fix(lock): code review comment

Signed-off-by: pujavs <pujas.works@gmail.com>

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -8370,15 +8370,15 @@ components:
           type: boolean
         adminCanEdit:
           type: boolean
-        adminCanAccess:
-          type: boolean
         adminCanView:
           type: boolean
-        userCanAccess:
+        userCanEdit:
           type: boolean
         userCanView:
           type: boolean
-        userCanEdit:
+        adminCanAccess:
+          type: boolean
+        userCanAccess:
           type: boolean
         whitePagesCanView:
           type: boolean
@@ -9226,8 +9226,6 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
-        fapi:
-          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -9237,6 +9235,8 @@ components:
             - code
             - token
             - id_token
+        fapi:
+          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -10805,10 +10805,10 @@ components:
         ttl:
           type: integer
           format: int32
-        persisted:
-          type: boolean
         opbrowserState:
           type: string
+        persisted:
+          type: boolean
     SessionIdAccessMap:
       type: object
       properties:

jans-config-api/plugins/docs/lock-plugin-swagger.yaml

@@ -357,6 +357,9 @@ components:
         tokenUrl:
           type: string
           description: Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint
+        groupScopeEnabled:
+          type: boolean
+          description: Group scope enabled
         endpointGroups:
           type: object
           additionalProperties:

jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/TelemetryEntry.java

@@ -43,7 +43,7 @@ public class TelemetryEntry extends BaseEntry implements Serializable {
     @AttributeName(name = "jansSuccessLoadCounter")
     private long policySuccessLoadCounter;
 
-    @AttributeName(name = "jansFaiedlLoadCounter")
+    @AttributeName(name = "jansFailedLoadCounter")
     private long policyFailedLoadCounter;
 
     @AttributeName(name = "evaluationTimeNs")

jans-config-api/server/src/main/java/io/jans/configapi/security/service/OpenIdAuthorizationService.java

@@ -206,50 +206,40 @@ private boolean externalAuthorization(String token, String issuer, String method
     }
 
     private List<String> findMissingScopes(Map<ProtectionScopeType, List<String>> scopeMap, List<String> tokenScopes) {
-        logger.debug("Check scopeMap:{}, tokenScopes:{}", scopeMap, tokenScopes);
+        logger.error("\n\n\n *** Check scopeMap:{}, tokenScopes:{}", scopeMap, tokenScopes);
+
         List<String> scopeList = new ArrayList<>();
-        if (tokenScopes == null || tokenScopes.isEmpty() || scopeMap == null || scopeMap.isEmpty()) {
+        List<String> missingScopes = null;
+        if (scopeMap == null || scopeMap.isEmpty()) {
             return scopeList;
         }
 
         // Super scope
-        scopeList = scopeMap.get(ProtectionScopeType.SUPER);
+        scopeList.addAll(scopeMap.get(ProtectionScopeType.SUPER));
         logger.debug("SUPER Scopes:{}", scopeList);
-        List<String> missingScopes = null;
-        boolean containsScope = false;
-        if (scopeList != null && !scopeList.isEmpty()) {
-            // check if token contains any of the super scopes
-            containsScope = containsAnyElement(scopeList, tokenScopes);
-            logger.debug("Token contains SUPER scopes?:{}", containsScope);
-
-            // Super scope present so no need to check other types of scope
-            if (containsScope) {
-                return missingScopes;
-            }
-        }
+
+
 
         // Group scope present so no need to check normal scope presence
-        scopeList = scopeMap.get(ProtectionScopeType.GROUP);
+        scopeList.addAll(scopeMap.get(ProtectionScopeType.GROUP));
         logger.debug("GROUP Scopes:{}", scopeList);
-        if (scopeList != null && !scopeList.isEmpty()) {
-            // check if token contains any of the group scopes
-            containsScope = containsAnyElement(scopeList, tokenScopes);
-            logger.debug("Token contains GROUP scopes?:{}", containsScope);
-
-			// Group scope present so no need to check normal scope
-            if (containsScope) {
-                return missingScopes;
-            }
-        }
-
+
         // Normal scope
-        scopeList = scopeMap.get(ProtectionScopeType.SCOPE);
+        scopeList.addAll(scopeMap.get(ProtectionScopeType.SCOPE));
         logger.debug("SCOPE Scopes:{}", scopeList);
-        if (scopeList != null && !scopeList.isEmpty()) {
-            // check if token contains all the required scopes
-            missingScopes = findMissingElements(scopeList, tokenScopes);
-            logger.debug("SCOPE Missing Scopes:{}", missingScopes);
+        if(scopeList.isEmpty()) {
+            return missingScopes;
+        }
+
+        //scopeList not empty but token scope is null 
+        if(tokenScopes==null || tokenScopes.isEmpty()) {
+            return scopeMap.get(ProtectionScopeType.SCOPE);
         }
+
+        // check if token contains all the required scopes
+        missingScopes = findMissingElements(scopeList, tokenScopes);
+        logger.debug("SCOPE Missing Scopes:{}", missingScopes);
+
         return missingScopes;
     }
 

jans-linux-setup/jans_setup/schema/jans_schema.json

@@ -3936,10 +3936,10 @@
       "x_origin": "Jans created attribute"
     },
     {
-      "desc": "jansFaiedlLoadCounter",
+      "desc": "jansFailedLoadCounter",
       "equality": "integerMatch",
       "names": [
-        "jansFaiedlLoadCounter"
+        "jansFailedLoadCounter"
       ],
       "oid": "jansAttr",
       "syntax": "1.3.6.1.4.1.1466.115.121.1.27",
@@ -5489,7 +5489,7 @@
         "jansStatus",
         "jansDownloadSize",
         "jansSuccessLoadCounter",
-        "jansFaiedlLoadCounter",
+        "jansFailedLoadCounter",
         "evaluationTimeNs",
         "averageTimeNs",
         "memoryUsage",

jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json

@@ -7,6 +7,7 @@
   "clientId": "%(lock_client_id)s",
   "clientPassword": "%(lock_client_encoded_pw)s",
   "tokenUrl": "%(tokenEndpoint)s",
+  "groupScopeEnabled": true,
   "endpointGroups": {
     "audit": [
       "telemetry",

jans-lock/lock-server/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java

@@ -62,6 +62,10 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint")
     @Schema(description = "Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint")
     private String tokenUrl;
+
+    @DocProperty(description = "Group scope enabled")
+    @Schema(description = "Group scope enabled")
+    private Boolean groupScopeEnabled;
 
     @DocProperty(description = "Endpoint groups")
     @Schema(description = "Endpoint groups")
@@ -186,6 +190,14 @@ public String getTokenUrl() {
     public void setTokenUrl(String tokenUrl) {
         this.tokenUrl = tokenUrl;
     }
+
+    public Boolean getGroupScopeEnabled() {
+        return groupScopeEnabled;
+    }
+
+    public void setGroupScopeEnabled(Boolean groupScopeEnabled) {
+        this.groupScopeEnabled = groupScopeEnabled;
+    }
 
     public Map<String, List<String>> getEndpointGroups() {
         return endpointGroups;
@@ -327,7 +339,7 @@ public void setPoliciesZipUris(List<String> policiesZipUris) {
     public String toString() {
         return "AppConfiguration [baseDN=" + baseDN + ", baseEndpoint=" + baseEndpoint + ", openIdIssuer="
                 + openIdIssuer + ", tokenChannels=" + tokenChannels + ", clientId=" + clientId + ", tokenUrl="
-                + tokenUrl + ", endpointGroups=" + endpointGroups + ", endpointDetails=" + endpointDetails
+                + tokenUrl + ", groupScopeEnabled=" + groupScopeEnabled+ ", endpointGroups=" + endpointGroups + ", endpointDetails=" + endpointDetails
                 + ", disableJdkLogger=" + disableJdkLogger + ", loggingLevel=" + loggingLevel + ", loggingLayout="
                 + loggingLayout + ", externalLoggerConfiguration=" + externalLoggerConfiguration + ", metricChannel="
                 + metricChannel + ", metricReporterInterval=" + metricReporterInterval + ", metricReporterKeepDataDays="

jans-lock/lock-server/service/src/main/java/io/jans/lock/service/TokenEndpointService.java

@@ -109,6 +109,7 @@ public Token getToken(String tokenUrl, String clientId, String clientSecret, Str
         if (tokenResponse != null) {
             final String accessToken = tokenResponse.getAccessToken();
             final Integer expiresIn = tokenResponse.getExpiresIn();
+            log.error("accessToken:{}, expiresIn:{}", accessToken, expiresIn);
             if (Util.allNotBlank(accessToken)) {
                 return new Token(null, null, accessToken, ScopeType.OPENID.getValue(), expiresIn);
             }
@@ -380,7 +381,7 @@ public Response post(String endpoint, String postData, ContentType contentType,
         log.error("postData - endpoint:{}, postData:{}", endpoint, postData);
         String endpointPath = this.getEndpointPath(endpoint);
 
-        log.error("Posting data for - endpoint:{}, endpointPath:{}", endpoint, endpointPath);
+        log.error("Posting data for - endpoint:{}, endpointPath:{},this.getEndpointUrl(endpointPath):{}", endpoint, endpointPath,this.getEndpointUrl(endpointPath));
         return post(this.getEndpointUrl(endpointPath), null, token, null, contentType, postData);
     }