Example usage for org.springframework.security.access AccessDeniedException AccessDeniedException

Introduction

In this page you can find the example usage for org.springframework.security.access AccessDeniedException AccessDeniedException.

Prototype

public AccessDeniedException(String msg, Throwable t)

Source Link

Document

Constructs an AccessDeniedException with the specified message and root cause.

Usage

From source file:org.trustedanalytics.uploader.service.UploadService.java

private void doProcess(FileItemStream fileItemStream, UploadMetadata uploadMetadata,
        Function<Transfer, Transfer> mapper, List<Transfer> transfers) {
    try (InputStream input = streamDecoder.apply(fileItemStream.openStream())) {
        final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        Transfer transfer = new Transfer(uploadMetadata);
        streamConsumer.accept(input, transfer, UUID.fromString(uploadMetadata.getOrgUUID()));
        transfer = mapper.apply(transfer);
        dataAcquisitionClient.uploadCompleted(transfer, "bearer " + tokenExtractor.apply(auth));
        transfers.add(transfer);//  w  ww .j  av  a  2  s  .co m

    } catch (AccessControlException ex) {
        throw new AccessDeniedException("Permission denied", ex);
    } catch (IOException | LoginException | InterruptedException ex) {
        throw new UploadException(transfers, ex);
    }
}

From source file:com.sun.identity.provider.springsecurity.OpenSSOObjectDefinitionSource.java

/**
 * @inheritDoc//from  w ww  . ja v  a  2  s . c  o  m
 */
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    FilterInvocation filterInvocation = (FilterInvocation) object;
    HttpServletRequest request = filterInvocation.getRequest();
    if (isAnonymousUrl(request)) {
        return null;
    }

    SSOToken token = OpenSSOProcessingFilter.getToken(filterInvocation.getHttpRequest());
    if (token == null) {
        throw new InsufficientAuthenticationException("SSOToken does not exist");
    }

    Set actions = new HashSet();
    actions.add(filterInvocation.getHttpRequest().getMethod());
    String fullResourceUrl = filterInvocation.getFullRequestUrl();

    try {
        PolicyEvaluator policyEvaluator = PolicyEvaluatorFactory.getInstance()
                .getPolicyEvaluator("iPlanetAMWebAgentService");
        if (debug.messageEnabled()) {
            debug.message("getPolicy for resource=" + fullResourceUrl + " actions=" + actions);
        }
        PolicyDecision policyDecision = policyEvaluator.getPolicyDecision(token, fullResourceUrl, actions,
                envParams);
        Map actionDecisions = policyDecision.getActionDecisions();
        if (debug.messageEnabled()) {
            debug.message("action decisions =" + actionDecisions);
        }

        // If OpenSSO has a NULL policy decision we return
        // and Empty list. This results in a Spring "ABSTAIN" vote
        if (actionDecisions == null || actionDecisions.isEmpty()) {
            return Collections.emptyList();
        } else {
            ActionDecision actionDecision = (ActionDecision) actionDecisions.values().iterator().next();
            List<ConfigAttribute> configAtributes = new ArrayList<ConfigAttribute>();
            for (Iterator it = actionDecision.getValues().iterator(); it.hasNext();) {
                String s = (String) it.next();
                debug.message("configAttributes.add(" + s);
                configAtributes.add(new SecurityConfig(s));
            }
            return configAtributes;
        }
    } catch (Exception e) {
        debug.error("Exception while evaling policy", e);
        throw new AccessDeniedException("Error accessing to Opensso", e);
    }
}

From source file:org.duracloud.account.app.controller.UserController.java

/**
 * @param mav//from w ww.j a v  a 2  s .  com
 */
private void prepareModel(String username, ModelAndView mav) {

    DuracloudUser user;
    try {
        user = this.userService.loadDuracloudUserByUsernameInternal(username);
        prepareModel(user, mav);
    } catch (DBNotFoundException e) {
        throw new AccessDeniedException("Access is denied", e);
    }
}

From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java

@ExceptionHandler(HttpSessionRequiredException.class)
public ModelAndView handleHttpSessionRequiredException(HttpSessionRequiredException e,
        ServletWebRequest webRequest) throws Exception {
    logger.info("Handling Session required error: " + e.getMessage());
    return handleException(new AccessDeniedException("Could not obtain authorization request from session", e),
            webRequest);//  w w  w  .  ja va  2 s  .  c o  m
}

From source file:org.jasig.ssp.web.api.PlanController.java

private void assertStandardMapReadApiAuthorization(HttpServletRequest request) throws AccessDeniedException {
    if (securityService.hasAuthority("ROLE_PERSON_READ")
            || securityService.hasAuthority("ROLE_PERSON_MAP_READ")) {
        return;/*from   w w w. j a v  a  2s  .c om*/
    }
    try {
        requestTrustService.assertHighlyTrustedRequest(request);
    } catch (AccessDeniedException e) {
        throw new AccessDeniedException("Untrusted request with" + " insufficient permissions.", e);
    }
}

From source file:org.talend.daikon.security.access.RequiresAuthorityAspect.java

/**
 * The interceptor method for method annotated with {@link RequiresAuthority}.
 *
 * @param pjp The method invocation.//from ww  w .  j av a 2 s . co  m
 * @return The object
 * @throws Throwable Throws {@link org.springframework.security.access.AccessDeniedException} in case of denied
 *                   access to the invoked method.
 */
@Around("@annotation(org.talend.daikon.security.access.RequiresAuthority)")
public Object requires(ProceedingJoinPoint pjp) throws Throwable {
    final Authentication authentication = ofNullable(getContext().getAuthentication()).orElse(ANONYMOUS);
    LOGGER.debug("Checking @Required access on {} for user {}.", pjp, authentication);

    final MethodSignature methodSignature = (MethodSignature) pjp.getSignature();
    final Method method = methodSignature.getMethod();

    final RequiresAuthority annotation = method.getAnnotation(RequiresAuthority.class);
    if (annotation == null) {
        throw new IllegalArgumentException("Missing @RequiresAuthority annotation."); // Rather unexpected
    }

    final String[] authorityArray = annotation.authority();
    final Supplier<Stream<String>> authorityStreamSupplier = () -> Stream.of(authorityArray)
            .filter(StringUtils::isNotBlank);

    final String[] valueArray = annotation.value();
    final Supplier<Stream<String>> valueStreamSupplier = () -> Stream.of(valueArray)
            .filter(StringUtils::isNotBlank);

    Supplier<Stream<String>> streamSupplier = null;

    if (authorityStreamSupplier.get().count() > 0) {
        streamSupplier = authorityStreamSupplier;
    } else if (valueStreamSupplier.get().count() > 0) {
        streamSupplier = valueStreamSupplier;
    }

    if (streamSupplier != null && streamSupplier.get().noneMatch(RequiresAuthorityAspect::isAllowed)) {
        LOGGER.debug("Access denied for user {} on {}.", authentication, method);
        final Class<? extends AccessDenied> onDeny = annotation.onDeny();
        final AccessDenied accessDenied;
        try {
            accessDenied = onDeny.newInstance();
            return accessDenied.onDeny(annotation, method, pjp.getArgs());
        } catch (InstantiationException noInstance) {
            LOGGER.error("Unable to use on deny custom class {}", onDeny.getName(), noInstance);
            throw new AccessDeniedException("Access denied for " + method.getName() + ".", noInstance);
        }
    }

    LOGGER.debug("Access allowed for user {} on {}.", authentication, method);
    return pjp.proceed();
}