List of usage examples for org.springframework.security.authentication AccountStatusException AccountStatusException
public AccountStatusException(String msg)
From source file:org.apache.nifi.web.security.authorization.NiFiAuthorizationService.java
/** * Loads the user details for the specified dn. * * Synchronizing because we want each request to be authorized atomically since each may contain any number of DNs. We wanted an access decision made for each individual request as a whole * (without other request potentially impacting it). * * @param request request/*from www.jav a2 s.c om*/ * @return user details * @throws UsernameNotFoundException ex * @throws org.springframework.dao.DataAccessException ex */ @Override public synchronized UserDetails loadUserDetails(NiFiAuthortizationRequestToken request) throws UsernameNotFoundException, DataAccessException { NiFiUserDetails userDetails = null; final List<String> chain = new ArrayList<>(request.getChain()); // ensure valid input if (chain.isEmpty()) { logger.warn("Malformed proxy chain: " + StringUtils.join(request.getChain())); throw new UntrustedProxyException("Malformed proxy chain."); } NiFiUser proxy = null; // process each part of the proxy chain for (final ListIterator<String> chainIter = request.getChain().listIterator(chain.size()); chainIter .hasPrevious();) { final String dn = chainIter.previous(); // if there is another dn after this one, this dn is a proxy for the request if (chainIter.hasPrevious()) { try { // get the user details for the proxy final NiFiUserDetails proxyDetails = getNiFiUserDetails(dn); final NiFiUser user = proxyDetails.getNiFiUser(); // verify the proxy has the appropriate role if (!user.getAuthorities().contains(Authority.ROLE_PROXY)) { logger.warn(String.format("Proxy '%s' must have '%s' authority. Current authorities: %s", dn, Authority.ROLE_PROXY.toString(), StringUtils.join(user.getAuthorities(), ", "))); throw new UntrustedProxyException( String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString())); } // if we've already encountered a proxy, update the chain if (proxy != null) { user.setChain(proxy); } // record this user as the proxy for the next user in the chain proxy = user; } catch (UsernameNotFoundException unfe) { // if this proxy is a new user, conditionally create a new account automatically if (properties.getSupportNewAccountRequests()) { try { logger.warn( String.format("Automatic account request generated for unknown proxy: %s", dn)); // attempt to create a new user account for the proxying client userService.createPendingUserAccount(dn, "Automatic account request generated for unknown proxy."); } catch (AdministrationException ae) { throw new AuthenticationServiceException(String.format( "Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae); } catch (IllegalArgumentException iae) { // check then modified... account didn't exist when getting the user details but did when // attempting to auto create the user account request final String message = String.format("Account request was already submitted for '%s'", dn); logger.warn(message); throw new AccountStatusException(message) { }; } } logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage())); throw new UntrustedProxyException( String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString())); } catch (AuthenticationException ae) { logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), ae.getMessage())); throw new UntrustedProxyException( String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString())); } } else { userDetails = getNiFiUserDetails(dn); // if we've already encountered a proxy, update the chain if (proxy != null) { final NiFiUser user = userDetails.getNiFiUser(); user.setChain(proxy); } } } return userDetails; }