JanssenProject · yuriyz · Jul 15, 2022 · Jun 23, 2022 · Jun 29, 2022 · Jun 30, 2022
diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java b/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java
diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java b/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java
diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java b/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java
@@ -115,8 +115,9 @@ public enum ErrorResponseCode {
     AT_HASH_NOT_FOUND(500, "at_hash_not_found", "`at_hash` is missing in `ID_TOKEN`."),
     C_HASH_NOT_FOUND(500, "c_hash_not_found", "`c_hash` is missing in `ID_TOKEN`."),
     S_HASH_NOT_FOUND(500, "s_hash_not_found", "`s_hash` is missing in `ID_TOKEN`."),
-    INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in jans_client_api.yml."),
+    INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in config."),
     AUTHORIZATION_RP_ID_NOT_FOUND(400, "authorization_rp_id_not_found", "`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."),
+    AUTHORIZATION_RP_ID_HEADER_NOT_FOUND(400, "authorization_rp_id_header_not_found", "`AuthorizationRpId` header is not present or invalid."),
     NO_CLIENT_ID_RETURNED(500, "no_client_id_returned", "`client_id` is not returned from OP host. Please check OP log file for error (oxauth.log)."),
     NO_CLIENT_SECRET_RETURNED(500, "no_client_secret_returned", "`client_secret` is not returned from OP host. Please check: 1) OP log file for error (oxauth.log) 2) whether `returnClientSecretOnRead` configuration property is set to true on OP host."),
     RP_ACCESS_DENIED(403, "rp_access_denied", "The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` field of `jans_client_api.yml`."),

diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java b/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java
@@ -0,0 +1,23 @@
+/*
+ * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.ca.common.rest;
+
+import jakarta.ws.rs.NameBinding;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@NameBinding
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ ElementType.TYPE, ElementType.METHOD })
+public @interface ProtectedApi {
+
+    String[] scopes() default {};
+
+}
diff --git a/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java b/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java
diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java