Example 16 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class UserSettingController method createDefaultSetting.
/**
* Creates a default setting of the given username.
* The setting inputs should be represented as pairs of keys and
* values (a map). The keys must only contains alphabets, numbers,
* hypens or underscores.
*
* @param context
* security context
* @param username
* username
* @param map
* the default setting
* @return status code 201 if a new resource is created, or 200 if
* an existing resource is edited.
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@ResourceFilters({ AuthenticationFilter.class, PiwikFilter.class, BlockingFilter.class })
public Response createDefaultSetting(@Context SecurityContext context, @PathParam("username") String username, Map<String, Object> map) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
try {
scopeService.verifyScope(tokenContext, OAuth2Scope.CREATE_DEFAULT_SETTING);
int statusCode = settingService.handlePutRequest(username, map, tokenContext.getUsername());
return Response.status(statusCode).build();
} catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
ResourceFilters(com.sun.jersey.spi.container.ResourceFilters)
Consumes(javax.ws.rs.Consumes)
PUT(javax.ws.rs.PUT)
Example 17 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class UserSettingController method deleteDefaultSetting.
/**
* Deletes the default setting of the given username. If such a
* setting does not exists, no error will be thrown and response
* status 200 will be returned since the purpose of the request
* has been achieved.
*
* @param context
* @param username
* a username
* @return 200 if the request is successful
*/
@DELETE
@ResourceFilters({ AuthenticationFilter.class, PiwikFilter.class, BlockingFilter.class })
public Response deleteDefaultSetting(@Context SecurityContext context, @PathParam("username") String username) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
try {
scopeService.verifyScope(tokenContext, OAuth2Scope.DELETE_DEFAULT_SETTING);
settingService.deleteSetting(username, tokenContext.getUsername());
return Response.ok().build();
} catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
ResourceFilters(com.sun.jersey.spi.container.ResourceFilters)
DELETE(javax.ws.rs.DELETE)
Example 18 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class VirtualCorpusController method deleteVCAccessById.
/**
* Only VCA Admins and system admins are allowed to delete a
* VC-access.
*
* <br /><br />
* Not allowed via third-party apps.
*
* @param securityContext
* @param accessId
* @return
*/
@DELETE
@Path("access/{accessId}")
public Response deleteVCAccessById(@Context SecurityContext securityContext, @PathParam("accessId") int accessId) {
TokenContext context = (TokenContext) securityContext.getUserPrincipal();
try {
scopeService.verifyScope(context, OAuth2Scope.DELETE_VC_ACCESS);
service.deleteQueryAccess(accessId, context.getUsername());
} catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
}
return Response.ok().build();
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Example 19 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class VirtualCorpusController method shareVC.
/**
* VC can only be shared with a group, not individuals.
* Only VCA admins are allowed to share VC and the VC must have
* been created by themselves.
*
* <br /><br />
* Not allowed via third-party apps.
*
* @param securityContext
* @param vcCreator
* the username of the vc creator
* @param vcName
* the name of the vc
* @param groupName
* the name of the group to share
* @return HTTP status 200, if successful
*/
@POST
@Path("~{vcCreator}/{vcName}/share/@{groupName}")
public Response shareVC(@Context SecurityContext securityContext, @PathParam("vcCreator") String vcCreator, @PathParam("vcName") String vcName, @PathParam("groupName") String groupName) {
TokenContext context = (TokenContext) securityContext.getUserPrincipal();
try {
scopeService.verifyScope(context, OAuth2Scope.SHARE_VC);
service.shareQuery(context.getUsername(), vcCreator, vcName, groupName);
} catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
}
return Response.ok("SUCCESS").build();
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 20 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class APIAuthentication method createTokenContext.
@Override
public TokenContext createTokenContext(User user, Map<String, Object> attr) throws KustvaktException {
TokenContext c = new TokenContext();
c.setUsername(user.getUsername());
SignedJWT jwt = signedToken.createJWT(user, attr);
try {
c.setExpirationTime(jwt.getJWTClaimsSet().getExpirationTime().getTime());
if (DEBUG) {
jlog.debug(jwt.getJWTClaimsSet().getClaim(Attributes.AUTHENTICATION_TIME));
}
Date authTime = jwt.getJWTClaimsSet().getDateClaim(Attributes.AUTHENTICATION_TIME);
ZonedDateTime time = ZonedDateTime.ofInstant(authTime.toInstant(), ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
c.setAuthenticationTime(time);
} catch (ParseException e) {
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
}
c.setTokenType(getTokenType());
c.setToken(jwt.serialize());
// id_tokens.put(new Element(c.getToken(), c));
return c;
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
ZonedDateTime(java.time.ZonedDateTime)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
Date(java.util.Date)
Aggregations
TokenContext (de.ids_mannheim.korap.security.context.TokenContext)62
KustvaktException (de.ids_mannheim.korap.exceptions.KustvaktException)54
Path (javax.ws.rs.Path)40
Consumes (javax.ws.rs.Consumes)21
POST (javax.ws.rs.POST)19
User (de.ids_mannheim.korap.user.User)16
ResourceFilters (com.sun.jersey.spi.container.ResourceFilters)15
GET (javax.ws.rs.GET)11
KorAPUser (de.ids_mannheim.korap.user.KorAPUser)10
DELETE (javax.ws.rs.DELETE)10
Produces (javax.ws.rs.Produces)9
Userdata (de.ids_mannheim.korap.user.Userdata)5
ZonedDateTime (java.time.ZonedDateTime)5
HashMap (java.util.HashMap)4
PUT (javax.ws.rs.PUT)4
AuthorizationData (de.ids_mannheim.korap.authentication.http.AuthorizationData)3
FormRequestWrapper (de.ids_mannheim.korap.web.utils.FormRequestWrapper)3
HashSet (java.util.HashSet)3
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)3
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)3
