Package org.graylog2.plugin.configuration

Examples of org.graylog2.plugin.configuration.ConfigurationRequest


        if (commandLineArguments.isDebug()) {
            LOG.info("Running in Debug mode");
            logLevel = Level.DEBUG;
        }

        PluginLoader pluginLoader = new PluginLoader(new File(configuration.getPluginDir()));
        List<PluginModule> pluginModules = Lists.newArrayList();
        for (Plugin plugin : pluginLoader.loadPlugins())
            pluginModules.addAll(plugin.modules());

        LOG.debug("Loaded modules: " + pluginModules);

        GuiceInstantiationService instantiationService = new GuiceInstantiationService();
View Full Code Here


    @Path("{username}")
    @RequiresPermissions(USERS_EDIT)
    @ApiOperation("Removes a user account.")
    @ApiResponses({@ApiResponse(code = 400, message = "When attempting to remove a read only user (e.g. built-in or LDAP user).")})
    public Response deleteUser(@ApiParam(name = "username", value = "The name of the user to delete.", required = true) @PathParam("username") String username) {
        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        if (user.isReadOnly()) {
            throw new BadRequestException("Cannot delete readonly user " + username);
        }

        userService.destroy(user);
        return Response.noContent().build();
View Full Code Here

            permissionRequest = objectMapper.readValue(body, PermissionEditRequest.class);
        } catch (IOException e) {
            throw new BadRequestException(e);
        }

        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        user.setPermissions(permissionRequest.permissions);
        try {
            userService.save(user);
        } catch (ValidationException e) {
            LOG.error("Validation error.", e);
            throw new BadRequestException("Validation error for " + username, e);
View Full Code Here

            preferencesRequest = objectMapper.readValue(body, TypeFactory.defaultInstance().constructMapType(Map.class, String.class, Object.class));
        } catch (IOException e) {
            throw new BadRequestException(e);
        }

        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        user.setPreferences(preferencesRequest);
        try {
            userService.save(user);
        } catch (ValidationException e) {
            LOG.error("Validation error.", e);
            throw new BadRequestException("Validation error for " + username, e);
View Full Code Here

    @ApiOperation("Revoke all permissions for a user without deleting the account.")
    @ApiResponses({
            @ApiResponse(code = 500, message = "When saving the user failed.")
    })
    public Response deletePermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username) {
        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        user.setPermissions(Lists.<String>newArrayList());
        try {
            userService.save(user);
        } catch (ValidationException e) {
            throw new InternalServerErrorException(e);
        }
View Full Code Here

        } catch (IOException e) {
            LOG.error("Error while parsing JSON", e);
            throw new WebApplicationException(e, BAD_REQUEST);
        }

        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }

        if (!getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":" + user.getName())) {
            return status(FORBIDDEN).build();
        }
        if (user.isExternalUser()) {
            LOG.error("Cannot change password for LDAP user.");
            return status(FORBIDDEN).build();
        }

        boolean checkOldPassword = true;
        // users with the wildcard permission for password change do not have to supply the old password, unless they try to change their own password.
        // the rationale is to prevent accidental or malicious change of admin passwords (e.g. to prevent locking out legitimate admins)
        if (getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":*")) {
            if (username.equals(getSubject().getPrincipal())) {
                LOG.debug("User {} is allowed to change the password of any user, but attempts to change own password. Must supply the old password.", getSubject().getPrincipal());
                checkOldPassword = true;
            } else {
                LOG.debug("User {} is allowed to change the password for any user, including {}, ignoring old password", getSubject().getPrincipal(), username);
                checkOldPassword = false;
            }
        }

        boolean changeAllowed = false;
        final String secret = configuration.getPasswordSecret();
        if (checkOldPassword) {
            if (cr.old_password == null) {
                LOG.info("Changing password for user {} must supply the old password.", username);
                return status(BAD_REQUEST).build();
            }
            if (user.isUserPassword(cr.old_password, secret)) {
                changeAllowed = true;
            }
        } else {
            changeAllowed = true;
        }
        if (changeAllowed) {
            user.setPassword(cr.password, secret);
            try {
                userService.save(user);
            } catch (ValidationException e) {
                throw new BadRequestException("Validation error for " + username, e);
            }
View Full Code Here

    @GET
    @Path("{username}/tokens")
    @RequiresPermissions(RestPermissions.USERS_TOKENLIST)
    @ApiOperation("Retrieves the list of access tokens for a user")
    public TokenList listTokens(@ApiParam(name = "username", required = true) @PathParam("username") String username) {
        final User user = _tokensCheckAndLoadUser(username);
        final TokenList tokenList = new TokenList();
        List<AccessToken>  tokens = accessTokenService.loadAll(user.getName());
        for (AccessToken token : tokens) {
            tokenList.addToken(new Token(token));
        }
        return tokenList;
    }
View Full Code Here

    @RequiresPermissions(RestPermissions.USERS_TOKENCREATE)
    @ApiOperation("Generates a new access token for a user")
    public Token generateNewToken(
            @ApiParam(name = "username", required = true) @PathParam("username") String username,
            @ApiParam(name = "name", value = "Descriptive name for this token (e.g. 'cronjob') ", required = true) @PathParam("name") String name) {
        final User user = _tokensCheckAndLoadUser(username);
        final AccessToken accessToken = accessTokenService.create(user.getName(), name);
        return new Token(accessToken);
    }
View Full Code Here

    @Path("{username}/tokens/{token}")
    @ApiOperation("Removes a token for a user")
    public Response revokeToken(
            @ApiParam(name = "username", required = true) @PathParam("username") String username,
            @ApiParam(name = "access token", required = true) @PathParam("token") String token) {
        final User user = _tokensCheckAndLoadUser(username);
        final AccessToken accessToken = accessTokenService.load(token);
        if (accessToken != null) {
            accessTokenService.destroy(accessToken);
            return noContent().build();
        }
View Full Code Here

        }
        return Response.status(NOT_FOUND).build();
    }

    private User _tokensCheckAndLoadUser(String username) {
        final User user = userService.load(username);
        if (user == null) {
            throw new NotFoundException("Unknown user " + username);
        }
        if (!getSubject().getPrincipal().equals(username)) {
            throw new ForbiddenException("Cannot access other people's tokens.");
View Full Code Here

TOP

Related Classes of org.graylog2.plugin.configuration.ConfigurationRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.