypes(Set<String> authorizedGrantTypes) {
         this.authorizedGrantTypes=authorizedGrantTypes;
     }
 
-    public Collection<GrantedAuthority> getAuthorities() {
-        return authorities;
-    }
-
-    public void setAuthorities(Collection<GrantedAuthority> authorities) {
-        this.authorities=authorities;
-    }
-
     @JsonProperty("authorities")
-    public Set<String> getAuthoritiesAsStrings() {
-        return AuthorityUtils.authorityListToSet(this.authorities);
+    public Set<String> getAuthorities() {
+        return authorities;
     }
 
     @JsonProperty("authorities")
-    @JsonDeserialize()
-    public void setAuthoritiesAsStrings(Set<String> values) {
-        this.setAuthorities(AuthorityUtils.createAuthorityList(values.toArray(new String[values.size()])));
+    public void setAuthorities(Set<String> values) {
+        this.authorities = values;
     }
 
     @JsonProperty("scope")

rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientController.java

@@ -127,7 +127,7 @@ public ResponseEntity<?> deleteClient(@PathVariable("clientId") String clientId)
     private void updateClientEntityFromResource(OAuthClientEntity clientEntity, OAuthClientResource clientResource) {
         // updateable properties (clientId and clientSecret cannot be changed)
         clientEntity.setDescription(clientResource.getDescription());
-        clientEntity.setAuthoritiesAsStrings(clientResource.getAuthorities());
+        clientEntity.setAuthorities(clientResource.getAuthorities());
         clientEntity.setScope(clientResource.getScope());
         clientEntity.setAccessTokenValiditySeconds(clientResource.getAccessTokenValidity());
         clientEntity.setRefreshTokenValiditySeconds(clientResource.getRefreshTokenValidity());

rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientResource.java

@@ -50,7 +50,7 @@ public OAuthClientResource(OAuthClientEntity clientEntity) {
         this.description = clientEntity.getDescription();
         this.clientId = clientEntity.getClientId();
         this.clientSecret = clientEntity.getClientSecret();
-        this.authorities = clientEntity.getAuthoritiesAsStrings();
+        this.authorities = clientEntity.getAuthorities();
         this.scope = clientEntity.getScope();
         this.accessTokenValidity = clientEntity.getAccessTokenValiditySeconds();
         this.refreshTokenValidity = clientEntity.getRefreshTokenValiditySeconds();