Example usage for java.lang SecurityException SecurityException

List of usage examples for java.lang SecurityException SecurityException

  1. HOME
  2. Java
  3. java
  4. java.lang.*
  5. SecurityException
  6. SecurityException

Introduction

In this page you can find the example usage for java.lang SecurityException SecurityException.

Prototype

public SecurityException(Throwable cause)

Source Link

Document

Creates a SecurityException with the specified cause and a detail message of (cause==null ?

Usage

From source file:org.mule.module.management.support.SimplePasswordJmxAuthenticator.java

public Subject authenticate(Object authToken) {
    if (authToken == null) {
        throw new SecurityException("No authentication token available");
    }/*from w ww  . j  av a  2 s .  c  o  m*/
    if (!(authToken instanceof String[]) || ((String[]) authToken).length != 2) {
        throw new SecurityException("Unsupported credentials format");
    }

    String[] authentication = (String[]) authToken;

    String username = StringUtils.defaultString(authentication[0]);
    String password = StringUtils.defaultString(authentication[1]);

    if (!credentials.containsKey(username)) {
        throw new SecurityException("Unauthenticated user: " + username);
    }

    Object pass = credentials.get(username);
    if (!password.equals(pass == null ? "" : pass.toString())) {
        throw new SecurityException("Invalid password");
    }

    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new JMXPrincipal(username));
    return new Subject(true, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
}

From source file:org.directwebremoting.jaxer.impl.JaxerRemoter.java

@Override
public String generateInterfaceScript(String fullCreatorName, boolean includeDto, String contextServletPath)
        throws SecurityException {
    Creator creator = creatorManager.getCreator(fullCreatorName, false);
    if (creator == null) {
        log.warn("Failed to find creator using: " + fullCreatorName);
        throw new SecurityException("Failed to find creator");
    }/*from w  w w . j a va 2 s .c  om*/

    String scriptName = creator.getJavascript();

    StringBuilder buffer = new StringBuilder();

    if (includeDto)
        buffer.append(createParameterDefinitions(scriptName));
    buffer.append(EnginePrivate.getEngineInitScript());
    buffer.append(createClassDefinition(scriptName));
    buffer.append(createPathDefinition(scriptName, contextServletPath));
    buffer.append(createMethodDefinitions(fullCreatorName));

    return buffer.toString();
}

From source file:eu.trentorise.smartcampus.permissionprovider.controller.AbstractController.java

/**
 * Check that the specified client is owned by the currently logged user
 * @param clientId/*from   w ww  .  j ava 2  s  .  c o m*/
 */
protected void checkClientIdOwnership(String clientId) {
    ClientDetailsEntity client = clientDetailsRepository.findByClientId(clientId);
    if (client == null || !client.getDeveloperId().equals(getUserId())) {
        throw new SecurityException("Attempt modifyung non-owned client app data");
    }
    ;
}

From source file:org.simbasecurity.core.util.CertificateChainValidator.java

public void validate(List<X509Certificate> certificateChain, String userName, String clientIpAddress) {
    TrustValidator trustValidator = BelgianTrustValidatorFactory.createTrustValidator();
    try {/*from   ww w.j a  v a2  s. c  o  m*/
        trustValidator.isTrusted(certificateChain);
    } catch (CertPathValidatorException e) {
        audit.log(eventFactory.createEventForAuthenticationEID(userName, clientIpAddress,
                "E-ID Certificate was not trusted"));
        throw new SecurityException("Certificate was not trusted. Message: " + e.getMessage());
    }
}

From source file:com.auditbucket.helper.SecurityHelper.java

public String getLoggedInUser() {
    Authentication a = SecurityContextHolder.getContext().getAuthentication();
    if (a == null)
        throw new SecurityException("User is not authenticated");
    return a.getName();
}

From source file:uk.org.openeyes.oink.security.HttpBasicPreauthProcessor.java

public void extractAuthenticationDetailsFromHttp(Exchange exchange) throws SecurityException {
    // get the username and password from the HTTP header
    // http://en.wikipedia.org/wiki/Basic_access_authentication
    String authorizationHeader = exchange.getIn().getHeader("Authorization", String.class);
    if (authorizationHeader == null) {
        throw new SecurityException("No HttpBasic Authorization Header was found in the request");
    }//www. j  ava2  s .c  o m
    String basicPrefix = "Basic ";
    String userPassword = authorizationHeader.substring(basicPrefix.length());
    byte[] header = Base64.decodeBase64(userPassword.getBytes());
    if (header == null) {
        throw new SecurityException("Invalid Http Basic Authorization Header found in the request");
    }
    String userpass = new String(header);
    String[] tokens = userpass.split(":");

    // create an Authentication object
    UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(tokens[0],
            tokens[1]);

    // wrap it in a Subject
    Subject subject = new Subject();
    subject.getPrincipals().add(authToken);

    // place the Subject in the In message
    exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);

    logger.debug("Found HttpBasic Authentication header");

    // Spring security will intercept this and authenticate

}

From source file:org.directwebremoting.servlet.InterfaceHandler.java

@Override
protected String generateTemplate(HttpServletRequest request, HttpServletResponse response) throws IOException {
    String scriptName = request.getPathInfo();

    if (!scriptName.endsWith(PathConstants.EXTENSION_JS)) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return "";
    }//from w ww. j  a  v  a2  s.com

    scriptName = scriptName.replace(interfaceHandlerUrl, "");
    scriptName = scriptName.replace(PathConstants.EXTENSION_JS, "");

    if (!LocalUtil.isJavaIdentifier(scriptName)) {
        log.debug("Throwing at request for script with name: '" + scriptName + "'");
        throw new SecurityException("Script names may only contain Java Identifiers");
    }

    String contextServletPath = request.getContextPath() + request.getServletPath();
    return remoter.generateInterfaceScript(scriptName, generateDtoClasses.matches(".*\\binterface\\b.*"),
            contextServletPath);
}

From source file:org.zlogic.vogon.web.controller.RegistrationController.java

/**
 * Registers a new user//  ww  w .j  a v a 2s .  co  m
 *
 * @param registerUser the user to register
 * @return the registered user
 * @throws org.zlogic.vogon.web.security.UsernameExistsException in case the
 * new username is already in use
 */
@RequestMapping(method = RequestMethod.POST, produces = "application/json")
public @ResponseBody VogonUser register(@RequestBody VogonUser registerUser) throws UsernameExistsException {
    if (!configuration.isAllowRegistration())
        throw new SecurityException(messages.getString("REGISTRATION_IS_NOT_ALLOWED"));
    return userService.createUser(registerUser);
}

From source file:be.fedict.eid.pkira.common.security.AbstractPkiRaAuthenticationResponseService.java

@Override
public void validateServiceCertificate(SamlAuthenticationPolicy authenticationPolicy,
        List<X509Certificate> certificateChain) throws SecurityException {
    if (certificateChain == null || certificateChain.size() == 0) {
        throw new SecurityException("Missing certificate chain");
    }//w ww  .j  a va 2s  . co  m
    X509Certificate certificate = certificateChain.get(0);

    MessageDigest md;
    try {
        md = MessageDigest.getInstance("SHA1");

        md.update(certificate.getEncoded());
        byte[] fp = md.digest();

        log.info("Actual fingerprint: " + Hex.encodeHexString(fp));

        String[] fingerprintConfig = getFingerprints();

        if (fingerprintConfig == null || fingerprintConfig.length == 0) {
            log.warn("No fingerprint given");
            return;
        }

        boolean ok = false;
        Hex hex = new Hex();
        for (String fingerprint : fingerprintConfig) {
            log.info("Allowed fingerprint: " + fingerprint);
            byte[] fpConfig = (byte[]) hex.decode(fingerprint);
            ok |= java.util.Arrays.equals(fp, fpConfig);
        }

        if (!ok) {
            log.error("Signatures not correct.");
            throw new SecurityException("Signatures not correct.");
        }
    } catch (NoSuchAlgorithmException e) {
        log.error("No Such Algorithm", e);
        throw new SecurityException(e.getMessage());
    } catch (CertificateEncodingException e) {
        log.error("Certificate Encoding Exception", e);
        throw new SecurityException(e.getMessage());
    } catch (DecoderException e) {
        log.error("Fingerprint decode problem", e);
        throw new SecurityException(e.getMessage());
    } catch (Throwable e) {
        log.error("Exception during service certificate validation", e);
        throw new SecurityException(e.getMessage());
    }
}

From source file:org.socialhistoryservices.pid.security.NAAuthentication.java

/**
 * Checks if the user is allowed to manage the resource.
 *
 * @param pid//from   www. j a  v a 2  s .c o m
 * @return
 */
public String authorize(String pid) {

    List<String> nas = authenticate();
    String authority = NamingAuthority.getNaRole(pid);
    if (nas.contains(authority))
        return authority;
    throw new SecurityException("The user has not got the authority to use the resource \"" + authority + "\"");
}