fix: removed redundant field from core class, added desc for config-api configuration properties

[pujavs]

Prepare

• Read PR guidelines
• Read license information

---

Description

1. Issue#8662: Adding metadata description to config-api configuration attributes
2. Issue#8665: Removed redundant requred field

Target issue

closes #8662 #8665

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request cover a wide range of updates to the Jans Config API project, including improvements to the documentation, error handling, and configuration settings. While the changes do not introduce any immediate security vulnerabilities, there are several areas that should be carefully reviewed to ensure the ongoing security and integrity of the application.

Key security considerations include:

1. Input Validation and Sanitization: Ensure that user input is properly validated and sanitized, especially for features like asset uploads, user management, and API endpoints that interact with external data.
2. Access Control and Authorization: Review the access control settings and permissions to ensure that only authorized users or components can perform sensitive operations, such as user management or configuration changes.
3. Logging and Monitoring: Ensure that appropriate logging and monitoring mechanisms are in place to detect and respond to any security-related issues or anomalies.
4. Secure Configuration Management: Carefully review the configuration settings, especially those related to security-sensitive functionality, to ensure that they are properly implemented and aligned with the application's security requirements.
5. Dependency Management: Verify that all external libraries and dependencies used in the application are up-to-date and secure, and that any potential vulnerabilities are addressed.

Overall, the changes in this pull request appear to be focused on improving the functionality and maintainability of the Jans Config API, but it's essential to thoroughly review the implementation and deployment of these changes to ensure the ongoing security and reliability of the application.

Files Changed:

• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AgamaConfiguration.java: Changes focused on improving the documentation and clarity of the API.
• docs/admin/config-guide/config-tools/config-api/attribute.md: Removal of the "requred" field from attribute definitions.
• docs/admin/config-guide/attribute-configuration.md: Documentation updates on managing attributes in the Janssen Server.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java: Changes related to logging configuration, API protection, client configuration, and user attribute management.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AssetDirMapping.java: Refactoring of the AssetDirMapping class, improving code documentation.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java: Changes to the audit logging configuration, including options to enable/disable logging and control logged header attributes.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AssetMgtConfiguration.java: Changes related to asset management functionality, including asset uploads, file extension validation, and service module name validation.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/DataFormatConversionConf.java: Changes focused on adding Swagger documentation annotations to the class and its properties.
• jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/PluginConf.java: Changes focused on adding Swagger annotations to the class properties.
• jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml: Changes related to the User Management functionality, including updates to the CustomObjectAttribute, CustomUser, UserAuthenticator, and other related schemas.
• jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/IdpResource.java: Changes focused on improving error handling and logging.
• jans-config-api/server/src/main/resources/example/attribute/attribute-get.json: Removal of the "requred" field from attribute definitions.
• jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigBaseResource.java: Changes to the visibility of the getMaxCount() method.
• jans-config-api/server/src/main/resources/example/attribute/attribute-get-all.json: Removal of the "requred" fiel

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud