feat(config-api): agama deployment path param change and client authorization

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

@@ -89,6 +89,9 @@ private ApiConstants() {}
     public static final String PLUGIN = "/plugin";
     public static final String PLUGIN_NAME_PATH = "{pluginName}";
     public static final String AUTHORIZATIONS = "/authorizations";
+    public static final String USERID_PATH = "{userId}";
+    public static final String USERID = "userId";
+    public static final String USERNAME = "username";
 
     public static final String LIMIT = "limit";
     public static final String START_INDEX = "startIndex";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -173,7 +173,7 @@ paths:
       - oauth2:
         - https://jans.io/oauth/config/acrs.write
         - https://jans.io/oauth/config/write-all
-  /api/v1/agama-deployment:
+  /api/v1/agama-deployment/{name}:
     get:
       tags:
       - Agama - Developer Studio
@@ -182,7 +182,9 @@ paths:
       operationId: get-agama-dev-studio-prj-by-name
       parameters:
       - name: name
-        in: query
+        in: path
+        description: Agama project name
+        required: true
         schema:
           type: string
       responses:
@@ -217,7 +219,9 @@ paths:
       operationId: post-agama-dev-studio-prj
       parameters:
       - name: name
-        in: query
+        in: path
+        description: Agama project name
+        required: true
         schema:
           type: string
       requestBody:
@@ -258,7 +262,9 @@ paths:
       operationId: delete-agama-dev-studio-prj
       parameters:
       - name: name
-        in: query
+        in: path
+        description: Agama project name
+        required: true
         schema:
           type: string
       responses:
@@ -277,7 +283,7 @@ paths:
       security:
       - oauth2:
         - https://jans.io/oauth/config/agama.delete
-  /api/v1/agama-deployment/configs:
+  /api/v1/agama-deployment/configs/{name}:
     get:
       tags:
       - Agama - Developer Studio
@@ -286,7 +292,9 @@ paths:
       operationId: get-agama-dev-prj-configs
       parameters:
       - name: name
-        in: query
+        in: path
+        description: Agama project name
+        required: true
         schema:
           type: string
       responses:
@@ -315,7 +323,9 @@ paths:
       operationId: put-agama-dev-studio-prj
       parameters:
       - name: name
-        in: query
+        in: path
+        description: Agama project name
+        required: true
         schema:
           type: string
       requestBody:
@@ -1959,6 +1969,75 @@ paths:
       security:
       - oauth2:
         - https://jans.io/oauth/config/cache.write
+  /api/v1/clients/authorizations:
+    get:
+      tags:
+      - Client Authorization
+      summary: Gets list of client authorization
+      description: Gets list of client authorizations
+      operationId: get-client-authorization_1
+      parameters:
+      - name: userId
+        in: path
+        description: User identifier
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          description: Ok
+          content:
+            application/json:
+              schema:
+                type: string
+              examples:
+                Response json example:
+                  description: Response json example
+                  value: ""
+        "401":
+          description: Unauthorized
+        "500":
+          description: InternalServerError
+      security:
+      - oauth2:
+        - https://jans.io/oauth/client/authorizations.readonly
+    delete:
+      tags:
+      - Client Authorization
+      summary: Revoke client authorization
+      description: Revoke client authorizations
+      operationId: get-client-authorization
+      parameters:
+      - name: userId
+        in: path
+        description: User identifier
+        required: true
+        schema:
+          type: string
+      - name: username
+        in: path
+        description: User name
+        required: true
+        schema:
+          type: string
+      - name: clientId
+        in: path
+        description: Client identifier
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          description: No Content
+        "401":
+          description: Unauthorized
+        "404":
+          description: Not Found
+        "500":
+          description: InternalServerError
+      security:
+      - oauth2:
+        - https://jans.io/oauth/client/authorizations.delete
   /api/v1/openid/clients:
     get:
       tags:
@@ -7610,14 +7689,14 @@ components:
           type: boolean
         adminCanView:
           type: boolean
-        userCanAccess:
-          type: boolean
         userCanView:
           type: boolean
         userCanEdit:
           type: boolean
         adminCanAccess:
           type: boolean
+        userCanAccess:
+          type: boolean
         adminCanEdit:
           type: boolean
         baseDn:
@@ -8876,17 +8955,6 @@ components:
           format: int32
         displayName:
           type: string
-        authenticationMethod:
-          type: string
-          enum:
-          - client_secret_basic
-          - client_secret_post
-          - client_secret_jwt
-          - private_key_jwt
-          - access_token
-          - tls_client_auth
-          - self_signed_tls_client_auth
-          - none
         allAuthenticationMethods:
           uniqueItems: true
           type: array
@@ -8901,6 +8969,17 @@ components:
             - tls_client_auth
             - self_signed_tls_client_auth
             - none
+        authenticationMethod:
+          type: string
+          enum:
+          - client_secret_basic
+          - client_secret_post
+          - client_secret_jwt
+          - private_key_jwt
+          - access_token
+          - tls_client_auth
+          - self_signed_tls_client_auth
+          - none
         baseDn:
           type: string
         inum:
@@ -9225,14 +9304,14 @@ components:
           type: boolean
         internal:
           type: boolean
+        locationPath:
+          type: string
         locationType:
           type: string
           enum:
           - ldap
           - db
           - file
-        locationPath:
-          type: string
         baseDn:
           type: string
     ScriptError:

jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java

@@ -83,8 +83,8 @@ public Response getUsers(
             @Parameter(description = "Attribute whose value will be used to order the returned response") @QueryParam(value = ApiConstants.SORT_BY) String sortBy,
             @Parameter(description = "Order in which the sortBy param is applied. Allowed values are \"ascending\" and \"descending\"") @QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder)
             throws IllegalAccessException, InvocationTargetException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User search param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}",
+        if (logger.isInfoEnabled()) {
+            logger.info("User search param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}",
                     escapeLog(limit), escapeLog(pattern), escapeLog(startIndex), escapeLog(sortBy),
                     escapeLog(sortOrder));
         }
@@ -108,8 +108,8 @@ public Response getUsers(
     public Response getUserByInum(
             @Parameter(description = "User identifier") @PathParam(ApiConstants.INUM) @NotNull String inum)
             throws IllegalAccessException, InvocationTargetException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User search by inum:{}", escapeLog(inum));
+        if (logger.isInfoEnabled()) {
+            logger.info("User search by inum:{}", escapeLog(inum));
         }
         User user = userMgmtSrv.getUserBasedOnInum(inum);
         checkResourceNotNull(user, USER);
@@ -121,7 +121,7 @@ public Response getUserByInum(
 
         // get custom user
         CustomUser customUser = getCustomUser(user, true);
-        logger.debug("customUser:{}", customUser);
+        logger.info("customUser:{}", customUser);
 
         return Response.ok(customUser).build();
     }
@@ -140,8 +140,8 @@ public Response getUserByInum(
     public Response createUser(@Valid CustomUser customUser,
             @Parameter(description = "Boolean flag to indicate if attributes to be removed for non-LDAP DB. Default value is true, indicating non-LDAP attributes will be removed from request.") @DefaultValue("true") @QueryParam(value = ApiConstants.REMOVE_NON_LDAP_ATTRIBUTES) boolean removeNonLDAPAttributes)
             throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User details to be added - customUser:{}, removeNonLDAPAttributes:{}", escapeLog(customUser),
+        if (logger.isInfoEnabled()) {
+            logger.info("User details to be added - customUser:{}, removeNonLDAPAttributes:{}", escapeLog(customUser),
                     removeNonLDAPAttributes);
         }
 
@@ -164,7 +164,7 @@ public Response createUser(@Valid CustomUser customUser,
 
         // get custom user
         customUser = getCustomUser(user, removeNonLDAPAttributes);
-        logger.debug("newly created customUser:{}", customUser);
+        logger.info("newly created customUser:{}", customUser);
 
         return Response.status(Response.Status.CREATED).entity(customUser).build();
     }
@@ -184,8 +184,8 @@ public Response createUser(@Valid CustomUser customUser,
     public Response updateUser(@Valid CustomUser customUser,
             @Parameter(description = "Boolean flag to indicate if attributes to be removed for non-LDAP DB. Default value is true, indicating non-LDAP attributes will be removed from request.") @DefaultValue("true") @QueryParam(value = ApiConstants.REMOVE_NON_LDAP_ATTRIBUTES) boolean removeNonLDAPAttributes)
             throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User details to be updated - customUser:{}, removeNonLDAPAttributes:{}",
+        if (logger.isInfoEnabled()) {
+            logger.info("User details to be updated - customUser:{}, removeNonLDAPAttributes:{}",
                     escapeLog(customUser), removeNonLDAPAttributes);
         }
 
@@ -203,7 +203,7 @@ public Response updateUser(@Valid CustomUser customUser,
 
         try {
             user = userMgmtSrv.updateUser(user);
-            logger.debug("Updated user:{}", user);
+            logger.info("Updated user:{}", user);
         } catch (Exception ex) {
             logger.error("Error while updating user", ex);
             throwInternalServerException(ex);
@@ -214,7 +214,7 @@ public Response updateUser(@Valid CustomUser customUser,
 
         // get custom user
         customUser = getCustomUser(user, removeNonLDAPAttributes);
-        logger.debug("updated customUser:{}", customUser);
+        logger.info("updated customUser:{}", customUser);
 
         return Response.ok(customUser).build();
 
@@ -238,8 +238,8 @@ public Response patchUser(
             @NotNull UserPatchRequest userPatchRequest,
             @Parameter(description = "Boolean flag to indicate if attributes to be removed for non-LDAP DB. Default value is true, indicating non-LDAP attributes will be removed from request.") @DefaultValue("true") @QueryParam(value = ApiConstants.REMOVE_NON_LDAP_ATTRIBUTES) boolean removeNonLDAPAttributes)
             throws IllegalAccessException, InvocationTargetException, JsonPatchException, IOException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User:{} to be patched with :{}, removeNonLDAPAttributes:{} ", escapeLog(inum),
+        if (logger.isInfoEnabled()) {
+            logger.info("User:{} to be patched with :{}, removeNonLDAPAttributes:{} ", escapeLog(inum),
                     escapeLog(userPatchRequest), removeNonLDAPAttributes);
         }
         // check if user exists
@@ -259,7 +259,7 @@ public Response patchUser(
 
         // get custom user
         CustomUser customUser = getCustomUser(existingUser, removeNonLDAPAttributes);
-        logger.debug("patched customUser:{}", customUser);
+        logger.info("patched customUser:{}", customUser);
 
         return Response.ok(customUser).build();
     }
@@ -276,8 +276,8 @@ public Response patchUser(
     @ProtectedApi(scopes = { ApiAccessConstants.USER_DELETE_ACCESS })
     public Response deleteUser(
             @Parameter(description = "User identifier") @PathParam(ApiConstants.INUM) @NotNull String inum) {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User to be deleted - inum:{} ", escapeLog(inum));
+        if (logger.isInfoEnabled()) {
+            logger.info("User to be deleted - inum:{} ", escapeLog(inum));
         }
         User user = userMgmtSrv.getUserBasedOnInum(inum);
         checkResourceNotNull(user, USER);
@@ -287,8 +287,8 @@ public Response deleteUser(
 
     private UserPagedResult doSearch(SearchRequest searchReq, Boolean removeNonLDAPAttributes)
             throws IllegalAccessException, InvocationTargetException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("User search params - searchReq:{}, removeNonLDAPAttributes:{} ", escapeLog(searchReq),
+        if (logger.isInfoEnabled()) {
+            logger.info("User search params - searchReq:{}, removeNonLDAPAttributes:{} ", escapeLog(searchReq),
                     removeNonLDAPAttributes);
         }
 
@@ -317,7 +317,7 @@ private UserPagedResult doSearch(SearchRequest searchReq, Boolean removeNonLDAPA
             pagedCustomUser.setEntries(customUsers);
         }
 
-        logger.debug("User pagedCustomUser:{}", pagedCustomUser);
+        logger.info("User pagedCustomUser:{}", pagedCustomUser);
         return pagedCustomUser;
 
     }