Package io.jans.ca.plugin.adminui.service.adminui

Class AdminUISecurityService

  • @Singleton
public class AdminUISecurityService
extends Object

    • Constructor Detail

      • AdminUISecurityService

        public AdminUISecurityService()

    • Method Detail

      • getPolicyStore

        public GenericResponse getPolicyStore()
                               throws ApplicationException
        Retrieves the policy store configuration for the Admin UI.

        This method checks if a remote policy store URL is configured and enabled. If so, it fetches the policy store from the remote URL using a GET request. Otherwise, it loads the local default policy store JSON file from the configured file path.

        The method returns a GenericResponse containing the policy store as a JsonNode if successful, or an error response if the retrieval fails.

        Returns:
        GenericResponse containing the policy store data or an error message.
        Throws:
        ApplicationException - if any unexpected error occurs while fetching or parsing the policy store.

      • setRemotePolicyStoreAsDefault

        public GenericResponse setRemotePolicyStoreAsDefault()
                                              throws ApplicationException
        Fetches the remote policy store and overwrites the local default policy-store file if remote policy-store is enabled and configured in AUI configuration.
        Returns:
        GenericResponse indicating success or failure along with details.
        Throws:
        ApplicationException - if there is any error during the operation.

      • syncRoleScopeMapping

        public GenericResponse syncRoleScopeMapping()
                                     throws ApplicationException
        Synchronizes role-to-scope mappings in the Admin UI configuration based on the latest policy-store definitions.

        This method performs the following operations:

        • Fetches all resource-to-scope mappings from persistence (via AdminUIResourceScopesMapping).
        • Retrieves the current policy-store JSON, either from a remote source or local file, using getPolicyStore().
        • Uses mapPrincipalsToScopes() to generate a mapping of principals (roles) to corresponding scopes.
        • Creates or updates AdminRole entries for each principal found in the policy-store.
        • Generates RolePermissionMapping objects that map each role to its associated scopes (permissions).
        • Removes any duplicate permissions and updates the Admin UI configuration with the new mappings.

        This synchronization ensures that access control roles and their permissions within the Admin UI remain aligned with the definitions specified in the external policy-store.

        Returns:
        GenericResponse indicating success or failure of the synchronization process. On success, it includes a message stating that the sync completed successfully.
        Throws:
        ApplicationException - if any error occurs while fetching, parsing, or updating the role-to-scope mappings.