Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
github
/
spring-security
spogulis no https://github.com/spring-projects/spring-security
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: 0e88064942
Atzari Tagi
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
servlet
/
appendix
/
database-schema.adoc

database-schema.adoc 14 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388 
  1. [[appendix-schema]]
    2. 

  2. = Security Database Schema
    3. 

  3. There are various database schema used by the framework and this appendix provides a single reference point to them all.
    4. 

  4. You only need to provide the tables for the areas of functionality you require.
    5. 

  5. 

  6. DDL statements are given for the HSQLDB database.
    7. 

  7. You can use these as a guideline for defining the schema for the database you are using.
    8. 

  8. 

  9. 

  10. == User Schema
    11. 

  11. The standard JDBC implementation of the `UserDetailsService` (`JdbcDaoImpl`) requires tables to load the password, account status (enabled or disabled) and a list of authorities (roles) for the user.
    12. 

  12. You will need to adjust this schema to match the database dialect you are using.
    13. 

  13. 

  14. [source]
    15. 

  15. ----
    16. 

  16. 

  17. create table users(
    18. 

  18. 	username varchar_ignorecase(50) not null primary key,
    19. 

  19. 	password varchar_ignorecase(50) not null,
    20. 

  20. 	enabled boolean not null
    21. 

  21. );
    22. 

  22. 

  23. create table authorities (
    24. 

  24. 	username varchar_ignorecase(50) not null,
    25. 

  25. 	authority varchar_ignorecase(50) not null,
    26. 

  26. 	constraint fk_authorities_users foreign key(username) references users(username)
    27. 

  27. );
    28. 

  28. create unique index ix_auth_username on authorities (username,authority);
    29. 

  29. ----
    30. 

  30. 

  31. === For Oracle database
    32. 

  32. [source]
    33. 

  33. ----
    34. 

  34. CREATE TABLE USERS (
    35. 

  35.     USERNAME NVARCHAR2(128) PRIMARY KEY,
    36. 

  36.     PASSWORD NVARCHAR2(128) NOT NULL,
    37. 

  37.     ENABLED CHAR(1) CHECK (ENABLED IN ('Y','N') ) NOT NULL
    38. 

  38. );
    39. 

  39. 

  40. 

  41. CREATE TABLE AUTHORITIES (
    42. 

  42.     USERNAME NVARCHAR2(128) NOT NULL,
    43. 

  43.     AUTHORITY NVARCHAR2(128) NOT NULL
    44. 

  44. );
    45. 

  45. ALTER TABLE AUTHORITIES ADD CONSTRAINT AUTHORITIES_UNIQUE UNIQUE (USERNAME, AUTHORITY);
    46. 

  46. ALTER TABLE AUTHORITIES ADD CONSTRAINT AUTHORITIES_FK1 FOREIGN KEY (USERNAME) REFERENCES USERS (USERNAME) ENABLE;
    47. 

  47. ----
    48. 

  48. 

  49. === Group Authorities
    50. 

  50. Spring Security 2.0 introduced support for group authorities in `JdbcDaoImpl`.
    51. 

  51. The table structure if groups are enabled is as follows.
    52. 

  52. You will need to adjust this schema to match the database dialect you are using.
    53. 

  53. 

  54. [source]
    55. 

  55. ----
    56. 

  56. 

  57. create table groups (
    58. 

  58. 	id bigint generated by default as identity(start with 0) primary key,
    59. 

  59. 	group_name varchar_ignorecase(50) not null
    60. 

  60. );
    61. 

  61. 

  62. create table group_authorities (
    63. 

  63. 	group_id bigint not null,
    64. 

  64. 	authority varchar(50) not null,
    65. 

  65. 	constraint fk_group_authorities_group foreign key(group_id) references groups(id)
    66. 

  66. );
    67. 

  67. 

  68. create table group_members (
    69. 

  69. 	id bigint generated by default as identity(start with 0) primary key,
    70. 

  70. 	username varchar(50) not null,
    71. 

  71. 	group_id bigint not null,
    72. 

  72. 	constraint fk_group_members_group foreign key(group_id) references groups(id)
    73. 

  73. );
    74. 

  74. ----
    75. 

  75. 

  76. Remember that these tables are only required if you are using the provided JDBC `UserDetailsService` implementation.
    77. 

  77. If you write your own or choose to implement `AuthenticationProvider` without a `UserDetailsService`, then you have complete freedom over how you store the data, as long as the interface contract is satisfied.
    78. 

  78. 

  79. 

  80. == Persistent Login (Remember-Me) Schema
    81. 

  81. This table is used to store data used by the more secure xref:servlet/authentication/rememberme.adoc#remember-me-persistent-token[persistent token] remember-me implementation.
    82. 

  82. If you are using `JdbcTokenRepositoryImpl` either directly or through the namespace, then you will need this table.
    83. 

  83. Remember to adjust this schema to match the database dialect you are using.
    84. 

  84. 

  85. [source]
    86. 

  86. ----
    87. 

  87. 

  88. create table persistent_logins (
    89. 

  89. 	username varchar(64) not null,
    90. 

  90. 	series varchar(64) primary key,
    91. 

  91. 	token varchar(64) not null,
    92. 

  92. 	last_used timestamp not null
    93. 

  93. );
    94. 

  94. 

  95. ----
    96. 

  96. 

  97. [[dbschema-acl]]
    98. 

  98. == ACL Schema
    99. 

  99. There are four tables used by the Spring Security xref:servlet/authorization/acls.adoc#domain-acls[ACL] implementation.
    100. 

  100. 

  101. . `acl_sid` stores the security identities recognised by the ACL system.
    102. 

  102. These can be unique principals or authorities which may apply to multiple principals.
    103. 

  103. . `acl_class` defines the domain object types to which ACLs apply.
    104. 

  104. The `class` column stores the Java class name of the object.
    105. 

  105. . `acl_object_identity` stores the object identity definitions of specific domain objects.
    106. 

  106. . `acl_entry` stores the ACL permissions which apply to a specific object identity and security identity.
    107. 

  107. 

  108. It is assumed that the database will auto-generate the primary keys for each of the identities.
    109. 

  109. The `JdbcMutableAclService` has to be able to retrieve these when it has created a new row in the `acl_sid` or `acl_class` tables.
    110. 

  110. It has two properties which define the SQL needed to retrieve these values `classIdentityQuery` and `sidIdentityQuery`.
    111. 

  111. Both of these default to `call identity()`
    112. 

  112. 

  113. The ACL artifact JAR contains files for creating the ACL schema in HyperSQL (HSQLDB), PostgreSQL, MySQL/MariaDB, Microsoft SQL Server, and Oracle Database.
    114. 

  114. These schemas are also demonstrated in the following sections.
    115. 

  115. 

  116. === HyperSQL
    117. 

  117. The default schema works with the embedded HSQLDB database that is used in unit tests within the framework.
    118. 

  118. 

  119. [source,ddl]
    120. 

  120. ----
    121. 

  121. 

  122. create table acl_sid(
    123. 

  123. 	id bigint generated by default as identity(start with 100) not null primary key,
    124. 

  124. 	principal boolean not null,
    125. 

  125. 	sid varchar_ignorecase(100) not null,
    126. 

  126. 	constraint unique_uk_1 unique(sid,principal)
    127. 

  127. );
    128. 

  128. 

  129. create table acl_class(
    130. 

  130. 	id bigint generated by default as identity(start with 100) not null primary key,
    131. 

  131. 	class varchar_ignorecase(100) not null,
    132. 

  132. 	constraint unique_uk_2 unique(class)
    133. 

  133. );
    134. 

  134. 

  135. create table acl_object_identity(
    136. 

  136. 	id bigint generated by default as identity(start with 100) not null primary key,
    137. 

  137. 	object_id_class bigint not null,
    138. 

  138. 	object_id_identity varchar_ignorecase(36) not null,
    139. 

  139. 	parent_object bigint,
    140. 

  140. 	owner_sid bigint,
    141. 

  141. 	entries_inheriting boolean not null,
    142. 

  142. 	constraint unique_uk_3 unique(object_id_class,object_id_identity),
    143. 

  143. 	constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
    144. 

  144. 	constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
    145. 

  145. 	constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
    146. 

  146. );
    147. 

  147. 

  148. create table acl_entry(
    149. 

  149. 	id bigint generated by default as identity(start with 100) not null primary key,
    150. 

  150. 	acl_object_identity bigint not null,
    151. 

  151. 	ace_order int not null,
    152. 

  152. 	sid bigint not null,
    153. 

  153. 	mask integer not null,
    154. 

  154. 	granting boolean not null,
    155. 

  155. 	audit_success boolean not null,
    156. 

  156. 	audit_failure boolean not null,
    157. 

  157. 	constraint unique_uk_4 unique(acl_object_identity,ace_order),
    158. 

  158. 	constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
    159. 

  159. 	constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
    160. 

  160. );
    161. 

  161. ----
    162. 

  162. 

  163. === PostgreSQL
    164. 

  164. [source,ddl]
    165. 

  165. ----
    166. 

  166. create table acl_sid(
    167. 

  167. 	id bigserial not null primary key,
    168. 

  168. 	principal boolean not null,
    169. 

  169. 	sid varchar(100) not null,
    170. 

  170. 	constraint unique_uk_1 unique(sid,principal)
    171. 

  171. );
    172. 

  172. 

  173. create table acl_class(
    174. 

  174. 	id bigserial not null primary key,
    175. 

  175. 	class varchar(100) not null,
    176. 

  176. 	constraint unique_uk_2 unique(class)
    177. 

  177. );
    178. 

  178. 

  179. create table acl_object_identity(
    180. 

  180. 	id bigserial primary key,
    181. 

  181. 	object_id_class bigint not null,
    182. 

  182. 	object_id_identity varchar(36) not null,
    183. 

  183. 	parent_object bigint,
    184. 

  184. 	owner_sid bigint,
    185. 

  185. 	entries_inheriting boolean not null,
    186. 

  186. 	constraint unique_uk_3 unique(object_id_class,object_id_identity),
    187. 

  187. 	constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
    188. 

  188. 	constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
    189. 

  189. 	constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
    190. 

  190. );
    191. 

  191. 

  192. create table acl_entry(
    193. 

  193. 	id bigserial primary key,
    194. 

  194. 	acl_object_identity bigint not null,
    195. 

  195. 	ace_order int not null,
    196. 

  196. 	sid bigint not null,
    197. 

  197. 	mask integer not null,
    198. 

  198. 	granting boolean not null,
    199. 

  199. 	audit_success boolean not null,
    200. 

  200. 	audit_failure boolean not null,
    201. 

  201. 	constraint unique_uk_4 unique(acl_object_identity,ace_order),
    202. 

  202. 	constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
    203. 

  203. 	constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
    204. 

  204. );
    205. 

  205. ----
    206. 

  206. 

  207. You will have to set the `classIdentityQuery` and `sidIdentityQuery` properties of `JdbcMutableAclService` to the following values, respectively:
    208. 

  208. 

  209. * `select currval(pg_get_serial_sequence('acl_class', 'id'))`
    210. 

  210. * `select currval(pg_get_serial_sequence('acl_sid', 'id'))`
    211. 

  211. 

  212. === MySQL and MariaDB
    213. 

  213. [source,ddl]
    214. 

  214. ----
    215. 

  215. CREATE TABLE acl_sid (
    216. 

  216. 	id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
    217. 

  217. 	principal BOOLEAN NOT NULL,
    218. 

  218. 	sid VARCHAR(100) NOT NULL,
    219. 

  219. 	UNIQUE KEY unique_acl_sid (sid, principal)
    220. 

  220. ) ENGINE=InnoDB;
    221. 

  221. 

  222. CREATE TABLE acl_class (
    223. 

  223. 	id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
    224. 

  224. 	class VARCHAR(100) NOT NULL,
    225. 

  225. 	UNIQUE KEY uk_acl_class (class)
    226. 

  226. ) ENGINE=InnoDB;
    227. 

  227. 

  228. CREATE TABLE acl_object_identity (
    229. 

  229. 	id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
    230. 

  230. 	object_id_class BIGINT UNSIGNED NOT NULL,
    231. 

  231. 	object_id_identity VARCHAR(36) NOT NULL,
    232. 

  232. 	parent_object BIGINT UNSIGNED,
    233. 

  233. 	owner_sid BIGINT UNSIGNED,
    234. 

  234. 	entries_inheriting BOOLEAN NOT NULL,
    235. 

  235. 	UNIQUE KEY uk_acl_object_identity (object_id_class, object_id_identity),
    236. 

  236. 	CONSTRAINT fk_acl_object_identity_parent FOREIGN KEY (parent_object) REFERENCES acl_object_identity (id),
    237. 

  237. 	CONSTRAINT fk_acl_object_identity_class FOREIGN KEY (object_id_class) REFERENCES acl_class (id),
    238. 

  238. 	CONSTRAINT fk_acl_object_identity_owner FOREIGN KEY (owner_sid) REFERENCES acl_sid (id)
    239. 

  239. ) ENGINE=InnoDB;
    240. 

  240. 

  241. CREATE TABLE acl_entry (
    242. 

  242. 	id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
    243. 

  243. 	acl_object_identity BIGINT UNSIGNED NOT NULL,
    244. 

  244. 	ace_order INTEGER NOT NULL,
    245. 

  245. 	sid BIGINT UNSIGNED NOT NULL,
    246. 

  246. 	mask INTEGER UNSIGNED NOT NULL,
    247. 

  247. 	granting BOOLEAN NOT NULL,
    248. 

  248. 	audit_success BOOLEAN NOT NULL,
    249. 

  249. 	audit_failure BOOLEAN NOT NULL,
    250. 

  250. 	UNIQUE KEY unique_acl_entry (acl_object_identity, ace_order),
    251. 

  251. 	CONSTRAINT fk_acl_entry_object FOREIGN KEY (acl_object_identity) REFERENCES acl_object_identity (id),
    252. 

  252. 	CONSTRAINT fk_acl_entry_acl FOREIGN KEY (sid) REFERENCES acl_sid (id)
    253. 

  253. ) ENGINE=InnoDB;
    254. 

  254. ----
    255. 

  255. 

  256. === Microsoft SQL Server
    257. 

  257. [source,ddl]
    258. 

  258. ----
    259. 

  259. CREATE TABLE acl_sid (
    260. 

  260. 	id BIGINT NOT NULL IDENTITY PRIMARY KEY,
    261. 

  261. 	principal BIT NOT NULL,
    262. 

  262. 	sid VARCHAR(100) NOT NULL,
    263. 

  263. 	CONSTRAINT unique_acl_sid UNIQUE (sid, principal)
    264. 

  264. );
    265. 

  265. 

  266. CREATE TABLE acl_class (
    267. 

  267. 	id BIGINT NOT NULL IDENTITY PRIMARY KEY,
    268. 

  268. 	class VARCHAR(100) NOT NULL,
    269. 

  269. 	CONSTRAINT uk_acl_class UNIQUE (class)
    270. 

  270. );
    271. 

  271. 

  272. CREATE TABLE acl_object_identity (
    273. 

  273. 	id BIGINT NOT NULL IDENTITY PRIMARY KEY,
    274. 

  274. 	object_id_class BIGINT NOT NULL,
    275. 

  275. 	object_id_identity VARCHAR(36) NOT NULL,
    276. 

  276. 	parent_object BIGINT,
    277. 

  277. 	owner_sid BIGINT,
    278. 

  278. 	entries_inheriting BIT NOT NULL,
    279. 

  279. 	CONSTRAINT uk_acl_object_identity UNIQUE (object_id_class, object_id_identity),
    280. 

  280. 	CONSTRAINT fk_acl_object_identity_parent FOREIGN KEY (parent_object) REFERENCES acl_object_identity (id),
    281. 

  281. 	CONSTRAINT fk_acl_object_identity_class FOREIGN KEY (object_id_class) REFERENCES acl_class (id),
    282. 

  282. 	CONSTRAINT fk_acl_object_identity_owner FOREIGN KEY (owner_sid) REFERENCES acl_sid (id)
    283. 

  283. );
    284. 

  284. 

  285. CREATE TABLE acl_entry (
    286. 

  286. 	id BIGINT NOT NULL IDENTITY PRIMARY KEY,
    287. 

  287. 	acl_object_identity BIGINT NOT NULL,
    288. 

  288. 	ace_order INTEGER NOT NULL,
    289. 

  289. 	sid BIGINT NOT NULL,
    290. 

  290. 	mask INTEGER NOT NULL,
    291. 

  291. 	granting BIT NOT NULL,
    292. 

  292. 	audit_success BIT NOT NULL,
    293. 

  293. 	audit_failure BIT NOT NULL,
    294. 

  294. 	CONSTRAINT unique_acl_entry UNIQUE (acl_object_identity, ace_order),
    295. 

  295. 	CONSTRAINT fk_acl_entry_object FOREIGN KEY (acl_object_identity) REFERENCES acl_object_identity (id),
    296. 

  296. 	CONSTRAINT fk_acl_entry_acl FOREIGN KEY (sid) REFERENCES acl_sid (id)
    297. 

  297. );
    298. 

  298. ----
    299. 

  299. 

  300. === Oracle Database
    301. 

  301. [source,ddl]
    302. 

  302. ----
    303. 

  303. CREATE TABLE ACL_SID (
    304. 

  304.     ID NUMBER(18) PRIMARY KEY,
    305. 

  305.     PRINCIPAL NUMBER(1) NOT NULL CHECK (PRINCIPAL IN (0, 1 )),
    306. 

  306.     SID NVARCHAR2(128) NOT NULL,
    307. 

  307.     CONSTRAINT ACL_SID_UNIQUE UNIQUE (SID, PRINCIPAL)
    308. 

  308. );
    309. 

  309. CREATE SEQUENCE ACL_SID_SQ START WITH 1 INCREMENT BY 1 NOMAXVALUE;
    310. 

  310. CREATE OR REPLACE TRIGGER ACL_SID_SQ_TR BEFORE INSERT ON ACL_SID FOR EACH ROW
    311. 

  311. BEGIN
    312. 

  312.     SELECT ACL_SID_SQ.NEXTVAL INTO :NEW.ID FROM DUAL;
    313. 

  313. END;
    314. 

  314. 

  315. 

  316. CREATE TABLE ACL_CLASS (
    317. 

  317.     ID NUMBER(18) PRIMARY KEY,
    318. 

  318.     CLASS NVARCHAR2(128) NOT NULL,
    319. 

  319.     CONSTRAINT ACL_CLASS_UNIQUE UNIQUE (CLASS)
    320. 

  320. );
    321. 

  321. CREATE SEQUENCE ACL_CLASS_SQ START WITH 1 INCREMENT BY 1 NOMAXVALUE;
    322. 

  322. CREATE OR REPLACE TRIGGER ACL_CLASS_ID_TR BEFORE INSERT ON ACL_CLASS FOR EACH ROW
    323. 

  323. BEGIN
    324. 

  324.     SELECT ACL_CLASS_SQ.NEXTVAL INTO :NEW.ID FROM DUAL;
    325. 

  325. END;
    326. 

  326. 

  327. 

  328. CREATE TABLE ACL_OBJECT_IDENTITY(
    329. 

  329.     ID NUMBER(18) PRIMARY KEY,
    330. 

  330.     OBJECT_ID_CLASS NUMBER(18) NOT NULL,
    331. 

  331.     OBJECT_ID_IDENTITY NVARCHAR2(64) NOT NULL,
    332. 

  332.     PARENT_OBJECT NUMBER(18),
    333. 

  333.     OWNER_SID NUMBER(18),
    334. 

  334.     ENTRIES_INHERITING NUMBER(1) NOT NULL CHECK (ENTRIES_INHERITING IN (0, 1)),
    335. 

  335.     CONSTRAINT ACL_OBJECT_IDENTITY_UNIQUE UNIQUE (OBJECT_ID_CLASS, OBJECT_ID_IDENTITY),
    336. 

  336.     CONSTRAINT ACL_OBJECT_IDENTITY_PARENT_FK FOREIGN KEY (PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID),
    337. 

  337.     CONSTRAINT ACL_OBJECT_IDENTITY_CLASS_FK FOREIGN KEY (OBJECT_ID_CLASS) REFERENCES ACL_CLASS(ID),
    338. 

  338.     CONSTRAINT ACL_OBJECT_IDENTITY_OWNER_FK FOREIGN KEY (OWNER_SID) REFERENCES ACL_SID(ID)
    339. 

  339. );
    340. 

  340. CREATE SEQUENCE ACL_OBJECT_IDENTITY_SQ START WITH 1 INCREMENT BY 1 NOMAXVALUE;
    341. 

  341. CREATE OR REPLACE TRIGGER ACL_OBJECT_IDENTITY_ID_TR BEFORE INSERT ON ACL_OBJECT_IDENTITY FOR EACH ROW
    342. 

  342. BEGIN
    343. 

  343.     SELECT ACL_OBJECT_IDENTITY_SQ.NEXTVAL INTO :NEW.ID FROM DUAL;
    344. 

  344. END;
    345. 

  345. 

  346. 

  347. CREATE TABLE ACL_ENTRY (
    348. 

  348.     ID NUMBER(18) NOT NULL PRIMARY KEY,
    349. 

  349.     ACL_OBJECT_IDENTITY NUMBER(18) NOT NULL,
    350. 

  350.     ACE_ORDER INTEGER NOT NULL,
    351. 

  351.     SID NUMBER(18) NOT NULL,
    352. 

  352.     MASK INTEGER NOT NULL,
    353. 

  353.     GRANTING NUMBER(1) NOT NULL CHECK (GRANTING IN (0, 1)),
    354. 

  354.     AUDIT_SUCCESS NUMBER(1) NOT NULL CHECK (AUDIT_SUCCESS IN (0, 1)),
    355. 

  355.     AUDIT_FAILURE NUMBER(1) NOT NULL CHECK (AUDIT_FAILURE IN (0, 1)),
    356. 

  356.     CONSTRAINT ACL_ENTRY_UNIQUE UNIQUE (ACL_OBJECT_IDENTITY, ACE_ORDER),
    357. 

  357.     CONSTRAINT ACL_ENTRY_OBJECT_FK FOREIGN KEY (ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY (ID),
    358. 

  358.     CONSTRAINT ACL_ENTRY_ACL_FK FOREIGN KEY (SID) REFERENCES ACL_SID(ID)
    359. 

  359. );
    360. 

  360. CREATE SEQUENCE ACL_ENTRY_SQ START WITH 1 INCREMENT BY 1 NOMAXVALUE;
    361. 

  361. CREATE OR REPLACE TRIGGER ACL_ENTRY_ID_TRIGGER BEFORE INSERT ON ACL_ENTRY FOR EACH ROW
    362. 

  362. BEGIN
    363. 

  363.     SELECT ACL_ENTRY_SQ.NEXTVAL INTO :NEW.ID FROM DUAL;
    364. 

  364. END;
    365. 

  365. ----
    366. 

  366. 

  367. 

  368. [[dbschema-oauth2-client]]
    369. 

  369. == OAuth 2.0 Client Schema
    370. 

  370. The JDBC implementation of xref:servlet/oauth2/client/core.adoc#oauth2Client-authorized-repo-service[ OAuth2AuthorizedClientService] (`JdbcOAuth2AuthorizedClientService`) requires a table for persisting `OAuth2AuthorizedClient`(s).
    371. 

  371. You will need to adjust this schema to match the database dialect you are using.
    372. 

  372. 

  373. [source,ddl]
    374. 

  374. ----
    375. 

  375. CREATE TABLE oauth2_authorized_client (
    376. 

  376.   client_registration_id varchar(100) NOT NULL,
    377. 

  377.   principal_name varchar(200) NOT NULL,
    378. 

  378.   access_token_type varchar(100) NOT NULL,
    379. 

  379.   access_token_value blob NOT NULL,
    380. 

  380.   access_token_issued_at timestamp NOT NULL,
    381. 

  381.   access_token_expires_at timestamp NOT NULL,
    382. 

  382.   access_token_scopes varchar(1000) DEFAULT NULL,
    383. 

  383.   refresh_token_value blob DEFAULT NULL,
    384. 

  384.   refresh_token_issued_at timestamp DEFAULT NULL,
    385. 

  385.   created_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
    386. 

  386.   PRIMARY KEY (client_registration_id, principal_name)
    387. 

  387. );
    388. 

  388. ----
    389.