List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:edu.umich.flowfence.client.Sealed.java
public T declassify(boolean mergeTaints, ClassLoader loader) { try {//from ww w . java2s.co m ParceledPayloadExceptionResult result = getHandle().tryDeclassify(mergeTaints); if (result == null) { throw new SecurityException("Declassify denied"); } return declassifyCommon(result, loader); } catch (RemoteException e) { ParceledThrowable.throwUnchecked(e); return null; } }
From source file:be.e_contract.mycarenet.etee.EncryptionToken.java
private X509Certificate parseEncryptionCertificate(byte[] encodedEncryptionToken) throws CMSException, CertificateException, IOException, OperatorCreationException { CMSSignedData cmsSignedData = new CMSSignedData(encodedEncryptionToken); // get signer identifier SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); // get signer certificate Store certificateStore = cmsSignedData.getCertificates(); LOG.debug("certificate store type: " + certificateStore.getClass().getName()); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> signingCertificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder signingCertificateHolder = signingCertificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate signingCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(signingCertificateHolder.getEncoded())); LOG.debug("signing certificate: " + signingCertificate.getSubjectX500Principal()); // verify CMS signature SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(signingCertificate);//from w w w . j a v a 2s . co m boolean signatureResult = signer.verify(signerInformationVerifier); if (false == signatureResult) { throw new SecurityException("ETK signature invalid"); } // get encryption certificate CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); X509Certificate encryptionCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(data)); LOG.debug("all available certificates:"); logCertificates(certificateStore, null); // get authentication certificate CustomSelector authenticationSelector = new CustomSelector(); authenticationSelector.setSubject(encryptionCertificate.getIssuerX500Principal()); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> authenticationCertificates = certificateStore .getMatches(authenticationSelector); if (authenticationCertificates.size() != 1) { LOG.debug("no authentication certificate match"); } X509CertificateHolder authenticationCertificateHolder = authenticationCertificates.iterator().next(); this.authenticationCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(authenticationCertificateHolder.getEncoded())); verifyProxyCertificate(encryptionCertificate, this.authenticationCertificate); return encryptionCertificate; }
From source file:com.mastercard.test.spring.security.SpringSecurityJUnit4ClassRunnerMethodAnnotationTests.java
@Test(expected = SecurityException.class) @WithMockUser/*from w w w .ja v a 2 s . c o m*/ public void runningWithOneBasicUserSupportsExpectedExceptionsAndExecutesOneTime() { throw new SecurityException("Test"); }
From source file:eu.trentorise.smartcampus.permissionprovider.manager.ProviderServiceAdapter.java
/** * Updates of user attributes using the values obtained from http request * // w w w. j a va 2s . co m * @param authorityUrl * the url of authority used from user to authenticate himself * @param map * @param req * the http request * @return the authentication token of the user (renew if it's expired) * @throws AcServiceException */ public User updateUser(String authorityUrl, Map<String, String> map, HttpServletRequest req) { Authority auth = authorityRepository.findByRedirectUrl(authorityUrl); if (auth == null) { throw new IllegalArgumentException("Unknown authority URL: " + authorityUrl); } // read received attribute values Map<String, String> attributes = attrAdapter.getAttributes(auth.getName(), map, req); List<Attribute> list = extractIdentityAttributes(auth, attributes, true); // find user by identity attributes List<User> users = userRepository.getUsersByAttributes(list); if (users == null) users = new ArrayList<User>(); if (users.size() > 1) { list = extractIdentityAttributes(auth, attributes, false); users = userRepository.getUsersByAttributes(list); if (users == null) users = new ArrayList<User>(); if (users.size() > 1) { throw new IllegalArgumentException("The request attributes identify more than one user"); } } // fillin attribute list list.clear(); populateAttributes(auth, attributes, list, users.isEmpty() ? null : users.get(0).getAttributeEntities()); // check the access rights for the user with respect to the whitelist if (!secAdapter.access(auth.getName(), new ArrayList<String>(attributes.keySet()), attributes)) { throw new SecurityException("Access denied to user"); } User user = null; if (users.isEmpty()) { String socialId = "1"; user = new User(socialId, attributes.get(Config.NAME_ATTR), attributes.get(Config.SURNAME_ATTR), new HashSet<Attribute>(list)); user = userRepository.save(user); if (!testMode) { try { socialId = socialEngine.createUser("" + user.getId()); user.setSocialId(socialId); userRepository.save(user); } catch (SocialEngineException e) { throw new IllegalArgumentException(e.getMessage(), e); } } } else { user = users.get(0); attributeRepository.deleteInBatch(user.getAttributeEntities()); user.setAttributeEntities(new HashSet<Attribute>(list)); user.updateNames(attributes.get(Config.NAME_ATTR), attributes.get(Config.SURNAME_ATTR)); userRepository.save(user); } return user; }
From source file:org.nuxeo.elasticsearch.http.readonly.filter.RequestValidator.java
public void checkAccess(NuxeoPrincipal principal, String docAcl) { try {//from w w w . j a v a 2 s . co m JSONObject docAclJson = new JSONObject(docAcl); JSONArray acl = docAclJson.getJSONObject("fields").getJSONArray("ecm:acl"); String[] principals = SecurityService.getPrincipalsToCheck(principal); for (int i = 0; i < acl.length(); i++) for (String name : principals) { if (name.equals(acl.getString(i))) { return; } } } catch (JSONException e) { // throw a securityException } throw new SecurityException("Unauthorized access"); }
From source file:org.apache.bookkeeper.tls.TLSContextFactory.java
private KeyManagerFactory initKeyManagerFactory(String keyStoreType, String keyStoreLocation, String keyStorePasswordPath) throws SecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeySpecException { KeyManagerFactory kmf = null; if (Strings.isNullOrEmpty(keyStoreLocation)) { LOG.error("Key store location cannot be empty when Mutual Authentication is enabled!"); throw new SecurityException( "Key store location cannot be empty when Mutual Authentication is enabled!"); }/*w ww . j a v a 2 s . c o m*/ String keyStorePassword = ""; if (!Strings.isNullOrEmpty(keyStorePasswordPath)) { keyStorePassword = getPasswordFromFile(keyStorePasswordPath); } // Initialize key file KeyStore ks = loadKeyStore(keyStoreType, keyStoreLocation, keyStorePassword); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, keyStorePassword.trim().toCharArray()); return kmf; }
From source file:org.hyperic.hq.plugin.weblogic.WeblogicAuth.java
public Subject getSubject() throws SecurityException { if (this.subject != null) { return this.subject; }//w w w . ja v a 2 s . com StopWatch timer = null; if (this.loginContext == null) { if (log.isDebugEnabled()) { timer = new StopWatch(); } try { this.loginContext = new LoginContext(LOGIN_MODULE, this); this.loginContext.login(); } catch (LoginException e) { //e.printStackTrace(); this.loginContext = null; throw new SecurityException(e.getMessage()); } } this.subject = this.loginContext.getSubject(); if (timer != null) { log.debug(this.url + " login took: " + timer); } if (this.subject == null) { throw new SecurityException("Authentication failed: reason unknown."); } return this.subject; }
From source file:net.lr.jmsbridge.BridgeServlet.java
/** * Extract username and password from the HTTP Basic auth header * @param auth// w ww .j a v a 2 s . co m * @return * @throws IOException */ private UserNameAndPassword extractUserNamePassword(String auth) throws IOException { if (!auth.startsWith("Basic ")) { throw new SecurityException("Invalid auth scheme"); } String base64Auth = auth.substring(6); String decodedSt = new String(Base64.decodeBase64(base64Auth)); String[] userPasswd = decodedSt.split(":"); String userName = userPasswd[0]; String passwd = (userPasswd.length >= 2) ? userPasswd[1] : ""; return new UserNameAndPassword(userName, passwd); }
From source file:com.mastercard.test.spring.security.SpringSecurityJUnit4ClassRunnerMethodAnnotationTests.java
@Test(expected = SecurityException.class) @WithMockUser/*from w ww .j av a 2s .c o m*/ @WithMockUser public void runningWithTwoBasicUsersSupportsExpectedExceptionsAndExecutesTwoTimes() { throw new SecurityException("Test"); }
From source file:com.apporiented.hermesftp.utils.SecurityUtil.java
/** * Create the security context required for SSL communication. * //from www . j av a 2 s .c o m * @param keyStoreFile The name of the keystore file. * @param keyStorePassword The password for the keystore. * @return The context. * @throws FtpConfigException Thrown on error in configuration. */ public static SSLContext createSslContext(String keyStoreFile, char[] keyStorePassword) throws FtpConfigException { SSLContext sslContext; try { /* Get keystore file and password */ InputStream ksInputStream = getKeyStoreInputStream(keyStoreFile); /* * Get the java keystore object an key manager. A keystore is where keys and * certificates are kept. */ KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(ksInputStream, keyStorePassword); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(keystore, keyStorePassword); /* * An SSLContext is an environment for implementing JSSE. It is used to create a * ServerSocketFactory */ sslContext = SSLContext.getInstance("SSL"); sslContext.init(kmf.getKeyManagers(), null, null); } catch (KeyManagementException e) { throw new SecurityException("A key management authorization problem occurred."); } catch (FileNotFoundException e) { throw new SecurityException("The key store file could not be found."); } catch (KeyStoreException e) { throw new SecurityException("A key store problem occurred."); } catch (NoSuchAlgorithmException e) { throw new SecurityException("The hash algorithm is not supported."); } catch (CertificateException e) { throw new SecurityException("Certificate could not be loaded."); } catch (UnrecoverableKeyException e) { throw new SecurityException("Key store cannot be recovered."); } catch (IOException e) { throw new SecurityException("Reading the key store failed."); } return sslContext; }