Removing RestResource.restrictToMaster() helper with @RestrictToMaste…

…r annotation.

graylog2-server/src/main/java/org/graylog2/rest/resources/dashboards/DashboardsResource.java

@@ -45,6 +45,7 @@
 import org.graylog2.rest.resources.dashboards.requests.WidgetPositions;
 import org.graylog2.rest.resources.dashboards.responses.DashboardList;
 import org.graylog2.shared.security.RestPermissions;
+import org.graylog2.shared.security.RestrictToMaster;
 import org.graylog2.shared.system.activities.Activity;
 import org.graylog2.shared.system.activities.ActivityWriter;
 import org.slf4j.Logger;
@@ -103,9 +104,8 @@ public DashboardsResource(DashboardService dashboardService,
     @ApiResponses(value = {
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
+    @RestrictToMaster
     public Response create(@ApiParam(name = "JSON body", required = true) CreateDashboardRequest cr) throws ValidationException {
-        restrictToMaster();
-
         // Create dashboard.
         final Dashboard dashboard = dashboardService.create(cr.title(), cr.description(), getCurrentUser().getName(), Tools.iso8601());
         final String id = dashboardService.save(dashboard);
@@ -127,9 +127,8 @@ public Response create(@ApiParam(name = "JSON body", required = true) CreateDash
     @ApiResponses(value = {
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
+    @RestrictToMaster
     public DashboardList list() {
-        restrictToMaster();
-
         final List<Map<String, Object>> dashboards = Lists.newArrayList();
         for (Dashboard dashboard : dashboardService.all()) {
             if (isPermitted(RestPermissions.DASHBOARDS_READ, dashboard.getId())) {
@@ -149,9 +148,9 @@ public DashboardList list() {
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public Map<String, Object> get(@ApiParam(name = "dashboardId", required = true)
                                    @PathParam("dashboardId") String dashboardId) throws NotFoundException {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_READ, dashboardId);
 
         return dashboardService.load(dashboardId).asMap();
@@ -166,9 +165,9 @@ public Map<String, Object> get(@ApiParam(name = "dashboardId", required = true)
             @ApiResponse(code = 404, message = "Dashboard not found."),
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
+    @RestrictToMaster
     public void delete(@ApiParam(name = "dashboardId", required = true)
                        @PathParam("dashboardId") String dashboardId) throws NotFoundException {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
 
         final Dashboard dashboard = dashboardService.load(dashboardId);
@@ -237,11 +236,11 @@ public void setPositions(
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
     @Path("/{dashboardId}/widgets")
+    @RestrictToMaster
     public Response addWidget(
             @ApiParam(name = "dashboardId", required = true)
             @PathParam("dashboardId") String dashboardId,
             @ApiParam(name = "JSON body", required = true) AddWidgetRequest awr) throws ValidationException {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
 
         // Bind to streams for reader users and check stream permission.
@@ -294,12 +293,12 @@ public Response addWidget(
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public void remove(
             @ApiParam(name = "dashboardId", required = true)
             @PathParam("dashboardId") String dashboardId,
             @ApiParam(name = "widgetId", required = true)
             @PathParam("widgetId") String widgetId) {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
 
         final Dashboard dashboard = dashboardRegistry.get(dashboardId);
@@ -327,11 +326,11 @@ public void remove(
             @ApiResponse(code = 504, message = "Computation failed on indexer side.")
     })
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public Map<String, Object> widgetValue(@ApiParam(name = "dashboardId", required = true)
                                            @PathParam("dashboardId") String dashboardId,
                                            @ApiParam(name = "widgetId", required = true)
                                            @PathParam("widgetId") String widgetId) {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_READ, dashboardId);
 
         Dashboard dashboard = dashboardRegistry.get(dashboardId);
@@ -365,13 +364,13 @@ public Map<String, Object> widgetValue(@ApiParam(name = "dashboardId", required
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public void updateDescription(@ApiParam(name = "dashboardId", required = true)
                                   @PathParam("dashboardId") String dashboardId,
                                   @ApiParam(name = "widgetId", required = true)
                                   @PathParam("widgetId") String widgetId,
                                   @ApiParam(name = "JSON body", required = true)
                                   @Valid UpdateWidgetRequest uwr) throws ValidationException {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
 
         final Dashboard dashboard = dashboardRegistry.get(dashboardId);
@@ -401,13 +400,13 @@ public void updateDescription(@ApiParam(name = "dashboardId", required = true)
             @ApiResponse(code = 403, message = "Request must be performed against master node.")
     })
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public void updateCacheTime(@ApiParam(name = "dashboardId", required = true)
                                 @PathParam("dashboardId") String dashboardId,
                                 @ApiParam(name = "widgetId", required = true)
                                 @PathParam("widgetId") String widgetId,
                                 @ApiParam(name = "JSON body", required = true)
                                 @Valid UpdateWidgetRequest uwr) throws ValidationException {
-        restrictToMaster();
         checkPermission(RestPermissions.DASHBOARDS_EDIT, dashboardId);
 
         final Dashboard dashboard = dashboardRegistry.get(dashboardId);

graylog2-server/src/main/java/org/graylog2/rest/resources/system/DeflectorResource.java

@@ -33,6 +33,7 @@
 import org.graylog2.rest.resources.system.responses.DeflectorConfigResponse;
 import org.graylog2.rest.resources.system.responses.MessageCountRotationStrategyResponse;
 import org.graylog2.rest.resources.system.responses.SizeBasedRotationStrategyResponse;
+import org.graylog2.shared.security.RestrictToMaster;
 import org.graylog2.shared.system.activities.Activity;
 import org.graylog2.shared.system.activities.ActivityWriter;
 import org.slf4j.Logger;
@@ -88,9 +89,8 @@ public Map<String, Object> deflector() {
     @RequiresPermissions(RestPermissions.DEFLECTOR_READ)
     @Path("/config")
     @Produces(MediaType.APPLICATION_JSON)
+    @RestrictToMaster
     public DeflectorConfigResponse config() {
-        restrictToMaster();
-
         final RotationStrategy strategy = rotationStrategyProvider.get();
         DeflectorConfigResponse response = null;
 
@@ -114,9 +114,8 @@ public DeflectorConfigResponse config() {
     @ApiOperation(value = "Cycle deflector to new/next index")
     @RequiresPermissions(RestPermissions.DEFLECTOR_CYCLE)
     @Path("/cycle")
+    @RestrictToMaster
     public void cycle() {
-        restrictToMaster();
-
         final String msg = "Cycling deflector. Reason: REST request.";
         LOG.info(msg);
         activityWriter.write(new Activity(msg, DeflectorResource.class));

graylog2-server/src/main/java/org/graylog2/rest/resources/system/SystemProcessingResource.java

@@ -21,11 +21,13 @@
 import com.wordnik.swagger.annotations.ApiOperation;
 import org.apache.shiro.authz.annotation.RequiresAuthentication;
 import org.graylog2.plugin.ProcessingPauseLockedException;
+import org.graylog2.plugin.ServerStatus;
 import org.graylog2.shared.rest.resources.RestResource;
 import org.graylog2.shared.security.RestPermissions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
 import javax.ws.rs.ForbiddenException;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@@ -36,6 +38,13 @@
 public class SystemProcessingResource extends RestResource {
     private static final Logger LOG = LoggerFactory.getLogger(SystemProcessingResource.class);
 
+    private final ServerStatus serverStatus;
+
+    @Inject
+    public SystemProcessingResource(ServerStatus serverStatus) {
+        this.serverStatus = serverStatus;
+    }
+
     // TODO Change to @POST
     @PUT
     @Timed

graylog2-server/src/main/java/org/graylog2/rest/resources/system/SystemShutdownResource.java

@@ -20,6 +20,7 @@
 import com.wordnik.swagger.annotations.Api;
 import com.wordnik.swagger.annotations.ApiOperation;
 import org.apache.shiro.authz.annotation.RequiresAuthentication;
+import org.graylog2.plugin.ServerStatus;
 import org.graylog2.shared.rest.resources.RestResource;
 import org.graylog2.shared.security.RestPermissions;
 import org.graylog2.system.shutdown.GracefulShutdown;
@@ -36,10 +37,13 @@
 @Path("/system/shutdown")
 public class SystemShutdownResource extends RestResource {
     private final GracefulShutdown gracefulShutdown;
+    private final ServerStatus serverStatus;
 
     @Inject
-    public SystemShutdownResource(GracefulShutdown gracefulShutdown) {
+    public SystemShutdownResource(GracefulShutdown gracefulShutdown,
+                                  ServerStatus serverStatus) {
         this.gracefulShutdown = gracefulShutdown;
+        this.serverStatus = serverStatus;
     }
 
     @POST

graylog2-shared/src/main/java/org/graylog2/shared/rest/resources/RestResource.java

@@ -58,9 +58,6 @@ public abstract class RestResource {
     @Inject
     protected UserService userService;
 
-    @Inject
-    protected ServerStatus serverStatus;
-
     @Inject
     private BaseConfiguration configuration;
 
@@ -119,13 +116,6 @@ protected void checkPermission(String permission, String instanceId) {
         }
     }
 
-    protected void restrictToMaster() {
-        if (!serverStatus.hasCapability(ServerStatus.Capability.MASTER)) {
-            LOG.warn("Rejected request that is only allowed against master nodes. Returning HTTP 403.");
-            throw new ForbiddenException("Request is only allowed against master nodes.");
-        }
-    }
-
     protected User getCurrentUser() {
         final Object principal = getSubject().getPrincipal();
         final User user = userService.load(principal.toString());

graylog2-shared/src/main/java/org/graylog2/shared/rest/resources/system/LoadBalancerStatusResource.java

@@ -22,10 +22,12 @@
 import com.wordnik.swagger.annotations.ApiParam;
 import org.apache.shiro.authz.annotation.RequiresAuthentication;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.graylog2.plugin.ServerStatus;
 import org.graylog2.plugin.lifecycles.LoadBalancerStatus;
 import org.graylog2.shared.rest.resources.RestResource;
 import org.graylog2.shared.security.RestPermissions;
 
+import javax.inject.Inject;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
@@ -45,6 +47,13 @@ public class LoadBalancerStatusResource extends RestResource {
      *             when adding more stuff.
      */
 
+    private final ServerStatus serverStatus;
+
+    @Inject
+    public LoadBalancerStatusResource(ServerStatus serverStatus) {
+        this.serverStatus = serverStatus;
+    }
+
     @GET
     @Timed
     @Produces(MediaType.TEXT_PLAIN)

graylog2-shared/src/main/java/org/graylog2/shared/rest/resources/system/inputs/InputsResource.java

@@ -41,6 +41,7 @@
 import org.graylog2.shared.inputs.MessageInputFactory;
 import org.graylog2.shared.inputs.NoSuchInputTypeException;
 import org.graylog2.rest.models.system.inputs.requests.InputLaunchRequest;
+import org.graylog2.shared.security.RestrictToMaster;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -74,16 +75,19 @@ public class InputsResource extends RestResource {
     private final MessageInputFactory messageInputFactory;
     private final InputLauncher inputLauncher;
     private final PersistedInputs persistedInputs;
+    private final ServerStatus serverStatus;
 
     @Inject
     public InputsResource(InputRegistry inputRegistry,
                           MessageInputFactory messageInputFactory,
                           InputLauncher inputLauncher,
-                          PersistedInputs persistedInputs) {
+                          PersistedInputs persistedInputs,
+                          ServerStatus serverStatus) {
         this.inputRegistry = inputRegistry;
         this.messageInputFactory = messageInputFactory;
         this.inputLauncher = inputLauncher;
         this.persistedInputs = persistedInputs;
+        this.serverStatus = serverStatus;
     }
 
     @GET
@@ -165,9 +169,9 @@ private InputStateSummary getInputStateSummary(IOState<MessageInput> inputState)
             @ApiResponse(code = 400, message = "Missing or invalid configuration"),
             @ApiResponse(code = 400, message = "Type is exclusive and already has input running")
     })
+    @RestrictToMaster
     public Response create(@ApiParam(name = "JSON body", required = true)
                            @Valid @NotNull InputLaunchRequest lr) throws ValidationException {
-        restrictToMaster();
         checkPermission(RestPermissions.INPUTS_CREATE);
 
         // Build input.