Example 1 with Token
use of org.graylog2.rest.models.users.responses.Token in project graylog2-server by Graylog2.
the class PasswordAlgorithmCredentialsMatcher method doCredentialsMatch.
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
if (token instanceof UsernamePasswordToken && info instanceof UserAccount) {
final UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
final UserAccount userAccount = (UserAccount) info;
final User user = userAccount.getUser();
return user.isUserPassword(String.valueOf(usernamePasswordToken.getPassword()));
} else {
return false;
}
}
Also used :
User(org.graylog2.plugin.database.users.User)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Example 2 with Token
use of org.graylog2.rest.models.users.responses.Token in project graylog2-server by Graylog2.
the class PasswordAuthenticator method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authToken;
LOG.debug("Retrieving authc info for user {}", token.getUsername());
final User user = userService.load(token.getUsername());
if (user == null || user.isLocalAdmin()) {
// skip the local admin user here, it's ugly, but for auth that user is treated specially.
return null;
}
if (user.isExternalUser()) {
// we don't store passwords for LDAP users, so we can't handle them here.
LOG.trace("Skipping mongodb-based password check for LDAP user {}", token.getUsername());
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Found user {} to be authenticated with password.", user.getName());
}
return new UserAccount(token.getPrincipal(), user.getHashedPassword(), credentialsSalt, "graylog2MongoDbRealm", user);
}
Also used :
User(org.graylog2.plugin.database.users.User)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Example 3 with Token
use of org.graylog2.rest.models.users.responses.Token in project graylog2-server by Graylog2.
the class UsersResource method listTokens.
@GET
@Path("{username}/tokens")
@RequiresPermissions(RestPermissions.USERS_TOKENLIST)
@ApiOperation("Retrieves the list of access tokens for a user")
public TokenList listTokens(@ApiParam(name = "username", required = true) @PathParam("username") String username) {
final User user = _tokensCheckAndLoadUser(username);
final ImmutableList.Builder<Token> tokenList = ImmutableList.builder();
for (AccessToken token : accessTokenService.loadAll(user.getName())) {
tokenList.add(Token.create(token.getName(), token.getToken(), token.getLastAccess()));
}
return TokenList.create(tokenList.build());
}
Also used :
User(org.graylog2.plugin.database.users.User)
ImmutableList(com.google.common.collect.ImmutableList)
AccessToken(org.graylog2.security.AccessToken)
AccessToken(org.graylog2.security.AccessToken)
Token(org.graylog2.rest.models.users.responses.Token)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 4 with Token
use of org.graylog2.rest.models.users.responses.Token in project graylog2-server by Graylog2.
the class UsersResource method revokeToken.
@DELETE
@RequiresPermissions(RestPermissions.USERS_TOKENREMOVE)
@Path("{username}/tokens/{token}")
@ApiOperation("Removes a token for a user")
@AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_DELETE)
public void revokeToken(@ApiParam(name = "username", required = true) @PathParam("username") String username, @ApiParam(name = "token", required = true) @PathParam("token") String token) {
_tokensCheckAndLoadUser(username);
final AccessToken accessToken = accessTokenService.load(token);
if (accessToken != null) {
accessTokenService.destroy(accessToken);
} else {
throw new NotFoundException("Couldn't find access token for user " + username);
}
}
Also used :
AccessToken(org.graylog2.security.AccessToken)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
ApiOperation(io.swagger.annotations.ApiOperation)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
Example 5 with Token
use of org.graylog2.rest.models.users.responses.Token in project graylog2-server by Graylog2.
the class SearchResource method createRequestExceptionForParseFailure.
protected WebApplicationException createRequestExceptionForParseFailure(String query, SearchPhaseExecutionException e) {
LOG.warn("Unable to execute search: {}", e.getMessage());
QueryParseError errorMessage = QueryParseError.create(query, "Unable to execute search", e.getClass().getCanonicalName());
// We're so going to hell for this…
if (e.toString().contains("nested: QueryParsingException")) {
final QueryParser queryParser = new QueryParser("", new StandardAnalyzer());
try {
queryParser.parse(query);
} catch (ParseException parseException) {
Token currentToken = null;
try {
// FIXME I have no idea why this is necessary but without that call currentToken will be null.
final ParseException exception = queryParser.generateParseException();
currentToken = exception.currentToken;
} catch (NullPointerException npe) {
// "Normal" exception and no need to spam the logs with it.
LOG.debug("Exception thrown while generating parse exception.", npe);
}
if (currentToken == null) {
LOG.warn("No position/token available for ParseException.", parseException);
errorMessage = QueryParseError.create(query, parseException.getMessage(), parseException.getClass().getCanonicalName());
} else {
// scan for first usable token with position information
int beginColumn = 0;
int beginLine = 0;
int endColumn = 0;
int endLine = 0;
while (currentToken != null && beginLine == 0) {
beginColumn = currentToken.beginColumn;
beginLine = currentToken.beginLine;
endColumn = currentToken.endColumn;
endLine = currentToken.endLine;
currentToken = currentToken.next;
}
errorMessage = QueryParseError.create(query, beginColumn, beginLine, endColumn, endLine, parseException.getMessage(), parseException.getClass().getCanonicalName());
}
}
return new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(errorMessage).build());
} else {
return new InternalServerErrorException("Unable to fulfill search request", e);
}
}
Also used :
QueryParser(org.apache.lucene.queryparser.classic.QueryParser)
QueryParseError(org.graylog2.rest.resources.search.responses.QueryParseError)
StandardAnalyzer(org.apache.lucene.analysis.standard.StandardAnalyzer)
BadRequestException(javax.ws.rs.BadRequestException)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
Token(org.apache.lucene.queryparser.classic.Token)
ParseException(org.apache.lucene.queryparser.classic.ParseException)
Aggregations
User (org.graylog2.plugin.database.users.User)7
AccessToken (org.graylog2.security.AccessToken)4
ApiOperation (io.swagger.annotations.ApiOperation)3
Path (javax.ws.rs.Path)3
SimpleAccount (org.apache.shiro.authc.SimpleAccount)3
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3
AuditEvent (org.graylog2.audit.jersey.AuditEvent)2
ValidationException (org.graylog2.plugin.database.ValidationException)2
ImmutableList (com.google.common.collect.ImmutableList)1
BadRequestException (javax.ws.rs.BadRequestException)1
DELETE (javax.ws.rs.DELETE)1
GET (javax.ws.rs.GET)1
InternalServerErrorException (javax.ws.rs.InternalServerErrorException)1
NotFoundException (javax.ws.rs.NotFoundException)1
POST (javax.ws.rs.POST)1
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1
LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)1
