/** * De-register a specific routerId, evicting the associated graph from memory. * @return status code 200 if the routerId was de-registered, * 404 if the routerId was not registered. */ @RolesAllowed({ "ROUTERS" }) @DELETE @Path("{routerId}") @Produces({ MediaType.TEXT_PLAIN }) public Response deleteGraphId(@PathParam("routerId") String routerId) { boolean existed = otpServer.getGraphService().evictRouter(routerId); if (existed) return Response.status(200).entity("graph evicted.\n").build(); else return Response.status(404).entity("graph did not exist.\n").build(); }
private List<ConfigAttribute> processAnnotations(Annotation[] annotations) { if (annotations == null || annotations.length == 0) { return null; } List<ConfigAttribute> attributes = new ArrayList<>(); for (Annotation a : annotations) { if (a instanceof DenyAll) { attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE); return attributes; } if (a instanceof PermitAll) { attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE); return attributes; } if (a instanceof RolesAllowed) { RolesAllowed ra = (RolesAllowed) a; for (String allowed : ra.value()) { String defaultedAllowed = getRoleWithDefaultPrefix(allowed); attributes.add(new Jsr250SecurityConfig(defaultedAllowed)); } return attributes; } } return null; }
@GET @Path("rolesAllowed") @RolesAllowed({"manager"}) public RestrictedEntity rolesAllowed() { return RestrictedEntity.instance(); }
@Path("/protected") @RolesAllowed("BASIC_GUY") public final class ProtectedClassResource {
@GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed({"admin", "$dynamic"}) public Object list(@Context GraphManager manager, @Context SecurityContext sc) { Set<String> graphs = manager.graphs(); String role = sc.getUserPrincipal().getName(); if (role.equals("admin")) { return ImmutableMap.of("graphs", graphs); } else { // Filter by user role String graph = role; if (graphs.contains(graph)) { return ImmutableMap.of("graphs", ImmutableList.of(graph)); } else { return ImmutableMap.of("graphs", ImmutableList.of()); } } }
/** * Reload the graphs for all registered routerIds from disk. */ @RolesAllowed({ "ROUTERS" }) @PUT @Produces({ MediaType.APPLICATION_JSON }) public Response reloadGraphs(@QueryParam("path") String path, @QueryParam("preEvict") @DefaultValue("true") boolean preEvict, @QueryParam("force") @DefaultValue("true") boolean force) { otpServer.getGraphService().reloadGraphs(preEvict, force); return Response.status(Status.OK).build(); }
@RolesAllowed({"manager", "user"}) public RestrictedSubEntity getMixedField() { return mixedField; }
@RolesAllowed("ADMIN") @GET @Path("admin") public String showAdminSecret(@Auth User user) { return String.format("Hey there, %s. It looks like you are an admin. %d", user.getName(), user.getId()); } }
/** * Page that lets the admin change the cluster size or shut down the cluster. */ @Path("/manage") @RolesAllowed(ADMIN_ROLE) public static class ManagePage { @Inject SecurityContext sc; @GET @Produces(MediaType.TEXT_HTML) public Viewable getRoot() { ControllerModel model = new ControllerModel(); dispatcher.getController().visit(model); return new Viewable("/drill-am/manage.ftl", toModel(sc, model)); } }
@GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed("admin") public String all() { ServerReporter reporter = ServerReporter.instance(); Map<String, Map<String, ? extends Metric>> result = new LinkedHashMap<>(); result.put("gauges", reporter.gauges()); result.put("counters", reporter.counters()); result.put("histograms", reporter.histograms()); result.put("meters", reporter.meters()); result.put("timers", reporter.timers()); return JsonUtil.toJson(result); }
/** De-register all registered routerIds, evicting them from memory. */ @RolesAllowed({ "ROUTERS" }) @DELETE @Produces({ MediaType.TEXT_PLAIN }) public Response deleteAll() { int nEvicted = otpServer.getGraphService().evictAll(); String message = String.format("%d graphs evicted.\n", nEvicted); return Response.status(200).entity(message).build(); }
@RolesAllowed("user") public String getUserField() { return userField; }
/** * Save the graph data, but don't load it in memory. The file location is based on routerId. * If the graph already exists, the graph will be overwritten. */ @RolesAllowed({ "ROUTERS" }) @POST @Path("/save") @Produces({ MediaType.TEXT_PLAIN }) @Consumes(MediaType.APPLICATION_OCTET_STREAM) public Response saveGraphOverWire ( @QueryParam("routerId") String routerId, InputStream is) { LOG.debug("save graph from POST data stream..."); try { boolean success = otpServer.getGraphService().getGraphSourceFactory().save(routerId, is); if (success) { return Response.status(201).entity("graph saved.\n").build(); } else { return Response.status(404).entity("graph not saved or other error.\n").build(); } } catch (Exception e) { return Response.status(Status.BAD_REQUEST).entity(e.toString()).build(); } }
@GET @RolesAllowed("ADMIN") @Path("admin") public String showAdminSecret(@Auth User user) { return String.format("Hey there, %s. It looks like you are an admin. %d", user.getName(), user.getId()); }
/** * Display the configuration page which displays the contents of * DoY and selected Drill config as name/value pairs. Visible only * to the admin when DoY is secure. */ @Path("/config") @RolesAllowed(ADMIN_ROLE) public static class ConfigPage { @Inject private SecurityContext sc; @GET @Produces(MediaType.TEXT_HTML) public Viewable getRoot() { return new Viewable("/drill-am/config.ftl", toModel(sc, DrillOnYarnConfig.instance().getPairs())); } }
@Override @RolesAllowed("g1") public String method() { return "method"; }
private List<ConfigAttribute> processAnnotations(Annotation[] annotations) { if (annotations == null || annotations.length == 0) { return null; } List<ConfigAttribute> attributes = new ArrayList<>(); for (Annotation a : annotations) { if (a instanceof DenyAll) { attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE); return attributes; } if (a instanceof PermitAll) { attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE); return attributes; } if (a instanceof RolesAllowed) { RolesAllowed ra = (RolesAllowed) a; for (String allowed : ra.value()) { String defaultedAllowed = getRoleWithDefaultPrefix(allowed); attributes.add(new Jsr250SecurityConfig(defaultedAllowed)); } return attributes; } } return null; }
/** * Deserialize a graph sent with the HTTP request as POST data, associating it with the given * routerId. */ @RolesAllowed({ "ROUTERS" }) @POST @Path("{routerId}") @Produces({ MediaType.TEXT_PLAIN }) @Consumes(MediaType.APPLICATION_OCTET_STREAM) public Response postGraphOverWire ( @PathParam("routerId") String routerId, @QueryParam("preEvict") @DefaultValue("true") boolean preEvict, InputStream is) { if (preEvict) { LOG.debug("pre-evicting graph"); otpServer.getGraphService().evictRouter(routerId); } LOG.debug("deserializing graph from POST data stream..."); Graph graph; try { graph = Graph.load(is); GraphService graphService = otpServer.getGraphService(); graphService.registerGraph(routerId, new MemoryGraphSource(routerId, graph)); return Response.status(Status.CREATED).entity(graph.toString() + "\n").build(); } catch (Exception e) { return Response.status(Status.BAD_REQUEST).entity(e.toString() + "\n").build(); } }
/** * Main DoY page that displays cluster status, and the status of * the resource groups. Available only to the admin user when * DoY is secured. */ @Path("/") @RolesAllowed(ADMIN_ROLE) public static class RootPage { @Inject SecurityContext sc; @GET @Produces(MediaType.TEXT_HTML) public Viewable getRoot() { ControllerModel model = new ControllerModel(); dispatcher.getController().visit(model); model.countStrayDrillbits(dispatcher.getController()); return new Viewable("/drill-am/index.ftl", toModel(sc, model)); } }
@RolesAllowed("manager") public String getManagerField() { return managerField; }