Examples with AccessToken org.graylog2.security.AccessToken used on opensource projects

Search in sources :

Example 1 with AccessToken

use of org.graylog2.security.AccessToken in project graylog2-server by Graylog2.

the class UsersResource method listTokens.

@GET
@Path("{userId}/tokens")
@ApiOperation("Retrieves the list of access tokens for a user")
public TokenList listTokens(@ApiParam(name = "userId", required = true) @PathParam("userId") String userId) {
    final User user = loadUserById(userId);
    final String username = user.getName();
    if (!isPermitted(USERS_TOKENLIST, username)) {
        throw new ForbiddenException("Not allowed to list tokens for user " + username);
    }
    final ImmutableList.Builder<TokenSummary> tokenList = ImmutableList.builder();
    for (AccessToken token : accessTokenService.loadAll(user.getName())) {
        tokenList.add(TokenSummary.create(token.getId(), token.getName(), token.getLastAccess()));
    }
    return TokenList.create(tokenList.build());
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) User(org.graylog2.plugin.database.users.User) ImmutableList(com.google.common.collect.ImmutableList) AccessToken(org.graylog2.security.AccessToken) TokenSummary(org.graylog2.rest.models.users.responses.TokenSummary) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 2 with AccessToken

use of org.graylog2.security.AccessToken in project graylog2-server by Graylog2.

the class UsersResource method revokeToken.

@DELETE
@Path("{userId}/tokens/{idOrToken}")
@ApiOperation("Removes a token for a user")
@AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_DELETE)
public void revokeToken(@ApiParam(name = "userId", required = true) @PathParam("userId") String userId, @ApiParam(name = "idOrToken", required = true) @PathParam("idOrToken") String idOrToken) {
    final User user = loadUserById(userId);
    final String username = user.getName();
    if (!isPermitted(USERS_TOKENREMOVE, username)) {
        throw new ForbiddenException("Not allowed to remove tokens for user " + username);
    }
    // The endpoint supports both, deletion by token ID and deletion by using the token value itself.
    // The latter should not be used anymore because the plain text token will be part of the URL and URLs
    // will most probably be logged. We keep the old behavior for backwards compatibility.
    // TODO: Remove support for old behavior in 4.0
    final AccessToken accessToken = Optional.ofNullable(accessTokenService.loadById(idOrToken)).orElse(accessTokenService.load(idOrToken));
    if (accessToken != null) {
        accessTokenService.destroy(accessToken);
    } else {
        throw new NotFoundException("Couldn't find access token for user " + username);
    }
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) User(org.graylog2.plugin.database.users.User) AccessToken(org.graylog2.security.AccessToken) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Example 3 with AccessToken

use of org.graylog2.security.AccessToken in project graylog2-server by Graylog2.

the class UsersResource method generateNewToken.

@POST
@Path("{userId}/tokens/{name}")
@ApiOperation("Generates a new access token for a user")
@AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_CREATE)
public Token generateNewToken(@ApiParam(name = "userId", required = true) @PathParam("userId") String userId, @ApiParam(name = "name", value = "Descriptive name for this token (e.g. 'cronjob') ", required = true) @PathParam("name") String name, @ApiParam(name = "JSON Body", value = "Placeholder because POST requests should have a body. Set to '{}', the content will be ignored.", defaultValue = "{}") String body) {
    final User user = loadUserById(userId);
    final String username = user.getName();
    if (!isPermitted(USERS_TOKENCREATE, username)) {
        throw new ForbiddenException("Not allowed to create tokens for user " + username);
    }
    final AccessToken accessToken = accessTokenService.create(user.getName(), name);
    return Token.create(accessToken.getId(), accessToken.getName(), accessToken.getToken(), accessToken.getLastAccess());
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) User(org.graylog2.plugin.database.users.User) AccessToken(org.graylog2.security.AccessToken) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Example 4 with AccessToken

use of org.graylog2.security.AccessToken in project graylog2-server by Graylog2.

the class AccessTokenAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    AccessTokenAuthToken authToken = (AccessTokenAuthToken) token;
    final AccessToken accessToken = accessTokenService.load(String.valueOf(authToken.getToken()));
    if (accessToken == null) {
        return null;
    }
    // TODO should be using IDs
    final User user = userService.load(accessToken.getUserName());
    if (user == null) {
        return null;
    }
    if (!user.getAccountStatus().equals(User.AccountStatus.ENABLED)) {
        LOG.warn("Account for user <{}> is disabled.", user.getName());
        return null;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Found user {} for access token.", user);
    }
    try {
        accessTokenService.touch(accessToken);
    } catch (ValidationException e) {
        LOG.warn("Unable to update access token's last access date.", e);
    }
    ShiroSecurityContext.requestSessionCreation(false);
    return new SimpleAccount(user.getId(), null, "access token realm");
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) User(org.graylog2.plugin.database.users.User) ValidationException(org.graylog2.plugin.database.ValidationException) AccessTokenAuthToken(org.graylog2.shared.security.AccessTokenAuthToken) AccessToken(org.graylog2.security.AccessToken)

Aggregations

User (org.graylog2.plugin.database.users.User)4 AccessToken (org.graylog2.security.AccessToken)4 ApiOperation (io.swagger.annotations.ApiOperation)3 ForbiddenException (javax.ws.rs.ForbiddenException)3 Path (javax.ws.rs.Path)3 AuditEvent (org.graylog2.audit.jersey.AuditEvent)2 ImmutableList (com.google.common.collect.ImmutableList)1 DELETE (javax.ws.rs.DELETE)1 GET (javax.ws.rs.GET)1 NotFoundException (javax.ws.rs.NotFoundException)1 POST (javax.ws.rs.POST)1 SimpleAccount (org.apache.shiro.authc.SimpleAccount)1 ValidationException (org.graylog2.plugin.database.ValidationException)1 TokenSummary (org.graylog2.rest.models.users.responses.TokenSummary)1 AccessTokenAuthToken (org.graylog2.shared.security.AccessTokenAuthToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial