Example 36 with RequiresPermissions
use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.
the class LdapResource method readGroups.
@GET
@ApiOperation(value = "Get the available LDAP groups", notes = "")
@RequiresPermissions(RestPermissions.LDAPGROUPS_READ)
@Path("/groups")
@Produces(MediaType.APPLICATION_JSON)
public Set<String> readGroups() {
final LdapSettings ldapSettings = firstNonNull(ldapSettingsService.load(), ldapSettingsFactory.createEmpty());
if (!ldapSettings.isEnabled()) {
throw new BadRequestException("LDAP is disabled.");
}
if (isNullOrEmpty(ldapSettings.getGroupSearchBase()) || isNullOrEmpty(ldapSettings.getGroupIdAttribute())) {
throw new BadRequestException("LDAP group configuration settings are not set.");
}
final LdapConnectionConfig config = new LdapConnectionConfig();
final URI ldapUri = ldapSettings.getUri();
config.setLdapHost(ldapUri.getHost());
config.setLdapPort(ldapUri.getPort());
config.setUseSsl(ldapUri.getScheme().startsWith("ldaps"));
config.setUseTls(ldapSettings.isUseStartTls());
if (ldapSettings.isTrustAllCertificates()) {
config.setTrustManagers(new TrustAllX509TrustManager());
}
if (!isNullOrEmpty(ldapSettings.getSystemUserName()) && !isNullOrEmpty(ldapSettings.getSystemPassword())) {
config.setName(ldapSettings.getSystemUserName());
config.setCredentials(ldapSettings.getSystemPassword());
}
try (LdapNetworkConnection connection = ldapConnector.connect(config)) {
return ldapConnector.listGroups(connection, ldapSettings.getGroupSearchBase(), ldapSettings.getGroupSearchPattern(), ldapSettings.getGroupIdAttribute());
} catch (IOException | LdapException e) {
LOG.error("Unable to retrieve available LDAP groups", e);
throw new InternalServerErrorException("Unable to retrieve available LDAP groups", e);
}
}
Also used :
LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig)
BadRequestException(javax.ws.rs.BadRequestException)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
LdapNetworkConnection(org.apache.directory.ldap.client.api.LdapNetworkConnection)
IOException(java.io.IOException)
TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager)
URI(java.net.URI)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 37 with RequiresPermissions
use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.
the class LdapResource method updateLdapSettings.
@PUT
@Timed
@RequiresPermissions(RestPermissions.LDAP_EDIT)
@ApiOperation("Update the LDAP configuration")
@Path("/settings")
@Consumes(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.LDAP_CONFIGURATION_UPDATE)
public void updateLdapSettings(@ApiParam(name = "JSON body", required = true) @Valid @NotNull LdapSettingsRequest request) throws ValidationException {
// load the existing config, or create a new one. we only support having one, currently
final LdapSettings ldapSettings = firstNonNull(ldapSettingsService.load(), ldapSettingsFactory.createEmpty());
ldapSettings.setSystemUsername(request.systemUsername());
ldapSettings.setSystemPassword(request.systemPassword());
ldapSettings.setUri(request.ldapUri());
ldapSettings.setUseStartTls(request.useStartTls());
ldapSettings.setTrustAllCertificates(request.trustAllCertificates());
ldapSettings.setActiveDirectory(request.activeDirectory());
ldapSettings.setSearchPattern(request.searchPattern());
ldapSettings.setSearchBase(request.searchBase());
ldapSettings.setEnabled(request.enabled());
ldapSettings.setDisplayNameAttribute(request.displayNameAttribute());
ldapSettings.setDefaultGroup(request.defaultGroup());
ldapSettings.setGroupMapping(request.groupMapping());
ldapSettings.setGroupSearchBase(request.groupSearchBase());
ldapSettings.setGroupIdAttribute(request.groupIdAttribute());
ldapSettings.setGroupSearchPattern(request.groupSearchPattern());
ldapSettings.setAdditionalDefaultGroups(request.additionalDefaultGroups());
ldapSettingsService.save(ldapSettings);
}
Also used :
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ApiOperation(io.swagger.annotations.ApiOperation)
NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
PUT(javax.ws.rs.PUT)
Example 38 with RequiresPermissions
use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.
the class JournalResource method show.
@GET
@Timed
@ApiOperation(value = "Get current state of the journal on this node.")
@RequiresPermissions(RestPermissions.JOURNAL_READ)
public JournalSummaryResponse show() {
if (!journalEnabled) {
return JournalSummaryResponse.createDisabled();
}
if (journal instanceof KafkaJournal) {
final KafkaJournal kafkaJournal = (KafkaJournal) journal;
final ThrottleState throttleState = kafkaJournal.getThrottleState();
long oldestSegment = Long.MAX_VALUE;
for (final LogSegment segment : kafkaJournal.getSegments()) {
oldestSegment = Math.min(oldestSegment, segment.created());
}
return JournalSummaryResponse.createEnabled(throttleState.appendEventsPerSec, throttleState.readEventsPerSec, throttleState.uncommittedJournalEntries, Size.bytes(throttleState.journalSize), Size.bytes(throttleState.journalSizeLimit), kafkaJournal.numberOfSegments(), new DateTime(oldestSegment, DateTimeZone.UTC), kafkaJournalConfiguration);
}
log.warn("Unknown Journal implementation {} in use, cannot get information about it. Pretending journal is disabled.", journal.getClass());
return JournalSummaryResponse.createDisabled();
}
Also used :
LogSegment(kafka.log.LogSegment)
ThrottleState(org.graylog2.plugin.ThrottleState)
KafkaJournal(org.graylog2.shared.journal.KafkaJournal)
DateTime(org.joda.time.DateTime)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 39 with RequiresPermissions
use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.
the class MessagesResource method all.
@GET
@Timed
@ApiOperation(value = "Get internal Graylog system messages")
@RequiresPermissions(RestPermissions.SYSTEMMESSAGES_READ)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, Object> all(@ApiParam(name = "page", value = "Page") @QueryParam("page") int page) {
final List<Map<String, Object>> messages = Lists.newArrayList();
for (SystemMessage sm : systemMessageService.all(page(page))) {
Map<String, Object> message = Maps.newHashMapWithExpectedSize(4);
message.put("caller", sm.getCaller());
message.put("content", sm.getContent());
message.put("timestamp", Tools.getISO8601String(sm.getTimestamp()));
message.put("node_id", sm.getNodeId());
messages.add(message);
}
return ImmutableMap.of("messages", messages, "total", systemMessageService.totalCount());
}
Also used :
SystemMessage(org.graylog2.system.activities.SystemMessage)
ImmutableMap(com.google.common.collect.ImmutableMap)
Map(java.util.Map)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 40 with RequiresPermissions
use of org.apache.shiro.authz.annotation.RequiresPermissions in project graylog2-server by Graylog2.
the class ClusterConfigResource method schema.
@GET
@Path("{configClass}")
@Produces(MoreMediaTypes.APPLICATION_SCHEMA_JSON)
@ApiOperation(value = "Get JSON schema of configuration class")
@Timed
@RequiresPermissions(RestPermissions.CLUSTER_CONFIG_ENTRY_READ)
public JsonSchema schema(@ApiParam(name = "configClass", value = "The name of the cluster configuration class", required = true) @PathParam("configClass") @NotBlank String configClass) {
final Class<?> cls = classFromName(configClass);
if (cls == null) {
throw new NotFoundException("Couldn't find configuration class \"" + configClass + "\"");
}
final SchemaFactoryWrapper visitor = new SchemaFactoryWrapper();
try {
objectMapper.acceptJsonFormatVisitor(objectMapper.constructType(cls), visitor);
} catch (JsonMappingException e) {
throw new InternalServerErrorException("Couldn't generate JSON schema for configuration class " + configClass, e);
}
return visitor.finalSchema();
}
Also used :
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
NotFoundException(javax.ws.rs.NotFoundException)
SchemaFactoryWrapper(com.fasterxml.jackson.module.jsonSchema.factories.SchemaFactoryWrapper)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
Path(javax.ws.rs.Path)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Aggregations
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)45
ApiOperation (io.swagger.annotations.ApiOperation)42
Timed (com.codahale.metrics.annotation.Timed)30
Path (javax.ws.rs.Path)27
AuditEvent (org.graylog2.audit.jersey.AuditEvent)24
Produces (javax.ws.rs.Produces)23
GET (javax.ws.rs.GET)19
ApiResponses (io.swagger.annotations.ApiResponses)16
POST (javax.ws.rs.POST)16
BadRequestException (javax.ws.rs.BadRequestException)13
Consumes (javax.ws.rs.Consumes)12
URI (java.net.URI)9
NotFoundException (javax.ws.rs.NotFoundException)9
PUT (javax.ws.rs.PUT)8
NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)7
User (org.graylog2.plugin.database.users.User)7
Output (org.graylog2.plugin.streams.Output)7
DELETE (javax.ws.rs.DELETE)6
InternalServerErrorException (javax.ws.rs.InternalServerErrorException)5
RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)5
