use of annis.security.User in project ANNIS by korpling.
the class AdminServiceImpl method getUser.
@GET
@Path("users/{userName}")
@Produces("application/xml")
@Override
public User getUser(@PathParam("userName") String userName) {
Subject requestingUser = SecurityUtils.getSubject();
requestingUser.checkPermission("admin:read:user");
ANNISUserConfigurationManager conf = getConfManager();
if (conf != null) {
User u = conf.getUser(userName);
if (u == null) {
throw new WebApplicationException(Response.Status.NOT_FOUND);
}
// remove the password hash from the result, we don't want someone with
// lower adminstration rights to crack it
u.setPasswordHash("");
return u;
}
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
use of annis.security.User in project ANNIS by korpling.
the class UserManagement method updateUsedGroupNamesAndPermissions.
private void updateUsedGroupNamesAndPermissions() {
usedGroupNames.clear();
usedPermissions.clear();
for (User u : users.values()) {
usedGroupNames.addAll(u.getGroups());
usedPermissions.addAll(u.getPermissions());
}
}
use of annis.security.User in project ANNIS by korpling.
the class UserManagement method fetchFromService.
public boolean fetchFromService() {
if (webResourceProvider != null) {
WebResource res = webResourceProvider.getWebResource().path("admin/users");
users.clear();
usedGroupNames.clear();
usedPermissions.clear();
try {
List<User> list = res.get(new GenericType<List<User>>() {
});
for (User u : list) {
users.put(u.getName(), u);
usedGroupNames.addAll(u.getGroups());
usedPermissions.addAll(u.getPermissions());
}
return true;
} catch (UniformInterfaceException ex) {
log.error("Could not get the list of users", ex);
}
}
return false;
}
use of annis.security.User in project ANNIS by korpling.
the class UserManagement method setPassword.
public User setPassword(String userName, String newPassword) {
User newUser = null;
if (webResourceProvider != null) {
WebResource res = webResourceProvider.getWebResource().path("admin/users").path(userName).path("password");
newUser = res.post(User.class, newPassword);
if (newUser != null) {
users.put(newUser.getName(), newUser);
}
}
return newUser;
}
use of annis.security.User in project ANNIS by korpling.
the class AdminServiceImpl method changePassword.
@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
Subject requestingUser = SecurityUtils.getSubject();
requestingUser.checkPermission("admin:write:user");
ANNISUserConfigurationManager confManager = getConfManager();
ANNISUserRealm userRealm = getUserRealm();
if (confManager != null && userRealm != null) {
User user = confManager.getUser(userName);
if (user == null) {
return Response.status(Response.Status.NOT_FOUND).build();
}
Shiro1CryptFormat format = new Shiro1CryptFormat();
SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
// 128 bit
ByteSource salt = generator.nextBytes(128 / 8);
Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
user.setPasswordHash(format.format(hash));
if (userRealm.updateUser(user)) {
return Response.ok().entity(user).build();
}
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}
Aggregations