Examples with RequiresPermissions org.apache.shiro.authz.annotation.RequiresPermissions used on opensource projects

Search in sources :

Example 26 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class RolesResource method getMembers.

@GET
@Path("{rolename}/members")
@RequiresPermissions({ RestPermissions.USERS_LIST, RestPermissions.ROLES_READ })
@ApiOperation(value = "Retrieve the role's members")
public RoleMembershipResponse getMembers(@ApiParam(name = "rolename", required = true) @PathParam("rolename") String name) throws NotFoundException {
    final Role role = roleService.load(name);
    final Collection<User> users = userService.loadAllForRole(role);
    Set<UserSummary> userSummaries = Sets.newHashSetWithExpectedSize(users.size());
    for (User user : users) {
        final Set<String> roleNames = userService.getRoleNames(user);
        userSummaries.add(UserSummary.create(user.getId(), user.getName(), user.getEmail(), user.getFullName(), isPermitted(RestPermissions.USERS_PERMISSIONSEDIT, user.getName()) ? userService.getPermissionsForUser(user) : Collections.<String>emptyList(), user.getPreferences(), firstNonNull(user.getTimeZone(), DateTimeZone.UTC).getID(), user.getSessionTimeoutMs(), user.isReadOnly(), user.isExternalUser(), user.getStartpage(), roleNames, // there is no session information available in this call, so we set it to null
        false, null, null));
    }
    return RoleMembershipResponse.create(role.getName(), userSummaries);
}
Also used : Role(org.graylog2.shared.users.Role) User(org.graylog2.plugin.database.users.User) UserSummary(org.graylog2.rest.models.users.responses.UserSummary) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 27 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class FailuresResource method single.

@GET
@Timed
@ApiOperation(value = "Get a list of failed index operations.")
@RequiresPermissions(RestPermissions.INDICES_FAILURES)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, Object> single(@ApiParam(name = "limit", value = "Limit", required = true) @QueryParam("limit") @Min(0) int limit, @ApiParam(name = "offset", value = "Offset", required = true) @QueryParam("offset") @Min(0) int offset) {
    final List<IndexFailure> indexFailures = indexFailureService.all(limit, offset);
    final List<Map<String, Object>> failures = new ArrayList<>(indexFailures.size());
    for (IndexFailure failure : indexFailures) {
        failures.add(failure.asMap());
    }
    return ImmutableMap.of("failures", failures, "total", indexFailureService.totalCount());
}
Also used : IndexFailure(org.graylog2.indexer.IndexFailure) ArrayList(java.util.ArrayList) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 28 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class IndexSetsResource method save.

@POST
@Timed
@ApiOperation(value = "Create index set")
@RequiresPermissions(RestPermissions.INDEXSETS_CREATE)
@Consumes(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.INDEX_SET_CREATE)
@ApiResponses(value = { @ApiResponse(code = 403, message = "Unauthorized") })
public IndexSetSummary save(@ApiParam(name = "Index set configuration", required = true) @Valid @NotNull IndexSetSummary indexSet) {
    try {
        final IndexSetConfig indexSetConfig = indexSet.toIndexSetConfig();
        final Optional<IndexSetValidator.Violation> violation = indexSetValidator.validate(indexSetConfig);
        if (violation.isPresent()) {
            throw new BadRequestException(violation.get().message());
        }
        final IndexSetConfig savedObject = indexSetService.save(indexSetConfig);
        final IndexSetConfig defaultIndexSet = indexSetService.getDefault();
        return IndexSetSummary.fromIndexSetConfig(savedObject, savedObject.equals(defaultIndexSet));
    } catch (DuplicateKeyException e) {
        throw new BadRequestException(e.getMessage());
    }
}
Also used : IndexSetConfig(org.graylog2.indexer.indexset.IndexSetConfig) DefaultIndexSetConfig(org.graylog2.indexer.indexset.DefaultIndexSetConfig) BadRequestException(javax.ws.rs.BadRequestException) DuplicateKeyException(com.mongodb.DuplicateKeyException) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ApiResponses(io.swagger.annotations.ApiResponses)

Example 29 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class IndexerClusterResource method clusterHealth.

@GET
@Timed
@Path("/health")
@ApiOperation(value = "Get cluster and shard health overview")
@RequiresPermissions(RestPermissions.INDEXERCLUSTER_READ)
@Produces(MediaType.APPLICATION_JSON)
public ClusterHealth clusterHealth() {
    final ClusterHealthResponse health = cluster.health();
    final ClusterHealth.ShardStatus shards = ClusterHealth.ShardStatus.create(health.getActiveShards(), health.getInitializingShards(), health.getRelocatingShards(), health.getUnassignedShards());
    return ClusterHealth.create(health.getStatus().toString().toLowerCase(Locale.ENGLISH), shards);
}
Also used : ClusterHealthResponse(org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse) ClusterHealth(org.graylog2.rest.models.system.indexer.responses.ClusterHealth) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 30 with RequiresPermissions

use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.

the class IndicesResource method indexSetOpen.

@GET
@Path("/{indexSetId}/open")
@Timed
@ApiOperation(value = "Get information of all open indices managed by Graylog and their shards.")
@RequiresPermissions(RestPermissions.INDICES_READ)
@Produces(MediaType.APPLICATION_JSON)
public OpenIndicesInfo indexSetOpen(@ApiParam(name = "indexSetId") @PathParam("indexSetId") String indexSetId) {
    final IndexSet indexSet = getIndexSet(indexSetRegistry, indexSetId);
    final Set<IndexStatistics> indicesStats = indices.getIndicesStats(indexSet).stream().filter(indexStats -> indexSetRegistry.isManagedIndex(indexStats.indexName())).collect(Collectors.toSet());
    return getOpenIndicesInfo(indicesStats);
}
Also used : IndicesReadRequest(org.graylog2.rest.models.system.indexer.requests.IndicesReadRequest) AllIndices(org.graylog2.rest.models.system.indexer.responses.AllIndices) Produces(javax.ws.rs.Produces) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) ApiParam(io.swagger.annotations.ApiParam) IndexStats(org.graylog2.rest.models.system.indexer.responses.IndexStats) ClosedIndices(org.graylog2.rest.models.system.indexer.responses.ClosedIndices) Valid(javax.validation.Valid) ApiOperation(io.swagger.annotations.ApiOperation) MediaType(javax.ws.rs.core.MediaType) Indices(org.graylog2.indexer.indices.Indices) Locale(java.util.Locale) Map(java.util.Map) BadRequestException(javax.ws.rs.BadRequestException) IndexSet(org.graylog2.indexer.IndexSet) DELETE(javax.ws.rs.DELETE) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent) Set(java.util.Set) IndexStatistics(org.graylog2.indexer.indices.IndexStatistics) NotNull(javax.validation.constraints.NotNull) Collectors(java.util.stream.Collectors) NotFoundException(javax.ws.rs.NotFoundException) Timed(com.codahale.metrics.annotation.Timed) AuditEventTypes(org.graylog2.audit.AuditEventTypes) CommonStats(org.elasticsearch.action.admin.indices.stats.CommonStats) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) PathParam(javax.ws.rs.PathParam) GET(javax.ws.rs.GET) HashMap(java.util.HashMap) ApiResponses(io.swagger.annotations.ApiResponses) Function(java.util.function.Function) Inject(javax.inject.Inject) ShardRouting(org.graylog2.rest.models.system.indexer.responses.ShardRouting) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) ImmutableList(com.google.common.collect.ImmutableList) AuditEvent(org.graylog2.audit.jersey.AuditEvent) Api(io.swagger.annotations.Api) IndexSetRegistry(org.graylog2.indexer.IndexSetRegistry) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) Cluster(org.graylog2.indexer.cluster.Cluster) ForbiddenException(javax.ws.rs.ForbiddenException) IndexInfo(org.graylog2.rest.models.system.indexer.responses.IndexInfo) RestResource(org.graylog2.shared.rest.resources.RestResource) ApiResponse(io.swagger.annotations.ApiResponse) OpenIndicesInfo(org.graylog2.rest.models.system.indexer.responses.OpenIndicesInfo) RestPermissions(org.graylog2.shared.security.RestPermissions) TooManyAliasesException(org.graylog2.indexer.indices.TooManyAliasesException) IndexStatistics(org.graylog2.indexer.indices.IndexStatistics) IndexSet(org.graylog2.indexer.IndexSet) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)45 ApiOperation (io.swagger.annotations.ApiOperation)42 Timed (com.codahale.metrics.annotation.Timed)30 Path (javax.ws.rs.Path)27 AuditEvent (org.graylog2.audit.jersey.AuditEvent)24 Produces (javax.ws.rs.Produces)23 GET (javax.ws.rs.GET)19 ApiResponses (io.swagger.annotations.ApiResponses)16 POST (javax.ws.rs.POST)16 BadRequestException (javax.ws.rs.BadRequestException)13 Consumes (javax.ws.rs.Consumes)12 URI (java.net.URI)9 NotFoundException (javax.ws.rs.NotFoundException)9 PUT (javax.ws.rs.PUT)8 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)7 User (org.graylog2.plugin.database.users.User)7 Output (org.graylog2.plugin.streams.Output)7 DELETE (javax.ws.rs.DELETE)6 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)5 RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial