@Override public Response buildResponse(String prefix, String realm) { return Response.status(Response.Status.UNAUTHORIZED) .header(HttpHeaders.WWW_AUTHENTICATE, String.format(CHALLENGE_FORMAT, prefix, realm)) .type(MediaType.TEXT_PLAIN_TYPE) .entity("Credentials are required to access this resource.") .build(); } }
private Response buildSuccessfulCORSResponse(Map<String, Object> result) { return Response.ok(result) .header("Access-Control-Allow-Origin", "*") // Headers for Swagger UI. .header("Access-Control-Allow-Methods", "GET") .header("Access-Control-Allow-Headers", "Content-Type, api_key, Authorization") .build(); } }
@GET @Path("/export") @Timed @ApiOperation(value = "Export message search with keyword as timerange.", notes = "Search for messages in a timerange defined by a keyword like \"yesterday\" or \"2 weeks ago to wednesday\".") @Produces(MoreMediaTypes.TEXT_CSV) @ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid keyword provided.") }) public Response exportSearchKeywordChunked( @ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "keyword", value = "Range keyword", required = true) @QueryParam("keyword") @NotEmpty String keyword, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "batch_size", value = "Batch size for the backend storage export request.", required = false) @QueryParam("batch_size") @DefaultValue(DEFAULT_SCROLL_BATCH_SIZE) int batchSize, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = true) @QueryParam("fields") @NotEmpty String fields) { checkSearchPermission(filter, RestPermissions.SEARCHES_KEYWORD); final String filename = "graylog-search-result-keyword-" + keyword + ".csv"; return Response .ok(searchKeywordChunked(query, keyword, limit, offset, batchSize, filter, fields)) .header("Content-Disposition", "attachment; filename=" + filename) .build(); }
@GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.WILDCARD) @Path("{id}/content/input") @ApiOperation( value = "Gets the input content for a provenance event", return generateOkResponse(response).type(contentType).header("Content-Disposition", String.format("attachment; filename=\"%s\"", content.getFilename())).build();
@GET @Produces({ Constants.MIMETYPE_PROTOBUF, Constants.MIMETYPE_PROTOBUF_IETF }) public Response getProtobuf( final @Context UriInfo uriInfo, final @HeaderParam("Accept") String contentType) { if (LOG.isTraceEnabled()) { LOG.trace("GET " + uriInfo.getAbsolutePath() + " as " + MIMETYPE_BINARY); } servlet.getMetrics().incrementRequests(1); try { int fetchSize = this.servlet.getConfiguration().getInt(Constants.SCAN_FETCH_SIZE, 10); StreamingOutput stream = new ProtobufStreamingOutput(this.results, contentType, userRequestedLimit, fetchSize); servlet.getMetrics().incrementSucessfulScanRequests(1); ResponseBuilder response = Response.ok(stream); response.header("content-type", contentType); return response.build(); } catch (Exception exp) { servlet.getMetrics().incrementFailedScanRequests(1); processException(exp); LOG.warn(exp.toString(), exp); return null; } }
@GET @Path("/{route: .*}") public Response asset(@PathParam("route") String route) throws IOException { // Directory traversal should not be possible but just to make sure.. if (route.contains("..")) { throw new BadRequestException("Not allowed to access parent directory"); } final URL resource = classLoader.getResource("swagger/" + route); if (null != resource) { try { final byte[] resourceBytes = Resources.toByteArray(resource); return Response.ok(resourceBytes, mimeTypes.getContentType(route)) .header("Content-Length", resourceBytes.length) .build(); } catch (IOException e) { throw new NotFoundException("Couldn't load " + resource, e); } } else { throw new NotFoundException("Couldn't find " + route); } } }
@GET public Response getContainers(@PathParam("version") String version, @HeaderParam(HEADER_ACCEPT) String acceptHeader, return Response.status(Status.FORBIDDEN).build(); response = Response.ok(responseCache.getGZIP(cacheKey)) .header(HEADER_CONTENT_ENCODING, HEADER_GZIP_VALUE) .header(HEADER_CONTENT_TYPE, returnMediaType) .build(); } else { response = Response.ok(responseCache.get(cacheKey)) .build();
@Produces(MediaType.TEXT_PLAIN) @Path("/kerberos") @ApiOperation( value = "Creates a token for accessing the REST API via Kerberos ticket exchange / SPNEGO negotiation", final Response response = generateNotAuthorizedResponse().header(KerberosService.AUTHENTICATION_CHALLENGE_HEADER_NAME, KerberosService.AUTHORIZATION_NEGOTIATE).build(); return response; } else { return generateCreatedResponse(uri, token).build(); } catch (final AuthenticationException e) { throw new AccessDeniedException(e.getMessage(), e);
@GET @Produces({MediaType.APPLICATION_JSON}) public Response doGet( @Context HttpServletRequest httpReq, logger.info("took: " + sw.getSeconds() + ", visited nodes:" + isochrone.getVisitedNodes() + ", " + uriInfo.getQueryParameters()); return Response.fromResponse(jsonSuccessResponse(buckets, sw.getSeconds())) .header("X-GH-Took", "" + sw.getSeconds() * 1000) .build(); } else if ("polygon".equalsIgnoreCase(resultStr)) { ArrayList<JsonFeature> features = new ArrayList<>(); logger.info("took: " + sw.getSeconds() + ", visited nodes:" + isochrone.getVisitedNodes() + ", " + uriInfo.getQueryParameters()); return Response.fromResponse(jsonSuccessResponse(features, sw.getSeconds())) .header("X-GH-Took", "" + sw.getSeconds() * 1000) .build(); } else { throw new IllegalArgumentException("type not supported:" + resultStr);
@POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Response doPost( .ok( (StreamingOutput) outputStream -> { Exception e = null; .header("X-Druid-SQL-Query-Id", sqlQueryId) .build(); .entity(jsonMapper.writeValueAsBytes(QueryInterruptedException.wrapIfNeeded(exceptionToReport))) .build();
private static Response responseWithHeaders(ResponseBuilder builder, ProxyResponse response) { response.getHeaders().asMap().forEach((headerName, value) -> { String name = headerName.toString(); if (isPrestoHeader(name) || name.equalsIgnoreCase(SET_COOKIE)) { builder.header(name, value); } }); return builder.build(); }
@Override public Response toResponse(Throwable throwable) { if (throwable instanceof WebApplicationException) { return ((WebApplicationException) throwable).getResponse(); } log.warn(throwable, "Request failed for %s", request.getRequestURI()); ResponseBuilder responseBuilder = Response.serverError() .header(CONTENT_TYPE, TEXT_PLAIN); if (includeExceptionInResponse) { responseBuilder.entity(Throwables.getStackTraceAsString(throwable)); } else { responseBuilder.entity("Exception processing request"); } return responseBuilder.build(); } }
public Response locationResponse(UriInfo uriInfo, String portType, String portId, String transactionId, Object entity, Integer protocolVersion, final HttpRemoteSiteListener transactionManager) { final URI transactionUri = buildResourceUri("data-transfer", portType, portId, "transactions", transactionId); return noCache(setCommonHeaders(Response.created(transactionUri), protocolVersion, transactionManager) .header(LOCATION_URI_INTENT_NAME, LOCATION_URI_INTENT_VALUE)) .entity(entity).build(); }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // answer OPTIONS requests early so we don't have jersey produce WADL responses for them (we only use them for CORS preflight) if ("options".equalsIgnoreCase(requestContext.getRequest().getMethod())) { final Response.ResponseBuilder options = Response.noContent(); String origin = requestContext.getHeaders().getFirst("Origin"); if (origin != null && !origin.isEmpty()) { options.header("Access-Control-Allow-Origin", origin); options.header("Access-Control-Allow-Credentials", true); options.header("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By"); options.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // In order to avoid redoing the preflight thingy for every request, see http://stackoverflow.com/a/12021982/1088469 options.header("Access-Control-Max-Age", "600"); // 10 minutes seems to be the maximum allowable value requestContext.abortWith(options.build()); } } } }