Examples with ForbiddenException javax.ws.rs.ForbiddenException used on opensource projects

Example 6 with ForbiddenException

use of javax.ws.rs.ForbiddenException in project graylog2-server by Graylog2.

the class SystemProcessingResource method resumeProcessing.

@PUT
@Timed
@ApiOperation(value = "Resume message processing")
@Path("resume")
@AuditEvent(type = AuditEventTypes.MESSAGE_PROCESSING_START)
public void resumeProcessing() {
    checkPermission(RestPermissions.PROCESSING_CHANGESTATE, serverStatus.getNodeId().toString());
    try {
        serverStatus.resumeMessageProcessing();
    } catch (ProcessingPauseLockedException e) {
        LOG.error("Message processing pause is locked. Returning HTTP 403.");
        throw new ForbiddenException(e);
    }
    LOG.info("Resumed message processing - triggered by REST call.");
}

Example 7 with ForbiddenException

use of javax.ws.rs.ForbiddenException in project graylog2-server by Graylog2.

the class UsersResource method changePassword.

@PUT
@Path("{username}/password")
@ApiOperation("Update the password for a user.")
@ApiResponses({ @ApiResponse(code = 204, message = "The password was successfully updated. Subsequent requests must be made with the new password."), @ApiResponse(code = 400, message = "The new password is missing, or the old password is missing or incorrect."), @ApiResponse(code = 403, message = "The requesting user has insufficient privileges to update the password for the given user."), @ApiResponse(code = 404, message = "User does not exist.") })
@AuditEvent(type = AuditEventTypes.USER_PASSWORD_UPDATE)
public void changePassword(@ApiParam(name = "username", value = "The name of the user whose password to change.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The old and new passwords.", required = true) @Valid ChangePasswordRequest cr) throws ValidationException {
    final User user = userService.load(username);
    if (user == null) {
        throw new NotFoundException("Couldn't find user " + username);
    }
    if (!getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":" + user.getName())) {
        throw new ForbiddenException("Not allowed to change password for user " + username);
    }
    if (user.isExternalUser()) {
        final String msg = "Cannot change password for LDAP user.";
        LOG.error(msg);
        throw new ForbiddenException(msg);
    }
    boolean checkOldPassword = true;
    // the rationale is to prevent accidental or malicious change of admin passwords (e.g. to prevent locking out legitimate admins)
    if (getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":*")) {
        if (username.equals(getSubject().getPrincipal())) {
            LOG.debug("User {} is allowed to change the password of any user, but attempts to change own password. Must supply the old password.", getSubject().getPrincipal());
            checkOldPassword = true;
        } else {
            LOG.debug("User {} is allowed to change the password for any user, including {}, ignoring old password", getSubject().getPrincipal(), username);
            checkOldPassword = false;
        }
    }
    boolean changeAllowed = false;
    if (checkOldPassword) {
        if (user.isUserPassword(cr.oldPassword())) {
            changeAllowed = true;
        }
    } else {
        changeAllowed = true;
    }
    if (changeAllowed) {
        user.setPassword(cr.password());
        userService.save(user);
    } else {
        throw new BadRequestException("Old password is missing or incorrect.");
    }
}

Example 8 with ForbiddenException

use of javax.ws.rs.ForbiddenException in project graylog2-server by Graylog2.

the class SystemJobResource method cancel.

@DELETE
@Timed
@Path("/{jobId}")
@ApiOperation(value = "Cancel running job")
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.SYSTEM_JOB_STOP)
public SystemJobSummary cancel(@ApiParam(name = "jobId", required = true) @PathParam("jobId") @NotEmpty String jobId) {
    SystemJob systemJob = systemJobManager.getRunningJobs().get(jobId);
    if (systemJob == null) {
        throw new NotFoundException("No system job with ID <" + jobId + "> found");
    }
    checkPermission(RestPermissions.SYSTEMJOBS_DELETE, systemJob.getClassName());
    if (systemJob.isCancelable()) {
        systemJob.requestCancel();
    } else {
        throw new ForbiddenException("System job with ID <" + jobId + "> cannot be cancelled");
    }
    return SystemJobSummary.create(UUID.fromString(systemJob.getId()), systemJob.getDescription(), systemJob.getClassName(), systemJob.getInfo(), nodeId.toString(), systemJob.getStartedAt(), systemJob.getProgress(), systemJob.isCancelable(), systemJob.providesProgress());
}

Example 9 with ForbiddenException

use of javax.ws.rs.ForbiddenException in project graylog2-server by Graylog2.

the class SystemJobResource method trigger.

@POST
@Timed
@ApiOperation(value = "Trigger new job")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 202, message = "Job accepted."), @ApiResponse(code = 400, message = "There is no such systemjob type."), @ApiResponse(code = 403, message = "Maximum concurrency level of this systemjob type reached.") })
@AuditEvent(type = AuditEventTypes.SYSTEM_JOB_START)
public Response trigger(@ApiParam(name = "JSON body", required = true) @Valid @NotNull TriggerRequest tr) {
    // TODO cleanup jobId vs jobName checking in permissions
    checkPermission(RestPermissions.SYSTEMJOBS_CREATE, tr.jobName());
    SystemJob job;
    try {
        job = systemJobFactory.build(tr.jobName());
    } catch (NoSuchJobException e) {
        LOG.error("Such a system job type does not exist. Returning HTTP 400.");
        throw new BadRequestException(e);
    }
    try {
        systemJobManager.submit(job);
    } catch (SystemJobConcurrencyException e) {
        LOG.error("Maximum concurrency level of this job reached. ", e);
        throw new ForbiddenException("Maximum concurrency level of this job reached", e);
    }
    return Response.accepted().entity(ImmutableMap.of("system_job_id", job.getId())).build();
}

Example 10 with ForbiddenException

use of javax.ws.rs.ForbiddenException in project graylog2-server by Graylog2.

the class IndexRangesResource method rebuildIndex.

@POST
@Timed
@Path("/{index: [a-z_0-9-]+}/rebuild")
@ApiOperation(value = "Rebuild/sync index range information.", notes = "This triggers a system job that scans an index and stores meta information " + "about what indices contain messages in what time ranges. It atomically overwrites " + "already existing meta information.")
@ApiResponses(value = { @ApiResponse(code = 202, message = "Rebuild/sync system job triggered.") })
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE_JOB)
public Response rebuildIndex(@ApiParam(name = "index", value = "The name of the Graylog-managed Elasticsearch index", required = true) @PathParam("index") @NotEmpty String index) {
    if (!indexSetRegistry.isManagedIndex(index)) {
        throw new BadRequestException(index + " is not a Graylog-managed Elasticsearch index.");
    }
    checkPermission(RestPermissions.INDEXRANGES_REBUILD, index);
    final SystemJob rebuildJob = singleIndexRangeJobFactory.create(indexSetRegistry.getAll(), index);
    try {
        this.systemJobManager.submit(rebuildJob);
    } catch (SystemJobConcurrencyException e) {
        final String msg = "Concurrency level of this job reached: " + e.getMessage();
        LOG.error(msg);
        throw new ForbiddenException(msg, e);
    }
    return Response.accepted().build();
}