Skip to content

Commit

Permalink
feat: protecting Admin-UI Plugin Apis #142
Browse files Browse the repository at this point in the history
  • Loading branch information
duttarnab committed Jan 6, 2022
1 parent da29789 commit d67af5d
Show file tree
Hide file tree
Showing 9 changed files with 225 additions and 71 deletions.
149 changes: 130 additions & 19 deletions docs/jans-config-api-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ tags:
- name: Admin UI - Role
- name: Admin UI - Permission
- name: Admin UI - Role-Permissions Mapping
- name: Admin UI - License
paths:
/jans-config-api/api/v1/jans-auth-server/config:
get:
Expand Down Expand Up @@ -2829,7 +2830,7 @@ paths:
description: Get all admin ui roles.
operationId: get-adminui-roles
security:
- oauth2: [https://jans.io/adminui/user/role.read]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.read]
responses:
'200':
description: OK
Expand All @@ -2854,7 +2855,7 @@ paths:
description: Add admin ui role.
operationId: add-adminui-role
security:
- oauth2: [https://jans.io/adminui/user/role.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -2886,7 +2887,7 @@ paths:
description: Edit admin ui role.
operationId: edit-adminui-role
security:
- oauth2: [https://jans.io/adminui/user/role.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -2916,7 +2917,7 @@ paths:
description: Delete admin ui role.
operationId: delete-adminui-role
security:
- oauth2: [https://jans.io/adminui/user/role.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -2947,7 +2948,7 @@ paths:
description: Get admin ui permissions.
operationId: get-adminui-permissions
security:
- oauth2: [https://jans.io/adminui/user/permission.read]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.read]
responses:
'200':
description: OK
Expand All @@ -2972,7 +2973,7 @@ paths:
description: Add admin ui permission.
operationId: add-adminui-permission
security:
- oauth2: [https://jans.io/adminui/user/permission.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -3004,7 +3005,7 @@ paths:
description: Edit admin ui permission.
operationId: edit-adminui-permission
security:
- oauth2: [https://jans.io/adminui/user/permission.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -3034,7 +3035,7 @@ paths:
description: Delete admin ui permission.
operationId: delete-adminui-permission
security:
- oauth2: [https://jans.io/adminui/user/permission.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -3065,7 +3066,7 @@ paths:
description: Get admin ui role-permissions mapping.
operationId: get-adminui-role-permissions
security:
- oauth2: [https://jans.io/adminui/user/rolePermissionMapping.read]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.read]
responses:
'200':
description: OK
Expand All @@ -3090,7 +3091,7 @@ paths:
description: Map permissions to role.
operationId: map-permissions-to-role
security:
- oauth2: [https://jans.io/adminui/user/rolePermissionMapping.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write]
requestBody:
content:
application/json:
Expand Down Expand Up @@ -3120,7 +3121,7 @@ paths:
description: Remove role-permissions mapping.
operationId: remove-role-permissions-permission
security:
- oauth2: [https://jans.io/adminui/user/rolePermissionMapping.write]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write]
requestBody:
content:
application/json:
Expand All @@ -3143,6 +3144,60 @@ paths:
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
/jans-config-api/admin-ui/license/licenseDetails:
get:
tags:
- Admin UI - License
summary: Get admin ui license details.
description: Get admin ui license details.
operationId: get-adminui-license
security:
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.read]
responses:
'200':
description: OK
content:
application/json:
schema:
title: Get admin ui license details.
description: Get admin ui license details.
$ref: '#/components/schemas/LicenseResponse'
'400':
$ref: '#/components/responses/NotAcceptable'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
put:
tags:
- Admin UI - License
summary: Edit admin ui license details.
description: Edit admin ui license details.
operationId: edit-adminui-license
security:
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write]
requestBody:
content:
application/json:
schema:
required:
- role
$ref: '#/components/schemas/LicenseRequest'
responses:
'200':
description: OK
content:
application/json:
schema:
title: Edit admin ui license details.
description: Edit admin ui license details.
$ref: '#/components/schemas/LicenseResponse'
'400':
$ref: '#/components/responses/NotAcceptable'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
components:
securitySchemes:
oauth2:
Expand Down Expand Up @@ -4885,8 +4940,8 @@ components:
description: XRI i-number. Client Identifier to uniquely identify the client.
type: string
displayName:
type: string
description: Name of the user suitable for display to end-users
type: string
description: Name of the user suitable for display to end-users
clientSecret:
type: string
description: The client secret. The client MAY omit the parameter if the client secret is an empty string.
Expand Down Expand Up @@ -6201,16 +6256,16 @@ components:

ScimPatchOperation:
required:
- op
- op
type: object
properties:
op:
type: string
description: The kind of operation to perform
enum:
- add
- remove
- replace
- add
- remove
- replace
path:
type: string
description: Required when op is remove, optional otherwise
Expand All @@ -6222,7 +6277,7 @@ components:
ScimPatchRequest:
description: Stores one or more patch operations
required:
- operations
- operations
type: object
properties:
schemas:
Expand Down Expand Up @@ -6281,4 +6336,60 @@ components:
items:
type: string
description: permissions

LicenseRequest:
type: object
description: Admin license request
required:
- validityPeriod
properties:
validityPeriod:
type: string
description: The license will expire on following date.
maxActivations:
type: string
description: The maximum allowed activations of this license on different machines.
licenseActive:
type: string
description: Is license active?
LicenseResponse:
type: object
description: Admin license response
properties:
licenseEnabled:
type: boolean
description: Is license module enabled in admin-ui application?
default: false
productName:
type: string
description: The license is registered under following product.
productCode:
type: string
description: The short code is used in our API calls in order to identify the product.
licenseType:
type: string
description: The type of license (eg Perpetual, Time-based, Subscription, and Consumption-based licenses).
maxActivations:
type: integer
description: The license key.
licenseKey:
type: string
description: The license key.
licenseActive:
type: boolean
description: Is license active?
default: false
validityPeriod:
type: string
description: The license validity period
companyName:
type: string
description: The company name of the registered license.
customerEmail:
type: string
description: The customer email address of the registered license.
customerFirstName:
type: string
description: The customer first name.
customerLastName:
type: string
description: The customer last name.
Original file line number Diff line number Diff line change
@@ -1,25 +1,33 @@
package io.jans.ca.plugin.adminui.model.auth;

public class LicenseResponse {
private boolean isLicenseEnable;
private boolean licenseEnabled;
private String productName;
private String productCode;
private String licenseType;
private int maxActivations;
private String licenseKey;
private boolean isLicenseActive;
private boolean licenseActive;
private String validityPeriod;
private String companyName;
private String customerEmail;
private String customerFirstName;
private String customerLastName;

public boolean isLicenseEnable() {
return isLicenseEnable;
public boolean isLicenseEnabled() {
return licenseEnabled;
}

public void setIsLicenseEnable(boolean isLicenseEnable) {
this.isLicenseEnable = isLicenseEnable;
public void setLicenseEnabled(boolean licenseEnabled) {
this.licenseEnabled = licenseEnabled;
}

public boolean isLicenseActive() {
return licenseActive;
}

public void setLicenseActive(boolean licenseActive) {
this.licenseActive = licenseActive;
}

public String getProductName() {
Expand Down Expand Up @@ -62,14 +70,6 @@ public void setLicenseKey(String licenseKey) {
this.licenseKey = licenseKey;
}

public boolean isLicenseActive() {
return isLicenseActive;
}

public void setLicenseActive(boolean licenseActive) {
isLicenseActive = licenseActive;
}

public String getValidityPeriod() {
return validityPeriod;
}
Expand Down Expand Up @@ -113,13 +113,13 @@ public void setCustomerLastName(String customerLastName) {
@Override
public String toString() {
return "LicenseResponse{" +
"isLicenseEnable=" + isLicenseEnable +
"licenseEnabled=" + licenseEnabled +
", productName='" + productName + '\'' +
", productCode='" + productCode + '\'' +
", licenseType='" + licenseType + '\'' +
", maxActivations=" + maxActivations +
", licenseKey='" + licenseKey + '\'' +
", isLicenseActive=" + isLicenseActive +
", licenseActive=" + licenseActive +
", validityPeriod='" + validityPeriod + '\'' +
", companyName='" + companyName + '\'' +
", customerEmail='" + customerEmail + '\'' +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import io.jans.ca.plugin.adminui.service.auth.OAuth2Service;
import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import io.jans.configapi.filters.ProtectedApi;
import org.slf4j.Logger;

import javax.inject.Inject;
Expand All @@ -26,6 +27,8 @@ public class OAuth2Resource {
static final String OAUTH2_API_PROTECTION_TOKEN = "/api-protection-token";
static final String OAUTH2_API_USER_INFO = "/user-info";

public static final String SCOPE_OPENID = "openid";

@Inject
Logger log;

Expand All @@ -38,6 +41,7 @@ public class OAuth2Resource {
@GET
@Path(OAUTH2_CONFIG)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_OPENID})
public Response getOAuth2Config() {

AUIConfiguration auiConfiguration = auiConfigurationService.getAUIConfiguration();
Expand Down Expand Up @@ -77,6 +81,7 @@ public Response getAccessToken(@QueryParam("code") String code) {

@GET
@Path(OAUTH2_API_PROTECTION_TOKEN)
@Produces(MediaType.APPLICATION_JSON)
public Response getApiProtectionToken(@QueryParam("ujwt") String ujwt) {
try {
log.info("Api protection token request to Auth Server.");
Expand Down
Loading

0 comments on commit d67af5d

Please sign in to comment.