org.apache.shiro.authz.annotation.RequiresAuthentication Java Examples
The following examples show how to use
org.apache.shiro.authz.annotation.RequiresAuthentication.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AdminAuthController.java From dts-shop with GNU Lesser General Public License v3.0 | 8 votes |
|
@RequiresAuthentication
@GetMapping("/info")
public Object info() {
Subject currentUser = SecurityUtils.getSubject();
DtsAdmin admin = (DtsAdmin) currentUser.getPrincipal();
Map<String, Object> data = new HashMap<>();
data.put("name", admin.getUsername());
data.put("avatar", admin.getAvatar());
Integer[] roleIds = admin.getRoleIds();
Set<String> roles = roleService.queryByIds(roleIds);
Set<String> permissions = permissionService.queryByRoleIds(roleIds);
data.put("roles", roles);
// NOTE
// 这里需要转换perms结构,因为对于前端而已API形式的权限更容易理解
data.put("perms", toAPI(permissions));
logger.info("【请求结束】系统管理->用户信息获取,响应结果:{}", JSONObject.toJSONString(data));
return ResponseUtil.ok(data);
}
Example #2
| Source File: UserApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@Override
@PUT
@RequiresAuthentication
@RequiresPermissions("nexus:*")
@Path("{userId}/change-password")
@Consumes(MediaType.TEXT_PLAIN)
@Validate
public void changePassword(@PathParam("userId") final String userId, final String password) {
if (StringUtils.isBlank(password)) {
throw createWebException(Status.BAD_REQUEST, "Password must be supplied.");
}
try {
securitySystem.changePassword(userId, password);
if (ADMIN_USER_ID.equals(userId)) {
adminPasswordFileManager.removeFile();
}
}
catch (UserNotFoundException e) { // NOSONAR
log.debug("Request to change password for invalid user '{}'.", userId);
throw createUnknownUserException(userId);
}
}
Example #3
| Source File: PypiProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update PyPI proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final PypiProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #4
| Source File: NpmProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update npm proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final NpmProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #5
| Source File: CertificateApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@Override
@DELETE
@Path("truststore/{id}")
@RequiresAuthentication
@RequiresPermissions("nexus:ssl-truststore:delete")
public void removeCertificate(@PathParam("id") final String id) {
try {
// check that the certificate existss
getTrustedCertificate(id);
trustStore.removeTrustCertificate(id);
}
catch (KeystoreException e) {
log.error("An error occurred accessing the internal trust store.", e);
throw createWebException(Status.INTERNAL_SERVER_ERROR, KEY_STORE_ERROR_MESSAGE);
}
}
Example #6
| Source File: RawGroupRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update raw group repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final RawGroupRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #7
| Source File: UserApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@Override
@GET
@RequiresAuthentication
@RequiresPermissions("nexus:users:read")
public Collection<ApiUser> getUsers(
@QueryParam("userId") final String userId,
@QueryParam("source") final String source)
{
UserSearchCriteria criteria = new UserSearchCriteria(userId, null, source);
if (!UserManager.DEFAULT_SOURCE.equals(source)) {
// we limit the number of users here to avoid issues with remote sources
criteria.setLimit(100);
}
return securitySystem.searchUsers(criteria).stream().map(u -> fromUser(u))
.collect(Collectors.toList());
}
Example #8
| Source File: GoogleCloudBlobstoreApiResource.java From nexus-blobstore-google-cloud with Eclipse Public License 1.0 | 6 votes |
|
@PUT
@RequiresAuthentication
@Path("/{name}")
@RequiresPermissions("nexus:blobstores:update")
@Override
public GoogleCloudBlobstoreApiModel update(@PathParam("name") final String name,
@Valid final GoogleCloudBlobstoreApiModel model)
throws Exception
{
BlobStore existing = blobStoreManager.get(name);
if (existing == null) {
return null;
}
BlobStoreConfiguration config = confirmType(existing.getBlobStoreConfiguration());
merge(config, model);
BlobStore blobStore = blobStoreManager.update(config);
return new GoogleCloudBlobstoreApiModel(blobStore.getBlobStoreConfiguration());
}
Example #9
| Source File: GoogleCloudBlobstoreApiResource.java From nexus-blobstore-google-cloud with Eclipse Public License 1.0 | 6 votes |
|
@POST
@RequiresAuthentication
@RequiresPermissions("nexus:blobstores:create")
@Override
public GoogleCloudBlobstoreApiModel create(@Valid final GoogleCloudBlobstoreApiModel model)
throws Exception
{
if (blobStoreManager.get(model.getName()) != null) {
throw new WebApplicationMessageException(Status.BAD_REQUEST, "A blob store with that name already exists");
}
BlobStoreConfiguration config = blobStoreManager.newConfiguration();
config.setType(GoogleCloudBlobStore.TYPE);
merge(config, model);
BlobStore blobStore = blobStoreManager.create(config);
return new GoogleCloudBlobstoreApiModel(blobStore.getBlobStoreConfiguration());
}
Example #10
| Source File: RoutingRulesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@Override
@DELETE
@Path("/{name}")
@RequiresAuthentication
@RequiresPermissions("nexus:*")
public void deleteRoutingRule(@PathParam("name") final String name) {
RoutingRule routingRule = getRuleFromStore(name);
EntityId routingRuleId = routingRule.id();
Map<EntityId, List<Repository>> assignedRepositories = routingRuleHelper.calculateAssignedRepositories();
List<Repository> repositories = assignedRepositories.computeIfAbsent(routingRuleId, id -> emptyList());
if (!repositories.isEmpty()) {
throw new WebApplicationMessageException(
Status.BAD_REQUEST,
"\"Routing rule is still in use by " + repositories.size() + " repositories.\"",
APPLICATION_JSON);
}
routingRuleStore.delete(routingRule);
}
Example #11
| Source File: ApiController.java From ueboot with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
@RequiresAuthentication
@RequestMapping(value = "/private/updatePassword")
@ApiOperation(value = "更新密码")
public Response<Void> updatePassword(@RequestBody UpdatePasswordReq req) {
String userName = (String) SecurityUtils.getSubject().getPrincipal();
//加密旧密码
String oldPassword = PasswordUtil.sha512(userName, req.getOldPassword().toLowerCase());
//加密新密码
String newPassword = PasswordUtil.sha512(userName, req.getNewPassword().toLowerCase());
User user = userService.findByUserName(userName);
if (!user.getPassword().equals(oldPassword)) {
throw new BusinessException("原密码输入错误,请重新输入");
}
user.setPassword(newPassword);
JDateTime dateTime = new JDateTime();
//默认密码过期日期为x个月,x个月后要求更换密码
Date expiredDate = dateTime.addMonth(this.shiroService.getPasswordExpiredMonth()).convertToDate();
user.setCredentialExpiredDate(expiredDate);
this.userService.save(user);
// 更新密码日志记录
this.shiroEventListener.updatePasswordEvent(userName);
return new Response<Void>();
}
Example #12
| Source File: MavenProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update Maven proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final MavenProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #13
| Source File: P2ProxyRepositoriesApiResource.java From nexus-repository-p2 with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update p2 proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final P2ProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #14
| Source File: HelmHostedRepositoriesApiResource.java From nexus-repository-helm with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update Helm hosted repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final HelmHostedRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #15
| Source File: GolangHostedRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update a Go hosted repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS),
@ApiResponse(code = 404, message = REPOSITORY_NOT_FOUND)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final GolangHostedRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #16
| Source File: RawHostedRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update raw hosted repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final RawHostedRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #17
| Source File: RawProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update raw proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final RawProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #18
| Source File: ReportScheduleResource.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 6 votes |
|
@PUT
@Timed
@ApiOperation(value = "Create a report schedule")
@RequiresAuthentication
@RequiresPermissions(ReportScheduleRestPermissions.AGGREGATE_REPORT_SCHEDULES_CREATE)
@AuditEvent(type = AuditEventTypes.AGGREGATES_REPORT_SCHEDULE_CREATE)
@ApiResponses(value = {
@ApiResponse(code = 400, message = "The supplied request is not valid.")
})
public Response create(
@ApiParam(name = "JSON body", required = true) @Valid @NotNull AddReportScheduleRequest request
) {
final ReportSchedule reportSchedule = reportScheduleService.fromRequest(request);
reportScheduleService.create(reportSchedule);
return Response.accepted().build();
}
Example #19
| Source File: TasksResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@POST
@Path("/{id}/stop")
@RequiresAuthentication
@RequiresPermissions("nexus:tasks:stop")
public void stop(@PathParam("id") final String id) {
try {
TaskInfo taskInfo = getTaskInfo(id);
Future<?> taskFuture = taskInfo.getCurrentState().getFuture();
if (taskFuture == null) {
throw new WebApplicationException(format("Task %s is not running", id), CONFLICT);
}
if (!taskFuture.cancel(false)) {
throw new WebApplicationException(format("Unable to stop task %s", id), CONFLICT);
}
}
catch (WebApplicationException webApplicationException) {
throw webApplicationException;
}
catch (Exception e) {
log.error("error stopping task with id {}", id, e);
throw new WebApplicationException(format("Error running task %s", id), INTERNAL_SERVER_ERROR);
}
}
Example #20
| Source File: CocoapodsProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update Cocoapods proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final CocoapodsProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #21
| Source File: RuleResource.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 6 votes |
|
@PUT
@Timed
@ApiOperation(value = "Create a rule")
@RequiresAuthentication
@RequiresPermissions(RuleRestPermissions.AGGREGATE_RULES_CREATE)
@AuditEvent(type = AuditEventTypes.AGGREGATES_RULE_CREATE)
@ApiResponses(value = {
@ApiResponse(code = 400, message = "The supplied request is not valid.")
})
public Response create(
@ApiParam(name = "JSON body", required = true) @Valid @NotNull AddRuleRequest request
) {
final Rule rule = ruleService.fromRequest(request);
LOG.info("Creating rule with name [{}]", rule.getName());
ruleService.create(rule);
return Response.accepted().build();
}
Example #22
| Source File: ConanProxyRepositoriesApiResource.java From nexus-repository-conan with Eclipse Public License 1.0 | 6 votes |
|
@ApiOperation("Update Conan proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 204, message = REPOSITORY_UPDATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS),
@ApiResponse(code = 404, message = REPOSITORY_NOT_FOUND)
})
@PUT
@Path("/{repositoryName}")
@RequiresAuthentication
@Validate
@Override
public Response updateRepository(
final ConanProxyRepositoryApiRequest request,
@ApiParam(value = "Name of the repository to update") @PathParam("repositoryName") final String repositoryName)
{
return super.updateRepository(request, repositoryName);
}
Example #23
| Source File: AuthResourceFilterFactory.java From emodb with Apache License 2.0 | 6 votes |
|
@Override
public List<ResourceFilter> create(AbstractMethod am) {
LinkedList<ResourceFilter> filters = Lists.newLinkedList();
// Check the resource
RequiresPermissions permAnnotation = am.getResource().getAnnotation(RequiresPermissions.class);
if (permAnnotation != null) {
filters.add(new AuthorizationResourceFilter(ImmutableList.copyOf(permAnnotation.value()), permAnnotation.logical(), createSubstitutionMap(permAnnotation, am)));
}
// Check the method
permAnnotation = am.getAnnotation(RequiresPermissions.class);
if (permAnnotation != null) {
filters.add(new AuthorizationResourceFilter(ImmutableList.copyOf(permAnnotation.value()), permAnnotation.logical(), createSubstitutionMap(permAnnotation, am)));
}
// If we're doing authorization or if authentication is explicitly requested then add it as the first filter
if (!filters.isEmpty() ||
am.getResource().getAnnotation(RequiresAuthentication.class) != null ||
am.getAnnotation(RequiresAuthentication.class) != null) {
filters.addFirst(new AuthenticationResourceFilter(_securityManager, _tokenGenerator));
}
return filters;
}
Example #24
| Source File: RoutingRulesResource.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@DELETE
@Path("/{name}")
@RequiresAuthentication
@RequiresPermissions("nexus:*")
public void deleteRoutingRule(@PathParam("name") final String name) {
RoutingRule routingRule = routingRuleStore.getByName(name);
if (null == routingRule) {
throw new WebApplicationException(Status.NOT_FOUND);
}
Map<EntityId, List<Repository>> assignedRepositories = routingRuleHelper.calculateAssignedRepositories();
List<Repository> repositories = assignedRepositories.getOrDefault(routingRule.id(), emptyList());
if (repositories.size() > 0) {
throw new WebApplicationException("Routing rule is still in use by " + repositories.size() + " repositories.", Status.BAD_REQUEST);
}
routingRuleStore.delete(routingRule);
}
Example #25
| Source File: RuleResource.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 5 votes |
|
@GET
@Timed
@ApiOperation(value = "Lists all existing rules")
@RequiresAuthentication
@RequiresPermissions(RuleRestPermissions.AGGREGATE_RULES_READ)
public RulesList list() {
final List<Rule> rules = ruleService.all();
return RulesList.create(rules);
}
Example #26
| Source File: RepositoryPrivilegeApiResource.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Override
@POST
@RequiresAuthentication
@RequiresPermissions("nexus:privileges:create")
@Path("repository-content-selector")
public Response createPrivilege(final ApiPrivilegeRepositoryContentSelectorRequest privilege) {
return doCreate(RepositoryContentSelectorPrivilegeDescriptor.TYPE, privilege);
}
Example #27
| Source File: EmailConfigurationApiResource.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@POST
@Path("/verify")
@RequiresAuthentication
@RequiresPermissions("nexus:settings:update")
public ApiEmailValidation testEmailConfiguration(@NotNull String verificationAddress)
{
EmailConfiguration emailConfiguration = emailManager.getConfiguration();
if (emailConfiguration == null) {
return new ApiEmailValidation(false, "Email Settings are not yet configured");
}
try {
emailManager.sendVerification(emailConfiguration, verificationAddress);
return new ApiEmailValidation(true);
}
catch (EmailException e) {
log.debug("Unable to send verification", e);
String exceptionMessage = e.getMessage().replace(e.getCause().getClass().getName() + ": ", "");
if (e.getCause() instanceof AddressException) {
throw new WebApplicationMessageException(BAD_REQUEST, '"' + exceptionMessage + '"', APPLICATION_JSON);
}
else {
return new ApiEmailValidation(false, exceptionMessage);
}
}
}
Example #28
| Source File: PypiProxyRepositoriesApiResource.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@ApiOperation("Create PyPI proxy repository")
@ApiResponses(value = {
@ApiResponse(code = 201, message = REPOSITORY_CREATED),
@ApiResponse(code = 401, message = AUTHENTICATION_REQUIRED),
@ApiResponse(code = 403, message = INSUFFICIENT_PERMISSIONS)
})
@POST
@RequiresAuthentication
@Validate
@Override
public Response createRepository(final PypiProxyRepositoryApiRequest request) {
return super.createRepository(request);
}
Example #29
| Source File: PrivilegeApiResource.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Override
@PUT
@RequiresAuthentication
@RequiresPermissions("nexus:privileges:update")
@Path("application/{privilegeId}")
public void updatePrivilege(@PathParam("privilegeId") final String privilegeId,
final ApiPrivilegeApplicationRequest privilege)
{
doUpdate(privilegeId, ApplicationPrivilegeDescriptor.TYPE, privilege);
}
Example #30
| Source File: ScriptPrivilegeApiResource.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Override
@PUT
@RequiresAuthentication
@RequiresPermissions("nexus:privileges:update")
@Path("script/{privilegeId}")
public void updatePrivilege(@PathParam("privilegeId") final String privilegeId,
final ApiPrivilegeScriptRequest privilege)
{
doUpdate(privilegeId, ScriptPrivilegeDescriptor.TYPE, privilege);
}
