Examples with RequiresPermissions org.apache.shiro.authz.annotation.RequiresPermissions used on opensource projects

Search in sources :

Example 16 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class UsersResource method listUsers.

@GET
@RequiresPermissions(RestPermissions.USERS_LIST)
@ApiOperation(value = "List all users", notes = "The permissions assigned to the users are always included.")
public UserList listUsers() {
    final List<User> users = userService.loadAll();
    final Collection<MongoDbSession> sessions = sessionService.loadAll();
    // among all active sessions, find the last recently used for each user
    //noinspection OptionalGetWithoutIsPresent
    final Map<String, Optional<MongoDbSession>> lastSessionForUser = sessions.stream().filter(s -> s.getUsernameAttribute().isPresent()).collect(groupingBy(s -> s.getUsernameAttribute().get(), maxBy(Comparator.comparing(MongoDbSession::getLastAccessTime))));
    final List<UserSummary> resultUsers = Lists.newArrayListWithCapacity(users.size() + 1);
    final User adminUser = userService.getAdminUser();
    resultUsers.add(toUserResponse(adminUser, lastSessionForUser.getOrDefault(adminUser.getName(), Optional.empty())));
    for (User user : users) {
        resultUsers.add(toUserResponse(user, lastSessionForUser.getOrDefault(user.getName(), Optional.empty())));
    }
    return UserList.create(resultUsers);
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) UserList(org.graylog2.rest.models.users.responses.UserList) USERS_PERMISSIONSEDIT(org.graylog2.shared.security.RestPermissions.USERS_PERMISSIONSEDIT) Produces(javax.ws.rs.Produces) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) ApiParam(io.swagger.annotations.ApiParam) Valid(javax.validation.Valid) ApiOperation(io.swagger.annotations.ApiOperation) MongoDBSessionService(org.graylog2.security.MongoDBSessionService) MediaType(javax.ws.rs.core.MediaType) Consumes(javax.ws.rs.Consumes) AccessTokenService(org.graylog2.security.AccessTokenService) USERS_ROLESEDIT(org.graylog2.shared.security.RestPermissions.USERS_ROLESEDIT) CreateUserRequest(org.graylog2.rest.models.users.requests.CreateUserRequest) Map(java.util.Map) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) ChangePasswordRequest(org.graylog2.rest.models.users.requests.ChangePasswordRequest) AccessToken(org.graylog2.security.AccessToken) DELETE(javax.ws.rs.DELETE) Token(org.graylog2.rest.models.users.responses.Token) Collection(java.util.Collection) Set(java.util.Set) InternalServerErrorException(javax.ws.rs.InternalServerErrorException) TokenList(org.graylog2.rest.models.users.responses.TokenList) NotNull(javax.validation.constraints.NotNull) Sets(com.google.common.collect.Sets) NotFoundException(javax.ws.rs.NotFoundException) List(java.util.List) UserService(org.graylog2.shared.users.UserService) Response(javax.ws.rs.core.Response) AuditEventTypes(org.graylog2.audit.AuditEventTypes) UserSummary(org.graylog2.rest.models.users.responses.UserSummary) Startpage(org.graylog2.rest.models.users.requests.Startpage) Optional(java.util.Optional) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) Iterables(com.google.common.collect.Iterables) PathParam(javax.ws.rs.PathParam) GET(javax.ws.rs.GET) RoleService(org.graylog2.users.RoleService) Collectors.groupingBy(java.util.stream.Collectors.groupingBy) ApiResponses(io.swagger.annotations.ApiResponses) Roles(org.graylog2.shared.users.Roles) MongoDbSession(org.graylog2.security.MongoDbSession) Inject(javax.inject.Inject) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) AuditEvent(org.graylog2.audit.jersey.AuditEvent) Api(io.swagger.annotations.Api) ChangeUserRequest(org.graylog2.rest.models.users.requests.ChangeUserRequest) Nullable(javax.annotation.Nullable) PermissionEditRequest(org.graylog2.rest.models.users.requests.PermissionEditRequest) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) ForbiddenException(javax.ws.rs.ForbiddenException) RestResource(org.graylog2.shared.rest.resources.RestResource) Collectors.maxBy(java.util.stream.Collectors.maxBy) UpdateUserPreferences(org.graylog2.rest.models.users.requests.UpdateUserPreferences) ApiResponse(io.swagger.annotations.ApiResponse) ValidationException(org.graylog2.plugin.database.ValidationException) RestPermissions(org.graylog2.shared.security.RestPermissions) USERS_EDIT(org.graylog2.shared.security.RestPermissions.USERS_EDIT) PUT(javax.ws.rs.PUT) User(org.graylog2.plugin.database.users.User) Role(org.graylog2.shared.users.Role) Comparator(java.util.Comparator) Collections(java.util.Collections) User(org.graylog2.plugin.database.users.User) MongoDbSession(org.graylog2.security.MongoDbSession) Optional(java.util.Optional) UserSummary(org.graylog2.rest.models.users.responses.UserSummary) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 17 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class DeflectorResource method cycle.

@POST
@Timed
@ApiOperation(value = "Cycle deflector to new/next index in index set")
@RequiresPermissions(RestPermissions.DEFLECTOR_CYCLE)
@Path("/{indexSetId}/cycle")
@RestrictToMaster
@AuditEvent(type = AuditEventTypes.ES_WRITE_INDEX_UPDATE_JOB_START)
public void cycle(@ApiParam(name = "indexSetId") @PathParam("indexSetId") String indexSetId) {
    final IndexSet indexSet = getIndexSet(indexSetRegistry, indexSetId);
    checkCycle(indexSet);
    final String msg = "Cycling deflector for index set <" + indexSetId + ">. Reason: REST request.";
    LOG.info(msg);
    activityWriter.write(new Activity(msg, DeflectorResource.class));
    indexSet.cycle();
}
Also used : Activity(org.graylog2.shared.system.activities.Activity) IndexSet(org.graylog2.indexer.IndexSet) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) POST(javax.ws.rs.POST) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) RestrictToMaster(org.graylog2.shared.security.RestrictToMaster)

Example 18 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project OpenAttestation by OpenAttestation.

the class BulkHostTrust method getTrustSaml.

/**
         * REST Web Service Example: GET /hosts/trust?hosts=host_name_1
         * ,host_name_2,host_name_3&force_verify=true
         *
         * @param hosts
         * @param forceVerify
     * @param timeout
         * @return
         */
@GET
@Produces({ MediaType.APPLICATION_XML })
@Path("/trust/saml")
//@RolesAllowed({"Attestation", "Report"})
@RequiresPermissions("host_attestations:create,retrieve")
public String getTrustSaml(@QueryParam("hosts") String hosts, @QueryParam("force_verify") @DefaultValue("false") Boolean forceVerify, //                        @QueryParam("threads") @DefaultValue("5") Integer threads, // bug #503 max threads now global and configured in properties file
@QueryParam("timeout") @DefaultValue("600") Integer timeout) {
    ValidationUtil.validate(hosts);
    Integer myTimeOut = timeout;
    // Modified the default time out back to 600 seconds as we are seeing time out issues. 30 seconds short for VMware hosts.
    if (timeout == 600) {
        log.info("getTrustSaml called with default timeout, checking config");
        myTimeOut = ASConfig.getConfiguration().getInt("com.intel.mountwilson.as.attestation.hostTimeout", 600);
        log.debug("getTrustSaml config returned back" + myTimeOut);
    }
    if (hosts == null || hosts.length() == 0) {
        throw new ASException(com.intel.mtwilson.datatypes.ErrorCode.AS_MISSING_INPUT, "hosts");
    }
    Set<String> hostSet = new HashSet<String>();
    // bug #783  make sure that we only pass to the next layer hostnames that are likely to be valid 
    for (String host : Arrays.asList(hosts.split(","))) {
        log.debug("Host: '{}'", host);
        if (!(host.trim().isEmpty() || host.trim() == null)) {
            hostSet.add(host.trim());
        }
    }
    BulkHostTrustBO bulkHostTrustBO = new BulkHostTrustBO(/*threads, */
    myTimeOut);
    String result = bulkHostTrustBO.getBulkTrustSaml(hostSet, forceVerify);
    return result;
}
Also used : BulkHostTrustBO(com.intel.mtwilson.as.business.trust.BulkHostTrustBO) ASException(com.intel.mountwilson.as.common.ASException) HashSet(java.util.HashSet) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 19 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class ClusterSystemResource method threadDump.

@GET
@Timed
@ApiOperation(value = "Get a thread dump of the given node")
@RequiresPermissions(RestPermissions.THREADS_DUMP)
@Path("{nodeId}/threaddump")
public SystemThreadDumpResponse threadDump(@ApiParam(name = "nodeId", value = "The id of the node where processing will be paused.", required = true) @PathParam("nodeId") String nodeId) throws IOException, NodeNotFoundException {
    final Node targetNode = nodeService.byNodeId(nodeId);
    final RemoteSystemResource remoteSystemResource = remoteInterfaceProvider.get(targetNode, this.authenticationToken, RemoteSystemResource.class);
    final Response<SystemThreadDumpResponse> response = remoteSystemResource.threadDump().execute();
    if (response.isSuccessful()) {
        return response.body();
    } else {
        LOG.warn("Unable to get thread dump on node {}: {}", nodeId, response.message());
        throw new WebApplicationException(response.message(), BAD_GATEWAY);
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RemoteSystemResource(org.graylog2.shared.rest.resources.system.RemoteSystemResource) Node(org.graylog2.cluster.Node) SystemThreadDumpResponse(org.graylog2.rest.models.system.responses.SystemThreadDumpResponse) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 20 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class SavedSearchesResource method create.

@POST
@Timed
@ApiOperation(value = "Create a new saved search")
@RequiresPermissions(RestPermissions.SAVEDSEARCHES_CREATE)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponse(code = 400, message = "Validation error")
@AuditEvent(type = AuditEventTypes.SAVED_SEARCH_CREATE)
public Response create(@ApiParam(name = "JSON body", required = true) @Valid CreateSavedSearchRequest cr) throws ValidationException {
    if (!isTitleTaken("", cr.title())) {
        final String msg = "Cannot save search " + cr.title() + ". Title is already taken.";
        throw new BadRequestException(msg);
    }
    final SavedSearch search = savedSearchService.create(cr.title(), cr.query(), getCurrentUser().getName(), Tools.nowUTC());
    final String id = savedSearchService.save(search);
    final URI searchUri = getUriBuilderToSelf().path(SavedSearchesResource.class).path("{searchId}").build(id);
    return Response.created(searchUri).entity(ImmutableMap.of("search_id", id)).build();
}
Also used : SavedSearch(org.graylog2.savedsearches.SavedSearch) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ApiResponse(io.swagger.annotations.ApiResponse)

Aggregations

RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)45 ApiOperation (io.swagger.annotations.ApiOperation)42 Timed (com.codahale.metrics.annotation.Timed)30 Path (javax.ws.rs.Path)27 AuditEvent (org.graylog2.audit.jersey.AuditEvent)24 Produces (javax.ws.rs.Produces)23 GET (javax.ws.rs.GET)19 ApiResponses (io.swagger.annotations.ApiResponses)16 POST (javax.ws.rs.POST)16 BadRequestException (javax.ws.rs.BadRequestException)13 Consumes (javax.ws.rs.Consumes)12 URI (java.net.URI)9 NotFoundException (javax.ws.rs.NotFoundException)9 PUT (javax.ws.rs.PUT)8 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)7 User (org.graylog2.plugin.database.users.User)7 Output (org.graylog2.plugin.streams.Output)7 DELETE (javax.ws.rs.DELETE)6 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)5 RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial