Summary:

The changes in this pull request are focused on enhancing the access evaluation functionality of the Jans Authentication Server. The key improvements include:

1. Introduction of a standardized access evaluation endpoint that allows clients to check if a user has the necessary permissions to perform a specific action on a resource.
2. Implementation of robust input validation and error handling mechanisms to ensure that access evaluation requests are properly validated and malformed requests are handled appropriately.
3. Expansion of the OpenID Connect (OIDC) discovery process to include the new access evaluation endpoint, making it easier for clients to integrate with the authentication server.
4. Addition of a custom script type for access evaluation, allowing developers to extend the access control logic as needed.
5. Comprehensive test coverage for the access evaluation functionality, including unit tests for the input validation and error handling components.

From an application security perspective, these changes demonstrate a strong focus on security and reliability. The use of secure communication channels, proper input validation, and robust error handling help mitigate common web application security vulnerabilities. Additionally, the ability to customize the access evaluation logic through external scripts introduces flexibility, but it also requires careful review and validation to ensure the security of the implementation.

Files Changed:

1. docs/assets/log/access-evaluation-run-log.txt: This file demonstrates the OpenID Connect Discovery process and the implementation of the access evaluation endpoint, highlighting the use of secure communication, authentication, and authorization mechanisms.
2. docs/janssen-server/auth-server/README.md: The changes update the README to include a reference to the AuthZEN Authorization API 1.0, which is a standard for managing and enforcing authorization policies.
3. docs/janssen-server/developer/interception-scripts.md: The new "Access Evaluation" script type is introduced, allowing developers to customize the access evaluation process.
4. docs/janssen-server/auth-server/endpoints/access-evaluation.md: This document describes the implementation of the Access Evaluation Endpoint, which follows the OpenID AuthZEN Authorization API 1.0 specification.
5. docs/script-catalog/access_evaluation/access-evaluation.md: This file provides an example implementation of the "Access Evaluation" script, demonstrating custom validation and subject-based authorization logic.
6. jans-auth-server/client/ and jans-auth-server/server/ directories: These directories contain various classes and tests related to the access evaluation functionality, including the AccessEvaluationClient, AccessEvaluationValidator, AccessEvaluationService, and related test cases.