Example usage for java.lang SecurityException getMessage

List of usage examples for java.lang SecurityException getMessage

Introduction

In this page you can find the example usage for java.lang SecurityException getMessage.

Prototype

public String getMessage() 

Source Link

Document

Returns the detail message string of this throwable.

Usage

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

void assignUser() {
    try {/*from   ww w  .j a v  a 2 s.c  o  m*/
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        UserRole uRole = new UserRole();
        uRole.setUserId(userId);
        System.out.println("Enter role name");
        String roleNm = ReaderUtil.readLn();
        uRole.setName(roleNm);
        am.assignUser(uRole);
        System.out.println("userId [" + userId + "] name [" + roleNm + "]");
        System.out.println("has been assigned");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("assignUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

From source file:com.cws.esolutions.security.processors.impl.AccountChangeProcessorImpl.java

/**
 * @see com.cws.esolutions.security.processors.interfaces.IAccountChangeProcessor#changeUserPassword(com.cws.esolutions.security.processors.dto.AccountChangeRequest)
 *///from   www  .  j a va 2s  . c om
public AccountChangeResponse changeUserPassword(final AccountChangeRequest request)
        throws AccountChangeException {
    final String methodName = IAccountChangeProcessor.CNAME
            + "#changeUserPassword(final AccountChangeRequest request) throws AccountChangeException";

    if (DEBUG) {
        DEBUGGER.debug(methodName);
        DEBUGGER.debug("AccountChangeRequest: {}", request);
    }

    // List<String> authList = null;
    String currentPassword = null;
    AccountChangeResponse response = new AccountChangeResponse();

    final Calendar calendar = Calendar.getInstance();
    final RequestHostInfo reqInfo = request.getHostInfo();
    final UserAccount requestor = request.getRequestor();
    final UserAccount userAccount = request.getUserAccount();
    final AuthenticationData reqSecurity = request.getUserSecurity();
    final String newUserSalt = RandomStringUtils.randomAlphanumeric(secConfig.getSaltLength());

    calendar.add(Calendar.DATE, secConfig.getPasswordExpiration());

    if (DEBUG) {
        DEBUGGER.debug("Calendar: {}", calendar);
        DEBUGGER.debug("RequestHostInfo: {}", reqInfo);
        DEBUGGER.debug("UserAccount: {}", requestor);
        DEBUGGER.debug("UserAccount: {}", userAccount);
    }

    // ok, first things first. if this is an administrative reset, make sure the requesting user
    // is authorized to perform the action.
    if (!(StringUtils.equals(userAccount.getGuid(), requestor.getGuid()))) {
        // requesting user is not the same as the user being reset. no authorization here,
        // no one is allowed to change user security but the owning user
        response.setRequestStatus(SecurityRequestStatus.UNAUTHORIZED);

        return response;
    }

    try {
        // otherwise, keep going
        // make sure the new password isnt the same as the existing
        if (StringUtils.equals(reqSecurity.getNewPassword(), reqSecurity.getPassword())) {
            throw new AccountChangeException("The new password MUST differ from the existing password.");
        } else if ((reqSecurity.getNewPassword().length() < secConfig.getPasswordMinLength()) // less than minimum
                || (reqSecurity.getNewPassword().length() > secConfig.getPasswordMaxLength())) // greater than maximum
        {
            // password doesnt meet requirements, is either too short or too long
            throw new AccountChangeException(
                    "The chosen password does not meet the configured length requirements.");
        } else {
            if (!(request.isReset())) {
                // ok, authenticate first
                String userSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name());

                if (StringUtils.isNotEmpty(userSalt)) {
                    // we aren't getting the data back here because we don't need it. if the request
                    // fails we'll get an exception and not process further. this might not be the
                    // best flow control, but it does exactly what we need where we need it.
                    authenticator.performLogon(userAccount.getUsername(),
                            PasswordUtils.encryptText(reqSecurity.getPassword(), userSalt,
                                    secBean.getConfigData().getSecurityConfig().getAuthAlgorithm(),
                                    secBean.getConfigData().getSecurityConfig().getIterations(),
                                    secBean.getConfigData().getSystemConfig().getEncoding()));
                }
            }

            if (StringUtils.isNotEmpty(newUserSalt)) {
                // get rollback information in case something breaks...
                // we already have the existing expiry and password, all we really need to get here is the salt.
                String existingSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name());

                if (StringUtils.isNotEmpty(existingSalt)) {
                    // good, move forward
                    // put the new salt in the database
                    boolean isComplete = userSec.addOrUpdateSalt(userAccount.getGuid(), newUserSalt,
                            SaltType.LOGON.name());

                    if (DEBUG) {
                        DEBUGGER.debug("isComplete: {}", isComplete);
                    }

                    if (isComplete) {
                        // make the modification in the user repository
                        userManager.modifyUserPassword(userAccount.getGuid(),
                                PasswordUtils.encryptText(reqSecurity.getNewPassword(), newUserSalt,
                                        secConfig.getAuthAlgorithm(), secConfig.getIterations(),
                                        secBean.getConfigData().getSystemConfig().getEncoding()));

                        if (DEBUG) {
                            DEBUGGER.debug("isComplete: {}", isComplete);
                        }

                        if (isComplete) {
                            if ((userAccount.getStatus() == LoginStatus.EXPIRED)
                                    || (userAccount.getStatus() == LoginStatus.RESET)) {
                                // update the account
                                userAccount.setStatus(LoginStatus.SUCCESS);
                            }

                            response.setUserAccount(userAccount);
                            response.setRequestStatus(SecurityRequestStatus.SUCCESS);
                        } else {
                            if (!(request.isReset())) {
                                // something failed. we're going to undo what we did in the user
                                // repository, because we couldnt update the salt value. if we don't
                                // undo it then the user will never be able to login without admin
                                // intervention
                                boolean isBackedOut = userManager.modifyUserPassword(userAccount.getUsername(),
                                        currentPassword);

                                if (!(isBackedOut)) {
                                    throw new AccountChangeException(
                                            "Failed to modify the user account and unable to revert to existing state.");
                                }
                            }

                            response.setRequestStatus(SecurityRequestStatus.FAILURE);
                        }
                    } else {
                        response.setRequestStatus(SecurityRequestStatus.FAILURE);
                    }
                } else {
                    throw new AccountChangeException(
                            "Unable to obtain existing salt value from datastore. Cannot continue.");
                }
            } else {
                throw new AccountChangeException("Unable to generate new salt for provided user account.");
            }
        }
    } catch (SQLException sqx) {
        ERROR_RECORDER.error(sqx.getMessage(), sqx);

        throw new AccountChangeException(sqx.getMessage(), sqx);
    } catch (UserManagementException umx) {
        ERROR_RECORDER.error(umx.getMessage(), umx);

        throw new AccountChangeException(umx.getMessage(), umx);
    } catch (AuthenticatorException ax) {
        ERROR_RECORDER.error(ax.getMessage(), ax);

        throw new AccountChangeException(ax.getMessage(), ax);
    } catch (SecurityException sx) {
        ERROR_RECORDER.error(sx.getMessage(), sx);

        throw new AccountChangeException(sx.getMessage(), sx);
    } finally {
        // audit
        try {
            AuditEntry auditEntry = new AuditEntry();
            auditEntry.setHostInfo(reqInfo);
            auditEntry.setAuditType(AuditType.CHANGEPASS);
            auditEntry.setUserAccount(requestor);
            auditEntry.setAuthorized(Boolean.TRUE);
            auditEntry.setApplicationId(request.getApplicationId());
            auditEntry.setApplicationName(request.getApplicationName());

            if (DEBUG) {
                DEBUGGER.debug("AuditEntry: {}", auditEntry);
            }

            AuditRequest auditRequest = new AuditRequest();
            auditRequest.setAuditEntry(auditEntry);

            if (DEBUG) {
                DEBUGGER.debug("AuditRequest: {}", auditRequest);
            }

            auditor.auditRequest(auditRequest);
        } catch (AuditServiceException asx) {
            ERROR_RECORDER.error(asx.getMessage(), asx);
        }
    }

    return response;
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

void updateRole() {
    Role re = new Role();

    try {/*from   ww w . java  2s .  c  om*/
        ReaderUtil.clearScreen();
        System.out.println("Enter role name:");
        re.setName(ReaderUtil.readLn());
        System.out.println("Enter Role's description field");
        re.setDescription(ReaderUtil.readLn());

        Role re2 = am.updateRole(re);
        System.out.println("name [" + re2.getName() + "]");
        System.out.println("internalId [" + re2.getId() + "]");
        System.out.println("name description [" + re2.getDescription() + "]");
        System.out.println("has been updated");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("updateRole caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

void deassignUser() {
    try {//from w w  w.  ja v  a  2 s  .c o  m
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        UserRole uRole = new UserRole();
        uRole.setUserId(userId);
        System.out.println("Enter role name");
        String roleNm = ReaderUtil.readLn();
        uRole.setName(roleNm);
        am.deassignUser(uRole);
        System.out.println("userId [" + userId + "] name [" + roleNm + "]");
        System.out.println("has been deassigned");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("deassignUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

void resetPassword() {
    try {/* w  w w. jav  a  2s.c  o  m*/
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        User user = new User();
        user.setUserId(userId);
        System.out.println("Enter new password");
        String newPw = ReaderUtil.readLn();
        am.resetPassword(user, newPw.toCharArray());
        System.out.println("userId [" + userId + "]");
        System.out.println("password has been reset");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("resetPassword caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

/**
 * Description of the Method/*from   ww w. ja v a  2 s  .co  m*/
 */
protected void forceDeleteUser() {
    try {
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        User user = new User();
        user.setUserId(userId);
        am.deleteUser(user);
        System.out.println("userId [" + userId + "]");
        System.out.println("has been force deleted");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("forceDeleteUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(),
                e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

/**
 * Description of the Method/*from w  w  w  .  jav  a  2  s  .com*/
 */
void deletePermission() {
    try {
        ReaderUtil.clearScreen();
        System.out.println("Enter object name");
        String name = ReaderUtil.readLn();
        //System.out.println("Enter object id (or enter for NULL)");
        //String object = ReaderUtil.readLn();
        PermObj pObj = new PermObj();
        pObj.setObjName(name);
        am.deletePermObj(pObj);
        System.out.println("perm object deleted: [" + name + "]");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("deletePermission caught SecurityException rc=" + e.getErrorId() + " msg=" + e.getMessage(),
                e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

/**
 * Description of the Method/*from  w w  w  .ja va  2s  .  co  m*/
 */
protected void deleteUser() {
    try {
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        User user = new User();
        user.setUserId(userId);
        System.out.println("Is Force Delete?  Y/N");
        String flag = ReaderUtil.readLn();
        if (flag.equalsIgnoreCase("Y")) {
            am.deleteUser(user);
            System.out.println("userId [" + userId + "]");
            System.out.println("has been deleted");
        } else {
            am.disableUser(user);
            System.out.println("userId [" + userId + "]");
            System.out.println("has been disabled but not deleted");
        }
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("deleteUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

From source file:org.apache.directory.fortress.core.AdminMgrConsole.java

void changePassword() {
    try {/*from  w  w  w. j  a  va 2s.  co m*/
        ReaderUtil.clearScreen();
        System.out.println("Enter userId");
        String userId = ReaderUtil.readLn();
        System.out.println("Enter old password");
        String oldPw = ReaderUtil.readLn();
        User user = new User();
        user.setUserId(userId);
        user.setPassword(oldPw.toCharArray());
        System.out.println("Enter new password");
        String newPw = ReaderUtil.readLn();
        am.changePassword(user, newPw.toCharArray());
        System.out.println("userId [" + userId + "]");
        System.out.println("password has been changed");
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("changePassword caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(),
                e);
    }
    ReaderUtil.readChar();
}

From source file:com.cws.esolutions.security.processors.impl.AccountChangeProcessorImpl.java

/**
 * @see com.cws.esolutions.security.processors.interfaces.IAccountChangeProcessor#changeUserSecurity(com.cws.esolutions.security.processors.dto.AccountChangeRequest)
 */// ww  w. ja v a  2s . co  m
public AccountChangeResponse changeUserSecurity(final AccountChangeRequest request)
        throws AccountChangeException {
    final String methodName = IAccountChangeProcessor.CNAME
            + "#changeUserSecurity(final AccountChangeRequest request) throws AccountChangeException";

    if (DEBUG) {
        DEBUGGER.debug(methodName);
        DEBUGGER.debug("AccountChangeRequest: {}", request);
    }

    AccountChangeResponse response = new AccountChangeResponse();

    final Calendar calendar = Calendar.getInstance();
    final RequestHostInfo reqInfo = request.getHostInfo();
    final UserAccount requestor = request.getRequestor();
    final UserAccount userAccount = request.getUserAccount();
    final AuthenticationData reqSecurity = request.getUserSecurity();

    if (DEBUG) {
        DEBUGGER.debug("Calendar: {}", calendar);
        DEBUGGER.debug("RequestHostInfo: {}", reqInfo);
        DEBUGGER.debug("UserAccount: {}", requestor);
        DEBUGGER.debug("UserAccount: {}", userAccount);
    }

    // ok, first things first. if this is an administrative reset, make sure the requesting user
    // is authorized to perform the action.
    if (!(StringUtils.equals(userAccount.getGuid(), requestor.getGuid()))) {
        // requesting user is not the same as the user being reset. no authorization here,
        // no one is allowed to change user security but the owning user
        response.setRequestStatus(SecurityRequestStatus.UNAUTHORIZED);

        return response;
    }

    try {
        // otherwise, keep going
        // make sure the two questions and answers arent the same
        if ((StringUtils.equals(reqSecurity.getSecQuestionOne(), reqSecurity.getSecQuestionTwo()))) {
            throw new AccountChangeException("The security questions must be different.");
        } else if ((StringUtils.equals(reqSecurity.getSecAnswerOne(), reqSecurity.getSecAnswerTwo()))) {
            throw new AccountChangeException("The security answers must be different.");
        } else {
            // ok, authenticate first
            String userSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name());

            if (StringUtils.isNotEmpty(userSalt)) {
                // we aren't getting the data back here because we don't need it. if the request
                // fails we'll get an exception and not process further. this might not be the
                // best flow control, but it does exactly what we need where we need it.
                authenticator.performLogon(userAccount.getUsername(),
                        PasswordUtils.encryptText(reqSecurity.getPassword(), userSalt,
                                secBean.getConfigData().getSecurityConfig().getAuthAlgorithm(),
                                secBean.getConfigData().getSecurityConfig().getIterations(),
                                secBean.getConfigData().getSystemConfig().getEncoding()));

                // ok, thats out of the way. lets keep moving.
                String newUserSalt = RandomStringUtils.randomAlphanumeric(secConfig.getSaltLength());

                if (StringUtils.isNotEmpty(newUserSalt)) {
                    // get rollback information in case something breaks...
                    // we already have the existing expiry and password, all we really need to get here is the salt.
                    String existingSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.RESET.name());

                    if (StringUtils.isNotEmpty(existingSalt)) {
                        // make the backout
                        List<String> currentSec = authenticator.obtainSecurityData(userAccount.getUsername(),
                                userAccount.getGuid());

                        // good, move forward
                        // make the modification in the user repository
                        boolean isComplete = userManager.modifyUserSecurity(userAccount.getUsername(),
                                new ArrayList<String>(Arrays.asList(reqSecurity.getSecQuestionOne(),
                                        reqSecurity.getSecQuestionTwo(),
                                        PasswordUtils.encryptText(reqSecurity.getSecAnswerOne(), newUserSalt,
                                                secConfig.getAuthAlgorithm(), secConfig.getIterations(),
                                                secBean.getConfigData().getSystemConfig().getEncoding()),
                                        PasswordUtils.encryptText(reqSecurity.getSecAnswerTwo(), newUserSalt,
                                                secConfig.getAuthAlgorithm(), secConfig.getIterations(),
                                                secBean.getConfigData().getSystemConfig().getEncoding()))));

                        if (DEBUG) {
                            DEBUGGER.debug("isComplete: {}", isComplete);
                        }

                        if (isComplete) {
                            // now update the salt
                            isComplete = userSec.addOrUpdateSalt(userAccount.getGuid(), newUserSalt,
                                    SaltType.RESET.name());

                            if (isComplete) {
                                response.setRequestStatus(SecurityRequestStatus.SUCCESS);
                            } else {
                                // something failed. we're going to undo what we did in the user
                                // repository, because we couldnt update the salt value. if we don't
                                // undo it then the user will never be able to login without admin
                                // intervention
                                boolean isReverted = userManager.modifyUserSecurity(userAccount.getUsername(),
                                        new ArrayList<String>(Arrays.asList(currentSec.get(0),
                                                currentSec.get(1), currentSec.get(2), currentSec.get(3))));

                                if (DEBUG) {
                                    DEBUGGER.debug("isReverted: {}", isReverted);
                                }

                                boolean backoutSalt = userSec.addOrUpdateSalt(userAccount.getGuid(),
                                        existingSalt, SaltType.RESET.name());

                                if (DEBUG) {
                                    DEBUGGER.debug("backoutSalt: {}", backoutSalt);
                                }

                                if (!(isReverted) && (!(backoutSalt))) {
                                    throw new AccountChangeException(
                                            "Failed to modify the user account and unable to revert to existing state.");
                                }

                                response.setRequestStatus(SecurityRequestStatus.FAILURE);
                            }
                        } else {
                            response.setRequestStatus(SecurityRequestStatus.FAILURE);
                        }
                    } else {
                        ERROR_RECORDER.error("Unable to generate new salt for provided user account.");

                        response.setRequestStatus(SecurityRequestStatus.FAILURE);
                    }
                } else {
                    ERROR_RECORDER
                            .error("Unable to obtain existing salt value from datastore. Cannot continue.");

                    response.setRequestStatus(SecurityRequestStatus.FAILURE);
                }
            } else {
                ERROR_RECORDER.error("Unable to obtain configured user salt. Cannot continue");

                response.setRequestStatus(SecurityRequestStatus.FAILURE);
            }
        }
    } catch (SQLException sqx) {
        ERROR_RECORDER.error(sqx.getMessage(), sqx);

        throw new AccountChangeException(sqx.getMessage(), sqx);
    } catch (UserManagementException umx) {
        ERROR_RECORDER.error(umx.getMessage(), umx);

        throw new AccountChangeException(umx.getMessage(), umx);
    } catch (AuthenticatorException ax) {
        ERROR_RECORDER.error(ax.getMessage(), ax);

        throw new AccountChangeException(ax.getMessage(), ax);
    } catch (SecurityException sx) {
        ERROR_RECORDER.error(sx.getMessage(), sx);

        throw new AccountChangeException(sx.getMessage(), sx);
    } finally {
        // audit
        try {
            AuditEntry auditEntry = new AuditEntry();
            auditEntry.setHostInfo(reqInfo);
            auditEntry.setAuditType(AuditType.ADDSECURITY);
            auditEntry.setUserAccount(requestor);
            auditEntry.setAuthorized(Boolean.TRUE);
            auditEntry.setApplicationId(request.getApplicationId());
            auditEntry.setApplicationName(request.getApplicationName());

            if (DEBUG) {
                DEBUGGER.debug("AuditEntry: {}", auditEntry);
            }

            AuditRequest auditRequest = new AuditRequest();
            auditRequest.setAuditEntry(auditEntry);

            if (DEBUG) {
                DEBUGGER.debug("AuditRequest: {}", auditRequest);
            }

            auditor.auditRequest(auditRequest);
        } catch (AuditServiceException asx) {
            ERROR_RECORDER.error(asx.getMessage(), asx);
        }
    }

    return response;
}