feat(jans-config-api): endpoint to get UmaResource based on clientId and swagger changes (#1912)

* bug(jans-config-api): fixed swagger format issue

* fix(jans-config-api): fixed due to couchbase clustter change

* feat(jans-config-api): new endpoint to get UmaResource based on associatedClient

* fix(jans-config-api): swagger spec fix for client attributes

* fix(jans-config-api): reverted the local test properties

* test(jans-config-api): commented test case

Author: pujavs

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

@@ -74,6 +74,7 @@ private ApiConstants() {}
     public static final String ORG = "/org";
     public static final String SERVER_STAT = "/server-stat";
     public static final String USERNAME_PATH = "/{username}";
+    public static final String CLIENTID_PATH = "/{clientId}";
 
     public static final String LIMIT = "limit";
     public static final String START_INDEX = "startIndex";
@@ -86,6 +87,7 @@ private ApiConstants() {}
     public static final String NAME = "name";
     public static final String DISPLAY_NAME = "displayName";
     public static final String KID = "kid";
+    public static final String CLIENTID = "clientId";
 
     public static final String ALL = "all";
     public static final String ACTIVE = "active";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -2168,6 +2168,38 @@ paths:
           description: Internal Server Error
       security:
         - oauth2: [https://jans.io/oauth/config/uma/resources.readonly]
+  /jans-config-api/api/v1/uma/resources/{clientId}:
+    parameters:
+      - name: clientId
+        in: path
+        required: true
+        description: Client ID.
+        schema:
+          type: string
+    get:
+      tags:
+        - OAuth - UMA Resources
+      summary: Fetch uma resources by client id.
+      description: Fetch uma resources by client id.
+      operationId: get-oauth-uma-resources-by-clientid
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                title: UMA Resource list.
+                description: List of UMA Resource.
+                items:
+                  $ref: '#/components/schemas/UmaResource'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '404':
+          $ref: '#/components/responses/NotFound'
+        '500':
+          description: Internal Server Error
+      security:
+        - oauth2: [https://jans.io/oauth/config/uma/resources.readonly]
     delete:
       tags:
         - OAuth - UMA Resources
@@ -5122,27 +5154,27 @@ components:
         requirePar:
           description: boolean value to indicate of Pushed Authorisation Request(PAR)is required.
           type: boolean
-        authorizationSignedResponseAlg:
+        jansAuthSignedRespAlg:
           description: JWS alg algorithm JWA required for signing authorization responses.
           type: string
-        authorizationEncryptedResponseAlg:
+        jansAuthEncRespAlg:
           description: JWE alg algorithm JWA required for encrypting authorization responses.
           type: string
-        authorizationEncryptedResponseEnc:
+        jansAuthEncRespEnc:
           description: JWE enc algorithm JWA required for encrypting auhtorization responses.
           type: string
-        publicSubjectIdentifierAttribute:
+        jansSubAttr:
           description: custom subject identifier attribute.
           type: string
         redirectUrisRegex:
           description:  If set, redirectUri must match to this regexp
           type: string
-        authorizedAcrValues:
+        jansAuthorizedAcr:
           description:  List of thentication Context Class Reference (ACR) that must exist.
           type: array
           items:
             type: string
-        defaultPromptLogin:
+        jansDefaultPromptLogin:
           description: sets prompt=login to the authorization request, which causes the authorization server to force the user to sign in again before it will show the authorization prompt.
           type: boolean
 			

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java

@@ -109,8 +109,9 @@ public Response getOpenIdClientByInum(@PathParam(ApiConstants.INUM) @NotNull Str
     @ProtectedApi(scopes = { ApiAccessConstants.OPENID_CLIENTS_WRITE_ACCESS })
     public Response createOpenIdConnect(@Valid Client client) throws EncryptionException {
         if (logger.isDebugEnabled()) {
-            logger.debug("Client details to be added - client:{}", escapeLog(client));
+            logger.debug("Client to be added - client:{}, client.getAttributes():{}, client.getCustomAttributes():{}", escapeLog(client), escapeLog(client.getAttributes()), escapeLog(client.getCustomAttributes()));
         }
+        
         String inum = client.getClientId();
         if (inum == null || inum.isEmpty() || inum.isBlank()) {
             inum = inumService.generateClientInum();
@@ -132,7 +133,7 @@ public Response createOpenIdConnect(@Valid Client client) throws EncryptionExcep
         client.setDeletable(client.getClientSecretExpiresAt() != null);
         ignoreCustomObjectClassesForNonLDAP(client);  
 
-        logger.debug("Final Client details to be added - client:{}", client);      
+        logger.trace("Final Client details to be added - client:{}, client.getAttributes():{}, client.getCustomAttributes():{}", client, client.getAttributes(), client.getCustomAttributes());      
         clientService.addClient(client);
         Client result = clientService.getClientByInum(inum);
         result.setClientSecret(encryptionService.decrypt(result.getClientSecret()));

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UmaResourcesResource.java

@@ -9,6 +9,7 @@
 import com.github.fge.jsonpatch.JsonPatchException;
 import io.jans.as.model.uma.persistence.UmaResource;
 import io.jans.configapi.core.rest.ProtectedApi;
+import io.jans.configapi.service.auth.ClientService;
 import io.jans.configapi.service.auth.UmaResourceService;
 import io.jans.configapi.util.ApiAccessConstants;
 import io.jans.configapi.util.ApiConstants;
@@ -40,17 +41,17 @@ public class UmaResourcesResource extends ConfigBaseResource {
     private static final String UMA_RESOURCE = "Uma resource";
 
     @Inject
-    Logger log;
+    UmaResourceService umaResourceService;
 
     @Inject
-    UmaResourceService umaResourceService;
+    ClientService clientService;
 
     @GET
     @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_READ_ACCESS })
     public Response fetchUmaResources(
             @DefaultValue(DEFAULT_LIST_SIZE) @QueryParam(value = ApiConstants.LIMIT) int limit,
             @DefaultValue("") @QueryParam(value = ApiConstants.PATTERN) String pattern) {
-        log.debug("UMA_RESOURCE to be fetched - limit = " + limit + " , pattern = " + pattern);
+        logger.debug("UMA_RESOURCE to be fetched - limit:{}, pattern:{}", limit, pattern);
         final List<UmaResource> resources;
         if (!pattern.isEmpty() && pattern.length() >= 2) {
             resources = umaResourceService.findResources(pattern, 1000);
@@ -63,15 +64,25 @@ public Response fetchUmaResources(
     @GET
     @Path(ApiConstants.ID_PATH)
     @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_READ_ACCESS })
-    public Response getUmaResourceByImun(@PathParam(value = ApiConstants.ID) @NotNull String id) {
-        log.debug("UMA_RESOURCE to fetch by id = " + id);
+    public Response getUmaResourceByInum(@PathParam(value = ApiConstants.ID) @NotNull String id) {
+        logger.debug("UMA_RESOURCE to fetch by id:{}", id);
         return Response.ok(findOrThrow(id)).build();
     }
 
+    @GET
+    @Path("/"+ApiConstants.CLIENTID + ApiConstants.CLIENTID_PATH)
+    @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_READ_ACCESS })
+    public Response getUmaResourceByAssociatedClient(
+            @PathParam(value = ApiConstants.CLIENTID) @NotNull String associatedClientId) {
+        logger.debug("UMA_RESOURCE to fetch by associatedClientId:{} ", associatedClientId);
+
+        return Response.ok(getUmaResourceByClient(associatedClientId)).build();
+    }
+
     @POST
     @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_WRITE_ACCESS })
     public Response createUmaResource(@Valid UmaResource umaResource) {
-        log.debug("UMA_RESOURCE to be added umaResource = " + umaResource);
+        logger.debug("UMA_RESOURCE to be added umaResource:{}", umaResource);
         checkNotNull(umaResource.getName(), AttributeNames.NAME);
         checkNotNull(umaResource.getDescription(), AttributeNames.DESCRIPTION);
         String id = UUID.randomUUID().toString();
@@ -96,7 +107,7 @@ private UmaResource findOrThrow(String id) {
     @PUT
     @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_WRITE_ACCESS })
     public Response updateUmaResource(@Valid UmaResource resource) {
-        log.debug("UMA_RESOURCE to be upated - umaResource = " + resource);
+        logger.debug("UMA_RESOURCE to be upated - umaResource:{}", resource);
         String id = resource.getId();
         checkNotNull(id, AttributeNames.ID);
         UmaResource existingResource = findOrThrow(id);
@@ -113,7 +124,7 @@ public Response updateUmaResource(@Valid UmaResource resource) {
     @Path(ApiConstants.ID_PATH)
     public Response patchResource(@PathParam(ApiConstants.ID) @NotNull String id, @NotNull String pathString)
             throws JsonPatchException, IOException {
-        log.debug("UMA_RESOURCE to be patched - id = " + id + " , pathString = " + pathString);
+        logger.debug("Patch for  id:{} , pathString:{}", id, pathString);
         UmaResource existingResource = findOrThrow(id);
 
         existingResource = Jackson.applyPatch(pathString, existingResource);
@@ -125,9 +136,19 @@ public Response patchResource(@PathParam(ApiConstants.ID) @NotNull String id, @N
     @Path(ApiConstants.ID_PATH)
     @ProtectedApi(scopes = { ApiAccessConstants.UMA_RESOURCES_DELETE_ACCESS })
     public Response deleteUmaResource(@PathParam(value = ApiConstants.ID) @NotNull String id) {
-        log.debug("UMA_RESOURCE to delete - id = " + id);
+        logger.debug("UMA_RESOURCE to delete - id:{}", id);
         UmaResource umaResource = findOrThrow(id);
         umaResourceService.remove(umaResource);
         return Response.status(Response.Status.NO_CONTENT).build();
     }
+
+    private List<UmaResource> getUmaResourceByClient(String associatedClientId) {
+        logger.debug("UMA RESOURCE to be fetched based on  associatedClientId:{}", associatedClientId);
+
+        // Get client DN
+        String associatedClientDn = this.clientService.getDnForClient(associatedClientId);
+        logger.debug("UMA RESOURCE to be fetched based on  associatedClientId:{}", associatedClientId);
+
+        return umaResourceService.getResourcesByClient(associatedClientDn);
+    }
 }

jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UmaResourceService.java

@@ -17,8 +17,12 @@
 
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
+
+import java.util.Collections;
 import java.util.List;
 
+import org.slf4j.Logger;
+
 /**
  * @author Yuriy Zabrovarnyy
  */
@@ -31,6 +35,9 @@ public class UmaResourceService {
     @Inject
     private StaticConfiguration staticConfiguration;
 
+    @Inject
+    private Logger logger;
+
     public void addBranch() {
         SimpleBranch branch = new SimpleBranch();
         branch.setOrganizationalUnitName("resources");
@@ -49,12 +56,13 @@ public List<UmaResource> findResources(String pattern, int sizeLimit) {
     }
 
     public List<UmaResource> findResourcesByName(String name, int sizeLimit) {
+
         if (StringUtils.isNotBlank(name)) {
             Filter searchFilter = Filter.createEqualityFilter(AttributeConstants.DISPLAY_NAME, name);
             return persistenceEntryManager.findEntries(getDnForResource(null), UmaResource.class, searchFilter,
                     sizeLimit);
         }
-        return null;
+        return Collections.emptyList();
     }
 
     public List<UmaResource> getAllResources(int sizeLimit) {
@@ -83,6 +91,22 @@ public UmaResource getResourceById(String id) {
         return persistenceEntryManager.find(UmaResource.class, dn);
     }
 
+    public List<UmaResource> getResourcesByClient(String clientDn) {
+        try {
+            logger.debug(" Fetch UmaResource based on client - clientDn:{} ", clientDn);
+            prepareBranch();
+
+            if (StringUtils.isNotBlank(clientDn)) {
+                return persistenceEntryManager.findEntries(getBaseDnForResource(), UmaResource.class,
+                        Filter.createEqualityFilter("jansAssociatedClnt", clientDn));
+            }
+
+        } catch (Exception e) {
+            logger.error(e.getMessage(), e);
+        }
+        return Collections.emptyList();
+    }
+
     private void prepareBranch() {
         if (!persistenceEntryManager.hasBranchesSupport(getDnForResource(null))) {
             return;

jans-config-api/server/src/test/resources/feature/openid/clients/clients.feature

@@ -128,3 +128,14 @@ Then status 200
 And print response
 And assert response.length !=0
 
+@ignore
+@CreateUpdateDelete
+Scenario: Create new OpenId Connect Client
+Given url mainUrl
+And header Authorization = 'Bearer ' + accessToken
+And request read('openid_clients_create.json')
+When method POST
+Then status 201
+And print response
+
+