Search in sources :

Example 6 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method changePassword.

@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");
    ANNISUserConfigurationManager confManager = getConfManager();
    ANNISUserRealm userRealm = getUserRealm();
    if (confManager != null && userRealm != null) {
        User user = confManager.getUser(userName);
        if (user == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        Shiro1CryptFormat format = new Shiro1CryptFormat();
        SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
        // 128 bit
        ByteSource salt = generator.nextBytes(128 / 8);
        Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
        user.setPasswordHash(format.format(hash));
        if (userRealm.updateUser(user)) {
            return Response.ok().entity(user).build();
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}
Also used : User(annis.security.User) SecureRandomNumberGenerator(org.apache.shiro.crypto.SecureRandomNumberGenerator) Sha256Hash(org.apache.shiro.crypto.hash.Sha256Hash) ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ByteSource(org.apache.shiro.util.ByteSource) ANNISUserRealm(annis.security.ANNISUserRealm) Subject(org.apache.shiro.subject.Subject) Shiro1CryptFormat(org.apache.shiro.crypto.hash.format.Shiro1CryptFormat) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 7 with ANNISUserConfigurationManager

use of annis.security.ANNISUserConfigurationManager in project ANNIS by korpling.

the class AdminServiceImpl method listGroups.

@GET
@Path("groups")
@Produces("application/xml")
public List<Group> listGroups() {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:group");
    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            return new LinkedList<>(confManager.getGroups().values());
        }
    }
    return new LinkedList<>();
}
Also used : ANNISUserConfigurationManager(annis.security.ANNISUserConfigurationManager) ANNISSecurityManager(annis.security.ANNISSecurityManager) Subject(org.apache.shiro.subject.Subject) LinkedList(java.util.LinkedList) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

ANNISUserConfigurationManager (annis.security.ANNISUserConfigurationManager)7 Path (javax.ws.rs.Path)7 Subject (org.apache.shiro.subject.Subject)7 ANNISSecurityManager (annis.security.ANNISSecurityManager)5 Produces (javax.ws.rs.Produces)4 GET (javax.ws.rs.GET)3 User (annis.security.User)2 LinkedList (java.util.LinkedList)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2 ANNISUserRealm (annis.security.ANNISUserRealm)1 POST (javax.ws.rs.POST)1 PUT (javax.ws.rs.PUT)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 SecureRandomNumberGenerator (org.apache.shiro.crypto.SecureRandomNumberGenerator)1 Sha256Hash (org.apache.shiro.crypto.hash.Sha256Hash)1 Shiro1CryptFormat (org.apache.shiro.crypto.hash.format.Shiro1CryptFormat)1 ByteSource (org.apache.shiro.util.ByteSource)1