Documentation for SSA

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/get/SsaGetClient.java

@@ -11,7 +11,6 @@
 import jakarta.ws.rs.HttpMethod;
 import jakarta.ws.rs.client.Invocation.Builder;
 import org.apache.commons.lang.StringUtils;
-import org.apache.http.client.utils.URIBuilder;
 import org.apache.log4j.Logger;
 
 public class SsaGetClient extends BaseClient<SsaGetRequest, SsaGetResponse> {
@@ -27,12 +26,11 @@ public String getHttpMethod() {
         return HttpMethod.GET;
     }
 
-    public SsaGetResponse execSsaGet(String accessToken, String jti, Long orgId, Boolean softwareRoles) {
+    public SsaGetResponse execSsaGet(String accessToken, String jti, Long orgId) {
         SsaGetRequest ssaGetRequest = new SsaGetRequest();
         ssaGetRequest.setAccessToken(accessToken);
         ssaGetRequest.setJti(jti);
         ssaGetRequest.setOrgId(orgId);
-        ssaGetRequest.setSoftwareRoles(softwareRoles);
         setRequest(ssaGetRequest);
         return exec();
     }

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/get/SsaGetRequest.java

@@ -20,8 +20,6 @@ public class SsaGetRequest extends BaseRequest {
 
     private Long orgId;
 
-    private Boolean softwareRoles;
-
     public SsaGetRequest() {
         setContentType(MediaType.APPLICATION_JSON);
         setMediaType(MediaType.APPLICATION_JSON);
@@ -52,20 +50,11 @@ public void setOrgId(Long orgId) {
         this.orgId = orgId;
     }
 
-    public Boolean getSoftwareRoles() {
-        return softwareRoles;
-    }
-
-    public void setSoftwareRoles(Boolean softwareRoles) {
-        this.softwareRoles = softwareRoles;
-    }
-
     @Override
     public String getQueryString() {
         QueryBuilder builder = QueryBuilder.instance();
         builder.append(SsaRequestParam.JTI.getName(), jti);
         builder.append(SsaRequestParam.ORG_ID.getName(), orgId != null ? orgId.toString() : "");
-        builder.append(SsaRequestParam.SOFTWARE_ROLES.getName(), softwareRoles != null ? softwareRoles.toString() : "");
         return builder.toString();
     }
 }

jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaGetTest.java

@@ -51,7 +51,7 @@ public void getSsaSearchByOrgId(final String redirectUris, final String sectorId
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
-        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, null, orgId1, false);
+        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, null, orgId1);
         AssertBuilder.ssaGet(ssaGetResponse)
                 .ssaListSize(2)
                 .jtiList(jtiList)
@@ -82,7 +82,7 @@ public void getSsaSearchByJti(final String redirectUris, final String sectorIden
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
-        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null, false);
+        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null);
         AssertBuilder.ssaGet(ssaGetResponse)
                 .ssaListSize(1)
                 .jtiList(jtiList)
@@ -114,7 +114,7 @@ public void getSsaSearchByOrgIdAndJti(final String redirectUris, final String se
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
-        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId1, false);
+        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId1);
         AssertBuilder.ssaGet(ssaGetResponse)
                 .ssaListSize(1)
                 .jtiList(jtiList)
@@ -145,7 +145,7 @@ public void getSsaSearchByJtiNotExits(final String redirectUris, final String se
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
-        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null, false);
+        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null);
         AssertBuilder.ssaGet(ssaGetResponse)
                 .ssaListSize(0)
                 .jtiList(jtiList)

jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaRevokeTest.java

@@ -64,7 +64,7 @@ public void revokeWithJtiResponseOK(final String redirectUris, final String sect
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
-        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId, false);
+        SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId);
         showClient(ssaGetClient);
         assertNotNull(ssaGetResponse, "Ssa get response is null");
         assertTrue(ssaGetResponse.getSsaList().isEmpty());

jans-auth-server/model/src/main/java/io/jans/as/model/ssa/SsaScopeType.java

@@ -16,7 +16,6 @@ public enum SsaScopeType {
     SSA_DEVELOPER("https://jans.io/auth/ssa.developer"),
     ;
 
-
     private static final Map<String, SsaScopeType> lookup = new HashMap<>();
 
     static {

jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaRestWebService.java

@@ -37,9 +37,9 @@ Response create(
     /**
      * Get list of SSA based on "jti" or "org_id" filter.
      *
-     * @param jti           Unique identifier
-     * @param orgId         Organization ID
-     * @param httpRequest   Http request
+     * @param jti         Unique identifier
+     * @param orgId       Organization ID
+     * @param httpRequest Http request
      * @return the {@link Response} with status {@code 200 (Ok)} and with body the ssa list,
      * or with status {@code 401 (Unauthorized)} if unauthorized access request,
      * or with status {@code 500 (Internal Server Error)} if internal error occurred.
@@ -48,7 +48,6 @@ Response create(
     @Path("/ssa")
     @Produces({MediaType.APPLICATION_JSON})
     Response get(
-            @QueryParam("software_roles") Boolean softwareRoles,
             @QueryParam("jti") String jti,
             @QueryParam("org_id") Long orgId,
             @Context HttpServletRequest httpRequest

jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaRestWebServiceImpl.java

@@ -60,8 +60,8 @@ public Response create(String requestParams, HttpServletRequest httpRequest) {
      * @return {@link Response} with status {@code 200 (Ok)} and with body List of SSA.
      */
     @Override
-    public Response get(Boolean softwareRoles, String jti, Long orgId, HttpServletRequest httpRequest) {
-        return ssaGetAction.get(softwareRoles, jti, orgId, httpRequest);
+    public Response get(String jti, Long orgId, HttpServletRequest httpRequest) {
+        return ssaGetAction.get(jti, orgId, httpRequest);
     }
 
     /**

jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaService.java

@@ -104,7 +104,7 @@ public Ssa findSsaByJti(String jti) {
      */
     public List<Ssa> getSsaList(String jti, Long orgId, SsaState status, String clientId, String[] scopes) {
         List<Filter> filters = new ArrayList<>();
-        if (hasPortalScope(Arrays.asList(scopes))) {
+        if (hasDeveloperScope(Arrays.asList(scopes))) {
             filters.add(Filter.createEqualityFilter("creatorId", clientId));
         }
         if (jti != null) {
@@ -183,19 +183,19 @@ public Response.ResponseBuilder createNotAcceptableResponse() {
     }
 
     /**
-     * Check if there is only one "ssa.portal" scope
+     * Check if there is only one "ssa.developer" scope
      *
      * @param scopes List of scope
-     * @return true if is only one "ssa.portal", or false otherwise
+     * @return true if is only one "ssa.developer", or false otherwise
      */
-    private boolean hasPortalScope(List<String> scopes) {
+    private boolean hasDeveloperScope(List<String> scopes) {
         Iterator<String> scopesIterator = scopes.iterator();
         boolean result = false;
         while (scopesIterator.hasNext()) {
             String scope = scopesIterator.next();
-            if (scope.equals(SsaScopeType.SSA_ADMIN.getValue())) {
+            if (scope.equals(SsaScopeType.SSA_ADMIN.getValue()) || scope.equals(SsaScopeType.SSA_PORTAL.getValue())) {
                 return false;
-            } else if (scope.equals(SsaScopeType.SSA_PORTAL.getValue())) {
+            } else if (scope.equals(SsaScopeType.SSA_DEVELOPER.getValue())) {
                 result = true;
             }
         }

jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/action/SsaGetAction.java

@@ -93,14 +93,14 @@ public class SsaGetAction {
      * @param httpRequest Http request
      * @return {@link Response} with status {@code 200 (Ok)} and the body containing the list of SSAs.
      */
-    public Response get(Boolean softwareRoles, String jti, Long orgId, HttpServletRequest httpRequest) {
-        log.debug("Attempting to read ssa: softwareRoles = {}, jti = '{}', orgId = {}", softwareRoles, jti, orgId);
+    public Response get(String jti, Long orgId, HttpServletRequest httpRequest) {
+        log.debug("Attempting to read ssa: softwareRoles = {}, orgId = {}", jti, orgId);
 
         errorResponseFactory.validateFeatureEnabled(FeatureFlagType.SSA);
         Response.ResponseBuilder builder = Response.ok();
         try {
             final Client client = ssaRestWebServiceValidator.getClientFromSession();
-            ssaRestWebServiceValidator.checkScopesPolicy(client, Arrays.asList(SsaScopeType.SSA_ADMIN.getValue(), SsaScopeType.SSA_PORTAL.getValue()));
+            ssaRestWebServiceValidator.checkScopesPolicy(client, Arrays.asList(SsaScopeType.SSA_ADMIN.getValue(), SsaScopeType.SSA_PORTAL.getValue(), SsaScopeType.SSA_DEVELOPER.getValue()));
 
             final List<Ssa> ssaList = ssaService.getSsaList(jti, orgId, SsaState.ACTIVE, client.getClientId(), client.getScopes());
 

jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaRestWebServiceImplTest.java

@@ -47,11 +47,11 @@ public void create_validParams_validResponse() {
 
     @Test
     public void get_validParams_validResponse() {
-        when(ssaGetAction.get(anyBoolean(), anyString(), any(), any())).thenReturn(mock(Response.class));
+        when(ssaGetAction.get(anyString(), any(), any())).thenReturn(mock(Response.class));
 
-        Response response = ssaRestWebServiceImpl.get(false, "testJti", 1000L, mock(HttpServletRequest.class));
+        Response response = ssaRestWebServiceImpl.get("testJti", 1000L, mock(HttpServletRequest.class));
         assertNotNull(response, "response is null");
-        verify(ssaGetAction).get(anyBoolean(), anyString(), any(), any());
+        verify(ssaGetAction).get(anyString(), any(), any());
         verifyNoMoreInteractions(ssaGetAction);
     }
 

jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaServiceTest.java

@@ -198,7 +198,7 @@ public void findSsaByJti_jtiNotFound_ssaNull() {
     }
 
     @Test
-    public void getSsaList_withPortalScope_valid() {
+    public void getSsaList_withDeveloperScope_valid() {
         BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
         baseDnConfiguration.setSsa("ou=ssa,o=jans");
         when(staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
@@ -207,7 +207,7 @@ public void getSsaList_withPortalScope_valid() {
         Long orgId = null;
         SsaState status = null;
         String clientId = "test-client";
-        String[] scopes = new String[]{SsaScopeType.SSA_PORTAL.getValue()};
+        String[] scopes = new String[]{SsaScopeType.SSA_DEVELOPER.getValue()};
         List<Ssa> ssaList = ssaService.getSsaList(jti, orgId, status, clientId, scopes);
         assertNotNull(ssaList);
         verify(log).trace(eq("Filter with AND created: " + String.format("[(creatorId=%s)]", clientId)));

jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/action/SsaGetActionTest.java

@@ -55,14 +55,13 @@ public void get_withAllParam_valid() {
         client.setDn("inum=0000,ou=clients,o=jans");
         when(ssaRestWebServiceValidator.getClientFromSession()).thenReturn(client);
 
-        boolean softwareRoles = false;
         String jti = "my-jti";
         Long orgId = 1000L;
-        Response response = ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class));
+        Response response = ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class));
         assertNotNull(response, "response is null");
         assertNotNull(response.getEntity(), "response entity is null");
         assertEquals(response.getStatus(), Response.Status.OK.getStatusCode());
-        verify(log).debug(anyString(), any(), any(), any());
+        verify(log).debug(anyString(), any(), any());
         verify(errorResponseFactory).validateFeatureEnabled(any());
         verify(ssaContextBuilder).buildModifySsaResponseContext(any(), any(), any(), any(), any());
         verify(ssaJsonService).jsonArrayToString(any());
@@ -79,11 +78,10 @@ public void get_invalidClientAndIsErrorEnabledFalse_badRequestResponse() {
         doThrow(error).when(ssaRestWebServiceValidator).getClientFromSession();
         when(log.isErrorEnabled()).thenReturn(Boolean.FALSE);
 
-        boolean softwareRoles = false;
         String jti = "my-jti";
         Long orgId = 1000L;
-        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
-        verify(log).debug(anyString(), any(), any(), any());
+        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
+        verify(log).debug(anyString(), any(), any());
         verify(ssaRestWebServiceValidator).getClientFromSession();
         verify(log).isErrorEnabled();
         verify(log, never()).error(anyString(), any(WebApplicationException.class));
@@ -100,11 +98,10 @@ public void get_invalidClientAndIsErrorEnabledTrue_badRequestResponse() {
         doThrow(error).when(ssaRestWebServiceValidator).getClientFromSession();
         when(log.isErrorEnabled()).thenReturn(Boolean.TRUE);
 
-        boolean softwareRoles = false;
         String jti = "my-jti";
         Long orgId = 1000L;
-        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
-        verify(log).debug(anyString(), any(), any(), any());
+        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
+        verify(log).debug(anyString(), any(), any());
         verify(ssaRestWebServiceValidator).getClientFromSession();
         verify(log).isErrorEnabled();
         verify(log).error(anyString(), any(WebApplicationException.class));
@@ -120,11 +117,10 @@ public void get_invalidClientInternalServer_badRequestResponse() {
                         .build());
         when(errorResponseFactory.createWebApplicationException(any(Response.Status.class), any(SsaErrorResponseType.class), anyString())).thenThrow(error);
 
-        boolean softwareRoles = false;
         String jti = "my-jti";
         Long orgId = 1000L;
-        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
-        verify(log).debug(anyString(), any(), any(), any());
+        assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
+        verify(log).debug(anyString(), any(), any());
         verify(ssaRestWebServiceValidator).getClientFromSession();
         verify(log, never()).isErrorEnabled();
         verify(log).error(any(), any(Exception.class));