Example usage for org.apache.shiro.subject Subject checkPermission

List of usage examples for org.apache.shiro.subject Subject checkPermission

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.subject.*
  5. Subject
  6. checkPermission

Introduction

In this page you can find the example usage for org.apache.shiro.subject Subject checkPermission.

Prototype

void checkPermission(Permission permission) throws AuthorizationException;

Source Link

Document

Ensures this Subject Permission#implies(Permission) implies the specified Permission .

Usage

From source file:annis.service.internal.AdminService.java

License:Apache License

/**
 * Get the user configuration for the currentl logged in user.
 *//*  w  w  w  .  j  a v  a  2s. c  om*/
@GET
@Path("userconfig")
@Produces("application/xml")
public AnnisUserConfig getUserConfig() {
    Subject user = SecurityUtils.getSubject();
    user.checkPermission("admin:read:userconfig");

    return adminDao.retrieveUserConfig((String) user.getPrincipal());
}

From source file:annis.service.internal.AdminService.java

License:Apache License

/**
 * Sets the user configuration for the currentl logged in user.
 *///from   w w w  .  j  a v  a2s  . co m
@POST
@Path("userconfig")
@Consumes("application/xml")
public Response setUserConfig(JAXBElement<AnnisUserConfig> config) {
    Subject user = SecurityUtils.getSubject();
    user.checkPermission("admin:write:userconfig");

    adminDao.storeUserConfig(config.getValue());
    return Response.ok().build();

}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

/**
 * Get the user configuration for the currently logged in user.
 *
 * @return//from  w  w  w  . ja  va 2 s  .  c om
 */
@GET
@Path("userconfig")
@Produces("application/xml")
public UserConfig getUserConfig() {
    Subject user = SecurityUtils.getSubject();
    user.checkPermission("admin:read:userconfig");

    return adminDao.retrieveUserConfig((String) user.getPrincipal());
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

/**
 * Sets the user configuration for the currently logged in user.
 *//*from   ww  w .j  av a  2s.  com*/
@POST
@Path("userconfig")
@Consumes("application/xml")
public Response setUserConfig(JAXBElement<UserConfig> config) {
    Subject user = SecurityUtils.getSubject();
    user.checkPermission("admin:write:userconfig");

    String userName = (String) user.getPrincipal();

    adminDao.storeUserConfig(userName, config.getValue());
    return Response.ok().build();
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@GET
@Path("users")
@Produces("application/xml")
public List<User> listUsers() {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:user");

    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            return confManager.listAllUsers();
        }//w w w.  ja  va  2 s .  c o m
    }
    return new LinkedList<>();
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@PUT
@Path("users/{userName}")
@Consumes("application/xml")
@Override/*from   www .j ava  2  s.c  o m*/
public Response updateOrCreateUser(User user, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");

    if (!userName.equals(user.getName())) {
        return Response.status(Response.Status.BAD_REQUEST)
                .entity("Username in object is not the same as in path").build();
    }

    // if any permission is an adminstrative one the
    // requesting user needs more than just a "admin:write:user" permission"
    for (String permission : user.getPermissions()) {
        if (permission.startsWith("admin:")) {
            requestingUser.checkPermission("admin:write:adminuser");
            break;
        }
    }

    ANNISUserRealm userRealm = getUserRealm();
    if (userRealm != null) {
        if (userRealm.updateUser(user)) {
            return Response.ok().build();
        }
    }

    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not update/create user")
            .build();
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@GET
@Path("users/{userName}")
@Produces("application/xml")
@Override// w ww  .java  2s. c  o m
public User getUser(@PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:user");

    ANNISUserConfigurationManager conf = getConfManager();
    if (conf != null) {
        User u = conf.getUser(userName);
        if (u == null) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }

        // remove the password hash from the result, we don't want someone with
        // lower adminstration rights to crack it
        u.setPasswordHash("");

        return u;
    }
    throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@DELETE
@Path("users/{userName}")
public Response deleteUser(@PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");

    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            if (confManager.deleteUser(userName)) {
                // also delete any possible user configs
                adminDao.deleteUserConfig(userName);
                // if no error until here everything went well
                return Response.ok().build();
            }/*from  www  .  j  a  va2s.  c om*/
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not delete user").build();
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");

    ANNISUserConfigurationManager confManager = getConfManager();
    ANNISUserRealm userRealm = getUserRealm();
    if (confManager != null && userRealm != null) {
        User user = confManager.getUser(userName);
        if (user == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }//from   w  w  w. j  a va  2 s .  c  o  m

        Shiro1CryptFormat format = new Shiro1CryptFormat();

        SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
        ByteSource salt = generator.nextBytes(128 / 8); // 128 bit

        Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
        user.setPasswordHash(format.format(hash));

        if (userRealm.updateUser(user)) {
            return Response.ok().entity(user).build();
        }
    }

    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@GET
@Path("groups")
@Produces("application/xml")
public List<Group> listGroups() {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:read:group");

    if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager != null) {
            return new LinkedList<>(confManager.getGroups().values());
        }//from   w ww  . ja  v  a 2  s . c o  m
    }
    return new LinkedList<>();
}