Search in sources :

Example 1 with AuthenticationPrincipal

use of org.springframework.security.core.annotation.AuthenticationPrincipal in project ma-modules-public by infiniteautomation.

the class DataPointRestController method getBulkDataPointOperations.

@ApiOperation(value = "Get a list of current bulk data point operations", notes = "User can only get their own bulk data point operations unless they are an admin")
@RequestMapping(method = RequestMethod.GET, value = "/bulk")
public MappingJacksonValue getBulkDataPointOperations(@AuthenticationPrincipal User user, HttpServletRequest request) {
    List<TemporaryResource<DataPointBulkResponse, AbstractRestV2Exception>> preFiltered = this.bulkResourceManager.list().stream().filter((tr) -> user.isAdmin() || user.getId() == tr.getUserId()).collect(Collectors.toList());
    List<TemporaryResource<DataPointBulkResponse, AbstractRestV2Exception>> results = preFiltered;
    ASTNode query = BaseMangoRestController.parseRQLtoAST(request.getQueryString());
    if (query != null) {
        results = query.accept(new RQLToObjectListQuery<TemporaryResource<DataPointBulkResponse, AbstractRestV2Exception>>(), preFiltered);
    }
    PageQueryResultModel<TemporaryResource<DataPointBulkResponse, AbstractRestV2Exception>> result = new PageQueryResultModel<>(results, preFiltered.size());
    // hide result property by setting a view
    MappingJacksonValue resultWithView = new MappingJacksonValue(result);
    resultWithView.setSerializationView(Object.class);
    return resultWithView;
}
Also used : BadRequestException(com.infiniteautomation.mango.rest.v2.exception.BadRequestException) PathVariable(org.springframework.web.bind.annotation.PathVariable) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) DataSourceVO(com.serotonin.m2m2.vo.dataSource.DataSourceVO) RequestParam(org.springframework.web.bind.annotation.RequestParam) DataSourceDao(com.serotonin.m2m2.db.dao.DataSourceDao) DataPointVO(com.serotonin.m2m2.vo.DataPointVO) ApiParam(com.wordnik.swagger.annotations.ApiParam) DataPointDao(com.serotonin.m2m2.db.dao.DataPointDao) VoIndividualRequest(com.infiniteautomation.mango.rest.v2.bulk.VoIndividualRequest) URI(java.net.URI) ConditionSortLimitWithTagKeys(com.infiniteautomation.mango.db.query.ConditionSortLimitWithTagKeys) BaseMangoRestController(com.serotonin.m2m2.web.mvc.rest.BaseMangoRestController) TemporaryResourceWebSocketHandler(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceWebSocketHandler) HttpHeaders(org.springframework.http.HttpHeaders) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) VoAction(com.infiniteautomation.mango.rest.v2.bulk.VoAction) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) ModuleRegistry(com.serotonin.m2m2.module.ModuleRegistry) StreamedArrayWithTotal(com.infiniteautomation.mango.rest.v2.model.StreamedArrayWithTotal) List(java.util.List) Permissions(com.serotonin.m2m2.vo.permission.Permissions) ASTNode(net.jazdw.rql.parser.ASTNode) TemporaryResourceManager(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceManager) VoIndividualResponse(com.infiniteautomation.mango.rest.v2.bulk.VoIndividualResponse) DataPointModel(com.infiniteautomation.mango.rest.v2.model.dataPoint.DataPointModel) LogFactory(org.apache.commons.logging.LogFactory) BulkRequest(com.infiniteautomation.mango.rest.v2.bulk.BulkRequest) BulkResponse(com.infiniteautomation.mango.rest.v2.bulk.BulkResponse) TemporaryResourceWebSocketDefinition(com.serotonin.m2m2.web.mvc.rest.v1.publisher.TemporaryResourceWebSocketDefinition) User(com.serotonin.m2m2.vo.User) RQLToObjectListQuery(com.infiniteautomation.mango.db.query.pojo.RQLToObjectListQuery) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) TemporaryResourceStatusUpdate(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceStatusUpdate) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) RequestBody(org.springframework.web.bind.annotation.RequestBody) TemplateDao(com.serotonin.m2m2.db.dao.TemplateDao) HttpServletRequest(javax.servlet.http.HttpServletRequest) Api(com.wordnik.swagger.annotations.Api) MappingJacksonValue(org.springframework.http.converter.json.MappingJacksonValue) AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) DataPointPropertiesTemplateVO(com.serotonin.m2m2.vo.template.DataPointPropertiesTemplateVO) Common(com.serotonin.m2m2.Common) TemporaryResourceStatus(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource.TemporaryResourceStatus) DataPointFilter(com.serotonin.m2m2.web.mvc.rest.v1.model.dataPoint.DataPointFilter) TemporaryResource(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource) HttpStatus(org.springframework.http.HttpStatus) PageQueryResultModel(com.serotonin.m2m2.web.mvc.rest.v1.model.PageQueryResultModel) StreamedVOQueryWithTotal(com.infiniteautomation.mango.rest.v2.model.StreamedVOQueryWithTotal) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal) Log(org.apache.commons.logging.Log) ResponseEntity(org.springframework.http.ResponseEntity) MangoTaskTemporaryResourceManager(com.infiniteautomation.mango.rest.v2.temporaryResource.MangoTaskTemporaryResourceManager) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) ASTNode(net.jazdw.rql.parser.ASTNode) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) TemporaryResource(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource) MappingJacksonValue(org.springframework.http.converter.json.MappingJacksonValue) RQLToObjectListQuery(com.infiniteautomation.mango.db.query.pojo.RQLToObjectListQuery) PageQueryResultModel(com.serotonin.m2m2.web.mvc.rest.v1.model.PageQueryResultModel) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with AuthenticationPrincipal

use of org.springframework.security.core.annotation.AuthenticationPrincipal in project spring-security by spring-projects.

the class AuthenticationPrincipalArgumentResolver method resolveArgument.

@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return null;
    }
    Object principal = authentication.getPrincipal();
    AuthenticationPrincipal annotation = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
    String expressionToParse = annotation.expression();
    if (StringUtils.hasLength(expressionToParse)) {
        StandardEvaluationContext context = new StandardEvaluationContext();
        context.setRootObject(principal);
        context.setVariable("this", principal);
        context.setBeanResolver(this.beanResolver);
        Expression expression = this.parser.parseExpression(expressionToParse);
        principal = expression.getValue(context);
    }
    if (principal != null && !ClassUtils.isAssignable(parameter.getParameterType(), principal.getClass())) {
        if (annotation.errorOnInvalidType()) {
            throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
        }
        return null;
    }
    return principal;
}
Also used : StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext) Expression(org.springframework.expression.Expression) Authentication(org.springframework.security.core.Authentication) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal)

Example 3 with AuthenticationPrincipal

use of org.springframework.security.core.annotation.AuthenticationPrincipal in project spring-security by spring-projects.

the class AuthenticationPrincipalArgumentResolver method resolvePrincipal.

private Object resolvePrincipal(MethodParameter parameter, Object principal) {
    AuthenticationPrincipal annotation = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
    String expressionToParse = annotation.expression();
    if (StringUtils.hasLength(expressionToParse)) {
        StandardEvaluationContext context = new StandardEvaluationContext();
        context.setRootObject(principal);
        context.setVariable("this", principal);
        context.setBeanResolver(this.beanResolver);
        Expression expression = this.parser.parseExpression(expressionToParse);
        principal = expression.getValue(context);
    }
    if (isInvalidType(parameter, principal)) {
        if (annotation.errorOnInvalidType()) {
            throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
        }
        return null;
    }
    return principal;
}
Also used : StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext) Expression(org.springframework.expression.Expression) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal)

Example 4 with AuthenticationPrincipal

use of org.springframework.security.core.annotation.AuthenticationPrincipal in project spring-security by spring-projects.

the class AuthenticationPrincipalArgumentResolver method resolveArgument.

@Override
public Object resolveArgument(MethodParameter parameter, Message<?> message) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return null;
    }
    Object principal = authentication.getPrincipal();
    AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
    String expressionToParse = authPrincipal.expression();
    if (StringUtils.hasLength(expressionToParse)) {
        StandardEvaluationContext context = new StandardEvaluationContext();
        context.setRootObject(principal);
        context.setVariable("this", principal);
        Expression expression = this.parser.parseExpression(expressionToParse);
        principal = expression.getValue(context);
    }
    if (principal != null && !ClassUtils.isAssignable(parameter.getParameterType(), principal.getClass())) {
        if (authPrincipal.errorOnInvalidType()) {
            throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
        }
        return null;
    }
    return principal;
}
Also used : StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext) Expression(org.springframework.expression.Expression) Authentication(org.springframework.security.core.Authentication) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal)

Example 5 with AuthenticationPrincipal

use of org.springframework.security.core.annotation.AuthenticationPrincipal in project ma-modules-public by infiniteautomation.

the class DataPointTagsRestController method getBulkDataPointTagOperations.

@ApiOperation(value = "Get a list of current bulk tag operations", notes = "User can only get their own bulk tag operations unless they are an admin")
@RequestMapping(method = RequestMethod.GET, value = "/bulk")
public MappingJacksonValue getBulkDataPointTagOperations(@AuthenticationPrincipal User user, HttpServletRequest request) {
    List<TemporaryResource<TagBulkResponse, AbstractRestV2Exception>> preFiltered = this.bulkResourceManager.list().stream().filter((tr) -> user.isAdmin() || user.getId() == tr.getUserId()).collect(Collectors.toList());
    List<TemporaryResource<TagBulkResponse, AbstractRestV2Exception>> results = preFiltered;
    ASTNode query = BaseMangoRestController.parseRQLtoAST(request.getQueryString());
    if (query != null) {
        results = query.accept(new RQLToObjectListQuery<TemporaryResource<TagBulkResponse, AbstractRestV2Exception>>(), preFiltered);
    }
    PageQueryResultModel<TemporaryResource<TagBulkResponse, AbstractRestV2Exception>> result = new PageQueryResultModel<>(results, preFiltered.size());
    // hide result property by setting a view
    MappingJacksonValue resultWithView = new MappingJacksonValue(result);
    resultWithView.setSerializationView(Object.class);
    return resultWithView;
}
Also used : BadRequestException(com.infiniteautomation.mango.rest.v2.exception.BadRequestException) PathVariable(org.springframework.web.bind.annotation.PathVariable) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) RQLToObjectListQuery(com.infiniteautomation.mango.db.query.pojo.RQLToObjectListQuery) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) TemporaryResourceStatusUpdate(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceStatusUpdate) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) HashMap(java.util.HashMap) DataPointVO(com.serotonin.m2m2.vo.DataPointVO) RequestBody(org.springframework.web.bind.annotation.RequestBody) ApiParam(com.wordnik.swagger.annotations.ApiParam) HttpServletRequest(javax.servlet.http.HttpServletRequest) DataPointDao(com.serotonin.m2m2.db.dao.DataPointDao) Map(java.util.Map) Api(com.wordnik.swagger.annotations.Api) MappingJacksonValue(org.springframework.http.converter.json.MappingJacksonValue) AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) BaseMangoRestController(com.serotonin.m2m2.web.mvc.rest.BaseMangoRestController) TemporaryResourceWebSocketHandler(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceWebSocketHandler) DataPointTagsDao(com.serotonin.m2m2.db.dao.DataPointTagsDao) HttpHeaders(org.springframework.http.HttpHeaders) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) Set(java.util.Set) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) IndividualRequest(com.infiniteautomation.mango.rest.v2.bulk.IndividualRequest) TemporaryResourceStatus(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource.TemporaryResourceStatus) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) ModuleRegistry(com.serotonin.m2m2.module.ModuleRegistry) TemporaryResource(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource) HttpStatus(org.springframework.http.HttpStatus) List(java.util.List) PageQueryResultModel(com.serotonin.m2m2.web.mvc.rest.v1.model.PageQueryResultModel) Permissions(com.serotonin.m2m2.vo.permission.Permissions) ASTNode(net.jazdw.rql.parser.ASTNode) Entry(java.util.Map.Entry) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal) TemporaryResourceManager(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceManager) ResponseEntity(org.springframework.http.ResponseEntity) MangoTaskTemporaryResourceManager(com.infiniteautomation.mango.rest.v2.temporaryResource.MangoTaskTemporaryResourceManager) BulkRequest(com.infiniteautomation.mango.rest.v2.bulk.BulkRequest) BulkResponse(com.infiniteautomation.mango.rest.v2.bulk.BulkResponse) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) TemporaryResourceWebSocketDefinition(com.serotonin.m2m2.web.mvc.rest.v1.publisher.TemporaryResourceWebSocketDefinition) User(com.serotonin.m2m2.vo.User) RestExceptionIndividualResponse(com.infiniteautomation.mango.rest.v2.bulk.RestExceptionIndividualResponse) ASTNode(net.jazdw.rql.parser.ASTNode) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) TemporaryResource(com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource) MappingJacksonValue(org.springframework.http.converter.json.MappingJacksonValue) RQLToObjectListQuery(com.infiniteautomation.mango.db.query.pojo.RQLToObjectListQuery) PageQueryResultModel(com.serotonin.m2m2.web.mvc.rest.v1.model.PageQueryResultModel) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

AuthenticationPrincipal (org.springframework.security.core.annotation.AuthenticationPrincipal)6 Expression (org.springframework.expression.Expression)4 StandardEvaluationContext (org.springframework.expression.spel.support.StandardEvaluationContext)4 RQLToObjectListQuery (com.infiniteautomation.mango.db.query.pojo.RQLToObjectListQuery)2 BulkRequest (com.infiniteautomation.mango.rest.v2.bulk.BulkRequest)2 BulkResponse (com.infiniteautomation.mango.rest.v2.bulk.BulkResponse)2 AbstractRestV2Exception (com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception)2 AccessDeniedException (com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException)2 BadRequestException (com.infiniteautomation.mango.rest.v2.exception.BadRequestException)2 NotFoundRestException (com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException)2 MangoTaskTemporaryResourceManager (com.infiniteautomation.mango.rest.v2.temporaryResource.MangoTaskTemporaryResourceManager)2 TemporaryResource (com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource)2 TemporaryResourceStatus (com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResource.TemporaryResourceStatus)2 TemporaryResourceManager (com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceManager)2 TemporaryResourceStatusUpdate (com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceStatusUpdate)2 TemporaryResourceWebSocketHandler (com.infiniteautomation.mango.rest.v2.temporaryResource.TemporaryResourceWebSocketHandler)2 DataPointDao (com.serotonin.m2m2.db.dao.DataPointDao)2 TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)2 ModuleRegistry (com.serotonin.m2m2.module.ModuleRegistry)2 DataPointVO (com.serotonin.m2m2.vo.DataPointVO)2