From 427c0f308e4c32d36421adfc36986dd03da72e36 Mon Sep 17 00:00:00 2001 From: Arnab Dutta Date: Fri, 9 Sep 2022 16:42:34 +0530 Subject: [PATCH] fix: remove request-body from delete endpoints of admin-ui plugin #2341 --- .../adminui/model/auth/LicenseRequest.java | 30 ------------------- .../rest/user/UserManagementResource.java | 23 ++++++++------ .../service/user/UserManagementService.java | 6 ++-- 3 files changed, 17 insertions(+), 42 deletions(-) diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseRequest.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseRequest.java index d4b79449070..5967ad87c43 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseRequest.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseRequest.java @@ -2,33 +2,6 @@ public class LicenseRequest { private String licenseKey; - private String validityPeriod; - private Integer maxActivations; - private Boolean licenseActive; - - public String getValidityPeriod() { - return validityPeriod; - } - - public void setValidityPeriod(String validityPeriod) { - this.validityPeriod = validityPeriod; - } - - public Integer getMaxActivations() { - return maxActivations; - } - - public void setMaxActivations(Integer maxActivations) { - this.maxActivations = maxActivations; - } - - public Boolean getLicenseActive() { - return licenseActive; - } - - public void setLicenseActive(Boolean licenseActive) { - this.licenseActive = licenseActive; - } public String getLicenseKey() { return licenseKey; @@ -42,9 +15,6 @@ public void setLicenseKey(String licenseKey) { public String toString() { return "LicenseRequest{" + "licenseKey='" + licenseKey + '\'' + - ", validityPeriod='" + validityPeriod + '\'' + - ", maxActivations=" + maxActivations + - ", licenseActive=" + licenseActive + '}'; } } \ No newline at end of file diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java index 4d79dbc4a7d..3f568198d4b 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java @@ -15,13 +15,18 @@ import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; + import java.util.List; @Path("/admin-ui/user") public class UserManagementResource { static final String ROLES = "/roles"; + static final String ROLE_PATH_VARIABLE = "/{role}"; + static final String ROLE_CONST = "role"; static final String PERMISSIONS = "/permissions"; + static final String PERMISSION_PATH_VARIABLE = "/{permission}"; + static final String PERMISSION_CONST = "permission"; static final String ROLE_PERMISSIONS_MAPPING = "/rolePermissionsMapping"; static final String SCOPE_ROLE_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly"; static final String SCOPE_ROLE_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write"; @@ -94,13 +99,13 @@ public Response editRole(@Valid @NotNull AdminRole roleArg) { } @DELETE - @Path(ROLES) + @Path(ROLES + ROLE_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_ROLE_WRITE) - public Response deleteRole(@Valid @NotNull AdminRole roleArg) { + public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String role) { try { log.info("Deleting Admin-UI role."); - List roles = userManagementService.deleteRole(roleArg.getRole()); + List roles = userManagementService.deleteRole(role); log.info("Deleted Admin-UI role.."); return Response.ok(roles).build(); } catch (ApplicationException e) { @@ -170,13 +175,13 @@ public Response editPermission(@Valid @NotNull AdminPermission permissionArg) { } @DELETE - @Path(PERMISSIONS) + @Path(PERMISSIONS + PERMISSION_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_PERMISSION_WRITE) - public Response deletePermission(@Valid @NotNull AdminPermission permissionArg) { + public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String permission) { try { log.info("Deleting Admin-UI permission."); - List permissions = userManagementService.deletePermission(permissionArg.getPermission()); + List permissions = userManagementService.deletePermission(permission); log.info("Deleted Admin-UI permission.."); return Response.ok(permissions).build(); } catch (ApplicationException e) { @@ -246,13 +251,13 @@ public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP } @DELETE - @Path(ROLE_PERMISSIONS_MAPPING) + @Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE) @Produces(MediaType.APPLICATION_JSON) @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE) - public Response removePermissionsFromRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) { + public Response removePermissionsFromRole(@PathParam(ROLE_CONST) @NotNull String role) { try { log.info("Removing permissions to Admin-UI role."); - List roleScopeMapping = userManagementService.removePermissionsFromRole(rolePermissionMappingArg); + List roleScopeMapping = userManagementService.removePermissionsFromRole(role); log.info("Removed permissions to Admin-UI role.."); return Response.ok(roleScopeMapping).build(); } catch (ApplicationException e) { diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java index c4d801b7ed9..da8cbc8d147 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java @@ -307,15 +307,15 @@ public List mapPermissionsToRole(RolePermissionMapping ro } } - public List removePermissionsFromRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException { + public List removePermissionsFromRole(String role) throws ApplicationException { try { AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN); - if (isFalse(getRoleObjByName(rolePermissionMappingArg.getRole()).getDeletable())) { + if (isFalse(getRoleObjByName(role).getDeletable())) { log.error(ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_MARKED_UNDELETABLE.getDescription()); } List roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping() - .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole())) + .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(role)) .collect(Collectors.toList()); adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping); entryManager.merge(adminConf);