*/
public class API_Mgmt {
- private static final String SUCCESS = "SUCCESS";
- private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear";
- private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip";
- private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
- private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id";
+ private static final String SUCCESS = "SUCCESS";
+ private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear";
+ private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip";
+ private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
+ private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id";
- /**
- * Normal Init level APIs
- *
- * @param authzAPI
- * @param facade
- * @throws Exception
- */
- public static void init(final AAF_Service authzAPI, AuthzFacade facade) throws Exception {
+ /**
+ * Normal Init level APIs
+ *
+ * @param authzAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final AAF_Service authzAPI, AuthzFacade facade) throws Exception {
- /**
- * Clear Cache Segment
- */
- authzAPI.route(DELETE,"/mgmt/cache/:area/:segments",API.VOID,new Code(facade,"Clear Cache by Segment", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.cacheClear(trans, pathParam(req,"area"), pathParam(req,"segments"));
- switch(r.status) {
- case OK:
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- break;
- default:
- context.error(trans,resp,r);
- }
- }
- });
-
- /**
- * Clear Cache
- */
- authzAPI.route(DELETE,"/mgmt/cache/:area",API.VOID,new Code(facade,"Clear Cache", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r;
- String area;
- r = context.cacheClear(trans, area=pathParam(req,"area"));
- switch(r.status) {
- case OK:
- trans.audit().log("Cache " + area + " has been cleared by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- break;
- default:
- context.error(trans,resp,r);
- }
- }
- });
+ /**
+ * Clear Cache Segment
+ */
+ authzAPI.route(DELETE,"/mgmt/cache/:area/:segments",API.VOID,new Code(facade,"Clear Cache by Segment", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.cacheClear(trans, pathParam(req,"area"), pathParam(req,"segments"));
+ switch(r.status) {
+ case OK:
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+ }
+ });
+
+ /**
+ * Clear Cache
+ */
+ authzAPI.route(DELETE,"/mgmt/cache/:area",API.VOID,new Code(facade,"Clear Cache", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r;
+ String area;
+ r = context.cacheClear(trans, area=pathParam(req,"area"));
+ switch(r.status) {
+ case OK:
+ trans.audit().log("Cache " + area + " has been cleared by "+trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+ }
+ });
- /**
- * Clear DB Sessions
- */
- authzAPI.route(DELETE,"/mgmt/dbsession",API.VOID,new Code(facade,"Clear DBSessions", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- if(req.isUserInRole(PERM_DB_POOL_CLEAR)) {
- context.dbReset(trans);
+ /**
+ * Clear DB Sessions
+ */
+ authzAPI.route(DELETE,"/mgmt/dbsession",API.VOID,new Code(facade,"Clear DBSessions", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ if(req.isUserInRole(PERM_DB_POOL_CLEAR)) {
+ context.dbReset(trans);
- trans.audit().log("DB Sessions have been cleared by "+trans.user());
+ trans.audit().log("DB Sessions have been cleared by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- return;
- }
- context.error(trans,resp,Result.err(Result.ERR_Denied,"%s is not allowed to clear dbsessions",trans.user()));
- } catch(Exception e) {
- trans.error().log(e, "clearing dbsession");
- context.error(trans,resp,Result.err(e));
- }
- }
- });
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ return;
+ }
+ context.error(trans,resp,Result.err(Result.ERR_Denied,"%s is not allowed to clear dbsessions",trans.user()));
+ } catch(Exception e) {
+ trans.error().log(e, "clearing dbsession");
+ context.error(trans,resp,Result.err(e));
+ }
+ }
+ });
- /**
- * Deny an IP
- */
- authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String ip = pathParam(req,":ip");
- if(req.isUserInRole(PERM_DENY_IP)) {
- if(DenialOfServiceTaf.denyIP(ip)) {
- trans.audit().log(ip+" has been set to deny by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ /**
+ * Deny an IP
+ */
+ authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String ip = pathParam(req,":ip");
+ if(req.isUserInRole(PERM_DENY_IP)) {
+ if(DenialOfServiceTaf.denyIP(ip)) {
+ trans.audit().log(ip+" has been set to deny by "+trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.CREATED_201);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
- ip + " is already being denied"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to set IP Denial"));
- }
- }
- });
-
- /**
- * Stop Denying an IP
- */
- authzAPI.route(DELETE, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Stop Denying IP",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String ip = pathParam(req,":ip");
- if(req.isUserInRole(PERM_DENY_IP)) {
- if(DenialOfServiceTaf.removeDenyIP(ip)) {
- trans.audit().log(ip+" has been removed from denial by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
- ip + " is not on the denial list"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial"));
- }
- }
- });
+ resp.setStatus(HttpStatus.CREATED_201);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ ip + " is already being denied"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to set IP Denial"));
+ }
+ }
+ });
+
+ /**
+ * Stop Denying an IP
+ */
+ authzAPI.route(DELETE, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Stop Denying IP",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String ip = pathParam(req,":ip");
+ if(req.isUserInRole(PERM_DENY_IP)) {
+ if(DenialOfServiceTaf.removeDenyIP(ip)) {
+ trans.audit().log(ip+" has been removed from denial by "+trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ ip + " is not on the denial list"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial"));
+ }
+ }
+ });
- /**
- * Deny an ID
- */
- authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String id = pathParam(req,":id");
- if(req.isUserInRole(PERM_DENY_ID)) {
- if(DenialOfServiceTaf.denyID(id)) {
- trans.audit().log(id+" has been set to deny by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.CREATED_201);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
- id + " is already being denied"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to set ID Denial"));
- }
- }
- });
-
- /**
- * Stop Denying an ID
- */
- authzAPI.route(DELETE, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Stop Denying ID",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String id = pathParam(req,":id");
- if(req.isUserInRole(PERM_DENY_ID)) {
- if(DenialOfServiceTaf.removeDenyID(id)) {
- trans.audit().log(id+" has been removed from denial by " + trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
- id + " is not on the denial list"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial"));
- }
- }
- });
+ /**
+ * Deny an ID
+ */
+ authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String id = pathParam(req,":id");
+ if(req.isUserInRole(PERM_DENY_ID)) {
+ if(DenialOfServiceTaf.denyID(id)) {
+ trans.audit().log(id+" has been set to deny by "+trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.CREATED_201);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ id + " is already being denied"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to set ID Denial"));
+ }
+ }
+ });
+
+ /**
+ * Stop Denying an ID
+ */
+ authzAPI.route(DELETE, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Stop Denying ID",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String id = pathParam(req,":id");
+ if(req.isUserInRole(PERM_DENY_ID)) {
+ if(DenialOfServiceTaf.removeDenyID(id)) {
+ trans.audit().log(id+" has been removed from denial by " + trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ id + " is not on the denial list"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial"));
+ }
+ }
+ });
- /**
- * Deny an ID
- */
- authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String id = pathParam(req,":id");
- if(req.isUserInRole(PERM_LOG_ID)) {
- if(Question.specialLogOn(trans,id)) {
- trans.audit().log(id+" has been set to special Log by "+trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.CREATED_201);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
- id + " is already being special Logged"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging"));
- }
- }
- });
-
- /**
- * Stop Denying an ID
- */
- authzAPI.route(DELETE, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Stop Special Log ID",true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- String id = pathParam(req,":id");
- if(req.isUserInRole(PERM_LOG_ID)) {
- if(Question.specialLogOff(trans,id)) {
- trans.audit().log(id+" has been removed from special Logging by " + trans.user());
- trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
- } else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
- id + " is not on the special Logging list"));
- }
- } else {
- trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
- trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging"));
- }
- }
- });
+ /**
+ * Deny an ID
+ */
+ authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String id = pathParam(req,":id");
+ if(req.isUserInRole(PERM_LOG_ID)) {
+ if(Question.specialLogOn(trans,id)) {
+ trans.audit().log(id+" has been set to special Log by "+trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.CREATED_201);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ id + " is already being special Logged"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging"));
+ }
+ }
+ });
+
+ /**
+ * Stop Denying an ID
+ */
+ authzAPI.route(DELETE, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Stop Special Log ID",true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String id = pathParam(req,":id");
+ if(req.isUserInRole(PERM_LOG_ID)) {
+ if(Question.specialLogOff(trans,id)) {
+ trans.audit().log(id+" has been removed from special Logging by " + trans.user());
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ id + " is not on the special Logging list"));
+ }
+ } else {
+ trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization");
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
+ trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging"));
+ }
+ }
+ });
- }
+ }
}
Code Review / aaf / authz.git / blobdiff