fix: the audit log API in Admin UI is not protected by authorization …

…token #7836 (#7837)

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/logging/AuditLoggerResource.java

@@ -2,6 +2,7 @@
 
 import io.jans.ca.plugin.adminui.utils.CommonUtils;
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
+import io.jans.configapi.core.rest.ProtectedApi;
 import io.swagger.v3.oas.annotations.Hidden;
 import jakarta.inject.Inject;
 import jakarta.validation.Valid;
@@ -19,13 +20,15 @@
 @Path("/admin-ui/logging")
 public class AuditLoggerResource {
 
+    public static final String AUDIT_LOGGING_WRITE_SCOPE = "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write";
     static final String AUDIT = "/audit";
 
     @Inject
     Logger log;
 
     @POST
     @Path(AUDIT)
+    @ProtectedApi(scopes = {AUDIT_LOGGING_WRITE_SCOPE})
     @Produces(MediaType.APPLICATION_JSON)
     public Response auditLogging(@Valid @NotNull Map<String, Object> loggingRequest) {
         try {

jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json

@@ -497,6 +497,12 @@
       "description": "",
       "defaultPermissionInToken": false,
       "tag": "properties"
+    },
+    {
+      "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write",
+      "description": "",
+      "defaultPermissionInToken": false,
+      "tag": "logging"
     }
   ],
   "rolePermissionMapping": [
@@ -520,7 +526,8 @@
         "https://jans.io/oauth/config/database/couchbase.readonly",
         "https://jans.io/oauth/config/database/sql.readonly",
         "https://jans.io/oauth/config/stats.readonly",
-        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly"
+        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly",
+        "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write"
       ]
     },
     {
@@ -559,7 +566,8 @@
         "readonly",
         "https://jans.io/oauth/config/stats.readonly",
         "jans_stat",
-        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly"
+        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly",
+        "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write"
       ]
     },
     {
@@ -606,7 +614,8 @@
         "readonly",
         "https://jans.io/oauth/config/stats.readonly",
         "jans_stat",
-        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly"
+        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly",
+        "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write"
       ]
     },
     {
@@ -679,7 +688,8 @@
         "https://jans.io/oauth/jans-auth-server/config/adminui/webhook.write",
         "https://jans.io/oauth/jans-auth-server/config/adminui/webhook.delete",
         "https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly",
-        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.write"
+        "https://jans.io/oauth/jans-auth-server/config/adminui/properties.write",
+        "https://jans.io/oauth/jans-auth-server/config/adminui/logging.write"
       ]
     }
   ]