fix: the admin-ui backend issues related to jetty 11 migration #1258

JanssenProject · Apr 27, 2022 · cf94d5f · cf94d5f
1 parent 05e411f
commit cf94d5f
Show file tree

Hide file tree

Showing 2 changed files with 114 additions and 50 deletions.
diff --git a/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py b/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py
@@ -50,7 +50,17 @@ def modifyResponse(self, responseAsJsonObject, context):
             ujwt = context.getHttpRequest().getParameter("ujwt")
             print ujwt
             if not ujwt:
-                print "UJWT is empty or null"
+                print "UJWT is empty or null. Only the default scopes will be added to the token."
+                entryManager = CdiUtil.bean(PersistenceEntryManager)
+                adminConf = AdminConf()
+                adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans")
+                permissions = adminUIConfig.getDynamic().getPermissions()
+                scopes = []
+                for ele in permissions:
+                    if ele.getDefaultPermissionInToken() is not None and ele.getDefaultPermissionInToken():
+                        scopes.append(ele.getPermission())
+
+                responseAsJsonObject.accumulate("scope", scopes)
                 return True
 
             # Parse jwt
@@ -89,4 +99,4 @@ def modifyResponse(self, responseAsJsonObject, context):
         except Exception as e:
                 print "Exception occured. Unable to resolve role/scope mapping."
                 print e
-        return True
+        return True
diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
@@ -20,196 +20,250 @@
   "permissions": [
     {
       "permission": "https://jans.io/oauth/config/attributes.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/attributes.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/attributes.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/acrs.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/acrs.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/acrs.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scopes.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scopes.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scopes.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scripts.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scripts.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/scripts.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/openid/clients.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/openid/clients.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/openid/clients.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/smtp.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/smtp.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/smtp.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/logging.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/logging.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/uma/resources.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/uma/resources.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/uma/resources.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/ldap.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/ldap.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/ldap.delete",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/jwks.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/jwks.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/fido2.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/fido2.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/cache.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/cache.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/couchbase.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/couchbase.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/sql.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/database/sql.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/properties.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/properties.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/config/stats.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "jans_stat",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": false
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": true
     },
     {
       "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.write",
-      "description": null
+      "description": null,
+      "defaultPermissionInToken": true
+    },
+    {
+      "permission": "openid",
+      "description": null,
+      "defaultPermissionInToken": true
     }
+
   ],
   "rolePermissionMapping": [
     {