From c7b26e90430a1db5d4788d510fc8bf5ce63c4fd3 Mon Sep 17 00:00:00 2001 From: Arnab Dutta <32794267+duttarnab@users.noreply.github.com> Date: Thu, 15 Sep 2022 15:26:46 +0530 Subject: [PATCH] feat: admin-ui apis refactoring #2388 (#2390) --- .../docs/jans-config-api-swagger-auto.yaml | 34 ++- .../rest/logging/AuditLoggerResource.java | 2 + .../rest/user/UserManagementResource.java | 210 ++++++++++++------ .../service/user/UserManagementService.java | 44 +++- .../plugin/adminui/utils/ErrorResponse.java | 1 + .../docs/jans-admin-ui-plugin-swagger.yaml | 150 +++++++++---- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- 7 files changed, 318 insertions(+), 127 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index 91d31fdf610..f0351d5b404 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -3227,19 +3227,19 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - adminCanEdit: - type: boolean - userCanAccess: - type: boolean - userCanView: + whitePagesCanView: type: boolean adminCanAccess: type: boolean + adminCanEdit: + type: boolean adminCanView: type: boolean + userCanAccess: + type: boolean userCanEdit: type: boolean - whitePagesCanView: + userCanView: type: boolean baseDn: type: string @@ -3566,6 +3566,8 @@ components: format: int32 displayName: type: string + tokenBindingSupported: + type: boolean authenticationMethod: type: string enum: @@ -3577,8 +3579,6 @@ components: - tls_client_auth - self_signed_tls_client_auth - none - tokenBindingSupported: - type: boolean baseDn: type: string inum: @@ -3668,10 +3668,10 @@ components: type: array items: type: string - displayValue: - type: string value: type: string + displayValue: + type: string LocalizedString: type: object properties: @@ -3679,13 +3679,13 @@ components: type: object additionalProperties: type: string + value: + type: string languageTags: uniqueItems: true type: array items: type: string - value: - type: string AppConfiguration: type: object properties: @@ -4270,8 +4270,6 @@ components: - remote keepAuthenticatorAttributesOnAcrChange: type: boolean - disableAuthnForMaxAgeZero: - type: boolean deviceAuthzRequestExpiresIn: type: integer format: int32 @@ -4362,6 +4360,8 @@ components: type: string agamaConfiguration: $ref: '#/components/schemas/EngineConfig' + fapi: + type: boolean enabledFeatureFlags: uniqueItems: true type: array @@ -4397,8 +4397,6 @@ components: - code - token - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn @@ -5066,10 +5064,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string SessionId: type: object properties: diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/logging/AuditLoggerResource.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/logging/AuditLoggerResource.java index 7a93c521dd4..b44dcc91f98 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/logging/AuditLoggerResource.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/logging/AuditLoggerResource.java @@ -1,6 +1,7 @@ package io.jans.ca.plugin.adminui.rest.logging; import io.jans.ca.plugin.adminui.utils.ErrorResponse; +import io.swagger.v3.oas.annotations.Hidden; import org.slf4j.Logger; import jakarta.inject.Inject; @@ -13,6 +14,7 @@ import jakarta.ws.rs.core.Response; import java.util.Map; +@Hidden @Path("/admin-ui/logging") public class AuditLoggerResource { diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java index 0629edb74a4..f1b209fcad2 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java @@ -3,41 +3,38 @@ import io.jans.as.model.config.adminui.AdminPermission; import io.jans.as.model.config.adminui.AdminRole; import io.jans.as.model.config.adminui.RolePermissionMapping; -import io.jans.configapi.core.rest.ProtectedApi; import io.jans.ca.plugin.adminui.model.exception.ApplicationException; import io.jans.ca.plugin.adminui.service.user.UserManagementService; import io.jans.ca.plugin.adminui.utils.ErrorResponse; - +import io.jans.configapi.core.rest.ProtectedApi; import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.parameters.RequestBody; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.parameters.RequestBody; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; -import io.swagger.v3.oas.annotations.security.*; - -import org.slf4j.Logger; - +import io.swagger.v3.oas.annotations.security.SecurityRequirement; import jakarta.inject.Inject; import jakarta.validation.Valid; import jakarta.validation.constraints.NotNull; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; +import org.slf4j.Logger; import java.util.List; -@Path("/admin-ui/user") +@Path("/admin-ui") public class UserManagementResource { - static final String ROLES = "/roles"; - static final String ROLE_PATH_VARIABLE = "/{role}"; - static final String ROLE_CONST = "role"; - static final String PERMISSIONS = "/permissions"; - static final String PERMISSION_PATH_VARIABLE = "/{permission}"; - static final String PERMISSION_CONST = "permission"; - static final String ROLE_PERMISSIONS_MAPPING = "/rolePermissionsMapping"; + static final String ROLES = "/adminUIRoles"; + static final String ROLE_PATH_VARIABLE = "/{adminUIRole}"; + static final String ROLE_CONST = "adminUIRole"; + static final String PERMISSIONS = "/adminUIPermissions"; + static final String PERMISSION_PATH_VARIABLE = "/{adminUIPermission}"; + static final String PERMISSION_CONST = "adminUIPermission"; + static final String ROLE_PERMISSIONS_MAPPING = "/adminUIRolePermissionsMapping"; static final String SCOPE_ROLE_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly"; static final String SCOPE_ROLE_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write"; static final String SCOPE_PERMISSION_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly"; @@ -51,22 +48,22 @@ public class UserManagementResource { @Inject UserManagementService userManagementService; - @Operation(summary = "Get all admin ui roles", description = "Get all admin ui roles", operationId = "get-adminui-roles", tags = { - "Admin UI - Role" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_READ })) + @Operation(summary = "Get all admin ui roles", description = "Get all admin ui roles", operationId = "get-all-adminui-roles", tags = { + "Admin UI - Role"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_READ})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminRole.class, description = "List of AdminRole")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @GET @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_ROLE_READ) - public Response getRoles() { + public Response getAllRoles() { try { log.info("Get all Admin-UI roles."); - List roles = userManagementService.getRoles(); + List roles = userManagementService.getAllRoles(); log.info("Roles received from Auth Server."); return Response.ok(roles).build(); } catch (ApplicationException e) { @@ -79,14 +76,14 @@ public Response getRoles() { } @Operation(summary = "Add admin ui role", description = "Add admin ui role", operationId = "add-adminui-role", tags = { - "Admin UI - Role" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_WRITE })) + "Admin UI - Role"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_WRITE})) @RequestBody(description = "AdminRole object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AdminRole.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminRole.class, description = "List of AdminRole")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @POST @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) @@ -107,14 +104,14 @@ public Response addRole(@Valid @NotNull AdminRole roleArg) { } @Operation(summary = "Edit admin ui role", description = "Edit admin ui role", operationId = "edit-adminui-role", tags = { - "Admin UI - Role" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_WRITE })) + "Admin UI - Role"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_WRITE})) @RequestBody(description = "AdminRole object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AdminRole.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminRole.class, description = "List of AdminRole")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @PUT @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) @@ -134,22 +131,49 @@ public Response editRole(@Valid @NotNull AdminRole roleArg) { } } - @Operation(summary = "Delete admin ui role", description = "Delete admin ui role", operationId = "delete-adminui-role", tags = { - "Admin UI - Role" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_WRITE })) + @Operation(summary = "Get admin ui role details by role-name", description = "Get admin ui role details by role-name", operationId = "get-adminui-role", tags = { + "Admin UI - Role"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_READ})) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminRole.class, description = "List of AdminRole")))), + @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError")}) + @GET + @Path(ROLES + ROLE_PATH_VARIABLE) + @Produces(MediaType.APPLICATION_JSON) + @ProtectedApi(scopes = SCOPE_ROLE_READ) + public Response getRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) { + try { + log.info("Get all Admin-UI roles."); + AdminRole roleObj = userManagementService.getRoleObjByName(adminUIRole); + log.info("Roles received from Auth Server."); + return Response.ok(roleObj).build(); + } catch (ApplicationException e) { + log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription(), e); + return Response.status(e.getErrorCode()).entity(e.getMessage()).build(); + } catch (Exception e) { + log.error(ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription(), e); + return Response.serverError().entity(e.getMessage()).build(); + } + } + + @Operation(summary = "Delete admin ui role by role-name", description = "Delete admin ui role by role-name", operationId = "delete-adminui-role", tags = { + "Admin UI - Role"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_WRITE})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminRole.class, description = "List of AdminRole")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @DELETE @Path(ROLES + ROLE_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_ROLE_WRITE) - public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String role) { + public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) { try { log.info("Deleting Admin-UI role."); - List roles = userManagementService.deleteRole(role); + List roles = userManagementService.deleteRole(adminUIRole); log.info("Deleted Admin-UI role.."); return Response.ok(roles).build(); } catch (ApplicationException e) { @@ -161,19 +185,19 @@ public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String role) { } } - @Operation(summary = "Get admin ui permissions", description = "Get admin ui permissions", operationId = "get-adminui-permissions", tags = { - "Admin UI - Permission" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_PERMISSION_READ })) + @Operation(summary = "Get all admin ui permissions", description = "Get all admin ui permissions", operationId = "get-all-adminui-permissions", tags = { + "Admin UI - Permission"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_PERMISSION_READ})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminPermission.class, description = "List of AdminPermission")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @GET @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_PERMISSION_READ) - public Response getPermissions() { + public Response getAllPermissions() { try { log.info("Get all Admin-UI permissions."); List permissions = userManagementService.getPermissions(); @@ -189,14 +213,14 @@ public Response getPermissions() { } @Operation(summary = "Add admin ui permissions", description = "Add admin ui permissions", operationId = "add-adminui-permission", tags = { - "Admin UI - Permission" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_PERMISSION_WRITE })) + "Admin UI - Permission"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_PERMISSION_WRITE})) @RequestBody(description = "AdminPermission object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AdminPermission.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminPermission.class, description = "List of AdminPermission")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @POST @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) @@ -217,14 +241,14 @@ public Response addPermission(@Valid @NotNull AdminPermission permissionArg) { } @Operation(summary = "Edit admin ui permissions", description = "Edit admin ui permissions", operationId = "edit-adminui-permission", tags = { - "Admin UI - Permission" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_PERMISSION_WRITE })) + "Admin UI - Permission"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_PERMISSION_WRITE})) @RequestBody(description = "AdminPermission object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AdminPermission.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminPermission.class, description = "List of AdminPermission")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @PUT @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) @@ -244,22 +268,49 @@ public Response editPermission(@Valid @NotNull AdminPermission permissionArg) { } } - @Operation(summary = "Delete admin ui permissions", description = "Delete admin ui permissions", operationId = "delete-adminui-permission", tags = { - "Admin UI - Permission" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_PERMISSION_WRITE })) + @Operation(summary = "Get admin ui permission by permission-name", description = "Get admin ui permission by permission-name", operationId = "get-adminui-permission", tags = { + "Admin UI - Permission"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_PERMISSION_READ})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminPermission.class, description = "List of AdminPermission")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) + @GET + @Path(PERMISSIONS + PERMISSION_PATH_VARIABLE) + @Produces(MediaType.APPLICATION_JSON) + @ProtectedApi(scopes = SCOPE_PERMISSION_READ) + public Response getPermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) { + try { + log.info("Get Admin-UI permission."); + AdminPermission permissionObj = userManagementService.getPermissionObjByName(adminUIPermission); + log.info("Permission received from Auth Server."); + return Response.ok(permissionObj).build(); + } catch (ApplicationException e) { + log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription(), e); + return Response.status(e.getErrorCode()).entity(e.getMessage()).build(); + } catch (Exception e) { + log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription(), e); + return Response.serverError().entity(e.getMessage()).build(); + } + } + + @Operation(summary = "Delete admin ui permission by permission-name", description = "Delete admin ui permission by permission-name", operationId = "delete-adminui-permission", tags = { + "Admin UI - Permission"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_PERMISSION_WRITE})) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = AdminPermission.class, description = "List of AdminPermission")))), + @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @DELETE @Path(PERMISSIONS + PERMISSION_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_PERMISSION_WRITE) - public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String permission) { + public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) { try { log.info("Deleting Admin-UI permission."); - List permissions = userManagementService.deletePermission(permission); + List permissions = userManagementService.deletePermission(adminUIPermission); log.info("Deleted Admin-UI permission.."); return Response.ok(permissions).build(); } catch (ApplicationException e) { @@ -271,22 +322,22 @@ public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String pe } } - @Operation(summary = "Get admin ui role-permissions mapping", description = "Get admin ui role-permissions mapping", operationId = "get-adminui-role-permissions", tags = { - "Admin UI - Role-Permissions Mapping" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_PERMISSION_MAPPING_READ })) + @Operation(summary = "Get all admin ui role-permissions mapping", description = "Get all admin ui role-permissions mapping", operationId = "get-all-adminui-role-permissions", tags = { + "Admin UI - Role-Permissions Mapping"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_PERMISSION_MAPPING_READ})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = RolePermissionMapping.class, description = "List of RolePermissionMapping")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @GET @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_READ) - public Response getAdminUIRolePermissionsMapping() { + public Response getAllAdminUIRolePermissionsMapping() { try { log.info("Get all Admin-UI role-permissions mapping."); - List roleScopeMapping = userManagementService.getAdminUIRolePermissionsMapping(); + List roleScopeMapping = userManagementService.getAllAdminUIRolePermissionsMapping(); log.info("Role-Permissions mapping received from Auth Server."); return Response.ok(roleScopeMapping).build(); } catch (ApplicationException e) { @@ -299,14 +350,14 @@ public Response getAdminUIRolePermissionsMapping() { } @Operation(summary = "Add role-permissions mapping", description = "Add role-permissions mapping", operationId = "add-role-permissions-mapping", tags = { - "Admin UI - Role-Permissions Mapping" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_PERMISSION_MAPPING_WRITE})) + "Admin UI - Role-Permissions Mapping"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_PERMISSION_MAPPING_WRITE})) @RequestBody(description = "RolePermissionMapping object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = RolePermissionMapping.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = RolePermissionMapping.class, description = "List of RolePermissionMapping")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @POST @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) @@ -327,14 +378,14 @@ public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP } @Operation(summary = "Map permissions to role", description = "Map permissions to role", operationId = "map-permissions-to-role", tags = { - "Admin UI - Role-Permissions Mapping" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_PERMISSION_MAPPING_WRITE })) + "Admin UI - Role-Permissions Mapping"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_PERMISSION_MAPPING_WRITE})) @RequestBody(description = "RolePermissionMapping object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = RolePermissionMapping.class))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = RolePermissionMapping.class, description = "List of RolePermissionMapping")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @PUT @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) @@ -354,14 +405,41 @@ public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP } } - @Operation(summary = "Remove role-permissions mapping", description = "Remove role-permissions mapping", operationId = "remove-role-permissions-permission", tags = { - "Admin UI - Role-Permissions Mapping" }, security = @SecurityRequirement(name = "oauth2", scopes = { - SCOPE_ROLE_PERMISSION_MAPPING_WRITE })) + @Operation(summary = "Get admin ui role-permissions mapping by role-name", description = "Get admin ui role-permissions mapping by role-name", operationId = "get-adminui-role-permissions", tags = { + "Admin UI - Role-Permissions Mapping"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_PERMISSION_MAPPING_READ})) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = RolePermissionMapping.class, description = "List of RolePermissionMapping")))), + @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError")}) + @GET + @Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE) + @Produces(MediaType.APPLICATION_JSON) + @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_READ) + public Response getAdminUIRolePermissionsMapping(@PathParam(ROLE_CONST) @NotNull String adminUIRole) { + try { + log.info("Get Admin-UI role-permissions mapping by role-name."); + RolePermissionMapping roleScopeMapping = userManagementService.getAdminUIRolePermissionsMapping(adminUIRole); + log.info("Role-Permissions mapping received from Auth Server."); + return Response.ok(roleScopeMapping).build(); + } catch (ApplicationException e) { + log.error(ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription(), e); + return Response.status(e.getErrorCode()).entity(e.getMessage()).build(); + } catch (Exception e) { + log.error(ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription(), e); + return Response.serverError().entity(e.getMessage()).build(); + } + } + + @Operation(summary = "Remove role-permissions mapping by role-name", description = "Remove role-permissions mapping by role-name", operationId = "remove-role-permissions-permission", tags = { + "Admin UI - Role-Permissions Mapping"}, security = @SecurityRequirement(name = "oauth2", scopes = { + SCOPE_ROLE_PERMISSION_MAPPING_WRITE})) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = RolePermissionMapping.class, description = "List of RolePermissionMapping")))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError")}) @DELETE @Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java index da8cbc8d147..2e16445202b 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java @@ -9,12 +9,14 @@ import io.jans.ca.plugin.adminui.utils.AppConstants; import io.jans.ca.plugin.adminui.utils.ErrorResponse; import io.jans.orm.PersistenceEntryManager; +import jakarta.validation.constraints.NotNull; import org.apache.commons.collections.CollectionUtils; import org.slf4j.Logger; import jakarta.inject.Inject; import jakarta.inject.Singleton; import jakarta.ws.rs.core.Response; + import java.util.*; import java.util.stream.Collectors; @@ -27,7 +29,7 @@ public class UserManagementService { @Inject private PersistenceEntryManager entryManager; - public List getRoles() throws ApplicationException { + public List getAllRoles() throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); return adminConf.getDynamic().getRoles(); @@ -37,7 +39,7 @@ public List getRoles() throws ApplicationException { } } - private AdminRole getRoleObjByName(String role) throws ApplicationException { + public AdminRole getRoleObjByName(String role) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); List roles = adminConf.getDynamic().getRoles().stream().filter(ele -> ele.getRole().equals(role)).collect(Collectors.toList()); @@ -152,6 +154,24 @@ public List getPermissions() throws ApplicationException { } } + public AdminPermission getPermissionObjByName(String permission) throws ApplicationException { + try { + AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); + List permissions = adminConf.getDynamic().getPermissions().stream().filter(ele -> ele.getPermission().equals(permission)).collect(Collectors.toList()); + if (permissions.isEmpty()) { + log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription()); + } + return permissions.stream().findFirst().get(); + } catch (ApplicationException e) { + log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription()); + throw e; + } catch (Exception e) { + log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription(), e); + throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription()); + } + } + public List addPermission(AdminPermission permissionArg) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); @@ -225,7 +245,7 @@ public List deletePermission(String permission) throws Applicat } } - public List getAdminUIRolePermissionsMapping() throws ApplicationException { + public List getAllAdminUIRolePermissionsMapping() throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); return adminConf.getDynamic().getRolePermissionMapping(); @@ -307,6 +327,24 @@ public List mapPermissionsToRole(RolePermissionMapping ro } } + public RolePermissionMapping getAdminUIRolePermissionsMapping(String role) throws ApplicationException { + try { + AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); + List roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping() + .stream().filter(ele -> ele.getRole().equalsIgnoreCase(role)) + .collect(Collectors.toList()); + + if (roleScopeMapping.isEmpty()) { + log.error(ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription()); + throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription()); + } + return roleScopeMapping.stream().findFirst().get(); + } catch (Exception e) { + log.error(ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription(), e); + throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription()); + } + } + public List removePermissionsFromRole(String role) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java index 009d7f479d4..eff0cac0877 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java @@ -17,6 +17,7 @@ public enum ErrorResponse { AUDIT_LOGGING_ERROR("Error in audit logging"), ERROR_READING_CONFIG("Error in reading auiConfiguration"), ERROR_READING_ROLE_PERMISSION_MAP("Error in reading role-permissions mapping from Auth Server."), + ROLE_PERMISSION_MAP_NOT_FOUND("Role-permissions mapping not found."), ROLE_NOT_FOUND("Bad Request: Admin UI Role not found in Auth Server."), PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."), ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."), diff --git a/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml b/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml index 1220f0d3cc5..e3c9c9b3e63 100644 --- a/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml @@ -147,29 +147,13 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/license.write - /admin-ui/logging/audit: - post: - operationId: auditLogging - requestBody: - content: - '*/*': - schema: - type: object - additionalProperties: - type: object - required: true - responses: - default: - description: default response - content: - application/json: {} - /admin-ui/user/permissions: + /admin-ui/adminUIPermissions: get: tags: - Admin UI - Permission - summary: Get admin ui permissions - description: Get admin ui permissions - operationId: get-adminui-permissions + summary: Get all admin ui permissions + description: Get all admin ui permissions + operationId: get-all-adminui-permissions responses: "200": description: Ok @@ -248,13 +232,13 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write - /admin-ui/user/rolePermissionsMapping: + /admin-ui/adminUIRolePermissionsMapping: get: tags: - Admin UI - Role-Permissions Mapping - summary: Get admin ui role-permissions mapping - description: Get admin ui role-permissions mapping - operationId: get-adminui-role-permissions + summary: Get all admin ui role-permissions mapping + description: Get all admin ui role-permissions mapping + operationId: get-all-adminui-role-permissions responses: "200": description: Ok @@ -333,13 +317,13 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write - /admin-ui/user/roles: + /admin-ui/adminUIRoles: get: tags: - Admin UI - Role summary: Get all admin ui roles description: Get all admin ui roles - operationId: get-adminui-roles + operationId: get-all-adminui-roles responses: "200": description: Ok @@ -418,15 +402,45 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write - /admin-ui/user/permissions/{permission}: + /admin-ui/adminUIPermissions/{adminUIPermission}: + get: + tags: + - Admin UI - Permission + summary: Get admin ui permission by permission-name + description: Get admin ui permission by permission-name + operationId: get-adminui-permission + parameters: + - name: adminUIPermission + in: path + required: true + schema: + type: string + responses: + "200": + description: Ok + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/AdminPermission' + "400": + description: Bad Request + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly delete: tags: - Admin UI - Permission - summary: Delete admin ui permissions - description: Delete admin ui permissions + summary: Delete admin ui permission by permission-name + description: Delete admin ui permission by permission-name operationId: delete-adminui-permission parameters: - - name: permission + - name: adminUIPermission in: path required: true schema: @@ -449,15 +463,45 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write - /admin-ui/user/roles/{role}: + /admin-ui/adminUIRoles/{adminUIRole}: + get: + tags: + - Admin UI - Role + summary: Get admin ui role details by role-name + description: Get admin ui role details by role-name + operationId: get-adminui-role + parameters: + - name: adminUIRole + in: path + required: true + schema: + type: string + responses: + "200": + description: Ok + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/AdminRole' + "400": + description: Bad Request + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly delete: tags: - Admin UI - Role - summary: Delete admin ui role - description: Delete admin ui role + summary: Delete admin ui role by role-name + description: Delete admin ui role by role-name operationId: delete-adminui-role parameters: - - name: role + - name: adminUIRole in: path required: true schema: @@ -480,15 +524,45 @@ paths: security: - oauth2: - https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write - /admin-ui/user/rolePermissionsMapping/{role}: + /admin-ui/adminUIRolePermissionsMapping/{adminUIRole}: + get: + tags: + - Admin UI - Role-Permissions Mapping + summary: Get admin ui role-permissions mapping by role-name + description: Get admin ui role-permissions mapping by role-name + operationId: get-adminui-role-permissions + parameters: + - name: adminUIRole + in: path + required: true + schema: + type: string + responses: + "200": + description: Ok + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/RolePermissionMapping' + "400": + description: Bad Request + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly delete: tags: - Admin UI - Role-Permissions Mapping - summary: Remove role-permissions mapping - description: Remove role-permissions mapping + summary: Remove role-permissions mapping by role-name + description: Remove role-permissions mapping by role-name operationId: remove-role-permissions-permission parameters: - - name: role + - name: adminUIRole in: path required: true schema: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 61af0e64550..2ba0f4d787a 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -227,10 +227,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string CustomUser: type: object properties: