List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:org.apache.geode.management.internal.security.MBeanServerWrapper.java
private void checkDomain(ObjectName name) { if (ManagementConstants.OBJECTNAME__DEFAULTDOMAIN.equals(name.getDomain())) throw new SecurityException(ResourceConstants.ACCESS_DENIED_MESSAGE); }
From source file:de.forsthaus.webui.util.GFCBaseCtrl.java
/** * With this method we get the @Secured Annotation for a method.<br> * Captured the method call and check if it's allowed. <br> * sample: @Secured({"rightName"})/*from w w w . j a v a2 s . c o m*/ * * @param mtd */ private void isAllowed(Method mtd) { Annotation[] annotations = mtd.getAnnotations(); for (Annotation annotation : annotations) { if (annotation instanceof Secured) { Secured secured = (Secured) annotation; for (String rightName : secured.value()) { if (!userWorkspace.isAllowed(rightName)) { throw new SecurityException("Call of this method is not allowed! Missing right: \n\n" + "needed RightName: " + rightName + "\n\n" + "Method: " + mtd); } } return; } } }
From source file:ch.rasc.wampspring.cra.DefaultAuthenticationHandler.java
@Override public Object handleAuth(String clientSignature, CallMessage message) { WampSession wampSession = message.getWampSession(); if (!wampSession.isAuthRequested()) { throw new IllegalStateException("No authentication previously requested"); }// w w w . j ava2s .c o m final String correctSignature; try { final String secret = this.authenticationSecretProvider.getSecret(wampSession.getAuthKey()); if (!StringUtils.hasText(secret)) { throw new IllegalStateException("Secret does not exist"); } correctSignature = generateHMacSHA256(secret, wampSession.getChallenge()); } catch (InvalidKeyException | NoSuchAlgorithmException e) { throw new IllegalStateException("invalid key", e); } if (clientSignature.equals(correctSignature)) { wampSession.setSignature(clientSignature); return null; } wampSession.setAuthKey(null); wampSession.setChallenge(null); wampSession.setSignature(null); throw new SecurityException("Signature for authentication request is invalid"); }
From source file:SecurityManagerTest.java
public void checkRead(FileDescriptor filedescriptor) { if (!accessOK()) throw new SecurityException("Not a Chance!"); }
From source file:nl.surfnet.coin.selfservice.util.SpringSecurity.java
public static InstitutionIdentityProvider validateIdp(final InstitutionIdentityProvider idp) { if (SpringSecurity.getCurrentUser().isSuperUser()) { return idp; } else {//from ww w .j a v a 2 s. c o m List<InstitutionIdentityProvider> institutionIdps = SpringSecurity.getCurrentUser() .getInstitutionIdps(); InstitutionIdentityProvider currentInstitutionIdentityProvider = Iterables.find(institutionIdps, new Predicate<InstitutionIdentityProvider>() { @Override public boolean apply(InstitutionIdentityProvider input) { return input.getId().equals(idp.getId()); } }, null); if (currentInstitutionIdentityProvider != null) { return currentInstitutionIdentityProvider; } else { throw new SecurityException( idp.getId() + " is unknown for " + SpringSecurity.getCurrentUser().getUsername()); } } }
From source file:org.apache.rave.provider.opensocial.service.impl.EncryptedBlobSecurityTokenService.java
@Autowired public EncryptedBlobSecurityTokenService(UserService userService, @Value("${portal.opensocial_security.container}") String container, @Value("${portal.opensocial_security.domain}") String domain, @Value("${portal.opensocial_security.encryptionkey}") String encryptionKey) { this.userService = userService; this.container = container; this.domain = domain; if (encryptionKey.startsWith(EMBEDDED_KEY_PREFIX)) { this.blobCrypter = new BasicBlobCrypter(encryptionKey.substring(EMBEDDED_KEY_PREFIX.length())); } else if (encryptionKey.startsWith(CLASSPATH_KEY_PREFIX)) { try {/*from w ww.j a v a 2 s. co m*/ File file = new ClassPathResource(encryptionKey.substring(CLASSPATH_KEY_PREFIX.length())).getFile(); this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8")); } catch (IOException e) { throw new SecurityException( "Unable to load encryption key from classpath resource: " + encryptionKey); } } else { try { File file = new File(encryptionKey); this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8")); } catch (IOException e) { throw new SecurityException("Unable to load encryption key from file: " + encryptionKey); } } }
From source file:be.e_contract.dssp.client.SignResponseVerifier.java
/** * Checks the signature on the SignResponse browser POST message. * /*from ww w. ja v a2s . co m*/ * @param signResponseMessage * the SignResponse message. * @param session * the session object. * @return the verification result object. * @throws JAXBException * @throws ParserConfigurationException * @throws SAXException * @throws IOException * @throws MarshalException * @throws XMLSignatureException * @throws Base64DecodingException * @throws UserCancelException * @throws ClientRuntimeException * @throws SubjectNotAuthorizedException */ public static SignResponseVerificationResult checkSignResponse(String signResponseMessage, DigitalSignatureServiceSession session) throws JAXBException, ParserConfigurationException, SAXException, IOException, MarshalException, XMLSignatureException, Base64DecodingException, UserCancelException, ClientRuntimeException, SubjectNotAuthorizedException { if (null == session) { throw new IllegalArgumentException("missing session"); } byte[] decodedSignResponseMessage; try { decodedSignResponseMessage = Base64.decode(signResponseMessage); } catch (Base64DecodingException e) { throw new SecurityException("no Base64"); } // JAXB parsing JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class, be.e_contract.dssp.ws.jaxb.dss.async.ObjectFactory.class, be.e_contract.dssp.ws.jaxb.wsa.ObjectFactory.class, be.e_contract.dssp.ws.jaxb.wsu.ObjectFactory.class); Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); SignResponse signResponse; try { signResponse = (SignResponse) unmarshaller .unmarshal(new ByteArrayInputStream(decodedSignResponseMessage)); } catch (UnmarshalException e) { throw new SecurityException("no valid SignResponse XML"); } // DOM parsing DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); InputStream signResponseInputStream = new ByteArrayInputStream(decodedSignResponseMessage); Document signResponseDocument = documentBuilder.parse(signResponseInputStream); // signature verification NodeList signatureNodeList = signResponseDocument .getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); if (signatureNodeList.getLength() != 1) { throw new SecurityException("requires 1 ds:Signature element"); } Element signatureElement = (Element) signatureNodeList.item(0); SecurityTokenKeySelector keySelector = new SecurityTokenKeySelector(session.getKey()); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM"); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validSignature = xmlSignature.validate(domValidateContext); if (false == validSignature) { throw new SecurityException("invalid ds:Signature"); } // verify content String responseId = null; RelatesToType relatesTo = null; AttributedURIType to = null; TimestampType timestamp = null; String signerIdentity = null; AnyType optionalOutputs = signResponse.getOptionalOutputs(); List<Object> optionalOutputsList = optionalOutputs.getAny(); for (Object optionalOutputObject : optionalOutputsList) { LOG.debug("optional output object type: " + optionalOutputObject.getClass().getName()); if (optionalOutputObject instanceof JAXBElement) { JAXBElement optionalOutputElement = (JAXBElement) optionalOutputObject; LOG.debug("optional output name: " + optionalOutputElement.getName()); LOG.debug("optional output value type: " + optionalOutputElement.getValue().getClass().getName()); if (RESPONSE_ID_QNAME.equals(optionalOutputElement.getName())) { responseId = (String) optionalOutputElement.getValue(); } else if (optionalOutputElement.getValue() instanceof RelatesToType) { relatesTo = (RelatesToType) optionalOutputElement.getValue(); } else if (TO_QNAME.equals(optionalOutputElement.getName())) { to = (AttributedURIType) optionalOutputElement.getValue(); } else if (optionalOutputElement.getValue() instanceof TimestampType) { timestamp = (TimestampType) optionalOutputElement.getValue(); } else if (optionalOutputElement.getValue() instanceof NameIdentifierType) { NameIdentifierType nameIdentifier = (NameIdentifierType) optionalOutputElement.getValue(); signerIdentity = nameIdentifier.getValue(); } } } Result result = signResponse.getResult(); LOG.debug("result major: " + result.getResultMajor()); LOG.debug("result minor: " + result.getResultMinor()); if (DigitalSignatureServiceConstants.REQUESTER_ERROR_RESULT_MAJOR.equals(result.getResultMajor())) { if (DigitalSignatureServiceConstants.USER_CANCEL_RESULT_MINOR.equals(result.getResultMinor())) { throw new UserCancelException(); } if (DigitalSignatureServiceConstants.CLIENT_RUNTIME_RESULT_MINOR.equals(result.getResultMinor())) { throw new ClientRuntimeException(); } if (DigitalSignatureServiceConstants.SUBJECT_NOT_AUTHORIZED_RESULT_MINOR .equals(result.getResultMinor())) { throw new SubjectNotAuthorizedException(signerIdentity); } } if (false == DigitalSignatureServiceConstants.PENDING_RESULT_MAJOR.equals(result.getResultMajor())) { throw new SecurityException("invalid dss:ResultMajor"); } if (null == responseId) { throw new SecurityException("missing async:ResponseID"); } if (false == responseId.equals(session.getResponseId())) { throw new SecurityException("invalid async:ResponseID"); } if (null == relatesTo) { throw new SecurityException("missing wsa:RelatesTo"); } if (false == session.getInResponseTo().equals(relatesTo.getValue())) { throw new SecurityException("invalid wsa:RelatesTo"); } if (null == to) { throw new SecurityException("missing wsa:To"); } if (false == session.getDestination().equals(to.getValue())) { throw new SecurityException("invalid wsa:To"); } if (null == timestamp) { throw new SecurityException("missing wsu:Timestamp"); } AttributedDateTime expires = timestamp.getExpires(); if (null == expires) { throw new SecurityException("missing wsu:Timestamp/wsu:Expires"); } DateTime expiresDateTime = new DateTime(expires.getValue()); DateTime now = new DateTime(); if (now.isAfter(expiresDateTime)) { throw new SecurityException("wsu:Timestamp expired"); } session.setSignResponseVerified(true); SignResponseVerificationResult signResponseVerificationResult = new SignResponseVerificationResult( signerIdentity); return signResponseVerificationResult; }
From source file:com.cloudera.sqoop.util.SubprocessSecurityManager.java
@Override /**//from w ww . j a v a 2 s .c o m * Check a particular permission. Checks with this SecurityManager * as well as any previously-installed manager. * * @param perm the Permission to check; must not be null. */ public void checkPermission(Permission perm) { if (null != this.parentSecurityManager) { // Check if the prior SecurityManager would have rejected this. parentSecurityManager.checkPermission(perm); } if (!allowReplacement && perm.getName().equals("setSecurityManager")) { throw new SecurityException("Cannot replace security manager"); } }
From source file:org.callistasoftware.netcare.core.spi.impl.ServiceSupport.java
private void verifyAccess(final UserEntity entity, final PermissionRestrictedEntity object, final boolean write) { final UserEntity user = this.getCurrentUser(); if (user != null) { final boolean access; if (write) { access = object.isWriteAllowed(user); } else {// ww w.j av a 2s . c o m access = object.isReadAllowed(user); } if (!access) { throw new SecurityException("User " + user.getFirstName() + "(" + user.getId() + ") does not have write permissions on this item."); } } else { throw new SecurityException("Anonymous access not allowed."); } }
From source file:binky.reportrunner.service.impl.DatasourceServiceImpl.java
private DataSource getDs(RunnerDataSource runnerDs) throws SecurityException, InstantiationException, IllegalAccessException, ClassNotFoundException, PropertyVetoException, NamingException, EncryptionException { final String jndiDataSource = runnerDs.getJndiName(); if (StringUtils.isBlank(jndiDataSource)) { EncryptionUtil enc = new EncryptionUtil(); logger.info("using dbcp pooled connection for: " + runnerDs.getDataSourceName()); String jdbcUser = runnerDs.getUsername(); if (StringUtils.isBlank(runnerDs.getPassword())) throw new SecurityException("password is empty"); String jdbcPassword = enc.decrpyt(secureKey, runnerDs.getPassword()); String jdbcUrl = runnerDs.getJdbcUrl(); String databaseDriver = runnerDs.getJdbcClass(); Class.forName(databaseDriver).newInstance(); BasicDataSource ds1 = new BasicDataSource(); ds1.setDriverClassName(databaseDriver); ds1.setUrl(jdbcUrl);/*from w w w . j ava2 s. c om*/ ds1.setUsername(jdbcUser); ds1.setPassword(jdbcPassword); ds1.setInitialSize(runnerDs.getInitialPoolSize()); ds1.setMaxActive(runnerDs.getMaxPoolSize()); ds1.setRemoveAbandoned(true); ds1.setRemoveAbandonedTimeout(600); // do not want anything updating anything ds1.setDefaultReadOnly(true); ds1.setLogAbandoned(true); ds1.setTestOnBorrow(true); ds1.setTestOnReturn(true); ds1.setTestWhileIdle(true); // does this work across all RBMS? - no it doesn't //ds1.setValidationQuery("select 1"); //ds1.setValidationQueryTimeout(300); return ds1; } else { logger.info( "getting datasource from JNDI url: " + jndiDataSource + " for " + runnerDs.getDataSourceName()); Context initContext = new InitialContext(); DataSource ds = (DataSource) initContext.lookup("java:/comp/env/" + jndiDataSource); return ds; } }