From ea04e2ce5d83d4840638cd2e137fcbc67ee69c81 Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Wed, 21 Dec 2022 00:52:31 +0530 Subject: [PATCH] feat(config-api): audit log, agama ADS spec, fix for 0 index search (#3369) * feat(config-api): audit log changes * feat(config-api): audit log and request interceptor * feat(config-api): sync with main * feat(config-api): audit log, agama ADS spec, fix for 0 index search * feat(config-api): audit log, agama ADS spec, fix for 0 index search --- .../as/common/model/registration/Client.java | 8 ++ .../configuration/ApiAppConfiguration.java | 10 ++ .../model/configuration/AuditLogConf.java | 40 ++++++ .../docs/jans-config-api-swagger-auto.yaml | 79 ++++++++---- .../plugin/mgt/service/UserMgmtService.java | 7 +- .../profiles/local/test.properties | 4 +- .../interceptor/AuditLogInterceptor.java | 121 ++++++++++++++++++ .../resource/auth/ADSDeploymentsResource.java | 11 +- .../rest/resource/auth/AgamaResource.java | 15 ++- .../configapi/service/auth/ClientService.java | 9 +- .../java/io/jans/configapi/util/AuthUtil.java | 5 + .../src/main/resources/META-INF/beans.xml | 3 + .../main/resources/config-api-rs-protect.json | 64 +++++++++ .../server/src/main/resources/log4j2.xml | 14 +- .../interceptor/RequestAuditInterceptor.java | 20 +++ .../core/interceptor/RequestInterceptor.java | 20 +++ .../configapi/core/rest/BaseResource.java | 3 - .../jans-config-api/dynamic-conf.json | 6 + 18 files changed, 396 insertions(+), 43 deletions(-) create mode 100644 jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java create mode 100644 jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java create mode 100644 jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java create mode 100644 jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/model/registration/Client.java b/jans-auth-server/common/src/main/java/io/jans/as/common/model/registration/Client.java index f3dd0e7d580..bb5987a58a2 100644 --- a/jans-auth-server/common/src/main/java/io/jans/as/common/model/registration/Client.java +++ b/jans-auth-server/common/src/main/java/io/jans/as/common/model/registration/Client.java @@ -1459,6 +1459,14 @@ public void setBackchannelUserCodeParameter(Boolean backchannelUserCodeParameter this.backchannelUserCodeParameter = backchannelUserCodeParameter; } + public String getDisplayName() { + return getClientName(); + } + + public void setDisplayName(String displayName) { + setClientName(displayName); + } + public String getDescription() { return description; } diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java index 6a99d15be86..2814b8a703b 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java @@ -36,6 +36,7 @@ public class ApiAppConfiguration implements Configuration { private List userExclusionAttributes; private List userMandatoryAttributes; private AgamaConfiguration agamaConfiguration; + private AuditLogConf auditLogConf; public boolean isConfigOauthEnabled() { return configOauthEnabled; @@ -230,6 +231,14 @@ public AgamaConfiguration getAgamaConfiguration() { public void setAgamaConfiguration(AgamaConfiguration agamaConfiguration) { this.agamaConfiguration = agamaConfiguration; } + + public AuditLogConf getAuditLogConf() { + return auditLogConf; + } + + public void setAuditLogConf(AuditLogConf auditLogConf) { + this.auditLogConf = auditLogConf; + } @Override public String toString() { @@ -246,6 +255,7 @@ public String toString() { + " , userExclusionAttributes="+ userExclusionAttributes + " , userMandatoryAttributes="+ userMandatoryAttributes + " , agamaConfiguration="+ agamaConfiguration + + " , auditLogConf="+ auditLogConf + "]"; } diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java new file mode 100644 index 00000000000..c5e6f3d061e --- /dev/null +++ b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java @@ -0,0 +1,40 @@ +package io.jans.configapi.model.configuration; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import java.util.List; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class AuditLogConf { + + /** + * Flag to enable and disable audit log + */ + private boolean enabled; + + /** + * List of header attributes + */ + private List headerAttributes; + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + public List getHeaderAttributes() { + return headerAttributes; + } + + public void setHeaderAttributes(List headerAttributes) { + this.headerAttributes = headerAttributes; + } + + @Override + public String toString() { + return "AuditLogConf [enabled=" + enabled + ", headerAttributes=" + headerAttributes + "]"; + } + +} diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index 8cd1a1fa157..69c280f1a09 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -183,9 +183,8 @@ paths: description: InternalServerError security: - oauth2: - - https://jans.io/oauth/config/agama.readonly - https://jans.io/oauth/config/agama.write - - https://jans.io/oauth/config/read-all + - https://jans.io/oauth/config/write-all delete: tags: - Agama - Developer Studio @@ -212,9 +211,7 @@ paths: description: InternalServerError security: - oauth2: - - https://jans.io/oauth/config/agama.readonly - - https://jans.io/oauth/config/agama.write - - https://jans.io/oauth/config/read-all + - https://jans.io/oauth/config/agama.delete /api/v1/ads-deployment/list: get: tags: @@ -612,6 +609,40 @@ paths: security: - oauth2: - https://jans.io/oauth/config/agama.write + /api/v1/agama/syntax-check/{qname}: + post: + tags: + - Agama - Configuration + summary: Determine if the text passed is valid Agama code + description: Determine if the text passed is valid Agama code + operationId: agama-syntax-check + parameters: + - name: qname + in: path + required: true + schema: + type: string + requestBody: + content: + text/plain: + schema: + type: string + responses: + "200": + description: Agama Syntax Check message + content: + application/json: + schema: + type: string + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/config/agama.readonly + - https://jans.io/oauth/config/agama.write + - https://jans.io/oauth/config/read-all /api/v1/agama/source/{qname}: put: tags: @@ -7268,18 +7299,18 @@ components: type: string whitePagesCanView: type: boolean - userCanView: + adminCanEdit: type: boolean - userCanAccess: + adminCanAccess: type: boolean userCanEdit: type: boolean - adminCanAccess: - type: boolean - adminCanEdit: + userCanView: type: boolean adminCanView: type: boolean + userCanAccess: + type: boolean baseDn: type: string PatchRequest: @@ -7614,6 +7645,8 @@ components: ttl: type: integer format: int32 + displayName: + type: string authenticationMethod: type: string enum: @@ -8437,6 +8470,17 @@ components: $ref: '#/components/schemas/SsaConfiguration' blockWebviewAuthorizationEnabled: type: boolean + fapi: + type: boolean + allResponseTypesSupported: + uniqueItems: true + type: array + items: + type: string + enum: + - code + - token + - id_token enabledFeatureFlags: uniqueItems: true type: array @@ -8464,17 +8508,6 @@ components: - STAT - PAR - SSA - allResponseTypesSupported: - uniqueItems: true - type: array - items: - type: string - enum: - - code - - token - - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn @@ -8768,13 +8801,13 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - file + locationPath: + type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java index 31636504810..96b448e1931 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java @@ -67,10 +67,7 @@ public String getPeopleBaseDn() { } public PagedResult searchUsers(SearchRequest searchRequest) { - if (logger.isDebugEnabled()) { - logger.debug("Search Users with searchRequest:{}", escapeLog(searchRequest)); - } - + logger.debug("Search Users with searchRequest:{}", escapeLog(searchRequest)); Filter searchFilter = null; List filters = new ArrayList<>(); if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) { @@ -87,7 +84,7 @@ public PagedResult searchUsers(SearchRequest searchRequest) { } searchFilter = Filter.createORFilter(filters); } - + logger.debug("Users searchFilter:{}", searchFilter); return persistenceEntryManager.findPagedEntries(getPeopleBaseDn(), User.class, searchFilter, null, searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()), searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount()); diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index af088ce1080..9baf27962e2 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -4,6 +4,6 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con # jans.server token.endpoint=https://jans.server1/jans-auth/restv1/token token.grant.type=client_credentials -test.client.id=1800.5957dfad-b2cb-4764-85fe-841e6bc870ff -test.client.secret=ozu4fjIzoEbe +test.client.id=1800.c94f1e10-7716-4dc8-b82d-4dd1169ed4f9 +test.client.secret=2M6r3vYeQEIT test.issuer=https://jans.server1/ \ No newline at end of file diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java b/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java new file mode 100644 index 00000000000..3fc71b40a98 --- /dev/null +++ b/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java @@ -0,0 +1,121 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.interceptor; + +import io.jans.configapi.core.interceptor.RequestAuditInterceptor; +import io.jans.configapi.model.configuration.AuditLogConf; +import io.jans.configapi.util.AuthUtil; +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.WebApplicationException; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.UriInfo; + +import java.lang.reflect.Method; +import java.util.Collections; +import java.util.Map; +import java.util.HashMap; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import jakarta.interceptor.AroundInvoke; +import jakarta.interceptor.Interceptor; +import jakarta.interceptor.InvocationContext; + +@Interceptor +@RequestAuditInterceptor +@Priority(Interceptor.Priority.APPLICATION) +public class AuditLogInterceptor { + + private static final Logger AUDIT_LOG = LoggerFactory.getLogger("audit"); + + @Context + UriInfo info; + + @Context + HttpServletRequest request; + + @Context + private HttpHeaders httpHeaders; + + @Inject + AuthUtil authUtil; + + @SuppressWarnings({ "all" }) + @AroundInvoke + public Object aroundReadFrom(InvocationContext context) throws Exception { + + try { + processRequest(context); + + } catch (Exception ex) { + throw new WebApplicationException(ex); + } + return context.proceed(); + } + + private void processRequest(InvocationContext context) { + + Object[] ctxParameters = context.getParameters(); + Method method = context.getMethod(); + Class[] clazzArray = method.getParameterTypes(); + + if (clazzArray != null && clazzArray.length > 0) { + for (int i = 0; i < clazzArray.length; i++) { + + Object obj = ctxParameters[i]; + // Audit log + logAuditData(context, obj); + + } + } + } + + private void logAuditData(InvocationContext context, T obj) { + try { + AuditLogConf auditLogConf = getAuditLogConf(); + if (auditLogConf != null && auditLogConf.isEnabled()) { + AUDIT_LOG.info("====== Request for endpoint:{}, method:{}, from:{}, user:{}, data:{} ", info.getPath(), + context.getMethod(), request.getRemoteAddr(), httpHeaders.getHeaderString("User-inum"), obj); + Map attributeMap = getAuditHeaderAttributes(auditLogConf); + AUDIT_LOG.info("attributeMap:{} ", attributeMap); + } + + } catch (Exception ex) { + ex.printStackTrace(); + } + + } + + private AuditLogConf getAuditLogConf() { + return this.authUtil.getAuditLogConf(); + } + + private Map getAuditHeaderAttributes(AuditLogConf auditLogConf) { + + if (auditLogConf == null) { + return Collections.emptyMap(); + } + List attributes = auditLogConf.getHeaderAttributes(); + + Map attributeMap = null; + if (attributes != null && !attributes.isEmpty()) { + attributeMap = new HashMap<>(); + for (String attributeName : attributes) { + + String attributeValue = httpHeaders.getHeaderString(attributeName); + attributeMap.put(attributeName, attributeValue); + } + } + return attributeMap; + } + +} diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ADSDeploymentsResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ADSDeploymentsResource.java index b6d44fca31e..c6035bec4b0 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ADSDeploymentsResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ADSDeploymentsResource.java @@ -87,8 +87,8 @@ public Response getDeployment(@QueryParam("name") String projectName) { @Operation(summary = "Deploy an Agama project.", description = "Deploy an Agama project.", operationId = "post-agama-dev-studio-prj", tags = { "Agama - Developer Studio" }, security = @SecurityRequirement(name = "oauth2", scopes = { - ApiAccessConstants.AGAMA_READ_ACCESS, ApiAccessConstants.AGAMA_WRITE_ACCESS, - ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })) + ApiAccessConstants.AGAMA_WRITE_ACCESS, + ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "202", description = "Agama project accepted", content = @Content(mediaType = "application/zip", schema = @Schema(implementation = String.class), examples = @ExampleObject(name = "Response json example", value = "example/agama/agama-dev-prj-post.json"))), @ApiResponse(responseCode = "400", description = "Bad Request"), @@ -117,8 +117,7 @@ public Response deploy(@QueryParam("name") String projectName, byte[] gamaBinary @Operation(summary = "Delete a deployed Agama project.", description = "Delete a deployed Agama project.", operationId = "delete-agama-dev-studio-prj", tags = { "Agama - Developer Studio" }, security = @SecurityRequirement(name = "oauth2", scopes = { - ApiAccessConstants.AGAMA_READ_ACCESS, ApiAccessConstants.AGAMA_WRITE_ACCESS, - ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })) + ApiAccessConstants.AGAMA_DELETE_ACCESS })) @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "400", description = "Bad Request"), @@ -127,8 +126,8 @@ public Response deploy(@QueryParam("name") String projectName, byte[] gamaBinary @ApiResponse(responseCode = "409", description = "Conflict"), @ApiResponse(responseCode = "500", description = "InternalServerError") }) @DELETE - @ProtectedApi(scopes = { ApiAccessConstants.AGAMA_WRITE_ACCESS }, - superScopes = { ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) + @ProtectedApi(scopes = { ApiAccessConstants.AGAMA_DELETE_ACCESS }, + superScopes = { ApiAccessConstants.SUPER_ADMIN_DELETE_ACCESS }) public Response undeploy(@QueryParam("name") String projectName) { if (projectName == null) diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java index 79cbc579d8f..6aaa87faf95 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AgamaResource.java @@ -148,13 +148,21 @@ public Response createFlow(@Valid Flow flow) return Response.status(Response.Status.CREATED).entity(minimize(flow, false)).build(); } + @Operation(summary = "Determine if the text passed is valid Agama code", description = "Determine if the text passed is valid Agama code", operationId = "agama-syntax-check", tags = { + "Agama - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { + ApiAccessConstants.AGAMA_READ_ACCESS, ApiAccessConstants.AGAMA_WRITE_ACCESS, + ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Agama Syntax Check message", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = Exception.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) @POST @Consumes(MediaType.TEXT_PLAIN) @ProtectedApi(scopes = { ApiAccessConstants.AGAMA_READ_ACCESS }, groupScopes = { ApiAccessConstants.AGAMA_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS }) @Path("/syntax-check/" + ApiConstants.QNAME_PATH) public Response doSyntaxCheck(@PathParam(ApiConstants.QNAME) String qname, String source) { - + Exception e = null; try { Transpiler.runSyntaxCheck(qname, source); @@ -167,7 +175,7 @@ public Response doSyntaxCheck(@PathParam(ApiConstants.QNAME) String qname, Strin return Response.ok().entity(e).build(); } - + @Operation(summary = "Create a new agama flow from source", description = "Create a new agama flow from source.", operationId = "post-agama-flow-from-source", tags = { "Agama - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { ApiAccessConstants.AGAMA_WRITE_ACCESS })) @@ -313,6 +321,9 @@ private Flow findFlow(String flowName, boolean throwError) { Flow flow = null; try { flow = agamaFlowService.getFlowByName(flowName); + if (flow == null && throwError) { + throw new NotFoundException(getNotFoundError("Flow - '" + flowName + "'")); + } } catch (EntryPersistenceException e) { logger.error("No flow found with the name:{} ", flowName); if (throwError) { diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java index 365e667a8c2..96c58f3e3f7 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java @@ -20,6 +20,7 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.register.ApplicationType; import io.jans.configapi.core.model.SearchRequest; +import io.jans.configapi.service.auth.ConfigurationService; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.model.PagedResult; import io.jans.orm.model.SortOrder; @@ -67,6 +68,9 @@ public class ClientService implements Serializable { @Inject transient AppConfiguration appConfiguration; + + @Inject + ConfigurationService configurationService; public boolean contains(String clientDn) { return persistenceEntryManager.contains(clientDn, Client.class); @@ -356,8 +360,11 @@ private void updateCustomAttributes(Client client) { // custom object class final String customOC = appConfiguration.getDynamicRegistrationCustomObjectClass(); - if (StringUtils.isNotBlank(customOC)) { + String persistenceType = configurationService.getPersistenceType(); + if (PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceType) && StringUtils.isNotBlank(customOC)) { client.setCustomObjectClasses(new String[] { customOC }); + }else { + client.setCustomObjectClasses(null); } // custom attributes (custom attributes must be in custom object class) diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java index ce28d113ca3..916283e93fc 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java @@ -10,6 +10,7 @@ import io.jans.as.model.util.Util; import io.jans.as.persistence.model.Scope; import io.jans.configapi.model.configuration.AgamaConfiguration; +import io.jans.configapi.model.configuration.AuditLogConf; import io.jans.configapi.security.api.ApiProtectionCache; import io.jans.configapi.security.client.AuthClientFactory; import io.jans.configapi.configuration.ConfigurationFactory; @@ -67,6 +68,10 @@ public String getOpenIdConfigurationEndpoint() { public String getAuthOpenidConfigurationUrl() { return this.configurationFactory.getApiAppConfiguration().getAuthOpenidConfigurationUrl(); } + + public AuditLogConf getAuditLogConf() { + return this.configurationFactory.getApiAppConfiguration().getAuditLogConf(); + } public String getIssuer() { return this.configurationService.find().getIssuer(); diff --git a/jans-config-api/server/src/main/resources/META-INF/beans.xml b/jans-config-api/server/src/main/resources/META-INF/beans.xml index ddc64918ba0..a22aceb3cf6 100644 --- a/jans-config-api/server/src/main/resources/META-INF/beans.xml +++ b/jans-config-api/server/src/main/resources/META-INF/beans.xml @@ -3,4 +3,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd" bean-discovery-mode="all" version="3.0"> + + io.jans.configapi.interceptor.AuditLogInterceptor + diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index 9b8561234c2..1c7b1342ddd 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -1628,6 +1628,70 @@ ] } ] + }, + { + "path": "/jans-config-api/api/v1/ads-deployment", + "conditions": [ + { + "httpMethods": [ + "GET" + ], + "scopes": [ + { + "inum": "1800.01.43", + "name": "https://jans.io/oauth/config/agama.readonly" + } + ], + "groupScopes": [ + { + "inum": "1800.01.44", + "name": "https://jans.io/oauth/config/agama.write" + } + ], + "superScopes": [ + { + "inum": "1800.03.1", + "name": "https://jans.io/oauth/config/read-all" + } + ] + }, + { + "httpMethods": [ + "POST" + ], + "scopes": [ + { + "inum": "1800.01.44", + "name": "https://jans.io/oauth/config/agama.write" + } + ], + "groupScopes": [], + "superScopes": [ + { + "inum": "1800.03.2", + "name": "https://jans.io/oauth/config/write-all" + } + ] + }, + { + "httpMethods": [ + "DELETE" + ], + "scopes": [ + { + "inum": "1800.01.45", + "name": "https://jans.io/oauth/config/agama.delete" + } + ], + "groupScopes": [], + "superScopes": [ + { + "inum": "1800.03.3", + "name": "https://jans.io/oauth/config/delete-all" + } + ] + } + ] }, { "path": "/jans-config-api/api/v1/jans-auth-server/session", diff --git a/jans-config-api/server/src/main/resources/log4j2.xml b/jans-config-api/server/src/main/resources/log4j2.xml index 72a6b477b95..38e96243e90 100644 --- a/jans-config-api/server/src/main/resources/log4j2.xml +++ b/jans-config-api/server/src/main/resources/log4j2.xml @@ -8,6 +8,15 @@ + + + + + + + + + @@ -59,7 +68,10 @@ - + + + + diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java new file mode 100644 index 00000000000..4304c111ac8 --- /dev/null +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java @@ -0,0 +1,20 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.core.interceptor; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import jakarta.interceptor.InterceptorBinding; + +@InterceptorBinding +@Retention(RetentionPolicy.RUNTIME) +@Target({ ElementType.TYPE, ElementType.METHOD }) +public @interface RequestAuditInterceptor { +} diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java new file mode 100644 index 00000000000..21eee7034d8 --- /dev/null +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java @@ -0,0 +1,20 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.core.interceptor; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import jakarta.interceptor.InterceptorBinding; + +@InterceptorBinding +@Retention(RetentionPolicy.RUNTIME) +@Target({ ElementType.TYPE, ElementType.METHOD }) +public @interface RequestInterceptor { +} diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java index c33b14d40b6..57aed1fd011 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java @@ -174,9 +174,6 @@ protected SearchRequest createSearchRequest(String schemas, String filter, Strin count = 0; } - // SCIM searches are 1 indexed - startIndex = (startIndex == null || startIndex < 1) ? 1 : startIndex; - if (StringUtils.isEmpty(sortOrder) || !sortOrder.equals(SortOrder.DESCENDING.getValue())) { sortOrder = SortOrder.ASCENDING.getValue(); } diff --git a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json index a53836b2d30..9a009bba94a 100644 --- a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json @@ -53,6 +53,12 @@ "serialVersionUID", "enabled" ] + }, + "auditLog": { + "enabled": true, + "headerAttributes": [ + "User-inum" + ] } }