List of usage examples for java.security AccessControlException AccessControlException
public AccessControlException(String s)
From source file:servlets.Analysis_servlets.java
private void get_all_analysis_handler(HttpServletRequest request, HttpServletResponse response) throws IOException { try {/* w ww . ja v a 2 s . co m*/ DAO dao_instance = null; ArrayList<Object> analysisList = null; try { JsonParser parser = new JsonParser(); JsonObject requestData = (JsonObject) parser.parse(request.getReader()); String loggedUser = requestData.get("loggedUser").getAsString(); String sessionToken = requestData.get("sessionToken").getAsString(); /** * ******************************************************* * STEP 1 CHECK IF THE USER IS LOGGED CORRECTLY IN THE APP. IF * ERROR --> throws exception if not valid session, GO TO STEP * 5b ELSE --> GO TO STEP 2 * ******************************************************* */ if (!checkAccessPermissions(loggedUser, sessionToken)) { throw new AccessControlException("Your session is invalid. Please sign in again."); } /** * ******************************************************* * STEP 2 Get ALL THE ANALYSIS Object from DB. IF ERROR --> * throws MySQL exception, GO TO STEP 3b ELSE --> GO TO STEP 3 * ******************************************************* */ boolean loadRecursive = false; if (requestData.has("loadRecursive")) { loadRecursive = requestData.get("loadRecursive").getAsBoolean(); } String experiment_id = null; if (requestData.has("experiment_id")) { experiment_id = requestData.get("experiment_id").getAsString(); } else { experiment_id = requestData.get("currentExperimentID").getAsString(); } Object[] params = { loadRecursive, experiment_id }; dao_instance = DAOProvider.getDAOByName("Analysis"); analysisList = dao_instance.findAll(params); } catch (Exception e) { ServerErrorManager.handleException(e, Analysis_servlets.class.getName(), "get_all_analysis_handler", e.getMessage()); } finally { /** * ******************************************************* * STEP 3b CATCH ERROR. GO TO STEP 4 * ******************************************************* */ if (ServerErrorManager.errorStatus()) { response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); } else { /** * ******************************************************* * STEP 3A WRITE RESPONSE ERROR. GO TO STEP 4 * ******************************************************* */ String analysisJSON = "["; for (int i = 0; i < analysisList.size(); i++) { analysisJSON += ((Analysis) analysisList.get(i)).toJSON() + ((i < analysisList.size() - 1) ? "," : ""); } analysisJSON += "]"; response.getWriter().print(analysisJSON); } /** * ******************************************************* * STEP 4 Close connection. * ******************************************************** */ if (dao_instance != null) { dao_instance.closeConnection(); } } //CATCH IF THE ERROR OCCURRED IN ROLL BACK OR CONNECTION CLOSE } catch (Exception e) { ServerErrorManager.handleException(e, Analysis_servlets.class.getName(), "get_all_analysis_handler", e.getMessage()); response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); } }
From source file:org.apache.jackrabbit.core.SessionImpl.java
/** * {@inheritDoc}/* w w w . ja v a 2 s.c o m*/ */ public void checkPermission(String absPath, String actions) throws AccessControlException, RepositoryException { // check sanity of this session sanityCheck(); // build the set of actions to be checked String[] strings = actions.split(","); HashSet set = new HashSet(); for (int i = 0; i < strings.length; i++) { set.add(strings[i]); } Path targetPath; try { targetPath = getQPath(absPath).getNormalizedPath(); } catch (NameException e) { String msg = "invalid path: " + absPath; log.debug(msg, e); throw new RepositoryException(msg, e); } if (!targetPath.isAbsolute()) { throw new RepositoryException("not an absolute path: " + absPath); } ItemId targetId = null; /** * "read" action: * requires READ permission on target item */ if (set.contains(READ_ACTION)) { try { targetId = hierMgr.resolvePath(targetPath); if (targetId == null) { // target does not exist, throw exception throw new AccessControlException(READ_ACTION); } accessMgr.checkPermission(targetId, AccessManager.READ); } catch (AccessDeniedException re) { // otherwise the RepositoryException catch clause will // log a warn message, which is not appropriate in this case. throw new AccessControlException(READ_ACTION); } } Path parentPath = null; ItemId parentId = null; /** * "add_node" action: * requires WRITE permission on parent item */ if (set.contains(ADD_NODE_ACTION)) { try { parentPath = targetPath.getAncestor(1); parentId = hierMgr.resolveNodePath(parentPath); if (parentId == null) { // parent does not exist (i.e. / was specified), throw exception throw new AccessControlException(ADD_NODE_ACTION); } accessMgr.checkPermission(parentId, AccessManager.WRITE); } catch (AccessDeniedException re) { // otherwise the RepositoryException catch clause will // log a warn message, which is not appropriate in this case. throw new AccessControlException(ADD_NODE_ACTION); } } /** * "remove" action: * requires REMOVE permission on target item */ if (set.contains(REMOVE_ACTION)) { try { if (targetId == null) { targetId = hierMgr.resolvePath(targetPath); if (targetId == null) { // parent does not exist, throw exception throw new AccessControlException(REMOVE_ACTION); } } accessMgr.checkPermission(targetId, AccessManager.REMOVE); } catch (AccessDeniedException re) { // otherwise the RepositoryException catch clause will // log a warn message, which is not appropriate in this case. throw new AccessControlException(REMOVE_ACTION); } } /** * "set_property" action: * requires WRITE permission on parent item if property is going to be * added or WRITE permission on target item if property is going to be * modified */ if (set.contains(SET_PROPERTY_ACTION)) { try { if (targetId == null) { targetId = hierMgr.resolvePath(targetPath); if (targetId == null) { // property does not exist yet, // check WRITE permission on parent if (parentPath == null) { parentPath = targetPath.getAncestor(1); } if (parentId == null) { parentId = hierMgr.resolveNodePath(parentPath); if (parentId == null) { // parent does not exist, throw exception throw new AccessControlException(SET_PROPERTY_ACTION); } } accessMgr.checkPermission(parentId, AccessManager.WRITE); } else { // property does already exist, // check WRITE permission on target accessMgr.checkPermission(targetId, AccessManager.WRITE); } } } catch (AccessDeniedException re) { // otherwise the RepositoryException catch clause will // log a warn message, which is not appropriate in this case. throw new AccessControlException(SET_PROPERTY_ACTION); } } }
From source file:servlets.Samples_servlets.java
private void update_biocondition_handler(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try {// ww w . ja va 2s . co m ArrayList<String> BLOCKED_IDs = new ArrayList<String>(); boolean ROLLBACK_NEEDED = false; DAO dao_instance = null; try { /** * ******************************************************* * STEP 1 CHECK IF THE USER IS LOGGED CORRECTLY IN THE APP. IF * ERROR --> throws exception if not valid session, GO TO STEP * 6b ELSE --> GO TO STEP 2 * ******************************************************* */ JsonParser parser = new JsonParser(); JsonObject requestData = (JsonObject) parser.parse(request.getReader()); String loggedUser = requestData.get("loggedUser").getAsString(); String loggedUserID = requestData.get("loggedUserID").getAsString(); String sessionToken = requestData.get("sessionToken").getAsString(); if (!checkAccessPermissions(loggedUser, sessionToken)) { throw new AccessControlException("Your session is invalid. User or session token not allowed."); } /** * ******************************************************* * STEP 3 Get the Object by parsing the JSON data. IF ERROR --> * throws JsonParseException, GO TO STEP 6b ELSE --> GO TO STEP * 4 ******************************************************* */ BioCondition biocondition = BioCondition.fromJSON(requestData.get("biocondition_json_data")); dao_instance = DAOProvider.getDAOByName("BioCondition"); //CHECK IF CURRENT USER IS A VALID OWNER (AVOID HACKING) boolean loadRecursive = false; BioCondition bioconditionAux = (BioCondition) dao_instance .findByID(biocondition.getBioConditionID(), new Object[] { loadRecursive }); if (!bioconditionAux.isOwner(loggedUserID) && !loggedUserID.equals("admin")) { throw new AccessControlException( "Cannot update selected Biological Condition. Current user has not privileges over this Biological Condition."); } /** * ******************************************************* * STEP 4 READ ALL BIOREPLICATES AND AS AND CREATE THE LIST OF * TASKS. * ******************************************************* */ Bioreplicate_JDBCDAO bioreplicateDAO = (Bioreplicate_JDBCDAO) (DAOProvider .getDAOByName("Bioreplicate")); AnalyticalReplicate_JDBCDAO analyticalSampleDAO = (AnalyticalReplicate_JDBCDAO) (DAOProvider .getDAOByName("AnalyticalReplicate")); ArrayList<Bioreplicate> to_be_created_BR = new ArrayList<Bioreplicate>(); ArrayList<Bioreplicate> to_be_updated_BR = new ArrayList<Bioreplicate>(); ArrayList<String> to_be_deleted_BR = new ArrayList<String>(); ArrayList<AnalyticalReplicate> to_be_created_AS = new ArrayList<AnalyticalReplicate>(); ArrayList<AnalyticalReplicate> to_be_updated_AS = new ArrayList<AnalyticalReplicate>(); ArrayList<String> to_be_deleted_AS = new ArrayList<String>(); for (Bioreplicate bioreplicate : biocondition.getAssociatedBioreplicates()) { if ("new_deleted".equals(bioreplicate.getStatus())) { continue; //ignore } else if ("deleted".equals(bioreplicate.getStatus()) || "edited_deleted".equals(bioreplicate.getStatus())) { to_be_deleted_BR.add(bioreplicate.getBioreplicateID()); //DELETES THE AS } else if ("new".equals(bioreplicate.getStatus())) { Object[] params = { biocondition.getBioConditionID() }; String nextID = bioreplicateDAO.getNextObjectID(params); BLOCKED_IDs.add(nextID); bioreplicate.setBioreplicate_id(nextID); bioreplicate.setBioConditionID(biocondition.getBioConditionID()); to_be_created_BR.add(bioreplicate); //CREATES THE AS } else { if ("edited".equals(bioreplicate.getStatus())) { to_be_updated_BR.add(bioreplicate); } for (AnalyticalReplicate analyticalReplicate : bioreplicate .getAssociatedAnalyticalReplicates()) { if ("new_deleted".equals(analyticalReplicate.getStatus())) { continue; //ignore } else if ("deleted".equals(analyticalReplicate.getStatus()) || "edited_deleted".equals(analyticalReplicate.getStatus())) { to_be_deleted_AS.add(analyticalReplicate.getAnalytical_rep_id()); } else if ("new".equals(analyticalReplicate.getStatus())) { Object[] params = { bioreplicate.getBioreplicateID() }; String nextID = analyticalSampleDAO.getNextObjectID(params); BLOCKED_IDs.add(nextID); analyticalReplicate.setAnalyticalReplicateID(nextID); analyticalReplicate.setBioreplicateID(bioreplicate.getBioreplicateID()); to_be_created_AS.add(analyticalReplicate); //CREATES THE AS } else if ("edited".equals(analyticalReplicate.getStatus())) { to_be_updated_AS.add(analyticalReplicate); } } } } /** * ******************************************************* * STEP 5 UPDATE THE BIOCONDITION IN DATABASE. IF ERROR --> * throws SQL Exception, GO TO STEP ? ELSE --> GO TO STEP 5 * ******************************************************* */ dao_instance.disableAutocommit(); ROLLBACK_NEEDED = true; dao_instance.update(biocondition); /** * ******************************************************* * STEP 6 APPLY THE BIOREPLICATE TASKS IN DATABASE. IF ERROR --> * throws SQL Exception, GO TO STEP ? ELSE --> GO TO STEP 8 * ******************************************************* */ bioreplicateDAO.insert(to_be_created_BR.toArray(new Bioreplicate[] {})); bioreplicateDAO.update(to_be_updated_BR.toArray(new Bioreplicate[] {})); bioreplicateDAO.remove(to_be_deleted_BR.toArray(new String[] {})); /** * ******************************************************* * STEP 7 APPLY THE ANALYTICAL REP TASKS IN DATABASE. IF ERROR * --> throws SQL Exception, GO TO STEP ? ELSE --> GO TO STEP 9 * ******************************************************* */ analyticalSampleDAO.insert(to_be_created_AS.toArray(new AnalyticalReplicate[] {})); analyticalSampleDAO.update(to_be_updated_AS.toArray(new AnalyticalReplicate[] {})); analyticalSampleDAO.remove(to_be_deleted_AS.toArray(new String[] {})); /** * ******************************************************* * STEP 9 COMMIT CHANGES TO DATABASE. throws SQLException IF * ERROR --> throws SQL Exception, GO TO STEP ? ELSE --> GO TO * STEP 10 * ******************************************************* */ dao_instance.doCommit(); } catch (Exception e) { if (e.getClass().getSimpleName().equals("MySQLIntegrityConstraintViolationException")) { ServerErrorManager.handleException(null, null, null, "Unable to update the Biological condition information.</br>One or more Analysis are associated with at least a deleted element.</br>Remove or Edit first those Analysis or change the associated Analytical sample and try again later."); } else { ServerErrorManager.handleException(e, Samples_servlets.class.getName(), "update_biocondition_handler", e.getMessage()); } } finally { /** * ******************************************************* * STEP 9b CATCH ERROR, CLEAN CHANGES. throws SQLException * ******************************************************* */ if (ServerErrorManager.errorStatus()) { response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); if (ROLLBACK_NEEDED) { dao_instance.doRollback(); } } else { JsonObject obj = new JsonObject(); obj.add("success", new JsonPrimitive(true)); response.getWriter().print(obj.toString()); } for (String BLOCKED_ID : BLOCKED_IDs) { BlockedElementsManager.getBlockedElementsManager().unlockID(BLOCKED_ID); } /** * ******************************************************* * STEP 11 Close connection. * ******************************************************** */ if (dao_instance != null) { dao_instance.closeConnection(); } } //CATCH IF THE ERROR OCCURRED IN ROLL BACK OR CONNECTION CLOSE } catch (Exception e) { ServerErrorManager.handleException(e, Samples_servlets.class.getName(), "update_biocondition_handler", e.getMessage()); response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrUtil.java
public static Map<String, Object> nodeAsMap(Node obj) throws RepositoryException { try {/*from ww w .ja v a 2s .co m*/ String nodeName = obj.getName(); String path = obj.getPath(); String identifier = obj.getIdentifier(); String type = obj.getPrimaryNodeType() != null ? obj.getPrimaryNodeType().getName() : ""; Map<String, Object> props = JcrPropertyUtil.getProperties(obj); Map<String, Object> finalProps = new HashMap<>(); if (props != null) { finalProps.putAll(finalProps); } finalProps.put("nodeName", nodeName); if (identifier != null) { finalProps.put("nodeIdentifier", identifier); } finalProps.put("nodePath", path); finalProps.put("nodeType", type); return finalProps; } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrPropertyUtil.java
/** * Used to retrieve the referenced nodes from a multi-valued property of type (WEAK)REFERENCE *///from ww w .j a va2 s. c o m public static Set<Node> getReferencedNodeSet(Node node, String propName) { try { if (node == null) { throw new IllegalArgumentException("Cannot set a property on a null-node!"); } if (propName == null) { throw new IllegalArgumentException("Cannot set a property without a provided name"); } final Session session = node.getSession(); // JcrVersionUtil.ensureCheckoutNode(node); if (node.hasProperty(propName)) { return Arrays.stream(node.getProperty(propName).getValues()).map(v -> { try { return (Node) JcrPropertyUtil.asValue(v, session); } catch (AccessDeniedException e) { // Not allowed to see the referenced node so return null. return null; } }).filter(n -> n != null) // weak refs can produce null nodes .collect(Collectors.toSet()); } else { return new HashSet<>(); } } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException("Failed to get the node property set: " + propName, e); } }
From source file:com.thinkbiganalytics.feedmgr.rest.controller.FeedRestController.java
@GET @Path("/{feedId}/profile-summary") @Produces(MediaType.APPLICATION_JSON)/* w ww. java 2s . c o m*/ @ApiOperation("Gets a summary of the feed profiles.") @ApiResponses({ @ApiResponse(code = 200, message = "Returns the profile summaries.", response = Map.class, responseContainer = "List"), @ApiResponse(code = 500, message = "The profiles are unavailable.", response = RestResponseStatus.class) }) public Response profileSummary(@PathParam("feedId") String feedId) { FeedMetadata feedMetadata = getMetadataService().getFeedById(feedId); final String profileTable = HiveUtils.quoteIdentifier(feedMetadata.getProfileTableName()); String query = "SELECT * from " + profileTable + " where columnname = '(ALL)'"; List<Map<String, Object>> rows = new ArrayList<>(); try { QueryResult results = hiveService.query(query); rows.addAll(results.getRows()); //add in the archive date time fields if applicipable String ARCHIVE_PROCESSOR_TYPE = "com.thinkbiganalytics.nifi.GetTableData"; if (feedMetadata.getInputProcessorType().equalsIgnoreCase(ARCHIVE_PROCESSOR_TYPE)) { NifiProperty property = NifiPropertyUtil.findPropertyByProcessorType(feedMetadata.getProperties(), ARCHIVE_PROCESSOR_TYPE, "Date Field"); if (property != null && property.getValue() != null) { String field = property.getValue(); if (field.contains(".")) { field = StringUtils.substringAfterLast(field, "."); } query = "SELECT * from " + profileTable + " where metrictype IN('MIN_TIMESTAMP','MAX_TIMESTAMP') AND columnname = " + HiveUtils.quoteString(field); QueryResult dateRows = hiveService.query(query); if (dateRows != null && !dateRows.isEmpty()) { rows.addAll(dateRows.getRows()); } } } } catch (DataAccessException e) { if (e.getCause() instanceof org.apache.hive.service.cli.HiveSQLException && e.getCause().getMessage().contains("Table not found")) { //this exception is ok to swallow since it just means no profile data exists yet } else if (e.getCause().getMessage().contains("HiveAccessControlException Permission denied")) { throw new AccessControlException("You do not have permission to execute this hive query"); } else { throw e; } } return Response.ok(rows).build(); }
From source file:servlets.User_servlets.java
private void update_user_handler(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try {//from w w w .j av a 2 s . c o m boolean ROLLBACK_NEEDED = false; DAO dao_instance = null; try { /** * ******************************************************* * STEP 1 CHECK IF THE USER IS LOGGED CORRECTLY IN THE APP. IF * ERROR --> throws exception if not valid session, GO TO STEP * 5b ELSE --> GO TO STEP 2 * ******************************************************* */ Map<String, Cookie> cookies = this.getCookies(request); JsonParser parser = new JsonParser(); JsonObject requestData = (JsonObject) parser.parse(request.getReader()); String loggedUser, loggedUserID = null, sessionToken; loggedUser = cookies.get("loggedUser").getValue(); sessionToken = cookies.get("sessionToken").getValue(); loggedUserID = cookies.get("loggedUserID").getValue(); String userID = request.getPathInfo().replaceAll("/", ""); if (!checkAccessPermissions(loggedUser, sessionToken)) { throw new AccessControlException("Your session is invalid. User or session token not allowed."); } /** * ******************************************************* * STEP 2 PARSE THE JSON DATA AND GET THE NEW OBJECT. IF ERROR * --> throws exception if not valid session, GO TO STEP 4b ELSE * --> GO TO STEP 3 * ******************************************************* */ String newpass = requestData.get("newpass").getAsString(); if (newpass != null) { newpass = new String(Base64.decodeBase64(newpass)); newpass = SHA1.getHash(newpass); } /** * ******************************************************* * STEP 3 UPDATE IN DATABASE. IF ERROR --> throws exception if * not valid session, GO TO STEP 4b ELSE --> GO TO STEP 4 * ******************************************************* */ dao_instance = DAOProvider.getDAOByName("User"); boolean isEmail = true; Object[] params = { null, false, isEmail }; User user = (User) ((User_JDBCDAO) dao_instance).findByID(loggedUser, params); if (user == null) { throw new Exception("User not valid."); } if (!userID.equals(user.getUserID()) && !isValidAdminUser(loggedUser)) { throw new Exception("User not allowed for this action."); } user.setPassword(newpass); dao_instance.disableAutocommit(); ROLLBACK_NEEDED = true; dao_instance.update(user); /** * ******************************************************* * STEP 4 COMMIT CHANGES IN DB. IF ERROR --> throws exception if * not valid session, GO TO STEP 4b ELSE --> GO TO STEP 5 * ******************************************************* */ dao_instance.doCommit(); } catch (Exception e) { ServerErrorManager.handleException(e, User_servlets.class.getName(), "updateUserPostHandler", e.getMessage()); } finally { /** * ******************************************************* * STEP 4b CATCH ERROR, CLEAN CHANGES. throws SQLException * ******************************************************* */ if (ServerErrorManager.errorStatus()) { response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); if (ROLLBACK_NEEDED) { dao_instance.doRollback(); } } else { JsonObject obj = new JsonObject(); obj.add("success", new JsonPrimitive(true)); response.getWriter().print(obj.toString()); } /** * ******************************************************* * STEP 6 Close connection. * ******************************************************** */ if (dao_instance != null) { dao_instance.closeConnection(); } } //CATCH IF THE ERROR OCCURRED IN ROLL BACK OR CONNECTION CLOSE } catch (Exception e) { ServerErrorManager.handleException(e, User_servlets.class.getName(), "updateUserPostHandler", e.getMessage()); response.setStatus(400); response.getWriter().print(ServerErrorManager.getErrorResponse()); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrPropertyUtil.java
public static boolean addToSetProperty(Node node, String name, Object value, boolean weakReference) { try {/*from w w w .j a v a 2 s . c om*/ // JcrVersionUtil.ensureCheckoutNode(node); if (node == null) { throw new IllegalArgumentException("Cannot set a property on a null-node!"); } if (name == null) { throw new IllegalArgumentException("Cannot set a property without a provided name"); } Set<Value> values = null; if (node.hasProperty(name)) { values = Arrays.stream(node.getProperty(name).getValues()).map(v -> { if (PropertyType.REFERENCE == v.getType() && weakReference) { try { Node n = JcrPropertyUtil.asValue(v, node.getSession()); return n.getSession().getValueFactory().createValue(n, true); } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException( "Failed to add to set property: " + name + "->" + value, e); } } else { return v; } }).collect(Collectors.toSet()); } else { values = new HashSet<>(); } Value newVal = createValue(node.getSession(), value, weakReference); boolean result = values.add(newVal); if (weakReference) { Property property = node.setProperty(name, (Value[]) values.stream().toArray(size -> new Value[size]), PropertyType.WEAKREFERENCE); } else { Property property = node.setProperty(name, (Value[]) values.stream().toArray(size -> new Value[size])); } return result; } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException("Failed to add to set property: " + name + "->" + value, e); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrUtil.java
public static <T extends JcrObject> T getReferencedObject(Node node, String property, JcrObjectTypeResolver<T> typeResolver) { try {/*from w w w.j a v a 2 s . co m*/ Property prop = node.getProperty(property); return createJcrObject(prop.getNode(), typeResolver.resolve(prop.getNode())); } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException("Failed to dereference object of type using: " + typeResolver, e); } }
From source file:org.apache.jackrabbit.core.SessionImpl.java
/** * {@inheritDoc}/*from w w w.j a v a2 s . c o m*/ */ public void checkPermission(String absPath, String actions) throws AccessControlException, RepositoryException { if (!hasPermission(absPath, actions)) { throw new AccessControlException(actions); } }