Example 16 with PermitAll
use of javax.annotation.security.PermitAll in project jeeshop by remibantos.
the class Users method resetPassword.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{userLogin}/password")
@PermitAll
public void resetPassword(@Context SecurityContext securityContext, @NotNull @PathParam("userLogin") String userLogin, @QueryParam("token") String token, @NotNull String newPassword) {
User user;
if (securityContext.isUserInRole(ADMIN)) {
user = userFinder.findByLogin(userLogin);
} else if (securityContext.isUserInRole(USER)) {
user = userFinder.findByLogin(securityContext.getUserPrincipal().getName());
if (!userLogin.equals(user.getLogin())) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} else {
user = userFinder.findByLogin(userLogin);
if (user == null || !user.getActionToken().equals(UUID.fromString(token))) {
throw new WebApplicationException(Response.Status.NOT_FOUND);
}
user.setActionToken(null);
}
user.setPassword(hashSha256Base64(newPassword));
user.setActivated(true);
sendMail(user, Mails.userChangePassword);
}
Also used :
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
PermitAll(javax.annotation.security.PermitAll)
Example 17 with PermitAll
use of javax.annotation.security.PermitAll in project jeeshop by remibantos.
the class Users method resetPassword.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{userLogin}/password")
@PermitAll
public void resetPassword(@NotNull @PathParam("userLogin") String userLogin, @QueryParam("token") String token, @NotNull String newPassword) {
User user;
if (sessionContext.isCallerInRole(ADMIN)) {
user = userFinder.findByLogin(userLogin);
} else if (sessionContext.isCallerInRole(USER)) {
user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());
if (!userLogin.equals(user.getLogin())) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} else {
user = userFinder.findByLogin(userLogin);
if (user == null || !user.getActionToken().equals(UUID.fromString(token))) {
throw new WebApplicationException(Response.Status.NOT_FOUND);
}
user.setActionToken(null);
}
user.setPassword(hashSha256Base64(newPassword));
user.setActivated(true);
sendMail(user, Mails.userChangePassword);
}
Also used :
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
PermitAll(javax.annotation.security.PermitAll)
Example 18 with PermitAll
use of javax.annotation.security.PermitAll in project Payara by payara.
the class AbstractAuthAnnotationHandler method validateAccessControlAnnotations.
/**
* This method checks whether annotations are compatible.
* One cannot have two or more of the @DenyAll, @PermitAll, @RoleAllowed.
*
* @param ainfo
* @return validity
*/
private boolean validateAccessControlAnnotations(AnnotationInfo ainfo) throws AnnotationProcessorException {
boolean validity = true;
AnnotatedElement ae = (AnnotatedElement) ainfo.getAnnotatedElement();
int count = 0;
boolean hasDenyAll = false;
count += (ae.isAnnotationPresent(RolesAllowed.class) ? 1 : 0);
if (ae.isAnnotationPresent(DenyAll.class)) {
count += 1;
hasDenyAll = true;
}
// continue the checking if not already more than one
if (count < 2 && ae.isAnnotationPresent(PermitAll.class)) {
count++;
}
if (count > 1) {
log(Level.SEVERE, ainfo, localStrings.getLocalString("enterprise.deployment.annotation.handlers.morethanoneauthannotation", "One cannot have more than one of @RolesAllowed, @PermitAll, @DenyAll in the same AnnotatedElement."));
validity = false;
}
return validity;
}
Also used :
RolesAllowed(javax.annotation.security.RolesAllowed)
AnnotatedElement(java.lang.reflect.AnnotatedElement)
PermitAll(javax.annotation.security.PermitAll)
Example 19 with PermitAll
use of javax.annotation.security.PermitAll in project traccar by traccar.
the class SessionResource method get.
@PermitAll
@GET
public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException {
Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY);
if (userId == null) {
Cookie[] cookies = request.getCookies();
String email = null, password = null;
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(USER_COOKIE_KEY)) {
byte[] emailBytes = DataConverter.parseBase64(URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
email = new String(emailBytes, StandardCharsets.UTF_8);
} else if (cookie.getName().equals(PASS_COOKIE_KEY)) {
byte[] passwordBytes = DataConverter.parseBase64(URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
password = new String(passwordBytes, StandardCharsets.UTF_8);
}
}
}
if (email != null && password != null) {
User user = Context.getPermissionsManager().login(email, password);
if (user != null) {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
}
} else if (token != null) {
User user = Context.getUsersManager().getUserByToken(token);
if (user != null) {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
}
}
}
if (userId != null) {
Context.getPermissionsManager().checkUserEnabled(userId);
return Context.getPermissionsManager().getUser(userId);
} else {
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
User(org.traccar.model.User)
WebApplicationException(javax.ws.rs.WebApplicationException)
GET(javax.ws.rs.GET)
PermitAll(javax.annotation.security.PermitAll)
Example 20 with PermitAll
use of javax.annotation.security.PermitAll in project traccar by traccar.
the class UserResource method add.
@Override
@PermitAll
@POST
public Response add(User entity) throws SQLException {
if (!Context.getPermissionsManager().getUserAdmin(getUserId())) {
Context.getPermissionsManager().checkUserUpdate(getUserId(), new User(), entity);
if (Context.getPermissionsManager().getUserManager(getUserId())) {
Context.getPermissionsManager().checkUserLimit(getUserId());
} else {
Context.getPermissionsManager().checkRegistration(getUserId());
entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit", -1));
int expirationDays = Context.getConfig().getInteger("users.defaultExpirationDays");
if (expirationDays > 0) {
entity.setExpirationTime(new Date(System.currentTimeMillis() + (long) expirationDays * 24 * 3600 * 1000));
}
}
}
Context.getUsersManager().addItem(entity);
LogAction.create(getUserId(), entity);
if (Context.getPermissionsManager().getUserManager(getUserId())) {
Context.getDataManager().linkObject(User.class, getUserId(), ManagedUser.class, entity.getId(), true);
LogAction.link(getUserId(), User.class, getUserId(), ManagedUser.class, entity.getId());
}
Context.getUsersManager().refreshUserItems();
return Response.ok(entity).build();
}
Also used :
ManagedUser(org.traccar.model.ManagedUser)
User(org.traccar.model.User)
Date(java.util.Date)
POST(javax.ws.rs.POST)
PermitAll(javax.annotation.security.PermitAll)
Aggregations
PermitAll (javax.annotation.security.PermitAll)36
ArrayList (java.util.ArrayList)8
User (org.traccar.model.User)8
POST (javax.ws.rs.POST)7
GET (javax.ws.rs.GET)6
Path (javax.ws.rs.Path)6
HashMap (java.util.HashMap)5
RolesAllowed (javax.annotation.security.RolesAllowed)5
DataTable (io.irontest.models.DataTable)4
UserDefinedProperty (io.irontest.models.UserDefinedProperty)4
Date (java.util.Date)4
Produces (javax.ws.rs.Produces)4
WebApplicationException (javax.ws.rs.WebApplicationException)4
Catalog (org.rembx.jeeshop.catalog.model.Catalog)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
Testcase (io.irontest.models.Testcase)3
HashSet (java.util.HashSet)3
LinkedHashMap (java.util.LinkedHashMap)3
JsonView (com.fasterxml.jackson.annotation.JsonView)2
Environment (io.irontest.models.Environment)2
