diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java index 4750279214e..ece98768e03 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java @@ -112,5 +112,8 @@ private ApiConstants() {} public static final int DEFAULT_MAX_COUNT = 200; public static final String SORT_BY = "sortBy"; public static final String SORT_ORDER = "sortOrder"; + + //commaSeparatedString of attributes to be excluded in User fetch request + public static final String USER_EXCLUDED_ATTRIBUTES = "userPassword,"; } \ No newline at end of file diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java index 1872c020dd2..017d6717b70 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java @@ -18,6 +18,7 @@ import io.jans.orm.model.PagedResult; import java.io.IOException; +import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.List; import javax.enterprise.context.ApplicationScoped; @@ -50,29 +51,34 @@ public Response getUsers(@DefaultValue(DEFAULT_LIST_SIZE) @QueryParam(value = Ap @DefaultValue("") @QueryParam(value = ApiConstants.PATTERN) String pattern, @DefaultValue(DEFAULT_LIST_START_INDEX) @QueryParam(value = ApiConstants.START_INDEX) int startIndex, @QueryParam(value = ApiConstants.SORT_BY) String sortBy, - @QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder) { + @QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder) throws IllegalAccessException, InvocationTargetException { if (logger.isDebugEnabled()) { logger.debug("User search param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}", escapeLog(limit), escapeLog(pattern), escapeLog(startIndex), escapeLog(sortBy), escapeLog(sortOrder)); } SearchRequest searchReq = createSearchRequest(userSrv.getPeopleBaseDn(), pattern, sortBy, sortOrder, startIndex, - limit, null, null); + limit, null, ApiConstants.USER_EXCLUDED_ATTRIBUTES); - final List users = this.doSearch(searchReq); - logger.debug("User search result:{}", users); + List users = this.doSearch(searchReq); + logger.debug("User search result:{}", users); + return Response.ok(users).build(); } @GET @ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS }) @Path(ApiConstants.INUM_PATH) - public Response getUserByInum(@PathParam(ApiConstants.INUM) @NotNull String inum) { + public Response getUserByInum(@PathParam(ApiConstants.INUM) @NotNull String inum) throws IllegalAccessException, InvocationTargetException { if (logger.isDebugEnabled()) { logger.debug("User search by inum:{}", escapeLog(inum)); } User user = userSrv.getUserByInum(inum); logger.debug("user:{}", user); + + //excludedAttributes + user = userSrv.excludedAttributes(user, ApiConstants.USER_EXCLUDED_ATTRIBUTES); + return Response.ok(user).build(); } @@ -100,7 +106,7 @@ public Response updateUser(@Valid User user) { } @PATCH - @Consumes(MediaType.APPLICATION_JSON_PATCH_JSON) + //@Consumes(MediaType.APPLICATION_JSON_PATCH_JSON) @ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS }) @Path(ApiConstants.INUM_PATH) public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @NotNull UserPatchRequest userPatchRequest) throws JsonPatchException, IOException { @@ -119,7 +125,8 @@ public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @N return Response.ok(existingUser).build(); } - + + @DELETE @Path(ApiConstants.INUM_PATH) @ProtectedApi(scopes = { ApiAccessConstants.USER_DELETE_ACCESS }) @@ -133,7 +140,7 @@ public Response deleteUser(@PathParam(ApiConstants.INUM) @NotNull String inum) { return Response.noContent().build(); } - private List doSearch(SearchRequest searchReq) { + private List doSearch(SearchRequest searchReq) throws IllegalAccessException, InvocationTargetException{ if (logger.isDebugEnabled()) { logger.debug("User search params - searchReq:{} ", escapeLog(searchReq)); } @@ -151,7 +158,14 @@ private List doSearch(SearchRequest searchReq) { if (logger.isDebugEnabled()) { logger.debug("Users fetched - users:{}", users); } + + //excludedAttributes + users = userSrv.excludedAttributes(users, searchReq.getExcludedAttributesStr()); + return users; } + + + } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java index 31322d45e0c..ff41639f6a2 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java @@ -11,6 +11,7 @@ import io.jans.as.common.util.AttributeConstants; import io.jans.as.model.config.StaticConfiguration; import io.jans.as.model.configuration.AppConfiguration; +import io.jans.configapi.util.AuthUtil; import io.jans.configapi.core.util.Jackson; import io.jans.configapi.model.user.UserPatchRequest; import io.jans.configapi.rest.model.SearchRequest; @@ -23,13 +24,14 @@ import static io.jans.as.model.util.Util.escapeLog; import java.io.IOException; -import java.util.ArrayList; +import java.lang.reflect.InvocationTargetException; +import java.util.Arrays; import java.util.List; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; -import javax.ws.rs.core.Response; +import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -45,6 +47,9 @@ public class UserService extends io.jans.as.common.service.common.UserService { @Inject private AppConfiguration appConfiguration; + + @Inject + AuthUtil authUtil; @Override public List getPersonCustomObjectClassList() { @@ -148,5 +153,38 @@ else if (attribute.getValue() == null || attribute.getValues() == null) { return user; } + + public List excludedAttributes(List users, String commaSeparatedString) throws IllegalAccessException, InvocationTargetException { + logger.error("Attributes:{} to be excluded from users:{} ", commaSeparatedString, users); + for(User user: users) { + user = excludedAttributes(user, commaSeparatedString); + } + logger.error("Users:{} after excluding attribute:{} ", users, commaSeparatedString); + + return users; + } + + public User excludedAttributes(User user, String commaSeparatedString) throws IllegalAccessException, InvocationTargetException { + logger.error("Attributes:{} to be excluded from user:{} ", commaSeparatedString, user); + if(user == null || StringUtils.isEmpty(commaSeparatedString)) { + return user; + } + List excludedAttributes = Arrays.asList(commaSeparatedString.split(",")); + logger.error("Attributes List:{} to be excluded ", excludedAttributes); + + for(String attribute : excludedAttributes) { + logger.error("User class conatins attribute:{} ? :{} ", attribute, authUtil.doesObjectContainField(user,attribute)); + if(authUtil.doesObjectContainField(user,attribute)) { + BeanUtils.setProperty(user,attribute,null); + + } + else { + logger.error("Removing custom attribute:{} from user:{} ", attribute, user); + user.removeAttribute(attribute); + } + } + + return user; + } } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java index 40b449f093e..7046d315e38 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java @@ -32,6 +32,7 @@ import javax.ws.rs.core.Response; import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @ApplicationScoped @@ -352,5 +353,14 @@ public List findMissingElements(List list1, List list2) public boolean isEqualCollection(List list1, List list2) { return CollectionUtils.isEqualCollection(list1, list2); } + + public boolean doesObjectContainField(Object object, String fieldName) { + log.error("Check if object:{} contain fieldName:{} ", object, fieldName); + if(object == null || StringUtils.isEmpty(fieldName)) { + return false; + } + return Arrays.stream(object.getClass().getFields()) + .anyMatch(f -> f.getName().equals(fieldName)); + } }