Examples with AuthServiceBackendDTO - org.graylog.security.authservice.AuthServiceBackendDTO

Example 6 with AuthServiceBackendDTO

use of org.graylog.security.authservice.AuthServiceBackendDTO in project graylog2-server by Graylog2.

the class AuthServiceBackendsResource method getUsers.

@GET
@Path("{backendId}/users")
@ApiOperation("Get paginated users for an authentication service backend")
@RequiresPermissions({ RestPermissions.AUTH_SERVICE_GLOBAL_CONFIG_READ, RestPermissions.USERS_READ })
public PaginatedResponse<UserOverviewDTO> getUsers(@ApiParam(name = "page") @QueryParam("page") @DefaultValue("1") int page, @ApiParam(name = "per_page") @QueryParam("per_page") @DefaultValue("50") int perPage, @ApiParam(name = "query") @QueryParam("query") @DefaultValue("") String query, @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "username,full_name,email") @DefaultValue(UserOverviewDTO.FIELD_FULL_NAME) @QueryParam("sort") String sort, @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") @QueryParam("order") String order, @ApiParam(name = "backendId", required = true) @PathParam("backendId") @NotBlank String backendId) {
    final AuthServiceBackendDTO activeConfig = loadConfig(backendId);
    final PaginatedList<UserOverviewDTO> userList = userService.findPaginatedByAuthServiceBackend(parseSearchQuery(query), page, perPage, sort, order, activeConfig.id());
    return PaginatedResponse.create("users", userList, query, Collections.singletonMap("roles", createRoleContext(userList.delegate())));
}

Also used : UserOverviewDTO(org.graylog2.users.UserOverviewDTO) AuthServiceBackendDTO(org.graylog.security.authservice.AuthServiceBackendDTO) Path(javax.ws.rs.Path) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 7 with AuthServiceBackendDTO

use of org.graylog.security.authservice.AuthServiceBackendDTO in project graylog2-server by Graylog2.

the class AuthServiceBackendsResource method update.

@PUT
@Path("{backendId}")
@ApiOperation("Updates an existing authentication service backend")
@AuditEvent(type = SecurityAuditEventTypes.AUTH_SERVICE_BACKEND_UPDATE)
public Response update(@ApiParam(name = "backendId", required = true) @PathParam("backendId") @NotBlank String backendId, @ApiParam(name = "JSON body", required = true) @NotNull AuthServiceBackendDTO updatedConfig) {
    checkPermission(RestPermissions.AUTH_SERVICE_BACKEND_EDIT, backendId);
    validateConfig(updatedConfig);
    final AuthServiceBackendDTO currentConfig = loadConfig(backendId);
    return toResponse(dbService.save(updatedConfig.withId(currentConfig.id())));
}

Also used : AuthServiceBackendDTO(org.graylog.security.authservice.AuthServiceBackendDTO) Path(javax.ws.rs.Path) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) PUT(javax.ws.rs.PUT)

Example 8 with AuthServiceBackendDTO

use of org.graylog.security.authservice.AuthServiceBackendDTO in project graylog2-server by Graylog2.

the class AuthServiceBackendsResource method list.

@GET
@ApiOperation("Returns available authentication service backends")
public PaginatedResponse<AuthServiceBackendDTO> list(@ApiParam(name = "pagination parameters") @BeanParam PaginationParameters paginationParameters) {
    final AuthServiceBackendDTO activeBackendConfig = globalAuthServiceConfig.getActiveBackendConfig().filter(this::checkReadPermission).orElse(null);
    final PaginatedList<AuthServiceBackendDTO> list = dbService.findPaginated(paginationParameters, this::checkReadPermission);
    return PaginatedResponse.create("backends", list, Collections.singletonMap("active_backend", activeBackendConfig));
}

Also used : AuthServiceBackendDTO(org.graylog.security.authservice.AuthServiceBackendDTO) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 9 with AuthServiceBackendDTO

use of org.graylog.security.authservice.AuthServiceBackendDTO in project graylog2-server by Graylog2.

the class V20201103145400_LegacyAuthServiceMigration method upgrade.

@Override
public void upgrade() {
    final MigrationCompleted migrationState = clusterConfigService.getOrDefault(MigrationCompleted.class, MigrationCompleted.createEmpty());
    final ImmutableSet.Builder<String> migratedConfigsBuilder = ImmutableSet.builder();
    // While the LDAP settings collection could contain more than one document, in practice we only expect a
    // single one. That's why we are using the ID of the last created auth service for the notification.
    String lastCreatedAuthServiceId = null;
    // Add all configs that have already been migrated
    migratedConfigsBuilder.addAll(migrationState.migratedConfigs());
    for (final Document document : ldapSettings.find().sort(Sorts.ascending("_id"))) {
        final String idString = document.getObjectId("_id").toHexString();
        if (!document.getBoolean("enabled")) {
            LOG.debug("Skipping disabled configuration <{}>", idString);
            continue;
        }
        if (migrationState.isDone(idString)) {
            LOG.debug("Configuration <{}> already migrated", idString);
            continue;
        }
        final AuthServiceBackendDTO newConfig;
        if (document.getBoolean("active_directory")) {
            newConfig = buildActiveDirectoryConfig(document);
        } else {
            newConfig = buildLDAPConfig(document);
        }
        final AuthServiceBackendDTO savedConfig = authServiceBackendService.save(newConfig);
        for (final MigrationModule migrationModule : migrationModules) {
            migrationModule.upgrade(document, savedConfig);
        }
        lastCreatedAuthServiceId = savedConfig.id();
        migratedConfigsBuilder.add(idString);
    }
    final ImmutableSet<String> migratedConfigs = migratedConfigsBuilder.build();
    clusterConfigService.write(MigrationCompleted.create(migratedConfigs));
    if (lastCreatedAuthServiceId != null) {
        final Notification notification = notificationService.buildNow().addType(Notification.Type.LEGACY_LDAP_CONFIG_MIGRATION).addSeverity(Notification.Severity.URGENT).addDetail("auth_service_id", lastCreatedAuthServiceId);
        notificationService.publishIfFirst(notification);
    }
}

Also used : ImmutableSet(com.google.common.collect.ImmutableSet) AuthServiceBackendDTO(org.graylog.security.authservice.AuthServiceBackendDTO) Document(org.bson.Document) Notification(org.graylog2.notifications.Notification)

Aggregations

AuthServiceBackendDTO (org.graylog.security.authservice.AuthServiceBackendDTO)9 ApiOperation (io.swagger.annotations.ApiOperation)5 Path (javax.ws.rs.Path)4 GET (javax.ws.rs.GET)3 AuthServiceBackend (org.graylog.security.authservice.AuthServiceBackend)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 Assisted (com.google.inject.assistedinject.Assisted)2 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2 Optional (java.util.Optional)2 Collectors (java.util.stream.Collectors)2 Nullable (javax.annotation.Nullable)2 Inject (javax.inject.Inject)2 AuthServiceCredentials (org.graylog.security.authservice.AuthServiceCredentials)2