List of usage examples for org.springframework.http HttpStatus FORBIDDEN
HttpStatus FORBIDDEN
To view the source code for org.springframework.http HttpStatus FORBIDDEN.
Click Source Link
From source file:de.sainth.recipe.backend.rest.controller.CookbookController.java
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
@RequestMapping()/* w w w . jav a2 s.c o m*/
HttpEntity<List<Cookbook>> getAll() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof RecipeManagerAuthenticationToken) {
RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
if (ROLE_ADMIN.name().equals(token.getRole())) {
return new ResponseEntity<>(repository.findAll(), HttpStatus.OK);
} else {
return new ResponseEntity<>(repository.findAllFor(token.getPrincipal()), HttpStatus.OK);
}
}
return new ResponseEntity<>(HttpStatus.FORBIDDEN);
}
From source file:org.trustedanalytics.user.invite.RestErrorHandler.java
@ResponseStatus(HttpStatus.FORBIDDEN) @ExceptionHandler(InvalidSecurityCodeException.class) public void incorrectSocurityCode() { }
From source file:de.thm.arsnova.controller.SocketController.java
@RequestMapping(method = RequestMethod.POST, value = "/assign") public void authorize(@RequestBody final Map<String, String> sessionMap, final HttpServletResponse response) { String socketid = sessionMap.get("session"); if (null == socketid) { LOGGER.debug("Expected property 'session' missing", socketid); response.setStatus(HttpStatus.BAD_REQUEST.value()); return;//w w w . j av a 2 s .c o m } User u = userService.getCurrentUser(); if (null == u) { LOGGER.debug("Client {} requested to assign Websocket session but has not authenticated", socketid); response.setStatus(HttpStatus.FORBIDDEN.value()); return; } userService.putUser2SocketId(UUID.fromString(socketid), u); userSessionService.setSocketId(UUID.fromString(socketid)); response.setStatus(HttpStatus.NO_CONTENT.value()); }
From source file:de.sainth.recipe.backend.rest.controller.UserController.java
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
@RequestMapping("{id}")
HttpEntity<User> get(@PathVariable("id") Long id) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
RecipeManagerAuthenticationToken token = (RecipeManagerAuthenticationToken) authentication;
if (ROLE_ADMIN.name().equals(token.getRole())
|| (ROLE_USER.name().equals(token.getRole()) && token.getPrincipal().equals(id))) {
return new ResponseEntity<>(repository.findOne(id), HttpStatus.OK);
} else {//from w ww.ja va2s . c o m
return new ResponseEntity<>(HttpStatus.FORBIDDEN);
}
}
From source file:org.sventon.web.ctrl.ConfigurationReloadControllerTest.java
@Test public void toggleReloadSupportFalse() { when(application.isConfigurationReloadSupported()).thenReturn(false); ResponseEntity<String> response = controller.reloadConfigAndReinitializeApplication(); assertThat(response.getBody(), equalTo("Forbidden.")); assertThat(response.getStatusCode(), equalTo(HttpStatus.FORBIDDEN)); assertContentType(response);/*from www. j a v a2 s . c om*/ }
From source file:com.jiwhiz.rest.RestErrorHandler.java
/** * Returns 403 Forbidden if user doesn't have privilege to access certain resources. * /*from w w w. j a v a 2 s. c o m*/ * @param ex */ @ExceptionHandler(AccessDeniedException.class) @ResponseStatus(HttpStatus.FORBIDDEN) public void handleAccessDeniedException(AccessDeniedException ex) { LOGGER.debug("handling access secure resource without privilege"); }
From source file:com.redblackit.war.AppSecurityRestControllerTest.java
/** * Test GET method for human page about (should get 403) * {@link com.redblackit.web.controller.AdminRestController#getVersion()} * with https./*from ww w. j a v a 2 s .c o m*/ */ @Test public void testGetAbout() { helper.doGetForHttpStatusCodeException(inaccessibleUrl, null, "inaccessible URL for REST", HttpStatus.FORBIDDEN); }
From source file:net.bluewizardhat.tfa.web.controller.AbstractBaseController.java
/** * Returns a 403 Forbidden HTTP error code if a controller method throws a {@link ForbiddenException} */// w ww . j a v a 2 s. c om @ExceptionHandler(ForbiddenException.class) @ResponseStatus(value = HttpStatus.FORBIDDEN, reason = "Refusing request") public void handleForbidden(ForbiddenException e) { log.debug("Refusing request: {}", e.getMessage()); }
From source file:fi.helsinki.opintoni.exception.GlobalExceptionHandlers.java
@ExceptionHandler(value = { ForbiddenException.class, AccessDeniedException.class })
public ResponseEntity<CommonError> handleForbidden() throws Exception {
return new ResponseEntity<>(new CommonError("Forbidden"), HttpStatus.FORBIDDEN);
}
From source file:com.mejmo.appletraus.server.controller.MethodInvokeController.java
@RequestMapping(value = "/methodInvoke/{sessionId}", method = RequestMethod.POST) public ResponseEntity<?> invokeMethod(@PathVariable final String sessionId, @RequestBody final RESTMethodInvoke restMethodInvoke) throws Exception { if (!getBroadcasterMap().containsKey(sessionId)) return new ResponseEntity("No related sessionid", HttpStatus.FORBIDDEN); logger.info("Method invoke request called. SessionId: " + sessionId); final AsyncRequestId asyncId = new AsyncRequestId(); Async2SyncExecutor async2SyncExecutor = new Async2SyncExecutor(); String result = async2SyncExecutor.start(String.class, asyncId, new Async2SyncRunnable() { @Override/*from ww w. j a v a 2 s. co m*/ public void executeAsyncRequest() { Message message = new Message(); message.setMessageType(MessageType.METHOD_CALL); message.setMethod(restMethodInvoke.getMethod()); message.setMethodCallId(asyncId.getId()); message.setParameters(restMethodInvoke.getParameters()); getBroadcasterMap().get(sessionId).lookup(sessionId).broadcast(message); } }); return new ResponseEntity(result, HttpStatus.OK); }