javax.servlet.annotation.HttpConstraint Java Examples

The following examples show how to use javax.servlet.annotation.HttpConstraint. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpConstraints.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
public static boolean isCallAllowed ( final ControllerMethod m, final HttpServletRequest request )
{
    HttpConstraint constraint = m.getMethod ().getAnnotation ( HttpConstraint.class );

    if ( constraint == null )
    {
        constraint = m.getControllerClazz ().getAnnotation ( HttpConstraint.class );
    }

    if ( constraint == null )
    {
        return true;
    }

    return HttpContraintControllerInterceptor.isAllowed ( constraint, request );
}
 
Example #2
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@Secured ( false )
@RequestMapping ( value = "/channel/{channelId}/view", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView view ( @PathVariable ( "channelId" ) final String channelId, final HttpServletRequest request, final HttpServletResponse response ) throws ServletException, IOException
{
    final Optional<ChannelInformation> channel = this.channelService.getState ( By.name ( channelId ) );
    if ( channel.isPresent () )
    {
        return new ModelAndView ( String.format ( "redirect:/channel/%s/view", channel.get ().getId () ) );
    }
    else
    {
        request.getRequestDispatcher ( "tree" ).forward ( request, response );
        return null;
    }
}
 
Example #3
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@Secured ( false )
@RequestMapping ( value = "/channel/{channelId}/validation", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView viewValidation ( @PathVariable ( "channelId" ) final String channelId )
{
    try
    {
        return this.channelService.accessCall ( By.id ( channelId ), ReadableChannel.class, channel -> {
            final ModelAndView result = new ModelAndView ( "channel/validation" );

            result.put ( "channel", channel.getInformation () );
            result.put ( "messages", channel.getInformation ().getState ().getValidationMessages () );
            result.put ( "aspects", Activator.getAspects ().getAspectInformations () );

            return result;
        } );
    }
    catch ( final ChannelNotFoundException e )
    {
        return CommonController.createNotFound ( "channel", channelId );
    }
}
 
Example #4
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@Secured ( false )
@RequestMapping ( value = "/channel/{channelId}/details", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView details ( @PathVariable ( "channelId" ) final String channelId )
{
    final ModelAndView result = new ModelAndView ( "channel/details" );

    try
    {
        this.channelService.accessRun ( By.id ( channelId ), ReadableChannel.class, ( channel ) -> {
            result.put ( "channel", channel.getInformation () );
        } );
    }
    catch ( final ChannelNotFoundException e )
    {
        return CommonController.createNotFound ( "channel", channelId );
    }

    return result;
}
 
Example #5
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@RequestMapping ( "/channel/{channelId}/help/p2" )
@Secured ( false )
@HttpConstraint ( PERMIT )
public ModelAndView helpP2 ( @PathVariable ( "channelId" ) final String channelId )
{
    return withChannel ( channelId, ReadableChannel.class, channel -> {
        final Map<String, Object> model = new HashMap<> ();

        model.put ( "channel", channel.getInformation () );
        model.put ( "sitePrefix", this.sitePrefix.getSitePrefix () );

        model.put ( "p2Active", channel.hasAspect ( "p2.repo" ) );

        return new ModelAndView ( "channel/help/p2", model );
    } );
}
 
Example #6
Source File: P2RepoController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@RequestMapping ( value = "/{channelId}/info" )
@Secured ( false )
@HttpConstraint ( PERMIT )
public ModelAndView info ( @PathVariable ( "channelId" ) final String channelId) throws Exception
{
    return Channels.withChannel ( this.service, channelId, ReadableChannel.class, channel -> {

        final Map<String, Object> model = new HashMap<> ();

        final Map<MetaKey, String> metaData = channel.getMetaData ();

        final P2ChannelInformation channelInfo = new P2ChannelInformation ();
        MetaKeys.bind ( channelInfo, metaData );

        model.put ( "channel", channel.getInformation () );
        model.put ( "channelInfo", channelInfo );

        return new ModelAndView ( "p2info", model );
    } );
}
 
Example #7
Source File: P2MetaDataController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@RequestMapping ( value = "/{channelId}/info" )
@Secured ( false )
@HttpConstraint ( PERMIT )
public ModelAndView info ( @PathVariable ( "channelId" ) final String channelId) throws Exception
{
    return Channels.withChannel ( this.service, channelId, ReadableChannel.class, channel -> {
        final Map<String, Object> model = new HashMap<> ();

        final Map<MetaKey, String> metaData = channel.getMetaData ();

        final P2MetaDataInformation channelInfo = new P2MetaDataInformation ();
        MetaKeys.bind ( channelInfo, metaData );

        model.put ( "channel", channel.getInformation () );
        model.put ( "channelInfo", channelInfo );

        return new ModelAndView ( "p2info", model );
    } );

}
 
Example #8
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@RequestMapping ( value = "/channel/{channelId}/viewCacheEntry", method = RequestMethod.GET )
@HttpConstraint ( rolesAllowed = { "MANAGER", "ADMIN" } )
public ModelAndView viewCacheEntry ( @PathVariable ( "channelId" ) final String channelId, @RequestParameter ( "namespace" ) final String namespace, @RequestParameter ( "key" ) final String key, final HttpServletResponse response )
{
    return withChannel ( channelId, ReadableChannel.class, channel -> {

        if ( !channel.streamCacheEntry ( new MetaKey ( namespace, key ), entry -> {
            logger.trace ( "Length: {}, Mime: {}", entry.getSize (), entry.getMimeType () );

            response.setContentLengthLong ( entry.getSize () );
            response.setContentType ( entry.getMimeType () );
            response.setHeader ( "Content-Disposition", String.format ( "inline; filename=%s", URLEncoder.encode ( entry.getName (), "UTF-8" ) ) );
            // response.setHeader ( "Content-Disposition", String.format ( "attachment; filename=%s", entry.getName () ) );
            ByteStreams.copy ( entry.getStream (), response.getOutputStream () );
        } ) )
        {
            return CommonController.createNotFound ( "channel cache entry", String.format ( "%s:%s", namespace, key ) );
        }

        return null;
    } );
}
 
Example #9
Source File: UserController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@RequestMapping ( value = "/{userId}/view", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView viewUser ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request )
{
    final boolean you = isYou ( userId, request );

    if ( !you && !request.isUserInRole ( "ADMIN" ) )
    {
        return CommonController.createAccessDenied ();
    }

    final DatabaseUserInformation user = this.storage.getUserDetails ( userId );

    if ( user == null || user.getDetails ( DatabaseDetails.class ) == null )
    {
        return CommonController.createNotFound ( "user", userId );
    }

    final ModelAndView model = new ModelAndView ( "user/view" );
    model.put ( "user", user );
    model.put ( "you", you );
    return model;
}
 
Example #10
Source File: StorageController.java    From packagedrone with Eclipse Public License 1.0 6 votes vote down vote up
@HttpConstraint ( rolesAllowed = "ADMIN" )
@RequestMapping ( value = "/system/storage/exportAllFs", method = RequestMethod.POST )
public ModelAndView exportAllFsPost ( @Valid @FormData ( "command" ) final ExportAllFileSystemCommand command, final BindingResult result)
{
    if ( result.hasErrors () )
    {
        return new ModelAndView ( "exportAllFs" );
    }

    File location;
    try
    {
        location = performExport ( command );
    }
    catch ( final IOException e )
    {
        return CommonController.createError ( "Spool out", null, e, true );
    }

    final String bytes = Strings.bytes ( location.length () );

    return CommonController.createSuccess ( "Spool out", "to file system", String.format ( "<strong>Complete!</strong> Successfully spooled out all channels to <code>%s</code> (%s)", location, bytes ) );
}
 
Example #11
Source File: HttpContraintControllerInterceptor.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
public static boolean isAllowed ( final HttpConstraint constraint, final HttpServletRequest request )
{
    final EmptyRoleSemantic empty = constraint.value ();
    final String[] allowedRoles = constraint.rolesAllowed ();

    if ( allowedRoles == null || allowedRoles.length <= 0 )
    {
        // no roles
        if ( EmptyRoleSemantic.PERMIT.equals ( empty ) )
        {
            return true;
        }
        else
        {
            return false;
        }
    }
    else
    {
        // check all roles .. one is ok

        for ( final String role : allowedRoles )
        {
            if ( request.isUserInRole ( role ) )
            {
                return true;
            }
        }

        // we ran out of options

        return false;
    }
}
 
Example #12
Source File: HttpContraintControllerInterceptor.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@Override
public RequestHandler before ( final Object controller, final Method m, final HttpServletRequest request, final HttpServletResponse response, final BiFunction<HttpServletRequest, HttpServletResponse, RequestHandler> next ) throws Exception
{
    HttpConstraint s = m.getAnnotation ( HttpConstraint.class );
    if ( s == null )
    {
        s = controller.getClass ().getAnnotation ( HttpConstraint.class );
    }

    logger.trace ( "Checking http contraints: {} for {}", s, request );

    if ( s == null )
    {
        return next.apply ( request, response );
    }

    if ( isAllowed ( s, request ) )
    {
        return next.apply ( request, response );
    }

    final Principal p = request.getUserPrincipal ();
    if ( p == null )
    {
        // make a different when no one is logged in
        return handleLoginRequired ( request, response );
    }

    return handleAccessDenied ( response );
}
 
Example #13
Source File: BackupController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/provision", method = RequestMethod.POST )
@Secured ( false )
@HttpConstraint ( PERMIT )
public void provision ( final HttpServletRequest request, final HttpServletResponse response ) throws IOException
{
    internalProvision ( request, response );
}
 
Example #14
Source File: JobController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/{factoryId}/create", method = RequestMethod.POST )
@HttpConstraint ( rolesAllowed = { "MANAGER", "ADMIN" } )
public ModelAndView create ( @PathVariable ( "factoryId" ) final String factoryId, @RequestParameter (
        required = false, value = "data" ) final String data)
{
    final JobHandle job = this.manager.startJob ( factoryId, data );

    // forward to get loose of the POST request, so that we can reload the status page
    return new ModelAndView ( String.format ( "redirect:/job/%s/view", job.getId () ) );
}
 
Example #15
Source File: ArtifactController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/channel/{channelId}/artifacts/{artifactId}/generate", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView generate ( @PathVariable ( "channelId" ) final String channelId, @PathVariable ( "artifactId" ) final String artifactId)
{
    return Channels.withArtifact ( this.service, channelId, artifactId, ModifiableChannel.class, ( channel, artifact ) -> {
        channel.getContext ().regenerate ( artifact.getId () );
        return new ModelAndView ( "redirect:/channel/" + UrlEscapers.urlPathSegmentEscaper ().escape ( artifact.getChannelId ().getId () ) + "/view" );
    } );
}
 
Example #16
Source File: StorageController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/system/storage" )
@HttpConstraint ( rolesAllowed = { "MANAGER", "ADMIN" } )
public ModelAndView index ()
{
    final Map<String, Object> model = new HashMap<> ();
    return new ModelAndView ( "index", model );
}
 
Example #17
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/channel/{channelId}/viewCache", method = RequestMethod.GET )
@HttpConstraint ( rolesAllowed = { "MANAGER", "ADMIN" } )
public ModelAndView viewCache ( @PathVariable ( "channelId" ) final String channelId )
{
    return withChannel ( channelId, ReadableChannel.class, channel -> {
        final Map<String, Object> model = new HashMap<> ();

        model.put ( "channel", channel.getInformation () );
        model.put ( "cacheEntries", channel.getCacheEntries ().values () );

        return new ModelAndView ( "channel/viewCache", model );
    } );
}
 
Example #18
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( "/channel/{channelId}/help/api" )
@Secured ( false )
@HttpConstraint ( PERMIT )
public ModelAndView helpApi ( @PathVariable ( "channelId" ) final String channelId, final HttpServletRequest request )
{
    return withChannel ( channelId, ReadableChannel.class, channel -> {
        final Map<String, Object> model = new HashMap<> ();

        model.put ( "channel", channel.getInformation () );
        model.put ( "sitePrefix", this.sitePrefix.getSitePrefix () );

        final String exampleKey;
        if ( request.isUserInRole ( "MANAGER" ) )
        {
            final Collection<DeployKey> keys = this.channelService.getChannelDeployKeys ( By.id ( channel.getId ().getId () ) ).orElse ( emptyList () );
            exampleKey = keys.stream ().map ( DeployKey::getKey ).findFirst ().orElse ( DEFAULT_EXAMPLE_KEY );
        }
        else
        {
            exampleKey = DEFAULT_EXAMPLE_KEY;
        }

        model.put ( "hasExampleKey", !DEFAULT_EXAMPLE_KEY.equals ( exampleKey ) );

        model.put ( "exampleKey", exampleKey );
        model.put ( "exampleSitePrefix", makeCredentialsPrefix ( this.sitePrefix.getSitePrefix (), "deploy", exampleKey ) );

        return new ModelAndView ( "channel/help/api", model );
    } );
}
 
Example #19
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@Secured ( false )
@RequestMapping ( value = "/channel/{channelId}/viewPlain", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView viewPlain ( @PathVariable ( "channelId" ) final String channelId )
{
    try
    {
        return this.channelService.accessCall ( By.id ( channelId ), ReadableChannel.class, ( channel ) -> {

            final Map<String, Object> model = new HashMap<> ();

            model.put ( "channel", channel.getInformation () );

            final Collection<ArtifactInformation> artifacts = channel.getContext ().getArtifacts ().values ();

            if ( artifacts.size () > maxWebListSize () )
            {
                return viewTooMany ( channel );
            }

            // sort artifacts

            final List<ArtifactInformation> sortedArtifacts = new ArrayList<> ( artifacts );
            sortedArtifacts.sort ( Comparator.comparing ( ArtifactInformation::getName ) );
            model.put ( "sortedArtifacts", sortedArtifacts );

            return new ModelAndView ( "channel/view", model );
        } );
    }
    catch ( final ChannelNotFoundException e )
    {
        return CommonController.createNotFound ( "channel", channelId );
    }
}
 
Example #20
Source File: ChannelController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@Secured ( false )
@RequestMapping ( value = "/channel", method = RequestMethod.GET )
@HttpConstraint ( PERMIT )
public ModelAndView list ( @RequestParameter ( value = "start", required = false ) final Integer startPage )
{
    final ModelAndView result = new ModelAndView ( "channel/list" );

    final List<ChannelListEntry> channels = this.channelService.list ().stream ().flatMap ( ChannelController::toEntry ).collect ( Collectors.toList () );
    channels.sort ( CHANNEL_LIST_ENTRY_COMPARATOR );

    result.put ( "channels", Pagination.paginate ( startPage, 10, channels ) );

    return result;
}
 
Example #21
Source File: UserController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( "/{userId}/newPassword" )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView changePassword ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request )
{
    final Map<String, Object> model = new HashMap<> ();

    final boolean you = isYou ( userId, request );
    if ( !you && !request.isUserInRole ( "ADMIN" ) )
    {
        return CommonController.createAccessDenied ();
    }

    final DatabaseUserInformation user = this.storage.getUserDetails ( userId );
    if ( user == null )
    {
        return CommonController.createNotFound ( "user", userId );
    }

    final DatabaseDetails details = user.getDetails ( DatabaseDetails.class );

    if ( details == null )
    {
        return CommonController.createNotFound ( "details", userId );
    }

    final NewPassword data = new NewPassword ();
    data.setEmail ( details.getEmail () );

    model.put ( "you", you );
    model.put ( "command", data );

    return new ModelAndView ( "user/newPassword", model );
}
 
Example #22
Source File: UserController.java    From packagedrone with Eclipse Public License 1.0 5 votes vote down vote up
@RequestMapping ( value = "/{userId}/newPassword", method = RequestMethod.POST )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView changePasswordPost ( @PathVariable ( "userId" ) final String userId, @Valid @FormData ( "command" ) final NewPassword data, final BindingResult result, final HttpServletRequest request )
{
    final boolean you = isYou ( userId, request );

    if ( !you && !request.isUserInRole ( "ADMIN" ) )
    {
        return CommonController.createAccessDenied ();
    }

    final Map<String, Object> model = new HashMap<> ();
    model.put ( "you", you );

    if ( result.hasErrors () )
    {
        model.put ( "command", data );
        return new ModelAndView ( "user/newPassword", model );
    }

    try
    {
        if ( !you /* but we are ADMIN */ )
        {
            this.storage.updatePassword ( userId, null, data.getPassword () );
        }
        else
        {
            this.storage.updatePassword ( userId, data.getCurrentPassword (), data.getPassword () );
        }

        return new ModelAndView ( "redirect:/user/" + userId + "/view" );
    }
    catch ( final Exception e )
    {
        return CommonController.createError ( "Error", "Failed to change password", e );
    }
}
 
Example #23
Source File: StorageController.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
@HttpConstraint ( rolesAllowed = "ADMIN" )
@RequestMapping ( value = "/system/storage/exportAllFs", method = RequestMethod.GET )
public ModelAndView exportAllFs ()
{
    return new ModelAndView ( "exportAllFs" );
}
 
Example #24
Source File: ServletSecurityElementTest.java    From piranha with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
/**
 * Test constructor.
 */
@Test
public void testConstructor4() {
    ServletSecurity servletSecurity = new ServletSecurity() {
        @Override
        public HttpMethodConstraint[] httpMethodConstraints() {
            return new HttpMethodConstraint[]{
                new HttpMethodConstraint() {
                    @Override
                    public ServletSecurity.EmptyRoleSemantic emptyRoleSemantic() {
                        return ServletSecurity.EmptyRoleSemantic.PERMIT;
                    }

                    @Override
                    public String[] rolesAllowed() {
                        return new String[]{};
                    }

                    @Override
                    public ServletSecurity.TransportGuarantee transportGuarantee() {
                        return ServletSecurity.TransportGuarantee.NONE;
                    }

                    @Override
                    public String value() {
                        return "HEAD";
                    }

                    @Override
                    public Class<? extends Annotation> annotationType() {
                        throw new UnsupportedOperationException("Not supported yet.");
                    }
                }
            };
        }

        @Override
        public HttpConstraint value() {
            return new HttpConstraint() {
                @Override
                public String[] rolesAllowed() {
                    return new String[]{};
                }

                @Override
                public ServletSecurity.TransportGuarantee transportGuarantee() {
                    return ServletSecurity.TransportGuarantee.NONE;
                }

                @Override
                public ServletSecurity.EmptyRoleSemantic value() {
                    return ServletSecurity.EmptyRoleSemantic.PERMIT;
                }

                @Override
                public Class<? extends Annotation> annotationType() {
                    throw new UnsupportedOperationException("Not supported yet.");
                }
            };
        }

        @Override
        public Class<? extends Annotation> annotationType() {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    };
    ServletSecurityElement servletSecurityElement = new ServletSecurityElement(servletSecurity);
    assertNotNull(servletSecurityElement);
}
 
Example #25
Source File: TransferController.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
@RequestMapping ( value = "/channel/export", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView exportAll ( final HttpServletResponse response )
{
    return performExport ( response, makeExportFileName ( null ), this.transferService::exportAll );
}
 
Example #26
Source File: TransferController.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
@RequestMapping ( value = "/channel/{channelId}/export", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView exportChannel ( @PathVariable ( "channelId" ) final String channelId, final HttpServletResponse response )
{
    return performExport ( response, makeExportFileName ( channelId ), ( stream ) -> this.transferService.exportChannel ( channelId, stream ) );
}