Search in sources :

Example 1 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method deleteGroup.

@DELETE
@Path("groups/{groupName}")
public Response deleteGroup(@PathParam("groupName") String groupName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:group");
    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            if (confManager.deleteGroup(groupName)) {
                return Response.ok().build();
            }
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not delete group").build();
}
Also used : ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ANNISSecurityManager(annis.security.ANNISSecurityManager) Subject(org.apache.shiro.subject.Subject) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE)

Example 2 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method listUsers.

@GET
@Path("users")
@Produces("application/xml")
public List<User> listUsers() {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:user");
    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            return confManager.listAllUsers();
        }
    }
    return new LinkedList<>();
}
Also used : ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ANNISSecurityManager(annis.security.ANNISSecurityManager) Subject(org.apache.shiro.subject.Subject) LinkedList(java.util.LinkedList) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 3 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method getUser.

@GET
@Path("users/{userName}")
@Produces("application/xml")
@Override
public User getUser(@PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:user");
    ANNISUserConfigurationManager conf = getConfManager();
    if (conf != null) {
        User u = conf.getUser(userName);
        if (u == null) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        // remove the password hash from the result, we don't want someone with
        // lower adminstration rights to crack it
        u.setPasswordHash("");
        return u;
    }
    throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
Also used : User(annis.security.User) WebApplicationException(javax.ws.rs.WebApplicationException) ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) Subject(org.apache.shiro.subject.Subject) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 4 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method deleteUser.

@DELETE
@Path("users/{userName}")
public Response deleteUser(@PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");
    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            if (confManager.deleteUser(userName)) {
                // also delete any possible user configs
                adminDao.deleteUserConfig(userName);
                // if no error until here everything went well
                return Response.ok().build();
            }
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not delete user").build();
}
Also used : ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ANNISSecurityManager(annis.security.ANNISSecurityManager) Subject(org.apache.shiro.subject.Subject) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE)

Example 5 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method updateOrCreateGroup.

@PUT
@Path("groups/{groupName}")
@Consumes("application/xml")
public Response updateOrCreateGroup(Group group, @PathParam("groupName") String groupName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:group");
    if (!groupName.equals(group.getName())) {
        return Response.status(Response.Status.BAD_REQUEST).entity("Group name in object is not the same as in path").build();
    }
    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            if (confManager.writeGroup(group)) {
                return Response.ok().build();
            }
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not update/create group").build();
}
Also used : ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ANNISSecurityManager(annis.security.ANNISSecurityManager) Subject(org.apache.shiro.subject.Subject) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Aggregations

ANNISUserConfigurationManager (annis.security.ANNISUserConfigurationManager)7 Path (javax.ws.rs.Path)7 Subject (org.apache.shiro.subject.Subject)7 ANNISSecurityManager (annis.security.ANNISSecurityManager)5 Produces (javax.ws.rs.Produces)4 GET (javax.ws.rs.GET)3 User (annis.security.User)2 LinkedList (java.util.LinkedList)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2 ANNISUserRealm (annis.security.ANNISUserRealm)1 POST (javax.ws.rs.POST)1 PUT (javax.ws.rs.PUT)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 SecureRandomNumberGenerator (org.apache.shiro.crypto.SecureRandomNumberGenerator)1 Sha256Hash (org.apache.shiro.crypto.hash.Sha256Hash)1 Shiro1CryptFormat (org.apache.shiro.crypto.hash.format.Shiro1CryptFormat)1 ByteSource (org.apache.shiro.util.ByteSource)1