Skip to content

Commit c348ae6

Browse files
duttarnabduttarnab
authored
feat(jans-config-api): added admin-ui scopes in config-api-rs-protect.json
* feat: add admin-ui scopes in config-api-rs-protect.json #3508 * feat: add admin-ui scopes in config-api-rs-protect.json #3508
1 parent 3fd84ee commit c348ae6

File tree

4 files changed

+118
-68
lines changed

4 files changed

+118
-68
lines changed

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java

+6-4
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,11 @@
55
import io.jans.ca.plugin.adminui.model.auth.LicenseRequest;
66
import io.jans.ca.plugin.adminui.model.auth.LicenseResponse;
77
import io.jans.ca.plugin.adminui.service.license.LicenseDetailsService;
8+
import io.jans.ca.plugin.adminui.utils.AppConstants;
89
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
910
import io.jans.configapi.core.rest.ProtectedApi;
1011

12+
import io.jans.configapi.util.ApiAccessConstants;
1113
import io.swagger.v3.oas.annotations.Operation;
1214
import io.swagger.v3.oas.annotations.parameters.RequestBody;
1315
import io.swagger.v3.oas.annotations.media.Content;
@@ -53,7 +55,7 @@ public class LicenseResource {
5355
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
5456
@GET
5557
@Path(IS_ACTIVE)
56-
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE})
58+
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_READ })
5759
@Produces(MediaType.APPLICATION_JSON)
5860
public Response isActive() {
5961
LicenseApiResponse licenseResponse = null;
@@ -79,7 +81,7 @@ public Response isActive() {
7981
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
8082
@POST
8183
@Path(ACTIVATE_LICENSE)
82-
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE})
84+
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_WRITE })
8385
@Produces(MediaType.APPLICATION_JSON)
8486
public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) {
8587
LicenseApiResponse licenseResponse = null;
@@ -105,7 +107,7 @@ public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) {
105107
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
106108
@POST
107109
@Path(SAVE_API_CREDENTIALS)
108-
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE})
110+
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_WRITE })
109111
@Produces(MediaType.APPLICATION_JSON)
110112
public Response saveLicenseCredentials(@Valid @NotNull LicenseSpringCredentials licenseSpringCredentials) {
111113
LicenseApiResponse licenseResponse = null;
@@ -130,7 +132,7 @@ public Response saveLicenseCredentials(@Valid @NotNull LicenseSpringCredentials
130132
@ApiResponse(responseCode = "500", description = "InternalServerError")})
131133
@GET
132134
@Path(LICENSE_DETAILS)
133-
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE})
135+
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_READ })
134136
@Produces(MediaType.APPLICATION_JSON)
135137
public Response getLicenseDetails() {
136138
try {

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java

+16-15
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import io.jans.as.model.config.adminui.RolePermissionMapping;
66
import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
77
import io.jans.ca.plugin.adminui.service.user.UserManagementService;
8+
import io.jans.ca.plugin.adminui.utils.AppConstants;
89
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
910
import io.jans.configapi.core.rest.ProtectedApi;
1011
import io.swagger.v3.oas.annotations.Operation;
@@ -62,7 +63,7 @@ public class UserManagementResource {
6263
@GET
6364
@Path(ROLES)
6465
@Produces(MediaType.APPLICATION_JSON)
65-
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE})
66+
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
6667
public Response getAllRoles() {
6768
try {
6869
log.info("Get all Admin-UI roles.");
@@ -90,7 +91,7 @@ public Response getAllRoles() {
9091
@POST
9192
@Path(ROLES)
9293
@Produces(MediaType.APPLICATION_JSON)
93-
@ProtectedApi(scopes = SCOPE_ROLE_WRITE)
94+
@ProtectedApi(scopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
9495
public Response addRole(@Valid @NotNull AdminRole roleArg) {
9596
try {
9697
log.info("Adding Admin-UI role.");
@@ -118,7 +119,7 @@ public Response addRole(@Valid @NotNull AdminRole roleArg) {
118119
@PUT
119120
@Path(ROLES)
120121
@Produces(MediaType.APPLICATION_JSON)
121-
@ProtectedApi(scopes = SCOPE_ROLE_WRITE)
122+
@ProtectedApi(scopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
122123
public Response editRole(@Valid @NotNull AdminRole roleArg) {
123124
try {
124125
log.info("Editing Admin-UI role.");
@@ -145,7 +146,7 @@ public Response editRole(@Valid @NotNull AdminRole roleArg) {
145146
@GET
146147
@Path(ROLES + ROLE_PATH_VARIABLE)
147148
@Produces(MediaType.APPLICATION_JSON)
148-
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE})
149+
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
149150
public Response getRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
150151
try {
151152
log.info("Get all Admin-UI roles.");
@@ -172,7 +173,7 @@ public Response getRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
172173
@DELETE
173174
@Path(ROLES + ROLE_PATH_VARIABLE)
174175
@Produces(MediaType.APPLICATION_JSON)
175-
@ProtectedApi(scopes = SCOPE_ROLE_DELETE)
176+
@ProtectedApi(scopes = {SCOPE_ROLE_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
176177
public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
177178
try {
178179
log.info("Deleting Admin-UI role.");
@@ -199,7 +200,7 @@ public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
199200
@GET
200201
@Path(PERMISSIONS)
201202
@Produces(MediaType.APPLICATION_JSON)
202-
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE})
203+
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
203204
public Response getAllPermissions() {
204205
try {
205206
log.info("Get all Admin-UI permissions.");
@@ -227,7 +228,7 @@ public Response getAllPermissions() {
227228
@POST
228229
@Path(PERMISSIONS)
229230
@Produces(MediaType.APPLICATION_JSON)
230-
@ProtectedApi(scopes = SCOPE_PERMISSION_WRITE)
231+
@ProtectedApi(scopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
231232
public Response addPermission(@Valid @NotNull AdminPermission permissionArg) {
232233
try {
233234
log.info("Adding Admin-UI permissions.");
@@ -255,7 +256,7 @@ public Response addPermission(@Valid @NotNull AdminPermission permissionArg) {
255256
@PUT
256257
@Path(PERMISSIONS)
257258
@Produces(MediaType.APPLICATION_JSON)
258-
@ProtectedApi(scopes = SCOPE_PERMISSION_WRITE)
259+
@ProtectedApi(scopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
259260
public Response editPermission(@Valid @NotNull AdminPermission permissionArg) {
260261
try {
261262
log.info("Editing Admin-UI permissions.");
@@ -282,7 +283,7 @@ public Response editPermission(@Valid @NotNull AdminPermission permissionArg) {
282283
@GET
283284
@Path(PERMISSIONS + PERMISSION_PATH_VARIABLE)
284285
@Produces(MediaType.APPLICATION_JSON)
285-
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE})
286+
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
286287
public Response getPermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) {
287288
try {
288289
log.info("Get Admin-UI permission.");
@@ -309,7 +310,7 @@ public Response getPermission(@PathParam(PERMISSION_CONST) @NotNull String admin
309310
@DELETE
310311
@Path(PERMISSIONS + PERMISSION_PATH_VARIABLE)
311312
@Produces(MediaType.APPLICATION_JSON)
312-
@ProtectedApi(scopes = SCOPE_PERMISSION_DELETE)
313+
@ProtectedApi(scopes = {SCOPE_PERMISSION_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
313314
public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) {
314315
try {
315316
log.info("Deleting Admin-UI permission.");
@@ -336,7 +337,7 @@ public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String ad
336337
@GET
337338
@Path(ROLE_PERMISSIONS_MAPPING)
338339
@Produces(MediaType.APPLICATION_JSON)
339-
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE})
340+
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
340341
public Response getAllAdminUIRolePermissionsMapping() {
341342
try {
342343
log.info("Get all Admin-UI role-permissions mapping.");
@@ -364,7 +365,7 @@ public Response getAllAdminUIRolePermissionsMapping() {
364365
@POST
365366
@Path(ROLE_PERMISSIONS_MAPPING)
366367
@Produces(MediaType.APPLICATION_JSON)
367-
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
368+
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
368369
public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
369370
try {
370371
log.info("Adding role-permissions to Admin-UI.");
@@ -392,7 +393,7 @@ public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP
392393
@PUT
393394
@Path(ROLE_PERMISSIONS_MAPPING)
394395
@Produces(MediaType.APPLICATION_JSON)
395-
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
396+
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
396397
public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
397398
try {
398399
log.info("Mapping permissions to Admin-UI role.");
@@ -419,7 +420,7 @@ public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP
419420
@GET
420421
@Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE)
421422
@Produces(MediaType.APPLICATION_JSON)
422-
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE})
423+
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
423424
public Response getAdminUIRolePermissionsMapping(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
424425
try {
425426
log.info("Get Admin-UI role-permissions mapping by role-name.");
@@ -446,7 +447,7 @@ public Response getAdminUIRolePermissionsMapping(@PathParam(ROLE_CONST) @NotNull
446447
@DELETE
447448
@Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE)
448449
@Produces(MediaType.APPLICATION_JSON)
449-
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_DELETE)
450+
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
450451
public Response removePermissionsFromRole(@PathParam(ROLE_CONST) @NotNull String role) {
451452
try {
452453
log.info("Removing permissions to Admin-UI role.");

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/AppConstants.java

+3
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,7 @@ public interface AppConstants {
77
//application type
88
public static final String APPLICATION_KEY_ADMIN_UI = "admin-ui";
99
public static final String APPLICATION_KEY_ADS = "ads";
10+
public static final String SCOPE_ADMINUI_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/read-all";
11+
public static final String SCOPE_ADMINUI_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/write-all";
12+
public static final String SCOPE_ADMINUI_DELETE = "https://jans.io/oauth/jans-auth-server/config/adminui/delete-all";
1013
}

0 commit comments

Comments
 (0)