diff --git a/docs/jans-config-api-swagger.yaml b/docs/jans-config-api-swagger.yaml index a941d9e3aeb..84154e60c1a 100644 --- a/docs/jans-config-api-swagger.yaml +++ b/docs/jans-config-api-swagger.yaml @@ -38,6 +38,7 @@ tags: - name: Admin UI - Role - name: Admin UI - Permission - name: Admin UI - Role-Permissions Mapping + - name: Admin UI - License paths: /jans-config-api/api/v1/jans-auth-server/config: get: @@ -2829,7 +2830,7 @@ paths: description: Get all admin ui roles. operationId: get-adminui-roles security: - - oauth2: [https://jans.io/adminui/user/role.read] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.read] responses: '200': description: OK @@ -2854,7 +2855,7 @@ paths: description: Add admin ui role. operationId: add-adminui-role security: - - oauth2: [https://jans.io/adminui/user/role.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] requestBody: content: application/json: @@ -2886,7 +2887,7 @@ paths: description: Edit admin ui role. operationId: edit-adminui-role security: - - oauth2: [https://jans.io/adminui/user/role.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] requestBody: content: application/json: @@ -2916,7 +2917,7 @@ paths: description: Delete admin ui role. operationId: delete-adminui-role security: - - oauth2: [https://jans.io/adminui/user/role.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] requestBody: content: application/json: @@ -2947,7 +2948,7 @@ paths: description: Get admin ui permissions. operationId: get-adminui-permissions security: - - oauth2: [https://jans.io/adminui/user/permission.read] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.read] responses: '200': description: OK @@ -2972,7 +2973,7 @@ paths: description: Add admin ui permission. operationId: add-adminui-permission security: - - oauth2: [https://jans.io/adminui/user/permission.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] requestBody: content: application/json: @@ -3004,7 +3005,7 @@ paths: description: Edit admin ui permission. operationId: edit-adminui-permission security: - - oauth2: [https://jans.io/adminui/user/permission.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] requestBody: content: application/json: @@ -3034,7 +3035,7 @@ paths: description: Delete admin ui permission. operationId: delete-adminui-permission security: - - oauth2: [https://jans.io/adminui/user/permission.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] requestBody: content: application/json: @@ -3065,7 +3066,7 @@ paths: description: Get admin ui role-permissions mapping. operationId: get-adminui-role-permissions security: - - oauth2: [https://jans.io/adminui/user/rolePermissionMapping.read] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.read] responses: '200': description: OK @@ -3090,7 +3091,7 @@ paths: description: Map permissions to role. operationId: map-permissions-to-role security: - - oauth2: [https://jans.io/adminui/user/rolePermissionMapping.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] requestBody: content: application/json: @@ -3120,7 +3121,7 @@ paths: description: Remove role-permissions mapping. operationId: remove-role-permissions-permission security: - - oauth2: [https://jans.io/adminui/user/rolePermissionMapping.write] + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] requestBody: content: application/json: @@ -3143,6 +3144,60 @@ paths: $ref: '#/components/responses/Unauthorized' '500': $ref: '#/components/responses/InternalServerError' + /jans-config-api/admin-ui/license/licenseDetails: + get: + tags: + - Admin UI - License + summary: Get admin ui license details. + description: Get admin ui license details. + operationId: get-adminui-license + security: + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.read] + responses: + '200': + description: OK + content: + application/json: + schema: + title: Get admin ui license details. + description: Get admin ui license details. + $ref: '#/components/schemas/LicenseResponse' + '400': + $ref: '#/components/responses/NotAcceptable' + '401': + $ref: '#/components/responses/Unauthorized' + '500': + $ref: '#/components/responses/InternalServerError' + put: + tags: + - Admin UI - License + summary: Edit admin ui license details. + description: Edit admin ui license details. + operationId: edit-adminui-license + security: + - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write] + requestBody: + content: + application/json: + schema: + required: + - role + $ref: '#/components/schemas/LicenseRequest' + responses: + '200': + description: OK + content: + application/json: + schema: + title: Edit admin ui license details. + description: Edit admin ui license details. + $ref: '#/components/schemas/LicenseResponse' + '400': + $ref: '#/components/responses/NotAcceptable' + '401': + $ref: '#/components/responses/Unauthorized' + '500': + $ref: '#/components/responses/InternalServerError' components: securitySchemes: oauth2: @@ -4885,8 +4940,8 @@ components: description: XRI i-number. Client Identifier to uniquely identify the client. type: string displayName: - type: string - description: Name of the user suitable for display to end-users + type: string + description: Name of the user suitable for display to end-users clientSecret: type: string description: The client secret. The client MAY omit the parameter if the client secret is an empty string. @@ -6201,16 +6256,16 @@ components: ScimPatchOperation: required: - - op + - op type: object properties: op: type: string description: The kind of operation to perform enum: - - add - - remove - - replace + - add + - remove + - replace path: type: string description: Required when op is remove, optional otherwise @@ -6222,7 +6277,7 @@ components: ScimPatchRequest: description: Stores one or more patch operations required: - - operations + - operations type: object properties: schemas: @@ -6281,4 +6336,60 @@ components: items: type: string description: permissions - + LicenseRequest: + type: object + description: Admin license request + required: + - validityPeriod + properties: + validityPeriod: + type: string + description: The license will expire on following date. + maxActivations: + type: string + description: The maximum allowed activations of this license on different machines. + licenseActive: + type: string + description: Is license active? + LicenseResponse: + type: object + description: Admin license response + properties: + licenseEnabled: + type: boolean + description: Is license module enabled in admin-ui application? + default: false + productName: + type: string + description: The license is registered under following product. + productCode: + type: string + description: The short code is used in our API calls in order to identify the product. + licenseType: + type: string + description: The type of license (eg Perpetual, Time-based, Subscription, and Consumption-based licenses). + maxActivations: + type: integer + description: The license key. + licenseKey: + type: string + description: The license key. + licenseActive: + type: boolean + description: Is license active? + default: false + validityPeriod: + type: string + description: The license validity period + companyName: + type: string + description: The company name of the registered license. + customerEmail: + type: string + description: The customer email address of the registered license. + customerFirstName: + type: string + description: The customer first name. + customerLastName: + type: string + description: The customer last name. \ No newline at end of file diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseResponse.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseResponse.java index db59d4e4e89..beb6dc28e37 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseResponse.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseResponse.java @@ -1,25 +1,33 @@ package io.jans.ca.plugin.adminui.model.auth; public class LicenseResponse { - private boolean isLicenseEnable; + private boolean licenseEnabled; private String productName; private String productCode; private String licenseType; private int maxActivations; private String licenseKey; - private boolean isLicenseActive; + private boolean licenseActive; private String validityPeriod; private String companyName; private String customerEmail; private String customerFirstName; private String customerLastName; - public boolean isLicenseEnable() { - return isLicenseEnable; + public boolean isLicenseEnabled() { + return licenseEnabled; } - public void setIsLicenseEnable(boolean isLicenseEnable) { - this.isLicenseEnable = isLicenseEnable; + public void setLicenseEnabled(boolean licenseEnabled) { + this.licenseEnabled = licenseEnabled; + } + + public boolean isLicenseActive() { + return licenseActive; + } + + public void setLicenseActive(boolean licenseActive) { + this.licenseActive = licenseActive; } public String getProductName() { @@ -62,14 +70,6 @@ public void setLicenseKey(String licenseKey) { this.licenseKey = licenseKey; } - public boolean isLicenseActive() { - return isLicenseActive; - } - - public void setLicenseActive(boolean licenseActive) { - isLicenseActive = licenseActive; - } - public String getValidityPeriod() { return validityPeriod; } @@ -113,13 +113,13 @@ public void setCustomerLastName(String customerLastName) { @Override public String toString() { return "LicenseResponse{" + - "isLicenseEnable=" + isLicenseEnable + + "licenseEnabled=" + licenseEnabled + ", productName='" + productName + '\'' + ", productCode='" + productCode + '\'' + ", licenseType='" + licenseType + '\'' + ", maxActivations=" + maxActivations + ", licenseKey='" + licenseKey + '\'' + - ", isLicenseActive=" + isLicenseActive + + ", licenseActive=" + licenseActive + ", validityPeriod='" + validityPeriod + '\'' + ", companyName='" + companyName + '\'' + ", customerEmail='" + customerEmail + '\'' + diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/auth/OAuth2Resource.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/auth/OAuth2Resource.java index a6e2d067d23..b05dba28a8b 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/auth/OAuth2Resource.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/auth/OAuth2Resource.java @@ -9,6 +9,7 @@ import io.jans.ca.plugin.adminui.service.auth.OAuth2Service; import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService; import io.jans.ca.plugin.adminui.utils.ErrorResponse; +import io.jans.configapi.filters.ProtectedApi; import org.slf4j.Logger; import javax.inject.Inject; @@ -26,6 +27,8 @@ public class OAuth2Resource { static final String OAUTH2_API_PROTECTION_TOKEN = "/api-protection-token"; static final String OAUTH2_API_USER_INFO = "/user-info"; + public static final String SCOPE_OPENID = "openid"; + @Inject Logger log; @@ -38,6 +41,7 @@ public class OAuth2Resource { @GET @Path(OAUTH2_CONFIG) @Produces(MediaType.APPLICATION_JSON) + @ProtectedApi(scopes = {SCOPE_OPENID}) public Response getOAuth2Config() { AUIConfiguration auiConfiguration = auiConfigurationService.getAUIConfiguration(); @@ -77,6 +81,7 @@ public Response getAccessToken(@QueryParam("code") String code) { @GET @Path(OAUTH2_API_PROTECTION_TOKEN) + @Produces(MediaType.APPLICATION_JSON) public Response getApiProtectionToken(@QueryParam("ujwt") String ujwt) { try { log.info("Api protection token request to Auth Server."); diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java index 062ac3f493a..5b44a33c08b 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java @@ -5,6 +5,7 @@ import io.jans.ca.plugin.adminui.model.auth.LicenseResponse; import io.jans.ca.plugin.adminui.service.license.LicenseDetailsService; import io.jans.ca.plugin.adminui.utils.ErrorResponse; +import io.jans.configapi.filters.ProtectedApi; import org.slf4j.Logger; import javax.inject.Inject; @@ -19,8 +20,11 @@ public class LicenseResource { static final String CHECK_LICENSE = "/checkLicense"; static final String ACTIVATE_LICENSE = "/activateLicense"; - static final String GET_LICENSE_DETAILS = "/getLicenseDetails"; - static final String UPDATE_LICENSE_DETAILS = "/updateLicenseDetails"; + static final String LICENSE_DETAILS = "/licenseDetails"; + + public static final String SCOPE_OPENID = "openid"; + static final String SCOPE_LICENSE_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly"; + static final String SCOPE_LICENSE_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/license.write"; @Inject Logger log; @@ -30,6 +34,7 @@ public class LicenseResource { @GET @Path(CHECK_LICENSE) + @ProtectedApi(scopes={SCOPE_OPENID}) @Produces(MediaType.APPLICATION_JSON) public Response checkLicense() { try { @@ -45,6 +50,7 @@ public Response checkLicense() { @POST @Path(ACTIVATE_LICENSE) + @ProtectedApi(scopes={SCOPE_OPENID}) @Produces(MediaType.TEXT_PLAIN) public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) { try { @@ -59,7 +65,8 @@ public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) { } @GET - @Path(GET_LICENSE_DETAILS) + @Path(LICENSE_DETAILS) + @ProtectedApi(scopes={SCOPE_LICENSE_READ}) @Produces(MediaType.APPLICATION_JSON) public Response getLicenseDetails() { try { @@ -73,7 +80,8 @@ public Response getLicenseDetails() { } @PUT - @Path(UPDATE_LICENSE_DETAILS) + @Path(LICENSE_DETAILS) + @ProtectedApi(scopes={SCOPE_LICENSE_WRITE}) @Produces(MediaType.APPLICATION_JSON) public Response updateLicenseDetails(@Valid @NotNull LicenseRequest licenseRequest) { try { diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java index 3b3cb105553..ae4e3337d8c 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java @@ -23,12 +23,12 @@ public class UserManagementResource { static final String ROLES = "/roles"; static final String PERMISSIONS = "/permissions"; static final String ROLE_PERMISSIONS_MAPPING = "/rolePermissionsMapping"; - static final String ADMINUI_ROLE_READ = "https://jans.io/adminui/user/role.read"; - static final String ADMINUI_ROLE_WRITE = "https://jans.io/adminui/user/role.write"; - static final String ADMINUI_PERMISSION_READ = "https://jans.io/adminui/user/permission.read"; - static final String ADMINUI_PERMISSION_WRITE = "https://jans.io/adminui/user/permission.write"; - static final String ADMINUI_ROLE_PERMISSION_MAPPING_READ = "https://jans.io/adminui/user/rolePermissionMapping.read"; - static final String ADMINUI_ROLE_PERMISSION_MAPPING_WRITE = "https://jans.io/adminui/user/rolePermissionMapping.write"; + static final String SCOPE_ROLE_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly"; + static final String SCOPE_ROLE_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write"; + static final String SCOPE_PERMISSION_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly"; + static final String SCOPE_PERMISSION_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write"; + static final String SCOPE_ROLE_PERMISSION_MAPPING_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly"; + static final String SCOPE_ROLE_PERMISSION_MAPPING_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write"; @Inject Logger log; @@ -39,7 +39,7 @@ public class UserManagementResource { @GET @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_READ) + @ProtectedApi(scopes = SCOPE_ROLE_READ) public Response getRoles() { try { log.info("Get all Admin-UI roles."); @@ -58,7 +58,7 @@ public Response getRoles() { @POST @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_WRITE) + @ProtectedApi(scopes = SCOPE_ROLE_WRITE) public Response addRole(@Valid @NotNull AdminRole roleArg) { try { log.info("Adding Admin-UI role."); @@ -77,7 +77,7 @@ public Response addRole(@Valid @NotNull AdminRole roleArg) { @PUT @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_WRITE) + @ProtectedApi(scopes = SCOPE_ROLE_WRITE) public Response editRole(@Valid @NotNull AdminRole roleArg) { try { log.info("Editing Admin-UI role."); @@ -96,7 +96,7 @@ public Response editRole(@Valid @NotNull AdminRole roleArg) { @DELETE @Path(ROLES) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_WRITE) + @ProtectedApi(scopes = SCOPE_ROLE_WRITE) public Response deleteRole(@Valid @NotNull AdminRole roleArg) { try { log.info("Deleting Admin-UI role."); @@ -115,7 +115,7 @@ public Response deleteRole(@Valid @NotNull AdminRole roleArg) { @GET @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_PERMISSION_READ) + @ProtectedApi(scopes = SCOPE_PERMISSION_READ) public Response getPermissions() { try { log.info("Get all Admin-UI permissions."); @@ -134,7 +134,7 @@ public Response getPermissions() { @POST @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_PERMISSION_WRITE) + @ProtectedApi(scopes = SCOPE_PERMISSION_WRITE) public Response addPermission(@Valid @NotNull AdminPermission permissionArg) { try { log.info("Adding Admin-UI permissions."); @@ -153,7 +153,7 @@ public Response addPermission(@Valid @NotNull AdminPermission permissionArg) { @PUT @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_PERMISSION_WRITE) + @ProtectedApi(scopes = SCOPE_PERMISSION_WRITE) public Response editPermission(@Valid @NotNull AdminPermission permissionArg) { try { log.info("Editing Admin-UI permissions."); @@ -172,7 +172,7 @@ public Response editPermission(@Valid @NotNull AdminPermission permissionArg) { @DELETE @Path(PERMISSIONS) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_PERMISSION_WRITE) + @ProtectedApi(scopes = SCOPE_PERMISSION_WRITE) public Response deletePermission(@Valid @NotNull AdminPermission permissionArg) { try { log.info("Deleting Admin-UI permission."); @@ -191,7 +191,7 @@ public Response deletePermission(@Valid @NotNull AdminPermission permissionArg) @GET @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_PERMISSION_MAPPING_READ) + @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_READ) public Response getAdminUIRolePermissionsMapping() { try { log.info("Get all Admin-UI role-permissions mapping."); @@ -210,7 +210,7 @@ public Response getAdminUIRolePermissionsMapping() { @PUT @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_PERMISSION_MAPPING_WRITE) + @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE) public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) { try { log.info("Mapping permissions to Admin-UI role."); @@ -229,7 +229,7 @@ public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP @DELETE @Path(ROLE_PERMISSIONS_MAPPING) @Produces(MediaType.APPLICATION_JSON) - @ProtectedApi(scopes = ADMINUI_ROLE_PERMISSION_MAPPING_WRITE) + @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE) public Response removePermissionsFromRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) { try { log.info("Removing permissions to Admin-UI role."); diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java index 9f8cd45817f..64a71877465 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java @@ -2,6 +2,7 @@ import com.google.common.base.Strings; import com.google.common.collect.Maps; +import com.google.common.collect.Sets; import io.jans.as.client.TokenRequest; import io.jans.as.model.common.GrantType; import io.jans.as.model.jwt.Jwt; @@ -11,7 +12,9 @@ import io.jans.ca.plugin.adminui.model.auth.TokenResponse; import io.jans.ca.plugin.adminui.model.auth.UserInfoRequest; import io.jans.ca.plugin.adminui.model.auth.UserInfoResponse; +import io.jans.ca.plugin.adminui.rest.auth.OAuth2Resource; import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService; +import io.jans.ca.plugin.adminui.utils.CommonUtils; import io.jans.ca.plugin.adminui.utils.ErrorResponse; import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; @@ -29,6 +32,8 @@ import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; +import java.io.UnsupportedEncodingException; +import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Set; @@ -83,11 +88,8 @@ public TokenResponse getAccessToken(String code) throws ApplicationException { */ public TokenResponse getApiProtectionToken(String userInfoJwt) throws ApplicationException { try { - log.debug("Getting api-protection token with userInfoJwt"); - if (Strings.isNullOrEmpty(userInfoJwt)) { - log.error(ErrorResponse.USER_INFO_JWT_BLANK.getDescription()); - throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.USER_INFO_JWT_BLANK.getDescription()); - } + log.debug("Getting api-protection token"); + AUIConfiguration auiConfiguration = auiConfigurationService.getAUIConfiguration(); TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS); @@ -96,6 +98,10 @@ public TokenResponse getApiProtectionToken(String userInfoJwt) throws Applicatio tokenRequest.setGrantType(GrantType.CLIENT_CREDENTIALS); tokenRequest.setRedirectUri(auiConfiguration.getTokenServerRedirectUrl()); + if (Strings.isNullOrEmpty(userInfoJwt)) { + log.warn(ErrorResponse.USER_INFO_JWT_BLANK.getDescription()); + tokenRequest.setScope(scopeAsString(Arrays.asList(OAuth2Resource.SCOPE_OPENID))); + } io.jans.as.client.TokenResponse tokenResponse = getToken(tokenRequest, auiConfiguration.getTokenServerTokenEndpoint(), userInfoJwt); final Jwt tokenJwt = Jwt.parse(tokenResponse.getAccessToken()); @@ -123,9 +129,6 @@ public TokenResponse getApiProtectionToken(String userInfoJwt) throws Applicatio return tokenResp; - } catch (ApplicationException e) { - log.error(ErrorResponse.GET_API_PROTECTION_TOKEN_ERROR.getDescription()); - throw e; } catch (Exception e) { log.error(ErrorResponse.GET_API_PROTECTION_TOKEN_ERROR.getDescription(), e); throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_API_PROTECTION_TOKEN_ERROR.getDescription()); @@ -276,4 +279,10 @@ else if (jwtClaims.getClaim(key) instanceof JSONArray) { }); return claims; } + + private static String scopeAsString(List scopes) throws UnsupportedEncodingException { + Set scope = Sets.newHashSet(); + scope.addAll(scopes); + return CommonUtils.joinAndUrlEncode(scope); + } } diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/license/LicenseDetailsService.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/license/LicenseDetailsService.java index 4fe3317defe..38828c593f4 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/license/LicenseDetailsService.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/license/LicenseDetailsService.java @@ -79,17 +79,17 @@ public LicenseResponse getLicenseDetails() { Boolean isLicenseCheckEnabled = auiConfiguration.getLicenseConfiguration().getEnabled(); if (!Boolean.TRUE.equals(isLicenseCheckEnabled)) { log.debug("License configuration is disabled."); - licenseResponse.setIsLicenseEnable(false); + licenseResponse.setLicenseEnabled(false); return licenseResponse; } License activeLicense = auiConfiguration.getLicenseConfiguration().getLicenseManager().getCurrent(); if (activeLicense == null) { log.debug("Active license for admin-ui not present "); - licenseResponse.setIsLicenseEnable(false); + licenseResponse.setLicenseEnabled(false); return licenseResponse; } else { log.debug("Active license for admin-ui found : {}", activeLicense.getProduct()); - licenseResponse.setIsLicenseEnable(true); + licenseResponse.setLicenseEnabled(true); licenseResponse.setProductName(activeLicense.getProduct().getProductName()); licenseResponse.setProductCode(activeLicense.getProduct().getShortCode()); licenseResponse.setLicenseType(activeLicense.getData().getLicenseType().name()); @@ -105,7 +105,7 @@ public LicenseResponse getLicenseDetails() { } } catch (Exception e) { log.error(ErrorResponse.GET_LICENSE_DETAILS_ERROR.getDescription(), e); - licenseResponse.setIsLicenseEnable(false); + licenseResponse.setLicenseEnabled(false); return licenseResponse; } @@ -135,7 +135,7 @@ public LicenseResponse updateLicenseDetails(LicenseRequest licenseRequest) throw //search license by license-key License activeLicense = auiConfiguration.getLicenseConfiguration().getLicenseManager().getCurrent(); if (activeLicense == null) { - licenseResponse.setIsLicenseEnable(false); + licenseResponse.setLicenseEnabled(false); return licenseResponse; } SearchLicensesRequest request = SearchLicensesRequest.builder() @@ -156,7 +156,7 @@ public LicenseResponse updateLicenseDetails(LicenseRequest licenseRequest) throw BackOfficeLicense updated = licenseService.updateLicense(response.getResults().get(0).getId(), update); //create LicenseResponse - licenseResponse.setIsLicenseEnable(true); + licenseResponse.setLicenseEnabled(true); licenseResponse.setProductName(activeLicense.getProduct().getProductName()); licenseResponse.setProductCode(activeLicense.getProduct().getShortCode()); licenseResponse.setLicenseType(activeLicense.getData().getLicenseType().name()); diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/CommonUtils.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/CommonUtils.java new file mode 100644 index 00000000000..da94bbf3fae --- /dev/null +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/CommonUtils.java @@ -0,0 +1,21 @@ +package io.jans.ca.plugin.adminui.utils; + +import com.google.common.base.Joiner; + +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.util.Collection; + +public class CommonUtils { + public static String joinAndUrlEncode(Collection list) throws UnsupportedEncodingException { + if (list == null || list.isEmpty()) { + return ""; + } + return encode(Joiner.on(" ").join(list)); + } + + public static String encode(String str) throws UnsupportedEncodingException { + return URLEncoder.encode(str, "UTF-8"); + } + +} \ No newline at end of file diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java index d9256422ee7..9d58e660808 100644 --- a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java +++ b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java @@ -5,7 +5,7 @@ public enum ErrorResponse { GET_API_PROTECTION_TOKEN_ERROR("Error in getting api protection token."), GET_USER_INFO_ERROR("Error in getting User-Info."), AUTHORIZATION_CODE_BLANK("Bad Request: Authourization `code` blank or empty."), - USER_INFO_JWT_BLANK("Bad Request: User-Info jwt is blank or empty."), + USER_INFO_JWT_BLANK("User-Info jwt is blank or empty. Generating token with default scopes."), CODE_OR_TOKEN_REQUIRED("Bad Request: Either `code` or `access_token` is required."), CHECK_LICENSE_ERROR("Error in checking license status."), ACTIVATE_LICENSE_ERROR("Error in activating License."),