Example 16 with Timed
use of com.codahale.metrics.annotation.Timed in project keywhiz by square.
the class SecretResource method backfillHmac.
/**
* Backfill content hmac for this secret.
*/
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name, List<String> passwords) {
Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
if (!secret.isPresent()) {
return false;
}
logger.info("backfill-hmac {}: processing secret", name);
SecretContent secretContent = secret.get().content();
if (!secretContent.hmac().isEmpty()) {
// No need to backfill
return true;
}
String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8));
// We expect only one row to be changed
return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}
Also used :
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 17 with Timed
use of com.codahale.metrics.annotation.Timed in project keywhiz by square.
the class GroupsResource method createGroup.
/**
* Create Group
*
* @excludeParams user
* @param request the JSON client request used to formulate the Group
*
* @description Creates a Group with the name from a valid group request.
* Used by Keywhiz CLI and the web ui.
* @responseMessage 200 Successfully created Group
* @responseMessage 400 Group with given name already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createGroup(@Auth User user, @Valid CreateGroupRequest request) {
logger.info("User '{}' creating group.", user);
if (groupDAO.getGroup(request.name).isPresent()) {
throw new BadRequestException("Group already exists.");
}
long groupId = groupDAO.createGroup(request.name, user.getName(), nullToEmpty(request.description), request.metadata);
URI uri = UriBuilder.fromResource(GroupsResource.class).build(groupId);
Response response = Response.created(uri).entity(groupDetailResponseFromId(groupId)).build();
if (response.getStatus() == HttpStatus.SC_CREATED) {
Map<String, String> extraInfo = new HashMap<>();
if (request.description != null) {
extraInfo.put("description", request.description);
}
if (request.metadata != null) {
extraInfo.put("metadata", request.metadata.toString());
}
auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_CREATE, user.getName(), request.name, extraInfo));
}
return response;
}
Also used :
Response(javax.ws.rs.core.Response)
GroupDetailResponse(keywhiz.api.GroupDetailResponse)
HashMap(java.util.HashMap)
BadRequestException(javax.ws.rs.BadRequestException)
Event(keywhiz.log.Event)
URI(java.net.URI)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 18 with Timed
use of com.codahale.metrics.annotation.Timed in project keywhiz by square.
the class SecretsResource method createSecret.
/**
* Create Secret
*
* @excludeParams user
* @param request the JSON client request used to formulate the Secret
*
* @description Creates a Secret with the name from a valid secret request.
* Used by Keywhiz CLI and the web ui.
* @responseMessage 200 Successfully created Secret
* @responseMessage 400 Secret with given name already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth User user, @Valid CreateSecretRequest request) {
logger.info("User '{}' creating secret '{}'.", user, request.name);
Secret secret;
try {
SecretController.SecretBuilder builder = secretController.builder(request.name, request.content, user.getName(), request.expiry);
if (request.description != null) {
builder.withDescription(request.description);
}
if (request.metadata != null) {
builder.withMetadata(request.metadata);
}
secret = builder.create();
} catch (DataAccessException e) {
logger.info(format("Cannot create secret %s", request.name), e);
throw new ConflictException(format("Cannot create secret %s.", request.name));
}
URI uri = UriBuilder.fromResource(SecretsResource.class).path("{secretId}").build(secret.getId());
Response response = Response.created(uri).entity(secretDetailResponseFromId(secret.getId())).build();
if (response.getStatus() == HttpStatus.SC_CREATED) {
Map<String, String> extraInfo = new HashMap<>();
if (request.description != null) {
extraInfo.put("description", request.description);
}
if (request.metadata != null) {
extraInfo.put("metadata", request.metadata.toString());
}
extraInfo.put("expiry", Long.toString(request.expiry));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user.getName(), request.name, extraInfo));
}
return response;
}
Also used :
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Response(javax.ws.rs.core.Response)
SecretDetailResponse(keywhiz.api.SecretDetailResponse)
ConflictException(keywhiz.service.exceptions.ConflictException)
HashMap(java.util.HashMap)
Event(keywhiz.log.Event)
SecretController(keywhiz.service.daos.SecretController)
URI(java.net.URI)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 19 with Timed
use of com.codahale.metrics.annotation.Timed in project cas by apereo.
the class DefaultCentralAuthenticationService method destroyTicketGrantingTicket.
@Audit(action = "TICKET_GRANTING_TICKET_DESTROYED", actionResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name = "DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
try {
LOGGER.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
final TicketGrantingTicket ticket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
LOGGER.debug("Ticket found. Processing logout requests and then deleting the ticket...");
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ticket.getAuthentication());
final List<LogoutRequest> logoutRequests = this.logoutManager.performLogout(ticket);
deleteTicket(ticketGrantingTicketId);
doPublishEvent(new CasTicketGrantingTicketDestroyedEvent(this, ticket));
return logoutRequests;
} catch (final InvalidTicketException e) {
LOGGER.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
}
return new ArrayList<>(0);
}
Also used :
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ArrayList(java.util.ArrayList)
CasTicketGrantingTicketDestroyedEvent(org.apereo.cas.support.events.ticket.CasTicketGrantingTicketDestroyedEvent)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Example 20 with Timed
use of com.codahale.metrics.annotation.Timed in project cas by apereo.
the class DefaultCentralAuthenticationService method grantServiceTicket.
@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
final Service selectedService = resolveServiceFromAuthenticationRequest(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
// Perform security policy check by getting the authentication that satisfies the configured policy
getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
final Principal principal = latestAuthentication.getPrincipal();
final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
this.ticketRegistry.updateTicket(ticketGrantingTicket);
this.ticketRegistry.addTicket(serviceTicket);
LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
return serviceTicket;
}
Also used :
AuditableContext(org.apereo.cas.audit.AuditableContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
CasServiceTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
Authentication(org.apereo.cas.authentication.Authentication)
ServiceContext(org.apereo.cas.services.ServiceContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
Principal(org.apereo.cas.authentication.principal.Principal)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Aggregations
Timed (com.codahale.metrics.annotation.Timed)1042
Path (javax.ws.rs.Path)386
ApiOperation (io.swagger.annotations.ApiOperation)316
ApiResponses (io.swagger.annotations.ApiResponses)218
GET (javax.ws.rs.GET)203
POST (javax.ws.rs.POST)167
URI (java.net.URI)157
Produces (javax.ws.rs.Produces)148
Counted (com.codahale.metrics.annotation.Counted)122
Authorisation (no.arkivlab.hioa.nikita.webapp.security.Authorisation)105
AuditEvent (org.graylog2.audit.jersey.AuditEvent)96
Consumes (javax.ws.rs.Consumes)91
PUT (javax.ws.rs.PUT)91
DELETE (javax.ws.rs.DELETE)78
Response (javax.ws.rs.core.Response)73
NotFoundException (javax.ws.rs.NotFoundException)68
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)66
ResponseEntity (org.springframework.http.ResponseEntity)66
HttpHeaders (org.springframework.http.HttpHeaders)54
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)53
