Check cascades on all compound objects

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.

Other

1.48k stars 765 forks source link

Check cascades on all compound objects #786

Open jricher opened 9 years ago

jricher commented 9 years ago

Several compound objects don't have proper cascades set up on them, thoroughly check to make sure things are behaving appropriately.

mtommila commented 8 years ago

At least access token has a unidirectional many-to-one association to refresh token. There are many ways to just delete refresh tokens, this can leave the data in the access_token table in a corrupted state. I.e. the refresh_token_id column contains a value that does not actually exist in the refresh_token table.

I created a separate issue about this, #982.

praseodym commented 8 years ago

It's a little disturbing that there are no foreign key constraints. Can we get EclipseLink to generate the DDL instead of writing it by hand?

mtommila commented 8 years ago

Also a similar issue exists in the association from access token, authorization code and refresh token to authentication holder. It is possible that the authentication holder is deleted, and the data in access_token, authorization_code or refresh_token still points to a non-existent authentication holder.