Examples with BadRequestException javax.ws.rs.BadRequestException used on opensource projects

Example 51 with BadRequestException

use of javax.ws.rs.BadRequestException in project graylog2-server by Graylog2.

the class UsersResource method changePassword.

@PUT
@Path("{username}/password")
@ApiOperation("Update the password for a user.")
@ApiResponses({ @ApiResponse(code = 204, message = "The password was successfully updated. Subsequent requests must be made with the new password."), @ApiResponse(code = 400, message = "The new password is missing, or the old password is missing or incorrect."), @ApiResponse(code = 403, message = "The requesting user has insufficient privileges to update the password for the given user."), @ApiResponse(code = 404, message = "User does not exist.") })
@AuditEvent(type = AuditEventTypes.USER_PASSWORD_UPDATE)
public void changePassword(@ApiParam(name = "username", value = "The name of the user whose password to change.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The old and new passwords.", required = true) @Valid ChangePasswordRequest cr) throws ValidationException {
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("Couldn't find user " + username);
    }
    if (!getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":" + user.getName())) {
        throw new ForbiddenException("Not allowed to change password for user " + username);
    }
    if (user.isExternalUser()) {
        final String msg = "Cannot change password for LDAP user.";
        LOG.error(msg);
        throw new ForbiddenException(msg);
    }
    boolean checkOldPassword = true;
    // the rationale is to prevent accidental or malicious change of admin passwords (e.g. to prevent locking out legitimate admins)
    if (getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":*")) {
        if (username.equals(getSubject().getPrincipal())) {
            LOG.debug("User {} is allowed to change the password of any user, but attempts to change own password. Must supply the old password.", getSubject().getPrincipal());
            checkOldPassword = true;
        } else {
            LOG.debug("User {} is allowed to change the password for any user, including {}, ignoring old password", getSubject().getPrincipal(), username);
            checkOldPassword = false;
        }
    }
    boolean changeAllowed = false;
    if (checkOldPassword) {
        if (user.isUserPassword(cr.oldPassword())) {
            changeAllowed = true;
        }
    } else {
        changeAllowed = true;
    }
    if (changeAllowed) {
        user.setPassword(cr.password());
        userService.save(user);
    } else {
        throw new BadRequestException("Old password is missing or incorrect.");
    }
}

Example 52 with BadRequestException

use of javax.ws.rs.BadRequestException in project graylog2-server by Graylog2.

the class InputsResource method create.

@POST
@Timed
@ApiOperation(value = "Launch input on this node", response = InputCreated.class)
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such input type registered"), @ApiResponse(code = 400, message = "Missing or invalid configuration"), @ApiResponse(code = 400, message = "Type is exclusive and already has input running") })
@RequiresPermissions(RestPermissions.INPUTS_CREATE)
@AuditEvent(type = AuditEventTypes.MESSAGE_INPUT_CREATE)
public Response create(@ApiParam(name = "JSON body", required = true) @Valid @NotNull InputCreateRequest lr) throws ValidationException {
    try {
        // TODO Configuration type values need to be checked. See ConfigurationMapConverter.convertValues()
        final MessageInput messageInput = messageInputFactory.create(lr, getCurrentUser().getName(), lr.node());
        messageInput.checkConfiguration();
        final Input input = this.inputService.create(messageInput.asMap());
        final String newId = inputService.save(input);
        final URI inputUri = getUriBuilderToSelf().path(InputsResource.class).path("{inputId}").build(newId);
        return Response.created(inputUri).entity(InputCreated.create(newId)).build();
    } catch (NoSuchInputTypeException e) {
        LOG.error("There is no such input type registered.", e);
        throw new NotFoundException("There is no such input type registered.", e);
    } catch (ConfigurationException e) {
        LOG.error("Missing or invalid input configuration.", e);
        throw new BadRequestException("Missing or invalid input configuration.", e);
    }
}

Example 53 with BadRequestException

use of javax.ws.rs.BadRequestException in project graylog2-server by Graylog2.

the class StaticFieldsResource method create.

@POST
@Timed
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add a static field to an input")
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such input on this node."), @ApiResponse(code = 400, message = "Field/Key is reserved."), @ApiResponse(code = 400, message = "Missing or invalid configuration.") })
@AuditEvent(type = AuditEventTypes.STATIC_FIELD_CREATE)
public Response create(@ApiParam(name = "inputId", required = true) @PathParam("inputId") String inputId, @ApiParam(name = "JSON body", required = true) @Valid @NotNull CreateStaticFieldRequest csfr) throws NotFoundException, ValidationException {
    checkPermission(RestPermissions.INPUTS_EDIT, inputId);
    final MessageInput input = persistedInputs.get(inputId);
    if (input == null) {
        final String msg = "Input <" + inputId + "> not found.";
        LOG.error(msg);
        throw new javax.ws.rs.NotFoundException(msg);
    }
    // Check if key is a valid message key.
    if (!Message.validKey(csfr.key())) {
        final String msg = "Invalid key: [" + csfr.key() + "]";
        LOG.error(msg);
        throw new BadRequestException(msg);
    }
    if (Message.RESERVED_FIELDS.contains(csfr.key()) && !Message.RESERVED_SETTABLE_FIELDS.contains(csfr.key())) {
        final String message = "Cannot add static field. Field [" + csfr.key() + "] is reserved.";
        LOG.error(message);
        throw new BadRequestException(message);
    }
    input.addStaticField(csfr.key(), csfr.value());
    final Input mongoInput = inputService.find(input.getPersistId());
    inputService.addStaticField(mongoInput, csfr.key(), csfr.value());
    final String msg = "Added static field [" + csfr.key() + "] to input <" + inputId + ">.";
    LOG.info(msg);
    activityWriter.write(new Activity(msg, StaticFieldsResource.class));
    final URI inputUri = getUriBuilderToSelf().path(InputsResource.class).path("{inputId}").build(mongoInput.getId());
    return Response.created(inputUri).build();
}

Example 54 with BadRequestException

use of javax.ws.rs.BadRequestException in project graylog2-server by Graylog2.

the class SystemJobResource method trigger.

@POST
@Timed
@ApiOperation(value = "Trigger new job")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 202, message = "Job accepted."), @ApiResponse(code = 400, message = "There is no such systemjob type."), @ApiResponse(code = 403, message = "Maximum concurrency level of this systemjob type reached.") })
@AuditEvent(type = AuditEventTypes.SYSTEM_JOB_START)
public Response trigger(@ApiParam(name = "JSON body", required = true) @Valid @NotNull TriggerRequest tr) {
    // TODO cleanup jobId vs jobName checking in permissions
    checkPermission(RestPermissions.SYSTEMJOBS_CREATE, tr.jobName());
    SystemJob job;
    try {
        job = systemJobFactory.build(tr.jobName());
    } catch (NoSuchJobException e) {
        LOG.error("Such a system job type does not exist. Returning HTTP 400.");
        throw new BadRequestException(e);
    }
    try {
        systemJobManager.submit(job);
    } catch (SystemJobConcurrencyException e) {
        LOG.error("Maximum concurrency level of this job reached. ", e);
        throw new ForbiddenException("Maximum concurrency level of this job reached", e);
    }
    return Response.accepted().entity(ImmutableMap.of("system_job_id", job.getId())).build();
}

Example 55 with BadRequestException

use of javax.ws.rs.BadRequestException in project graylog2-server by Graylog2.

the class LdapResource method readGroups.

@GET
@ApiOperation(value = "Get the available LDAP groups", notes = "")
@RequiresPermissions(RestPermissions.LDAPGROUPS_READ)
@Path("/groups")
@Produces(MediaType.APPLICATION_JSON)
public Set<String> readGroups() {
    final LdapSettings ldapSettings = firstNonNull(ldapSettingsService.load(), ldapSettingsFactory.createEmpty());
    if (!ldapSettings.isEnabled()) {
        throw new BadRequestException("LDAP is disabled.");
    }
    if (isNullOrEmpty(ldapSettings.getGroupSearchBase()) || isNullOrEmpty(ldapSettings.getGroupIdAttribute())) {
        throw new BadRequestException("LDAP group configuration settings are not set.");
    }
    final LdapConnectionConfig config = new LdapConnectionConfig();
    final URI ldapUri = ldapSettings.getUri();
    config.setLdapHost(ldapUri.getHost());
    config.setLdapPort(ldapUri.getPort());
    config.setUseSsl(ldapUri.getScheme().startsWith("ldaps"));
    config.setUseTls(ldapSettings.isUseStartTls());
    if (ldapSettings.isTrustAllCertificates()) {
        config.setTrustManagers(new TrustAllX509TrustManager());
    }
    if (!isNullOrEmpty(ldapSettings.getSystemUserName()) && !isNullOrEmpty(ldapSettings.getSystemPassword())) {
        config.setName(ldapSettings.getSystemUserName());
        config.setCredentials(ldapSettings.getSystemPassword());
    }
    try (LdapNetworkConnection connection = ldapConnector.connect(config)) {
        return ldapConnector.listGroups(connection, ldapSettings.getGroupSearchBase(), ldapSettings.getGroupSearchPattern(), ldapSettings.getGroupIdAttribute());
    } catch (IOException | LdapException e) {
        LOG.error("Unable to retrieve available LDAP groups", e);
        throw new InternalServerErrorException("Unable to retrieve available LDAP groups", e);
    }
}