Examples with USERS_TOKENREMOVE org.graylog2.shared.security.RestPermissions.USERS_TOKENREMOVE used on opensource projects

Search in sources :

Example 1 with USERS_TOKENREMOVE

use of org.graylog2.shared.security.RestPermissions.USERS_TOKENREMOVE in project graylog2-server by Graylog2.

the class UsersResource method revokeToken.

@DELETE
@Path("{userId}/tokens/{idOrToken}")
@ApiOperation("Removes a token for a user")
@AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_DELETE)
public void revokeToken(@ApiParam(name = "userId", required = true) @PathParam("userId") String userId, @ApiParam(name = "idOrToken", required = true) @PathParam("idOrToken") String idOrToken) {
    final User user = loadUserById(userId);
    final String username = user.getName();
    if (!isPermitted(USERS_TOKENREMOVE, username)) {
        throw new ForbiddenException("Not allowed to remove tokens for user " + username);
    }
    // The endpoint supports both, deletion by token ID and deletion by using the token value itself.
    // The latter should not be used anymore because the plain text token will be part of the URL and URLs
    // will most probably be logged. We keep the old behavior for backwards compatibility.
    // TODO: Remove support for old behavior in 4.0
    final AccessToken accessToken = Optional.ofNullable(accessTokenService.loadById(idOrToken)).orElse(accessTokenService.load(idOrToken));
    if (accessToken != null) {
        accessTokenService.destroy(accessToken);
    } else {
        throw new NotFoundException("Couldn't find access token for user " + username);
    }
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) User(org.graylog2.plugin.database.users.User) AccessToken(org.graylog2.security.AccessToken) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent)

Aggregations

ApiOperation (io.swagger.annotations.ApiOperation)1 DELETE (javax.ws.rs.DELETE)1 ForbiddenException (javax.ws.rs.ForbiddenException)1 NotFoundException (javax.ws.rs.NotFoundException)1 Path (javax.ws.rs.Path)1 AuditEvent (org.graylog2.audit.jersey.AuditEvent)1 User (org.graylog2.plugin.database.users.User)1 AccessToken (org.graylog2.security.AccessToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial