JanssenProject · yuriyz · Sep 15, 2022 · Sep 15, 2022
@@ -3227,19 +3227,19 @@ components:
           $ref: '#/components/schemas/AttributeValidation'
         tooltip:
           type: string
-        adminCanEdit:
-          type: boolean
-        userCanAccess:
-          type: boolean
-        userCanView:
+        whitePagesCanView:
           type: boolean
         adminCanAccess:
           type: boolean
+        adminCanEdit:
+          type: boolean
         adminCanView:
           type: boolean
+        userCanAccess:
+          type: boolean
         userCanEdit:
           type: boolean
-        whitePagesCanView:
+        userCanView:
           type: boolean
         baseDn:
           type: string
@@ -3566,6 +3566,8 @@ components:
           format: int32
         displayName:
           type: string
+        tokenBindingSupported:
+          type: boolean
         authenticationMethod:
           type: string
           enum:
@@ -3577,8 +3579,6 @@ components:
           - tls_client_auth
           - self_signed_tls_client_auth
           - none
-        tokenBindingSupported:
-          type: boolean
         baseDn:
           type: string
         inum:
@@ -3668,24 +3668,24 @@ components:
           type: array
           items:
             type: string
-        displayValue:
-          type: string
         value:
           type: string
+        displayValue:
+          type: string
     LocalizedString:
       type: object
       properties:
         values:
           type: object
           additionalProperties:
             type: string
+        value:
+          type: string
         languageTags:
           uniqueItems: true
           type: array
           items:
             type: string
-        value:
-          type: string
     AppConfiguration:
       type: object
       properties:
@@ -4270,8 +4270,6 @@ components:
           - remote
         keepAuthenticatorAttributesOnAcrChange:
           type: boolean
-        disableAuthnForMaxAgeZero:
-          type: boolean
         deviceAuthzRequestExpiresIn:
           type: integer
           format: int32
@@ -4362,6 +4360,8 @@ components:
           type: string
         agamaConfiguration:
           $ref: '#/components/schemas/EngineConfig'
+        fapi:
+          type: boolean
         enabledFeatureFlags:
           uniqueItems: true
           type: array
@@ -4397,8 +4397,6 @@ components:
             - code
             - token
             - id_token
-        fapi:
-          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -5066,10 +5064,10 @@ components:
           type: array
           items:
             type: object
-        displayValue:
-          type: string
         value:
           type: object
+        displayValue:
+          type: string
     SessionId:
       type: object
       properties:

@@ -1,6 +1,7 @@
 package io.jans.ca.plugin.adminui.rest.logging;
 
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
+import io.swagger.v3.oas.annotations.Hidden;
 import org.slf4j.Logger;
 
 import jakarta.inject.Inject;
@@ -13,6 +14,7 @@
 import jakarta.ws.rs.core.Response;
 import java.util.Map;
 
+@Hidden
 @Path("/admin-ui/logging")
 public class AuditLoggerResource {
 

@@ -9,12 +9,14 @@
 import io.jans.ca.plugin.adminui.utils.AppConstants;
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
 import io.jans.orm.PersistenceEntryManager;
+import jakarta.validation.constraints.NotNull;
 import org.apache.commons.collections.CollectionUtils;
 import org.slf4j.Logger;
 
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
 import jakarta.ws.rs.core.Response;
+
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -27,7 +29,7 @@ public class UserManagementService {
     @Inject
     private PersistenceEntryManager entryManager;
 
-    public List<AdminRole> getRoles() throws ApplicationException {
+    public List<AdminRole> getAllRoles() throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
             return adminConf.getDynamic().getRoles();
@@ -37,7 +39,7 @@ public List<AdminRole> getRoles() throws ApplicationException {
         }
     }
 
-    private AdminRole getRoleObjByName(String role) throws ApplicationException {
+    public AdminRole getRoleObjByName(String role) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
             List<AdminRole> roles = adminConf.getDynamic().getRoles().stream().filter(ele -> ele.getRole().equals(role)).collect(Collectors.toList());
@@ -152,6 +154,24 @@ public List<AdminPermission> getPermissions() throws ApplicationException {
         }
     }
 
+    public AdminPermission getPermissionObjByName(String permission) throws ApplicationException {
+        try {
+            AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
+            List<AdminPermission> permissions = adminConf.getDynamic().getPermissions().stream().filter(ele -> ele.getPermission().equals(permission)).collect(Collectors.toList());
+            if (permissions.isEmpty()) {
+                log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
+            }
+            return permissions.stream().findFirst().get();
+        } catch (ApplicationException e) {
+            log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription());
+            throw e;
+        } catch (Exception e) {
+            log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription(), e);
+            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_ADMIUI_ROLES_ERROR.getDescription());
+        }
+    }
+
     public List<AdminPermission> addPermission(AdminPermission permissionArg) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
@@ -225,7 +245,7 @@ public List<AdminPermission> deletePermission(String permission) throws Applicat
         }
     }
 
-    public List<RolePermissionMapping> getAdminUIRolePermissionsMapping() throws ApplicationException {
+    public List<RolePermissionMapping> getAllAdminUIRolePermissionsMapping() throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
             return adminConf.getDynamic().getRolePermissionMapping();
@@ -307,6 +327,24 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
         }
     }
 
+    public RolePermissionMapping getAdminUIRolePermissionsMapping(String role) throws ApplicationException {
+        try {
+            AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);
+            List<RolePermissionMapping> roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping()
+                    .stream().filter(ele -> ele.getRole().equalsIgnoreCase(role))
+                    .collect(Collectors.toList());
+
+            if (roleScopeMapping.isEmpty()) {
+                log.error(ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription());
+            }
+            return roleScopeMapping.stream().findFirst().get();
+        } catch (Exception e) {
+            log.error(ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription(), e);
+            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription());
+        }
+    }
+
     public List<RolePermissionMapping> removePermissionsFromRole(String role) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, AppConstants.CONFIG_DN);

@@ -17,6 +17,7 @@ public enum ErrorResponse {
     AUDIT_LOGGING_ERROR("Error in audit logging"),
     ERROR_READING_CONFIG("Error in reading auiConfiguration"),
     ERROR_READING_ROLE_PERMISSION_MAP("Error in reading role-permissions mapping from Auth Server."),
+    ROLE_PERMISSION_MAP_NOT_FOUND("Role-permissions mapping not found."),
     ROLE_NOT_FOUND("Bad Request: Admin UI Role not found in Auth Server."),
     PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."),
     ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."),