Examples with RolesAllowed javax.annotation.security.RolesAllowed used on opensource projects

Example 31 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project OpenTripPlanner by opentripplanner.

the class Routers method buildGraphOverWire.

/**
 * Build a graph from data in the ZIP file posted over the wire, associating it with the given router ID.
 * This method will be selected when the Content-Type is application/zip.
 */
@RolesAllowed({ "ROUTERS" })
@POST
@Path("{routerId}")
@Consumes({ "application/zip" })
@Produces({ MediaType.TEXT_PLAIN })
public Response buildGraphOverWire(@PathParam("routerId") String routerId, @QueryParam("preEvict") @DefaultValue("true") boolean preEvict, InputStream input) {
    if (preEvict) {
        LOG.debug("Pre-evicting graph with routerId {} before building new graph", routerId);
        otpServer.getGraphService().evictRouter(routerId);
    }
    // get a temporary directory, using Google Guava
    File tempDir = Files.createTempDir();
    // extract the zip file to the temp dir
    ZipInputStream zis = new ZipInputStream(input);
    try {
        for (ZipEntry entry = zis.getNextEntry(); entry != null; entry = zis.getNextEntry()) {
            if (entry.isDirectory())
                // we only support flat ZIP files
                return Response.status(Response.Status.BAD_REQUEST).entity("ZIP files containing directories are not supported").build();
            File file = new File(tempDir, entry.getName());
            if (!file.getParentFile().equals(tempDir))
                return Response.status(Response.Status.BAD_REQUEST).entity("ZIP files containing directories are not supported").build();
            OutputStream os = new FileOutputStream(file);
            ByteStreams.copy(zis, os);
            os.close();
        }
    } catch (Exception ex) {
        return Response.status(Response.Status.BAD_REQUEST).entity("Could not extract zip file: " + ex.getMessage()).build();
    }
    // set up the build, using default parameters
    // this is basically simulating calling otp -b on the command line
    CommandLineParameters params = otpServer.params.clone();
    params.build = tempDir;
    params.inMemory = true;
    GraphBuilder graphBuilder = GraphBuilder.forDirectory(params, tempDir);
    graphBuilder.run();
    // so we'll crash long before we get here . . .
    for (File file : tempDir.listFiles()) {
        file.delete();
    }
    tempDir.delete();
    Graph graph = graphBuilder.getGraph();
    graph.index(new DefaultStreetVertexIndexFactory());
    GraphService graphService = otpServer.getGraphService();
    graphService.registerGraph(routerId, new MemoryGraphSource(routerId, graph));
    return Response.status(Status.CREATED).entity(graph.toString() + "\n").build();
}

Example 32 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project testcases by coheigea.

the class DoubleItService method doubleIt.

@GET
@Produces("application/xml")
@Path("/{numberToDouble}/")
@RolesAllowed({ "User", "Admin", "Manager" })
public Number doubleIt(@PathParam("numberToDouble") int numberToDouble) {
    Number newNumber = new Number();
    newNumber.setDescription("This is the double number response");
    newNumber.setNumber(numberToDouble * 2);
    return newNumber;
}

Example 33 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project wildfly by wildfly.

the class SecuredStatelessBean method method.

@RolesAllowed("allowed")
public Future<Boolean> method() throws InterruptedException, ExecutionException {
    try {
        if (!startLatch.await(5, TimeUnit.SECONDS)) {
            throw new RuntimeException("Invocation was not asynchronous");
        }
    } catch (InterruptedException e) {
        throw new RuntimeException(e);
    }
    SecuredStatelessLocal localSearchedBean = null;
    try {
        Context context = new InitialContext();
        localSearchedBean = (SecuredStatelessLocal) context.lookup("java:module/" + SecuredStatelessBean.class.getSimpleName() + "!" + SecuredStatelessLocal.class.getName());
    } catch (NamingException e) {
        throw new RuntimeException(e);
    }
    final CountDownLatch latchLocal = new CountDownLatch(1);
    final Future<Boolean> future = localSearchedBean.localSecured(latchLocal);
    latchLocal.countDown();
    boolean result = future.get();
    Assert.assertTrue(result);
    return new AsyncResult<Boolean>(true);
}

Example 34 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project tomee by apache.

the class MPJWTSecurityAnnotationsInterceptorsFeature method processSecurityAnnotations.

private boolean processSecurityAnnotations(final Class clazz, final Method method) {
    final List<Class<? extends Annotation>[]> classSecurityAnnotations = hasClassLevelAnnotations(clazz, RolesAllowed.class, PermitAll.class, DenyAll.class);
    final List<Class<? extends Annotation>[]> methodSecurityAnnotations = hasMethodLevelAnnotations(method, RolesAllowed.class, PermitAll.class, DenyAll.class);
    if (classSecurityAnnotations.isEmpty() && methodSecurityAnnotations.isEmpty()) {
        // nothing to do
        return false;
    }
    /*
         * Process annotations at the class level
         */
    if (classSecurityAnnotations.size() > 1) {
        throw new IllegalStateException(clazz.getName() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
    }
    if (methodSecurityAnnotations.size() > 1) {
        throw new IllegalStateException(method.toString() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
    }
    if (methodSecurityAnnotations.isEmpty()) {
        // no need to deal with class level annotations if the method has some
        final RolesAllowed classRolesAllowed = (RolesAllowed) clazz.getAnnotation(RolesAllowed.class);
        final PermitAll classPermitAll = (PermitAll) clazz.getAnnotation(PermitAll.class);
        final DenyAll classDenyAll = (DenyAll) clazz.getAnnotation(DenyAll.class);
        if (classRolesAllowed != null) {
            Set<String> roles = new HashSet<>();
            final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
            if (previous != null) {
                roles = previous;
            }
            roles.addAll(Arrays.asList(classRolesAllowed.value()));
        }
        if (classPermitAll != null) {
            permitAll.add(method);
        }
        if (classDenyAll != null) {
            denyAll.add(method);
        }
    }
    final RolesAllowed mthdRolesAllowed = method.getAnnotation(RolesAllowed.class);
    final PermitAll mthdPermitAll = method.getAnnotation(PermitAll.class);
    final DenyAll mthdDenyAll = method.getAnnotation(DenyAll.class);
    if (mthdRolesAllowed != null) {
        Set<String> roles = new HashSet<>();
        final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
        if (previous != null) {
            roles = previous;
        }
        roles.addAll(Arrays.asList(mthdRolesAllowed.value()));
    }
    if (mthdPermitAll != null) {
        permitAll.add(method);
    }
    if (mthdDenyAll != null) {
        denyAll.add(method);
    }
    return true;
}

Example 35 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project aries by apache.

the class SecurityAnnoationParserTest method getRoles.

private String[] getRoles(String methodName) throws NoSuchMethodException {
    Annotation ann = getEffective(methodName);
    Assert.assertTrue(ann instanceof RolesAllowed);
    return ((RolesAllowed) ann).value();
}