Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(config-api): client token mgt endpoint #9554

Merged
merged 93 commits into from
Sep 21, 2024

Merge branch 'jans-config-fix' of https://github.com/JanssenProject/j…

9147254
Select commit
Loading
Failed to load commit list.
Merged

feat(config-api): client token mgt endpoint #9554

Merge branch 'jans-config-fix' of https://github.com/JanssenProject/j…
9147254
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded Sep 20, 2024 in 6s

DryRun Security

Details

Authn/Authz Analyzer Findings: 15 detected

⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The provided Java code contains several constants that appear to be related to authentication and authorization. The constants include TOKEN_READ_ACCESS, TOKEN_WRITE_ACCESS, TOKEN_DELETE_ACCESS, SESSION_READ_ACCESS, SESSION_WRITE_ACCESS, and SESSION_DELETE_ACCESS, which suggest that the codebase likely includes functions or methods that deal with managing token and session information, which are essential components of authentication and authorization mechanisms.
Filename jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java
CodeLink

jans/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java

Lines 43 to 57 in 9147254

public static final String OPENID_CLIENTS_READ_ACCESS = "https://jans.io/oauth/config/openid/clients.readonly";
public static final String OPENID_CLIENTS_WRITE_ACCESS = "https://jans.io/oauth/config/openid/clients.write";
public static final String OPENID_CLIENTS_DELETE_ACCESS = "https://jans.io/oauth/config/openid/clients.delete";
public static final String TOKEN_READ_ACCESS = "https://jans.io/oauth/config/token.readonly";
public static final String TOKEN_WRITE_ACCESS = "https://jans.io/oauth/config/token.write";
public static final String TOKEN_DELETE_ACCESS = "https://jans.io/oauth/config/token.delete";
public static final String SESSION_READ_ACCESS = "https://jans.io/oauth/config/session.readonly";
public static final String SESSION_WRITE_ACCESS = "https://jans.io/oauth/config/session.write";
public static final String SESSION_DELETE_ACCESS = "https://jans.io/oauth/config/session.delete";
public static final String UMA_RESOURCES_READ_ACCESS = "https://jans.io/oauth/config/uma/resources.readonly";
public static final String UMA_RESOURCES_WRITE_ACCESS = "https://jans.io/oauth/config/uma/resources.write";
public static final String UMA_RESOURCES_DELETE_ACCESS = "https://jans.io/oauth/config/uma/resources.delete";
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains several constant string variables that suggest the presence of functions related to authentication or authorization. The variables 'AUTHORIZATIONS', 'TOKEN_PATH', and 'TOKEN_CODE_PATH' indicate that the code is handling authorization and token-related functionality, which are common in authentication and authorization processes.
Filename jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java
CodeLink

jans/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

Lines 106 to 113 in 9147254

public static final String AUTHORIZATIONS = "/authorizations";
public static final String USERID_PATH = "{userId}";
public static final String SERVICE_NAME_PARAM_PATH = "/{service-name}";
public static final String TOKEN_PATH = "/{token}";
public static final String TOKEN_CODE_PATH = "/{tknCde}";
public static final String USERID = "userId";
public static final String USERNAME = "username";
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains constants that suggest the presence of functions related to authentication or authorization, such as '/token', '/revoke', and '/grant'. These paths are commonly associated with token-based authentication and authorization mechanisms in web applications.
Filename jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java
CodeLink

jans/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

Lines 43 to 49 in 9147254

public static final String GRANT = "/grant";
public static final String SUBJECT = "/subject";
public static final String TOKEN = "/token";
public static final String REVOKE = "/revoke";
public static final String SEPARATOR = "/";
public static final String SERVER_CONFIG = "/server-config";
public static final String SERVER_CLEANUP = "/server-cleanup";
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains several tags that suggest the presence of functions related to authentication and authorization, such as 'Auth - Session Management', 'Client Authorization', 'Tokens', and 'Sessions'. These tags indicate that the code likely contains functions that handle user authentication, session management, and access control mechanisms.
Filename jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java

Lines 51 to 60 in 9147254

@Tag(name = "Auth - Session Management"), @Tag(name = "Organization Configuration"),
@Tag(name = "Auth Server Health - Check"), @Tag(name = "Plugins"),
@Tag(name = "Configuration – Config API"), @Tag(name = "Client Authorization"),
@Tag(name = "Jans Assets"),
@Tag(name = "Tokens"),
@Tag(name = "Sessions"),
},
servers = { @Server(url = "https://jans.local.io", description = "The Jans server") })
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains several constants related to authentication and authorization, such as '/uma', '/session', '/client', '/clients', '/openid', and '/scopes'. These URLs are commonly associated with authentication and authorization functionality in web applications, such as user management, session management, and OAuth/OpenID Connect flows. The presence of these constants suggests that the codebase likely contains functions or methods related to authentication and authorization.
Filename jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java
CodeLink

jans/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

Lines 30 to 36 in 9147254

public static final String UMA = "/uma";
public static final String DYN_REGISTRATION = "/dyn_registration";
public static final String SESSION = "/session";
public static final String CLIENT = "/client";
public static final String CLIENTS = "/clients";
public static final String OPENID = "/openid";
public static final String SCOPES = "/scopes";
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code snippet contains several OAuth scopes that are related to authentication and authorization, such as TOKEN_READ_ACCESS, TOKEN_WRITE_ACCESS, TOKEN_DELETE_ACCESS, SESSION_READ_ACCESS, SESSION_WRITE_ACCESS, and SESSION_DELETE_ACCESS. These scopes indicate that the application is managing authentication and authorization mechanisms, such as tokens and sessions.
Filename jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java

Lines 116 to 127 in 9147254

@OAuthScope(name = ApiAccessConstants.JANS_ASSET_READ_ACCESS, description = "View Jans Assets"),
@OAuthScope(name = ApiAccessConstants.JANS_ASSET_WRITE_ACCESS, description = "Manage Jans Assets"),
@OAuthScope(name = ApiAccessConstants.JANS_ASSET_DELETE_ACCESS, description = "Delete Jans Assets"),
@OAuthScope(name = ApiAccessConstants.TOKEN_READ_ACCESS, description = "View Token details"),
@OAuthScope(name = ApiAccessConstants.TOKEN_WRITE_ACCESS, description = "Manage Token details"),
@OAuthScope(name = ApiAccessConstants.TOKEN_DELETE_ACCESS, description = "Delete Token details"),
@OAuthScope(name = ApiAccessConstants.SESSION_READ_ACCESS, description = "View Session details"),
@OAuthScope(name = ApiAccessConstants.SESSION_WRITE_ACCESS, description = "Manage Session details"),
@OAuthScope(name = ApiAccessConstants.SESSION_DELETE_ACCESS, description = "Delete Session details")
}
)))
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains two classes that suggest they are related to authentication or authorization: ClientAuthResource.class and TokenResource.class. These class names indicate that they may be handling client authentication or token-based authentication, which are common patterns used in authentication and authorization logic.
Filename jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java

Lines 165 to 178 in 9147254

classes.add(PluginResource.class);
classes.add(ConfigApiResource.class);
classes.add(ClientAuthResource.class);
classes.add(TokenResource.class);
log.info("appConfiguration:{}",appConfiguration );
if(appConfiguration!=null && appConfiguration.getAssetMgtConfiguration()!=null && appConfiguration.getAssetMgtConfiguration().isAssetMgtEnabled()) {
classes.add(AssetResource.class);
}
log.error("\n\n All classes:{}",classes+"\n\n\n");
return classes;
}
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains functions related to authentication or authorization. Specifically, the requestAccessToken function is responsible for obtaining an access token, which is a common authentication mechanism used in web applications. The function sets the username and password for the token request, which suggests that it is part of an authentication flow.
Filename jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java

Lines 100 to 106 in 9147254

tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
Builder request = getClientBuilder(tokenUrl);
request.header(AUTHORIZATION, "Basic " + tokenRequest.getEncodedCredentials());
request.header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED);
final MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>(
tokenRequest.getParameters());
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The provided Java code contains functions related to authentication and authorization. The TokenResource class has two main methods: getClientToken and revokeClientToken. These methods are part of the authentication and authorization flow for managing client tokens. The getClientToken method retrieves the token details for a specific client, while the revokeClientToken method revokes a client token. Additionally, the class uses the ClientAuthService and ClientService classes, which are likely responsible for handling authentication and authorization-related logic. Therefore, this code is considered to contain functions pertaining to authentication and authorization.
Filename jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java

Lines 1 to 124 in 9147254

/*
* Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
*
* Copyright (c) 2020, Janssen Project
*/
package io.jans.configapi.rest.resource.auth;
import static io.jans.as.model.util.Util.escapeLog;
import io.jans.as.common.model.registration.Client;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.model.JansAttribute;
import io.jans.model.SearchRequest;
import io.jans.model.token.TokenEntity;
import io.jans.orm.model.PagedResult;
import io.jans.configapi.service.auth.ClientAuthService;
import io.jans.configapi.service.auth.ClientService;
import io.jans.configapi.util.ApiAccessConstants;
import io.jans.configapi.util.ApiConstants;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.*;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.*;
@Path(ApiConstants.TOKEN)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApplicationScoped
public class TokenResource extends ConfigBaseResource {
private class TokenEntityPagedResult extends PagedResult<TokenEntity> {
};
@Inject
ClientAuthService clientAuthService;
@Inject
ClientService clientService;
@Operation(summary = "Get client token details", description = "Get client token details", operationId = "get-token-details", tags = {
"OAuth - OpenID Connect - Clients" }, security = @SecurityRequirement(name = "oauth2", scopes = {
ApiAccessConstants.TOKEN_READ_ACCESS }))
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class), examples = @ExampleObject(name = "Response example", value = "example/token/token-get.json"))),
@ApiResponse(responseCode = "401", description = "Unauthorized"),
@ApiResponse(responseCode = "404", description = "Not Found"),
@ApiResponse(responseCode = "500", description = "InternalServerError") })
@GET
@ProtectedApi(scopes = { ApiAccessConstants.TOKEN_READ_ACCESS }, groupScopes = {
ApiAccessConstants.TOKEN_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })
@Path(ApiConstants.CLIENT + ApiConstants.CLIENTID_PATH)
public Response getClientToken(
@Parameter(description = "Script identifier") @PathParam(ApiConstants.CLIENTID) @NotNull String clientId) {
if (logger.isInfoEnabled()) {
logger.info("Serach tokens by clientId:{}", escapeLog(clientId));
}
checkNotNull(clientId, ApiConstants.CLIENTID);
// validate clientId
Client client = clientService.getClientByInum(clientId);
checkResourceNotNull(client, "Client");
logger.debug("Serach tokens by client:{}", client);
SearchRequest searchReq = createSearchRequest(clientAuthService.geTokenDn(null), clientId, "tknCde",
ApiConstants.ASCENDING, Integer.parseInt(ApiConstants.DEFAULT_LIST_START_INDEX),
Integer.parseInt(ApiConstants.DEFAULT_LIST_SIZE), null, null, this.getMaxCount(), null,
JansAttribute.class);
TokenEntityPagedResult tokenEntityPagedResult = searchTokenByClientId(searchReq);
logger.info("Asset fetched based on name are:{}", tokenEntityPagedResult);
return Response.ok(tokenEntityPagedResult).build();
}
@Operation(summary = "Revoke client token.", description = "Revoke client token.", operationId = "revoke-token", tags = {
"OAuth - OpenID Connect - Clients" }, security = @SecurityRequirement(name = "oauth2", scopes = {
ApiAccessConstants.TOKEN_DELETE_ACCESS }))
@ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"),
@ApiResponse(responseCode = "400", description = "Bad Request"),
@ApiResponse(responseCode = "401", description = "Unauthorized"),
@ApiResponse(responseCode = "404", description = "Not Found"),
@ApiResponse(responseCode = "500", description = "InternalServerError") })
@DELETE
@ProtectedApi(scopes = { ApiAccessConstants.TOKEN_DELETE_ACCESS }, groupScopes = {
ApiAccessConstants.OPENID_DELETE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_DELETE_ACCESS })
@Path(ApiConstants.REVOKE + ApiConstants.TOKEN_CODE_PATH)
public Response revokeClientToken(
@Parameter(description = "Token Code") @PathParam(ApiConstants.TOKEN_CODE_PARAM) @NotNull String tknCde) {
if (logger.isInfoEnabled()) {
logger.info("Revoke token - tknCde():{}", escapeLog(tknCde));
}
checkResourceNotNull(tknCde, ApiConstants.TOKEN_CODE_PARAM);
clientAuthService.revokeTokenEntity(tknCde);
logger.info(" Successfully deleted token identified by tknCde:{}", tknCde);
return Response.noContent().build();
}
private TokenEntityPagedResult searchTokenByClientId(SearchRequest searchReq) {
logger.debug("Search asset by name params - searchReq:{} ", searchReq);
TokenEntityPagedResult tokenEntityPagedResult = null;
PagedResult<TokenEntity> pagedResult = clientAuthService.getTokenOfClient(searchReq);
logger.debug("PagedResult - pagedResult:{}", pagedResult);
if (pagedResult != null) {
logger.debug(
"Asset fetched - pagedResult.getTotalEntriesCount():{}, pagedResult.getEntriesCount():{}, pagedResult.getEntries():{}",
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a constant AUTHORIZATION which is commonly used in the context of authentication and authorization. This suggests that the AuthClientFactory class may contain functions or methods related to authentication or authorization.
Filename jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java

Lines 47 to 53 in 9147254

public class AuthClientFactory {
private static final String CONTENT_TYPE = "Content-Type";
private static final String AUTHORIZATION = "Authorization";
private static Logger log = LoggerFactory.getLogger(AuthClientFactory.class);
public static IntrospectionService getIntrospectionService(String url, boolean followRedirects) {
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function called revokeSession() that takes a token and userId as parameters. This suggests that the function is related to authentication or authorization, as it is likely used to revoke an active session for a user based on their authentication token and user ID.
Filename jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java

Lines 211 to 223 in 9147254

}
public static RevokeSessionResponse revokeSession(String url, String token, String userId) {
log.debug("Request for Access Token - url:{}, token:{}, userId:{} ", url, token, userId);
Response response = null;
try {
RevokeSessionRequest revokeSessionRequest = new RevokeSessionRequest("uid", "test");
Builder request = getClientBuilder(url);
request.header(AUTHORIZATION, "Basic " + token);
request.header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED);
final MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>(
revokeSessionRequest.getParameters());
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains several classes and imports related to authentication and authorization, such as ClientAuthorization, Client, Scope, and Token. These classes and imports suggest that the code may contain functions or methods related to managing client authorizations, scopes, and tokens, which are common components of authentication and authorization systems.
Filename jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java

Lines 4 to 18 in 9147254

import io.jans.util.StringHelper;
import io.jans.as.persistence.model.ClientAuthorization;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.model.PagedResult;
import io.jans.orm.model.SortOrder;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.service.OrganizationService;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.persistence.model.Scope;
import io.jans.configapi.core.model.Token;
import io.jans.model.SearchRequest;
import io.jans.model.token.TokenEntity;
import static io.jans.as.model.util.Util.escapeLog;
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The provided code contains a function named revokeToken that is potentially related to authentication or authorization. This function takes in parameters such as revokeUrl, clientId, token, and tokenTypeHint, which are commonly used in authentication and authorization flows. The function also makes a POST request to the revokeUrl endpoint, which suggests that it is handling the revocation of an access token, a common authentication and authorization-related operation.
Filename jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java

Lines 122 to 148 in 9147254

return null;
}
public static Response revokeToken(final String revokeUrl, final String clientId, final String token,
final String tokenTypeHint) {
log.debug("Request for Access Token - revokeUrl:{}, clientId:{}, token:{} , tokenTypeHint:{}", revokeUrl,
clientId, token, tokenTypeHint);
Builder request = getClientBuilder(revokeUrl);
request.header(AUTHORIZATION, token);
request.header(CONTENT_TYPE, MediaType.APPLICATION_JSON);
log.debug(" request:{}}", request);
MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>();
multivaluedHashMap.add("token", token);
multivaluedHashMap.add("token_type_hint", tokenTypeHint);
multivaluedHashMap.add("client_id", clientId);
Response response = request.post(Entity.entity(Entity.form(multivaluedHashMap), MediaType.APPLICATION_JSON));
log.debug(" response:{}", response);
return response;
}
public static String getIntrospectionEndpoint(String issuer) throws JsonProcessingException {
log.debug(" Get Introspection Endpoint - issuer:{}", issuer);
String configurationEndpoint = issuer + "/.well-known/openid-configuration";
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a method called getRevokeUrl() which suggests that it may be related to authentication or authorization. The method returns the URL for revoking an OpenID Connect (OIDC) token, which is a common feature of authentication and authorization systems.
Filename jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java

Lines 118 to 125 in 9147254

public boolean isLowercaseFilter(String baseDn) {
return !PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceManager.getPersistenceType(baseDn));
}
public String getRevokeUrl() {
return configurationFactory.getApiAppConfiguration().getAuthOpenidRevokeUrl();
}
}
⚠️ Potential Authn/Authz Function Used or Modified jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The provided Java code contains functions related to authentication or authorization. The code includes methods for managing tokens, which are commonly used for authentication and authorization purposes in web applications. Specifically, the code includes functions to fetch tokens of a client, revoke a token, and get a token entity by its code. These functions are likely part of an authentication or authorization mechanism in the application.
Filename jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java
CodeLink

jans/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java

Lines 192 to 232 in 9147254

}
public PagedResult<TokenEntity> getTokenOfClient(SearchRequest searchRequest) {
logger.info(" Fetch token with searchRequest:{}", searchRequest);
Filter searchFilter = Filter.createEqualityFilter("clnId", searchRequest.getFilter());
logger.debug("Search Token searchFilter:{}", searchFilter);
return persistenceEntryManager.findPagedEntries(geTokenDn(null), TokenEntity.class, searchFilter, null,
searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount());
}
public void revokeTokenEntity(String tknCde) {
if (logger.isInfoEnabled()) {
logger.info(" Revoke token - tknCde:{}", escapeLog(tknCde));
}
TokenEntity tokenEntity = this.getTokenEntityByCode(tknCde);
logger.debug("Token to be revoked identified by tknCde:{} is:{}", tokenEntity, tknCde);
if (tokenEntity == null) {
throw new NotFoundException("Could not find Token identified by - " + tknCde);
}
persistenceEntryManager.removeRecursively(tokenEntity.getDn(), TokenEntity.class);
}
public TokenEntity getTokenEntityByCode(String tknCde) {
TokenEntity tokenEntity = null;
try {
tokenEntity = persistenceEntryManager.find(TokenEntity.class, geTokenDn(tknCde));
} catch (Exception ex) {
logger.error("Failed to get Token identified by tknCde:{" + tknCde + "}", ex);
}
return tokenEntity;
}
}
View more details on DryRunSecurity