Summary:

The code changes in this pull request cover a wide range of updates to the Jans Config API, with a strong focus on enhancing the application's security features. The changes include the addition of new OAuth2 scopes, updates to session management functionality, improvements to health check endpoints, and various other security-related enhancements.

The key security-focused changes include:

1. New OAuth2 Scopes: The introduction of the APP_DATA_READ_ACCESS scope, which grants read-only access to configuration data, and the APP_VERSION_READ_ACCESS scope, which restricts access to application version information. These scopes help enforce the principle of least privilege and improve the overall security of the application.

2. Session Management: The updates to the SessionResource class provide robust session management capabilities, including session revocation, search, and deletion. These features help administrators maintain control over user sessions and mitigate the risks associated with compromised user accounts.

3. Health Check Endpoint Security: The changes to the ApiHealthCheck class ensure that the service status and application version endpoints are properly secured behind the appropriate OAuth2 scopes, preventing unauthorized access to sensitive information.

4. Input Validation and Sanitization: The code demonstrates a focus on input validation and sanitization, such as the use of the @Parameter annotation and the escapeLog() method, which help prevent potential injection attacks.

5. Access Control and Authorization: The extensive use of the @ProtectedApi annotation and the definition of security scopes in the config-api-rs-protect.json file indicate a strong emphasis on access control and authorization, ensuring that only authorized users can perform sensitive operations.

Overall, the changes in this pull request appear to be focused on improving the security and manageability of the Jans Config API, which is a crucial component of the Jans ecosystem. The security-conscious approach demonstrated in the code changes is commendable and should help strengthen the overall security posture of the application.

Files Changed:

1. ApiAccessConstants.java: Adds a new constant APP_DATA_READ_ACCESS to represent an OAuth2 scope that grants read-only access to the application's data.
2. kc-saml-plugin-swagger.yaml: Updates the SAML Identity Provider configuration, including the display name and realm fields.
3. jans-admin-ui-plugin-swagger.yaml: Adds new API endpoints for managing admin permissions, roles, role-permissions mappings, admin-ui configuration, licenses, and webhooks.
4. config-api-test.properties: Updates the test environment configuration, including the addition of a new OAuth2 scope and client credentials.
5. jans-ui.jans.io/test.properties: Adds the https://jans.io/oauth/config/data.readonly scope to the list of scopes.
6. IdpResource.java: Updates the getAllSamlIdentityProvider endpoint to allow filtering SAML Identity Providers by their display name and realm.
7. local/test.properties: Adds the https://jans.io/oauth/config/data.readonly scope and configures the client credentials grant flow for the Jans-Auth server.
8. ApiApplication.java: Adds a new OAuth2 scope named APP_DATA_READ_ACCESS with the description "View Config-API related data".
9. jenkins-config-api.gluu.org/test.properties: Adds the https://jans.io/oauth/config/data.readonly scope and removes the authentication-related properties.
10. jans-config-api-swagger.yaml: Adds new endpoints for managing user sessions, including retrieving, searching, and revoking sessions.
11. ApiHealthCheck.java: Updates the health check endpoints to require specific OAuth2 scopes for access.
12. config-api-rs-protect.json: Adds the /jans-config-api/api/v1/health/service-status endpoint to the list of protected resources, requiring the https://jans.io/oauth/config/data.readonly scope.
13. SessionResource.java: Implements various session management functionalities, including session search, retrieval, and revocation, with a focus on security and access control.