From 6dcbff37d0e37502b7383bded22f04bf708d7afc Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Sat, 22 Oct 2022 02:10:16 +0530 Subject: [PATCH] fix(config-api): swagger fixes for missing scope and admin-ui paths (#2697) * feat(config-api): swagger fixes * feat(config-api): swagger fixes --- .../configapi/util/ApiAccessConstants.java | 8 -- .../io/jans/configapi/util/ApiConstants.java | 1 - .../docs/jans-config-api-swagger-auto.yaml | 62 +++++------- .../docs/jans-config-api-swagger.yaml | 16 +--- .../test/resources/karate-config-jenkins.js | 1 - .../plugins/docs/fido2-plugin-swagger.yaml | 3 - .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- .../plugin/fido2/rest/ApiApplication.java | 10 +- .../fido2/rest/Fido2ConfigResource.java | 4 +- .../plugin/mgt/rest/ApiApplication.java | 7 +- .../default/config-api-test.properties | 2 +- .../profiles/jans-ui.jans.io/test.properties | 2 +- .../test.properties | 2 +- .../profiles/local/test.properties | 2 +- .../jans/configapi/rest/ApiApplication.java | 95 +++++++++---------- .../rest/resource/auth/AcrsResource.java | 4 +- .../rest/resource/auth/AgamaResource.java | 14 +-- .../resource/auth/AttributesResource.java | 12 +-- .../auth/CacheConfigurationResource.java | 28 +++--- .../rest/resource/auth/ClientsResource.java | 12 +-- .../rest/resource/auth/ConfigResource.java | 6 +- .../test/resources/karate-config-jenkins.js | 1 - .../src/test/resources/karate-config.js | 1 - 23 files changed, 128 insertions(+), 169 deletions(-) diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java index b2254cc6a32..1405a4288a6 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java @@ -22,14 +22,6 @@ private ApiAccessConstants() { public static final String DATABASE_LDAP_WRITE_ACCESS = "https://jans.io/oauth/config/database/ldap.write"; public static final String DATABASE_LDAP_DELETE_ACCESS = "https://jans.io/oauth/config/database/ldap.delete"; - public static final String DATABASE_COUCHBASE_READ_ACCESS = "https://jans.io/oauth/config/database/couchbase.readonly"; - public static final String DATABASE_COUCHBASE_WRITE_ACCESS = "https://jans.io/oauth/config/database/couchbase.write"; - public static final String DATABASE_COUCHBASE_DELETE_ACCESS = "https://jans.io/oauth/config/database/couchbase.delete"; - - public static final String DATABASE_SQL_READ_ACCESS = "https://jans.io/oauth/config/database/sql.readonly"; - public static final String DATABASE_SQL_WRITE_ACCESS = "https://jans.io/oauth/config/database/sql.write"; - public static final String DATABASE_SQL_DELETE_ACCESS = "https://jans.io/oauth/config/database/sql.delete"; - public static final String SCRIPTS_READ_ACCESS = "https://jans.io/oauth/config/scripts.readonly"; public static final String SCRIPTS_WRITE_ACCESS = "https://jans.io/oauth/config/scripts.write"; public static final String SCRIPTS_DELETE_ACCESS = "https://jans.io/oauth/config/scripts.delete"; diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java index 5414c40eea3..a825394e5ed 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java @@ -52,7 +52,6 @@ private ApiConstants() {} public static final String PERSISTENCE = "/persistence"; public static final String DATABASE = "/database"; public static final String LDAP = "/ldap"; - public static final String COUCHBASE = "/couchbase"; public static final String SQL = "/sql"; public static final String REDIS = "/redis"; public static final String IN_MEMORY = "/in-memory"; diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index 3d32789aa5f..44b1e162884 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -16,18 +16,17 @@ servers: tags: - name: Attribute - name: Default Authentication Method +- name: Cache Configuration - name: Cache Configuration – Memcached - name: Cache Configuration – Redis - name: Cache Configuration – in-Memory - name: Cache Configuration – Native-Persistence - name: Configuration – Properties -- name: Fido2 - Configuration - name: Configuration – SMTP - name: Configuration – Logging - name: Configuration – JWK - JSON Web Key (JWK) - name: Custom Scripts - name: Database - LDAP configuration -- name: Database - Couchbase configuration - name: OAuth - OpenID Connect - Clients - name: OAuth - UMA Resources - name: OAuth - Scopes @@ -2946,20 +2945,20 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - whitePagesCanView: + adminCanEdit: type: boolean - userCanAccess: + adminCanView: type: boolean userCanView: type: boolean - adminCanView: - type: boolean - adminCanEdit: + userCanAccess: type: boolean userCanEdit: type: boolean adminCanAccess: type: boolean + whitePagesCanView: + type: boolean baseDn: type: string PatchRequest: @@ -3285,8 +3284,6 @@ components: format: int32 displayName: type: string - tokenBindingSupported: - type: boolean authenticationMethod: type: string enum: @@ -3298,6 +3295,8 @@ components: - tls_client_auth - self_signed_tls_client_auth - none + tokenBindingSupported: + type: boolean baseDn: type: string inum: @@ -3376,6 +3375,9 @@ components: type: string jansDefaultPromptLogin: type: boolean + idTokenLifetime: + type: integer + format: int32 CustomObjectAttribute: type: object properties: @@ -3387,10 +3389,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object LocalizedString: type: object properties: @@ -3398,13 +3400,13 @@ components: type: object additionalProperties: type: string - value: - type: string languageTags: uniqueItems: true type: array items: type: string + value: + type: string AppConfiguration: type: object properties: @@ -4093,15 +4095,6 @@ components: $ref: '#/components/schemas/SsaConfiguration' fapi: type: boolean - allResponseTypesSupported: - uniqueItems: true - type: array - items: - type: string - enum: - - code - - token - - id_token enabledFeatureFlags: uniqueItems: true type: array @@ -4129,6 +4122,15 @@ components: - STAT - PAR - SSA + allResponseTypesSupported: + uniqueItems: true + type: array + items: + type: string + enum: + - code + - token + - id_token AuthenticationFilter: required: - baseDn @@ -4919,12 +4921,6 @@ components: related information https://jans.io/oauth/config/database/ldap.delete: Delete LDAP database related information - https://jans.io/oauth/config/database/couchbase.readonly: View Couchbase - database information - https://jans.io/oauth/config/database/couchbase.write: Manage Couchbase - database related information - https://jans.io/oauth/config/database/couchbase.delete: Delete Couchbase - database related information https://jans.io/oauth/config/scripts.readonly: View cache scripts information https://jans.io/oauth/config/scripts.write: Manage scripts related information https://jans.io/oauth/config/scripts.delete: Delete scripts related information @@ -4937,6 +4933,7 @@ components: https://jans.io/oauth/config/logging.write: Manage logging related information https://jans.io/oauth/config/jwks.readonly: View JWKS related information https://jans.io/oauth/config/jwks.write: Manage JWKS related information + https://jans.io/oauth/config/jwks.delete: Delete JWKS related information https://jans.io/oauth/config/openid/clients.readonly: View clients related information https://jans.io/oauth/config/openid/clients.write: Manage clients related @@ -4952,20 +4949,11 @@ components: related information https://jans.io/oauth/config/uma/resources.delete: Delete UMA Resource related information - https://jans.io/oauth/config/database/sql.readonly: View SQL database - related information - https://jans.io/oauth/config/database/sql.write: Manage SQL database related - information - https://jans.io/oauth/config/database/sql.delete: Delete SQL database - related information https://jans.io/oauth/config/stats.readonly: View server with basic statistic https://jans.io/oauth/config/organization.readonly: View organization configuration information https://jans.io/oauth/config/organization.write: Manage organization configuration information - https://jans.io/oauth/config/user.readonly: View user related information - https://jans.io/oauth/config/user.write: Manage user related information - https://jans.io/oauth/config/user.delete: Delete user related information https://jans.io/oauth/config/agama.readonly: View Agama Flow related information https://jans.io/oauth/config/agama.write: Manage Agama Flow related information https://jans.io/oauth/config/agama.delete: Delete Agama Flow related information diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index c9f7656e5fe..9541b913e2b 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -27,7 +27,6 @@ tags: - name: Configuration – JWK - JSON Web Key (JWK) - name: Custom Scripts - name: Database - LDAP configuration - - name: Database - Couchbase configuration - name: OAuth - OpenID Connect - Clients - name: OAuth - UMA Resources - name: OAuth - Scopes @@ -1585,7 +1584,7 @@ paths: '500': description: Internal Server Error security: - - oauth2: [https://jans.io/oauth/config/jwks.write] + - oauth2: [https://jans.io/oauth/config/jwks.delete] /jans-config-api/api/v1/openid/clients: get: tags: @@ -2965,7 +2964,7 @@ paths: '500': description: Internal Server Error - /jans-config-api/admin-ui/user/roles: + /jans-config-api/admin-ui/adminUIRoles: get: tags: - Admin UI - Role @@ -3087,7 +3086,7 @@ paths: $ref: '#/components/responses/Unauthorized' '500': $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/user/permissions: + /jans-config-api/admin-ui/adminUIPermissions: get: tags: - Admin UI - Permission @@ -3209,7 +3208,7 @@ paths: $ref: '#/components/responses/Unauthorized' '500': $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/user/rolePermissionsMapping: + /jans-config-api/admin-ui/adminUIRolePermissionsMapping: get: tags: - Admin UI - Role-Permissions Mapping @@ -3495,9 +3494,6 @@ components: https://jans.io/oauth/config/database/ldap.readonly: View LDAP database related information https://jans.io/oauth/config/database/ldap.write: Manage LDAP database related information https://jans.io/oauth/config/database/ldap.delete: Delete LDAP database related information - https://jans.io/oauth/config/database/couchbase.readonly: View Couchbase database information - https://jans.io/oauth/config/database/couchbase.write: Manage Couchbase database related information - https://jans.io/oauth/config/database/couchbase.delete: Delete Couchbase database related information https://jans.io/oauth/config/scripts.readonly: View cache scripts information https://jans.io/oauth/config/scripts.write: Manage scripts related information https://jans.io/oauth/config/scripts.delete: Delete scripts related information @@ -3510,6 +3506,7 @@ components: https://jans.io/oauth/config/logging.write: Manage logging related information https://jans.io/oauth/config/jwks.readonly: View JWKS related information https://jans.io/oauth/config/jwks.write: Manage JWKS related information + https://jans.io/oauth/config/jwks.delete: Delete JWKS related information https://jans.io/oauth/config/openid/clients.readonly: View clients related information https://jans.io/oauth/config/openid/clients.write: Manage clients related information https://jans.io/oauth/config/openid/clients.delete: Delete clients related information @@ -3519,9 +3516,6 @@ components: https://jans.io/oauth/config/uma/resources.readonly: View UMA Resource related information https://jans.io/oauth/config/uma/resources.write: Manage UMA Resource related information https://jans.io/oauth/config/uma/resources.delete: Delete UMA Resource related information - https://jans.io/oauth/config/database/sql.readonly: View SQL database related information - https://jans.io/oauth/config/database/sql.write: Manage SQL database related information - https://jans.io/oauth/config/database/sql.delete: Delete SQL database related information https://jans.io/oauth/config/stats.readonly: Vew server with basic statistic https://jans.io/oauth/config/scim/users.read: Vew scim user related information https://jans.io/oauth/config/scim/users.write: Manage scim user related information diff --git a/jans-config-api/plugins/admin-ui-plugin/src/test/resources/karate-config-jenkins.js b/jans-config-api/plugins/admin-ui-plugin/src/test/resources/karate-config-jenkins.js index c2c9ac787ce..55d2cf998ca 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/test/resources/karate-config-jenkins.js +++ b/jans-config-api/plugins/admin-ui-plugin/src/test/resources/karate-config-jenkins.js @@ -51,7 +51,6 @@ function() { cacheUrl: baseUrl + '/jans-config-api/api/v1/config/cache', jwksUrl: baseUrl + '/jans-config-api/api/v1/config/jwks', ldapUrl: baseUrl + '/jans-config-api/api/v1/config/database/ldap', - couchbaseUrl: baseUrl + '/jans-config-api/api/v1/config/database/couchbase', openidclients_url: baseUrl + '/jans-config-api/api/v1/openid/clients', scopes_url: baseUrl + '/jans-config-api/api/v1/scopes', umaresources_url: baseUrl + '/jans-config-api/api/v1/uma/resources', diff --git a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml index f76028560ae..000410e1bc7 100644 --- a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml @@ -15,9 +15,6 @@ servers: variables: {} tags: - name: Fido2 - Configuration -- name: Admin UI - Permission -- name: Admin UI - Role-Permissions Mapping -- name: Admin UI - License paths: /fido2/config: get: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index c5debdf81ec..4b47382ece4 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -225,10 +225,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/ApiApplication.java b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/ApiApplication.java index df328c7a9f7..bc147f040e7 100644 --- a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/ApiApplication.java +++ b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/ApiApplication.java @@ -1,5 +1,6 @@ package io.jans.configapi.plugin.fido2.rest; +import io.jans.configapi.util.ApiAccessConstants; import io.swagger.v3.oas.annotations.OpenAPIDefinition; import io.swagger.v3.oas.annotations.enums.SecuritySchemeType; import io.swagger.v3.oas.annotations.info.*; @@ -17,16 +18,13 @@ license = @License(name = "Apache 2.0", url = "https://github.com/JanssenProject/jans/blob/main/LICENSE")), -tags = { @Tag(name = "Fido2 - Configuration"), - @Tag(name = "Admin UI - Permission"), - @Tag(name = "Admin UI - Role-Permissions Mapping"), - @Tag(name = "Admin UI - License") }, +tags = { @Tag(name = "Fido2 - Configuration")}, servers = { @Server(url = "https://jans.io/", description = "The Jans server") }) @SecurityScheme(name = "oauth2", type = SecuritySchemeType.OAUTH2, flows = @OAuthFlows(clientCredentials = @OAuthFlow(tokenUrl = "https://{op-hostname}/.../token", scopes = { -@OAuthScope(name = "https://jans.io/oauth/config/fido2.readonly", description = "View fido2 configuration related information"), -@OAuthScope(name = "https://jans.io/oauth/config/fido2.write", description = "Manage fido2 configuration related information")} +@OAuthScope(name = ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS, description = "View fido2 configuration related information"), +@OAuthScope(name = ApiAccessConstants.FIDO2_CONFIG_WRITE_ACCESS, description = "Manage fido2 configuration related information")} ))) public class ApiApplication extends Application { diff --git a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java index 362d9e37fce..3f912622df1 100644 --- a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java +++ b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java @@ -51,7 +51,7 @@ public class Fido2ConfigResource extends BaseResource { @Operation(summary = "Gets Jans Authorization Server Fido2 configuration properties", description = "Gets Jans Authorization Server Fido2 configuration properties", operationId = "get-properties-fido2", tags = { "Fido2 - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/fido2.readonly" })) + ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = DbApplicationConfiguration.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -67,7 +67,7 @@ public Response getFido2Configuration() throws JsonProcessingException { @Operation(summary = "Updates Fido2 configuration properties", description = "Updates Fido2 configuration properties", operationId = "put-properties-fido2", tags = { "Fido2 - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/fido2.write" })) + ApiAccessConstants.FIDO2_CONFIG_WRITE_ACCESS })) @RequestBody(description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = DbApplicationConfiguration.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = String.class))), diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/ApiApplication.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/ApiApplication.java index b60f18c0f3d..8a075ea88d9 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/ApiApplication.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/ApiApplication.java @@ -5,6 +5,7 @@ import java.util.HashSet; import java.util.Set; +import io.jans.configapi.util.ApiAccessConstants; import io.swagger.v3.oas.annotations.OpenAPIDefinition; import io.swagger.v3.oas.annotations.enums.SecuritySchemeType; import io.swagger.v3.oas.annotations.info.Contact; @@ -27,9 +28,9 @@ servers = { @Server(url = "https://jans.io/", description = "The Jans server") }) @SecurityScheme(name = "oauth2", type = SecuritySchemeType.OAUTH2, flows = @OAuthFlows(clientCredentials = @OAuthFlow(tokenUrl = "https://{op-hostname}/.../token", scopes = { -@OAuthScope(name = "https://jans.io/oauth/config/user.readonly", description = "View user related information"), -@OAuthScope(name = "https://jans.io/oauth/config/user.write", description = "Manage user related information"), -@OAuthScope(name = "https://jans.io/oauth/config/user.delete", description = "Delete user related information")} +@OAuthScope(name = ApiAccessConstants.USER_READ_ACCESS, description = "View user related information"), +@OAuthScope(name = ApiAccessConstants.USER_WRITE_ACCESS, description = "Manage user related information"), +@OAuthScope(name = ApiAccessConstants.USER_DELETE_ACCESS, description = "Delete user related information")} ))) public class ApiApplication extends Application { diff --git a/jans-config-api/profiles/default/config-api-test.properties b/jans-config-api/profiles/default/config-api-test.properties index 236650e92bc..9855448d2f0 100644 --- a/jans-config-api/profiles/default/config-api-test.properties +++ b/jans-config-api/profiles/default/config-api-test.properties @@ -1,7 +1,7 @@ # The URL of your Jans installation test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/database/couchbase.readonly https://jans.io/oauth/config/database/couchbase.write https://jans.io/oauth/config/database/couchbase.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/jans-ui.jans.io/test.properties b/jans-config-api/profiles/jans-ui.jans.io/test.properties index eb7108cfc2b..630de8e6b37 100644 --- a/jans-config-api/profiles/jans-ui.jans.io/test.properties +++ b/jans-config-api/profiles/jans-ui.jans.io/test.properties @@ -1,4 +1,4 @@ -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/database/couchbase.readonly https://jans.io/oauth/config/database/couchbase.write https://jans.io/oauth/config/database/couchbase.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session # Test env Setting token.endpoint=https://jans-ui.jans.io/jans-auth/restv1/token diff --git a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties index 65e505c94f1..cfae01df0b4 100644 --- a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties +++ b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties @@ -1,6 +1,6 @@ test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/database/couchbase.readonly https://jans.io/oauth/config/database/couchbase.write https://jans.io/oauth/config/database/couchbase.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index ce58a6eb9b0..067ca673d06 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -1,5 +1,5 @@ #LOCAL -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/database/couchbase.readonly https://jans.io/oauth/config/database/couchbase.write https://jans.io/oauth/config/database/couchbase.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session # jans.server token.endpoint=https://jans.server1/jans-auth/restv1/token diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java index ee27bba8d34..075136b86b4 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java @@ -8,6 +8,7 @@ import io.jans.configapi.configuration.ObjectMapperContextResolver; import io.jans.configapi.rest.resource.auth.*; +import io.jans.configapi.util.ApiAccessConstants; import io.jans.configapi.rest.health.ApiHealthCheck; import io.swagger.v3.oas.annotations.OpenAPIDefinition; @@ -31,13 +32,13 @@ license = @License(name = "Apache 2.0", url = "https://github.com/JanssenProject/jans/blob/main/LICENSE")), - tags = { @Tag(name = "Attribute"), @Tag(name = "Default Authentication Method"), + tags = { @Tag(name = "Attribute"), @Tag(name = "Default Authentication Method"),@Tag(name = "Cache Configuration"), @Tag(name = "Cache Configuration – Memcached"), @Tag(name = "Cache Configuration – Redis"), @Tag(name = "Cache Configuration – in-Memory"), @Tag(name = "Cache Configuration – Native-Persistence"), - @Tag(name = "Configuration – Properties"), @Tag(name = "Fido2 - Configuration"), + @Tag(name = "Configuration – Properties"), @Tag(name = "Configuration – SMTP"), @Tag(name = "Configuration – Logging"), @Tag(name = "Configuration – JWK - JSON Web Key (JWK)"), @Tag(name = "Custom Scripts"), - @Tag(name = "Database - LDAP configuration"), @Tag(name = "Database - Couchbase configuration"), + @Tag(name = "Database - LDAP configuration"), @Tag(name = "OAuth - OpenID Connect - Clients"), @Tag(name = "OAuth - UMA Resources"), @Tag(name = "OAuth - Scopes"), @Tag(name = "Configuration – Agama Flow"), @Tag(name = "Statistics - User"), @Tag(name = "Health - Check"), @Tag(name = "Server Stats"), @@ -48,54 +49,46 @@ servers = { @Server(url = "https://jans.io/", description = "The Jans server") }) @SecurityScheme(name = "oauth2", type = SecuritySchemeType.OAUTH2, flows = @OAuthFlows(clientCredentials = @OAuthFlow(tokenUrl = "https://{op-hostname}/.../token", scopes = { - @OAuthScope(name = "https://jans.io/oauth/jans-auth-server/config/properties.readonly", description = "View Auth Server properties related information"), - @OAuthScope(name = "https://jans.io/oauth/jans-auth-server/config/properties.write", description = "Manage Auth Server properties related information"), - @OAuthScope(name = "https://jans.io/oauth/config/attributes.readonly", description = "View attribute related information"), - @OAuthScope(name = "https://jans.io/oauth/config/attributes.write", description = "Manage attribute related information"), - @OAuthScope(name = "https://jans.io/oauth/config/attributes.delete", description = "Delete attribute related information"), - @OAuthScope(name = "https://jans.io/oauth/config/acrs.readonly", description = "View ACRS related information"), - @OAuthScope(name = "https://jans.io/oauth/config/acrs.write", description = "Manage ACRS related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/ldap.readonly", description = "View LDAP database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/ldap.write", description = "Manage LDAP database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/ldap.delete", description = "Delete LDAP database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/couchbase.readonly", description = "View Couchbase database information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/couchbase.write", description = "Manage Couchbase database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/couchbase.delete", description = "Delete Couchbase database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/scripts.readonly", description = "View cache scripts information"), - @OAuthScope(name = "https://jans.io/oauth/config/scripts.write", description = "Manage scripts related information"), - @OAuthScope(name = "https://jans.io/oauth/config/scripts.delete", description = "Delete scripts related information"), - @OAuthScope(name = "https://jans.io/oauth/config/cache.readonly", description = "View cache related information"), - @OAuthScope(name = "https://jans.io/oauth/config/cache.write", description = "Manage cache related information"), - @OAuthScope(name = "https://jans.io/oauth/config/smtp.readonly", description = "View SMTP related information"), - @OAuthScope(name = "https://jans.io/oauth/config/smtp.write", description = "Manage SMTP related information"), - @OAuthScope(name = "https://jans.io/oauth/config/smtp.delete", description = "Delete SMTP related information"), - @OAuthScope(name = "https://jans.io/oauth/config/logging.readonly", description = "View logging related information"), - @OAuthScope(name = "https://jans.io/oauth/config/logging.write", description = "Manage logging related information"), - @OAuthScope(name = "https://jans.io/oauth/config/jwks.readonly", description = "View JWKS related information"), - @OAuthScope(name = "https://jans.io/oauth/config/jwks.write", description = "Manage JWKS related information"), - @OAuthScope(name = "https://jans.io/oauth/config/openid/clients.readonly", description = "View clients related information"), - @OAuthScope(name = "https://jans.io/oauth/config/openid/clients.write", description = "Manage clients related information"), - @OAuthScope(name = "https://jans.io/oauth/config/openid/clients.delete", description = "Delete clients related information"), - @OAuthScope(name = "https://jans.io/oauth/config/scopes.readonly", description = "View scope related information"), - @OAuthScope(name = "https://jans.io/oauth/config/scopes.write", description = "Manage scope related information"), - @OAuthScope(name = "https://jans.io/oauth/config/scopes.delete", description = "Delete scope related information"), - @OAuthScope(name = "https://jans.io/oauth/config/uma/resources.readonly", description = "View UMA Resource related information"), - @OAuthScope(name = "https://jans.io/oauth/config/uma/resources.write", description = "Manage UMA Resource related information"), - @OAuthScope(name = "https://jans.io/oauth/config/uma/resources.delete", description = "Delete UMA Resource related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/sql.readonly", description = "View SQL database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/sql.write", description = "Manage SQL database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/database/sql.delete", description = "Delete SQL database related information"), - @OAuthScope(name = "https://jans.io/oauth/config/stats.readonly", description = "View server with basic statistic"), - @OAuthScope(name = "https://jans.io/oauth/config/organization.readonly", description = "View organization configuration information"), - @OAuthScope(name = "https://jans.io/oauth/config/organization.write", description = "Manage organization configuration information"), - @OAuthScope(name = "https://jans.io/oauth/config/user.readonly", description = "View user related information"), - @OAuthScope(name = "https://jans.io/oauth/config/user.write", description = "Manage user related information"), - @OAuthScope(name = "https://jans.io/oauth/config/user.delete", description = "Delete user related information"), - @OAuthScope(name = "https://jans.io/oauth/config/agama.readonly", description = "View Agama Flow related information"), - @OAuthScope(name = "https://jans.io/oauth/config/agama.write", description = "Manage Agama Flow related information"), - @OAuthScope(name = "https://jans.io/oauth/config/agama.delete", description = "Delete Agama Flow related information"), - @OAuthScope(name = "https://jans.io/oauth/jans-auth-server/session.readonly", description = "View Session related information"), - @OAuthScope(name = "https://jans.io/oauth/jans-auth-server/session.delete", description = "Delete Session information") } + @OAuthScope(name = ApiAccessConstants.JANS_AUTH_CONFIG_READ_ACCESS, description = "View Auth Server properties related information"), + @OAuthScope(name = ApiAccessConstants.JANS_AUTH_CONFIG_WRITE_ACCESS, description = "Manage Auth Server properties related information"), + @OAuthScope(name = ApiAccessConstants.ATTRIBUTES_READ_ACCESS, description = "View attribute related information"), + @OAuthScope(name = ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS, description = "Manage attribute related information"), + @OAuthScope(name = ApiAccessConstants.ATTRIBUTES_DELETE_ACCESS, description = "Delete attribute related information"), + @OAuthScope(name = ApiAccessConstants.ACRS_READ_ACCESS, description = "View ACRS related information"), + @OAuthScope(name = ApiAccessConstants.ACRS_WRITE_ACCESS, description = "Manage ACRS related information"), + @OAuthScope(name = ApiAccessConstants.DATABASE_LDAP_READ_ACCESS, description = "View LDAP database related information"), + @OAuthScope(name = ApiAccessConstants.DATABASE_LDAP_WRITE_ACCESS, description = "Manage LDAP database related information"), + @OAuthScope(name = ApiAccessConstants.DATABASE_LDAP_DELETE_ACCESS, description = "Delete LDAP database related information"), + @OAuthScope(name = ApiAccessConstants.SCRIPTS_READ_ACCESS, description = "View cache scripts information"), + @OAuthScope(name = ApiAccessConstants.SCRIPTS_WRITE_ACCESS, description = "Manage scripts related information"), + @OAuthScope(name = ApiAccessConstants.SCRIPTS_DELETE_ACCESS, description = "Delete scripts related information"), + @OAuthScope(name = ApiAccessConstants.CACHE_READ_ACCESS, description = "View cache related information"), + @OAuthScope(name = ApiAccessConstants.CACHE_WRITE_ACCESS, description = "Manage cache related information"), + @OAuthScope(name = ApiAccessConstants.SMTP_READ_ACCESS, description = "View SMTP related information"), + @OAuthScope(name = ApiAccessConstants.SMTP_WRITE_ACCESS, description = "Manage SMTP related information"), + @OAuthScope(name = ApiAccessConstants.SMTP_DELETE_ACCESS, description = "Delete SMTP related information"), + @OAuthScope(name = ApiAccessConstants.LOGGING_READ_ACCESS, description = "View logging related information"), + @OAuthScope(name = ApiAccessConstants.LOGGING_WRITE_ACCESS, description = "Manage logging related information"), + @OAuthScope(name = ApiAccessConstants.JWKS_READ_ACCESS, description = "View JWKS related information"), + @OAuthScope(name = ApiAccessConstants.JWKS_WRITE_ACCESS, description = "Manage JWKS related information"), + @OAuthScope(name = ApiAccessConstants.JWKS_DELETE_ACCESS, description = "Delete JWKS related information"), + @OAuthScope(name = ApiAccessConstants.OPENID_CLIENTS_READ_ACCESS, description = "View clients related information"), + @OAuthScope(name = ApiAccessConstants.OPENID_CLIENTS_WRITE_ACCESS, description = "Manage clients related information"), + @OAuthScope(name = ApiAccessConstants.OPENID_CLIENTS_DELETE_ACCESS, description = "Delete clients related information"), + @OAuthScope(name = ApiAccessConstants.SCOPES_READ_ACCESS, description = "View scope related information"), + @OAuthScope(name = ApiAccessConstants.SCOPES_WRITE_ACCESS, description = "Manage scope related information"), + @OAuthScope(name = ApiAccessConstants.SCOPES_DELETE_ACCESS, description = "Delete scope related information"), + @OAuthScope(name = ApiAccessConstants.UMA_RESOURCES_READ_ACCESS, description = "View UMA Resource related information"), + @OAuthScope(name = ApiAccessConstants.UMA_RESOURCES_WRITE_ACCESS, description = "Manage UMA Resource related information"), + @OAuthScope(name = ApiAccessConstants.UMA_RESOURCES_DELETE_ACCESS, description = "Delete UMA Resource related information"), + @OAuthScope(name = ApiAccessConstants.STATS_USER_READ_ACCESS, description = "View server with basic statistic"), + @OAuthScope(name = ApiAccessConstants.ORG_CONFIG_READ_ACCESS, description = "View organization configuration information"), + @OAuthScope(name = ApiAccessConstants.ORG_CONFIG_WRITE_ACCESS, description = "Manage organization configuration information"), + @OAuthScope(name = ApiAccessConstants.AGAMA_READ_ACCESS, description = "View Agama Flow related information"), + @OAuthScope(name = ApiAccessConstants.AGAMA_WRITE_ACCESS, description = "Manage Agama Flow related information"), + @OAuthScope(name = ApiAccessConstants.AGAMA_DELETE_ACCESS, description = "Delete Agama Flow related information"), + @OAuthScope(name = ApiAccessConstants.JANS_AUTH_SESSION_READ_ACCESS, description = "View Session related information"), + @OAuthScope(name = ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS, description = "Delete Session information") } ))) public class ApiApplication extends Application { diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AcrsResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AcrsResource.java index a0a31f97f21..4c40b78e2a6 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AcrsResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AcrsResource.java @@ -48,7 +48,7 @@ public class AcrsResource extends ConfigBaseResource { @Operation(summary = "Gets default authentication method.", description = "Gets default authentication method.", operationId = "get-acrs", tags = { "Default Authentication Method" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/acrs.readonly" })) + ApiAccessConstants.ACRS_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AuthenticationMethod.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -65,7 +65,7 @@ public Response getDefaultAuthenticationMethod() { @Operation(summary = "Updates default authentication method.", description = "Updates default authentication method.", operationId = "put-acrs", tags = { "Default Authentication Method" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/acrs.write" })) + ApiAccessConstants.ACRS_WRITE_ACCESS })) @RequestBody(description = "String representing patch-document.", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AuthenticationMethod.class), examples = @ExampleObject(name = "Request json example", value = "{\"defaultAcr\": \"simple_password_auth\"}"))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AuthenticationMethod.class))), diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java index 00e289d1f60..95646f9e1de 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java @@ -61,7 +61,7 @@ public class AgamaResource extends ConfigBaseResource { @Operation(summary = "Fetches all agama flow.", description = "Fetches all agama flow.", operationId = "get-agama-flows", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.readonly" })) + ApiAccessConstants.AGAMA_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Agama Flows", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -90,7 +90,7 @@ public Response getFlows(@DefaultValue("") @QueryParam(value = ApiConstants.PATT @Operation(summary = "Gets an agama flow based on Qname.", description = "Gets an agama flow based on Qname.", operationId = "get-agama-flow", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.readonly" })) + ApiAccessConstants.AGAMA_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Agama Flow", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -114,7 +114,7 @@ public Response getFlowByName(@PathParam(ApiConstants.QNAME) @NotNull String flo @Operation(summary = "Create a new agama flow", description = "Create a new agama flow", operationId = "post-agama-flow", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.write" })) + ApiAccessConstants.AGAMA_WRITE_ACCESS })) @RequestBody(description = "Agama Flow", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class), examples = @ExampleObject(name = "Request json example" , value ="{\"source\":\"Flow test\\n\\tBasepath \\\"hello\\\"\\n\\nin = { name: \\\"John\\\" }\\nRRF \\\"index.ftlh\\\" in\\n\\nLog \\\"Done!\\\"\\nFinish \\\"john_doe\\\"\",\"qname\":\"test\"}"))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class))), @@ -145,7 +145,7 @@ public Response createFlow(@Valid Flow flow) @Operation(summary = "Create a new agama flow from source", description = "Create a new agama flow from source.", operationId = "post-agama-flow-from-source", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.write" })) + ApiAccessConstants.AGAMA_WRITE_ACCESS })) @RequestBody(description = "Agama Flow", content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(implementation = String.class))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class))), @@ -186,7 +186,7 @@ public Response createFlowFromSource(@PathParam(ApiConstants.QNAME) @NotNull Str @Operation(summary = "Update agama flow from source file", description = "Update agama flow from source file.", operationId = "put-agama-flow-from-source", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.write" })) + ApiAccessConstants.AGAMA_WRITE_ACCESS })) @RequestBody(description = "String representing patch-document.", content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(implementation = String.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class))), @@ -222,7 +222,7 @@ public Response updateFlowSource(@PathParam(ApiConstants.QNAME) @NotNull String @Operation(summary = "Partially modify a Agama Flow", description = "Partially modify a Agama Flow", operationId = "patch-agama-flow", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.write" })) + ApiAccessConstants.AGAMA_WRITE_ACCESS })) @RequestBody(description = "JsonPatch object", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Patched Agama Flow", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Flow.class))), @@ -260,7 +260,7 @@ public Response patchFlow(@PathParam(ApiConstants.QNAME) @NotNull String flowNam @Operation(summary = "Deletes an agama flow based on Qname", description = "Deletes an agama flow based on Qname", operationId = "delete-agama-flow", tags = { "Configuration – Agama Flow" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/agama.delete" })) + ApiAccessConstants.AGAMA_DELETE_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java index eb7a9521536..c368dfba92b 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java @@ -61,7 +61,7 @@ public class AttributesResource extends ConfigBaseResource { @Operation(summary = "Gets a list of Gluu attributes.", description = "Gets a list of Gluu attributes.", operationId = "get-attributes", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.readonly" })) + ApiAccessConstants.ATTRIBUTES_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -91,7 +91,7 @@ public Response getAttributes( @Operation(summary = "Gets an attribute based on inum", description = "Gets an attribute based on inum", operationId = "get-attributes-by-inum", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.readonly" })) + ApiAccessConstants.ATTRIBUTES_READ_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @@ -107,7 +107,7 @@ public Response getAttributeByInum(@PathParam(ApiConstants.INUM) @NotNull String @Operation(summary = "Adds a new attribute", description = "Adds a new attribute", operationId = "post-attributes", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.write" })) + ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS })) @RequestBody(description = "GluuAttribute object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))), @@ -130,7 +130,7 @@ public Response createAttribute(@Valid GluuAttribute attribute) { @Operation(summary = "Updates an existing attribute", description = "Updates an existing attribute", operationId = "put-attributes", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.write" })) + ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS })) @RequestBody(description = "GluuAttribute object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))), @@ -156,7 +156,7 @@ public Response updateAttribute(@Valid GluuAttribute attribute) { @Operation(summary = "Partially modify a GluuAttribute", description = "Partially modify a GluuAttribute", operationId = "patch-attributes-by-inum", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.write" })) + ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS })) @RequestBody(description = "String representing patch-document.", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, array = @ArraySchema(schema = @Schema(implementation = PatchRequest.class)))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Updated GluuAttribute", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = GluuAttribute.class))), @@ -180,7 +180,7 @@ public Response patchAtribute(@PathParam(ApiConstants.INUM) @NotNull String inum @Operation(summary = "Deletes an attribute based on inum", description = "Deletes an attribute based on inum", operationId = "delete-attributes-by-inum", tags = { "Attribute" }, security = @SecurityRequirement(name = "oauth2", scopes = { - "https://jans.io/oauth/config/attributes.delete" })) + ApiAccessConstants.ATTRIBUTES_DELETE_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/CacheConfigurationResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/CacheConfigurationResource.java index 23cc8db6bfe..fac562fd40f 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/CacheConfigurationResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/CacheConfigurationResource.java @@ -68,7 +68,7 @@ private CacheConfiguration mergeModifiedCache(Function