Examples with RequiresPermissions org.apache.shiro.authz.annotation.RequiresPermissions used on opensource projects

Example 6 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class DashboardsResource method create.

@POST
@Timed
@ApiOperation(value = "Create a dashboard")
@RequiresPermissions(RestPermissions.DASHBOARDS_CREATE)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.DASHBOARD_CREATE)
public Response create(@ApiParam(name = "JSON body", required = true) CreateDashboardRequest cr) throws ValidationException {
    // Create dashboard.
    final Dashboard dashboard = dashboardService.create(cr.title(), cr.description(), getCurrentUser().getName(), Tools.nowUTC());
    final String id = dashboardService.save(dashboard);
    final Map<String, String> result = ImmutableMap.of("dashboard_id", id);
    final URI dashboardUri = getUriBuilderToSelf().path(DashboardsResource.class, "get").build(id);
    return Response.created(dashboardUri).entity(result).build();
}

Example 7 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class StreamOutputResource method get.

@GET
@Timed
@ApiOperation(value = "Get a list of all outputs for a stream")
@RequiresPermissions(RestPermissions.STREAM_OUTPUTS_CREATE)
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such stream on this node.") })
public OutputListResponse get(@ApiParam(name = "streamid", value = "The id of the stream whose outputs we want.", required = true) @PathParam("streamid") String streamid) throws NotFoundException {
    checkPermission(RestPermissions.STREAMS_READ, streamid);
    checkPermission(RestPermissions.STREAM_OUTPUTS_READ);
    final Stream stream = streamService.load(streamid);
    final Set<OutputSummary> outputs = new HashSet<>();
    for (Output output : stream.getOutputs()) outputs.add(OutputSummary.create(output.getId(), output.getTitle(), output.getType(), output.getCreatorUserId(), new DateTime(output.getCreatedAt()), new HashMap<>(output.getConfiguration()), output.getContentPack()));
    return OutputListResponse.create(outputs);
}

Example 8 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class ThroughputResource method total.

@GET
@Timed
@RequiresPermissions(RestPermissions.THROUGHPUT_READ)
@ApiOperation(value = "Current throughput of this node in messages per second")
@Produces(MediaType.APPLICATION_JSON)
public Throughput total() {
    final SortedMap<String, Gauge> gauges = metricRegistry.getGauges(MetricUtils.filterSingleMetric(GlobalMetricNames.OUTPUT_THROUGHPUT_RATE));
    final Gauge gauge = Iterables.getOnlyElement(gauges.values(), null);
    if (gauge == null || !(gauge.getValue() instanceof Number)) {
        return Throughput.create(0);
    } else {
        return Throughput.create(((Number) gauge.getValue()).longValue());
    }
}

Example 9 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class ShiroSecurityBinding method configure.

@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
    final Class<?> resourceClass = resourceInfo.getResourceClass();
    final Method resourceMethod = resourceInfo.getResourceMethod();
    context.register(ShiroSecurityContextFilter.class);
    if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
        if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
            LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
        } else {
            LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
            context.register(new ShiroAuthenticationFilter());
        }
    }
    if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
        RequiresPermissions requiresPermissions = resourceClass.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions == null) {
            requiresPermissions = resourceMethod.getAnnotation(RequiresPermissions.class);
        }
        LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
        context.register(new ShiroAuthorizationFilter(requiresPermissions));
    }
    // TODO this is the wrong approach, we should have an Environment and proper request wrapping
    context.register((ContainerResponseFilter) (requestContext, responseContext) -> ThreadContext.unbindSubject());
}

Example 10 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class IndexRangesResource method rebuildIndexSet.

@POST
@Timed
@Path("/index_set/{indexSetId}/rebuild")
@RequiresPermissions(RestPermissions.INDEXRANGES_REBUILD)
@ApiOperation(value = "Rebuild/sync index range information for the given index set.", notes = "This triggers a systemjob that scans every index in the given index set and stores meta information " + "about what indices contain messages in what timeranges. It atomically overwrites " + "already existing meta information.")
@ApiResponses(value = { @ApiResponse(code = 202, message = "Rebuild/sync systemjob triggered.") })
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE_JOB)
public Response rebuildIndexSet(@ApiParam(name = "indexSetId") @PathParam("indexSetId") @NotBlank final String indexSetId) {
    final IndexSet indexSet = indexSetRegistry.get(indexSetId).orElseThrow(() -> new javax.ws.rs.NotFoundException("Index set <" + indexSetId + "> not found!"));
    submitIndexRangesJob(Collections.singleton(indexSet));
    return Response.accepted().build();
}