List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:com.linkedin.pinot.common.utils.KafkaStarterUtils.java
private static void invokeTopicCommand(String[] args) { // jfim: Use Java security to trap System.exit in Kafka 0.9's TopicCommand System.setSecurityManager(new SecurityManager() { @Override// w ww . jav a 2 s .com public void checkPermission(Permission perm) { if (perm.getName().startsWith("exitVM")) { throw new SecurityException("System.exit is disabled"); } } @Override public void checkPermission(Permission perm, Object context) { checkPermission(perm); } }); try { TopicCommand.main(args); } catch (SecurityException ex) { // Do nothing, this is caused by our security manager that disables System.exit } System.setSecurityManager(null); }
From source file:org.nebula.framework.core.Authorization.java
public boolean authenticate(String secretKey) { String accessId = getAccessId(); if (accessId == null || accessId.trim().length() == 0) { throw new IllegalArgumentException("The accessId can't be blank"); }// www .ja v a 2s . com String stringToSign = toStringToSign(secretKey); String expectedSignature = hashWithSalt(stringToSign, secretKey); String actualSignature = getField(SIGNATURE_FLAG); if (expectedSignature == null || actualSignature == null || !expectedSignature.equals(actualSignature)) { log.error("The expectedSignature " + expectedSignature + " and actualSignature " + actualSignature + " doesn't match"); throw new SecurityException("The request signature is incorrect."); } return true; }
From source file:be.e_contract.eid.applet.service.impl.handler.IdentityDataMessageHandler.java
@Override public Object handleMessage(IdentityDataMessage message, Map<String, String> httpHeaders, HttpServletRequest request, HttpSession session) throws ServletException { LOG.debug("handle identity"); X509Certificate rrnCertificate = getCertificate(message.rrnCertFile); X509Certificate rootCertificate = getCertificate(message.rootCertFile); List<X509Certificate> rrnCertificateChain = new LinkedList<X509Certificate>(); rrnCertificateChain.add(rrnCertificate); rrnCertificateChain.add(rootCertificate); IdentificationEvent identificationEvent = new IdentificationEvent(rrnCertificateChain); BeIDContextQualifier contextQualifier = new BeIDContextQualifier(request); try {/* w w w . j av a 2s . co m*/ this.identificationEvent.select(contextQualifier).fire(identificationEvent); } catch (ExpiredCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED); } catch (RevokedCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED); } catch (TrustCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED); } catch (CertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE); } if (false == identificationEvent.isValid()) { SecurityAuditEvent securityAuditEvent = new SecurityAuditEvent(Incident.TRUST, rrnCertificate); this.securityAuditEvent.select(contextQualifier).fire(securityAuditEvent); throw new SecurityException("invalid national registry certificate chain"); } verifySignature(contextQualifier, rrnCertificate.getSigAlgName(), message.identitySignatureFile, rrnCertificate, request, message.idFile); Identity identity = TlvParser.parse(message.idFile, Identity.class); if (null != message.photoFile) { LOG.debug("photo file size: " + message.photoFile.length); /* * Photo integrity check. */ byte[] expectedPhotoDigest = identity.photoDigest; byte[] actualPhotoDigest = digestPhoto(getDigestAlgo(expectedPhotoDigest.length), message.photoFile); if (false == Arrays.equals(expectedPhotoDigest, actualPhotoDigest)) { SecurityAuditEvent securityAuditEvent = new SecurityAuditEvent(Incident.DATA_INTEGRITY, message.photoFile); this.securityAuditEvent.select(contextQualifier).fire(securityAuditEvent); throw new ServletException("photo digest incorrect"); } } Address address; if (null != message.addressFile) { byte[] addressFile = trimRight(message.addressFile); verifySignature(contextQualifier, rrnCertificate.getSigAlgName(), message.addressSignatureFile, rrnCertificate, request, addressFile, message.identitySignatureFile); address = TlvParser.parse(message.addressFile, Address.class); } else { address = null; } /* * Check the validity of the identity data as good as possible. */ GregorianCalendar cardValidityDateEndGregorianCalendar = identity.getCardValidityDateEnd(); if (null != cardValidityDateEndGregorianCalendar) { Date now = new Date(); Date cardValidityDateEndDate = cardValidityDateEndGregorianCalendar.getTime(); if (now.after(cardValidityDateEndDate)) { SecurityAuditEvent securityAuditEvent = new SecurityAuditEvent(Incident.DATA_INTEGRITY, message.idFile); this.securityAuditEvent.select(contextQualifier).fire(securityAuditEvent); throw new SecurityException("eID card has expired"); } } this.identityEvent.select(contextQualifier).fire(new IdentityEvent(identity, address, message.photoFile)); return new FinishedMessage(); }
From source file:net.sourceforge.subsonic.service.MediaFileService.java
public MediaFile getMediaFile(int id) { MediaFile mediaFile = mediaFileDao.getMediaFile(id); if (!securityService.isReadAllowed(mediaFile.getFile())) { throw new SecurityException("Access denied to file " + mediaFile); }/*from w w w.j a v a2s . co m*/ return mediaFile; }
From source file:org.mifos.framework.util.ConfigurationLocator.java
private String forceConfDirectoryCreation() { String homeDirectory = getHomeProperty(); String userConfigDirectory = homeDirectory + '/' + MIFOS_USER_CONFIG_DIRECTORY_NAME; File mifosConf = new File(userConfigDirectory); if (!mifosConf.mkdir()) { throw new SecurityException("unable to create .mifos under user.home"); }/*from ww w .j a va 2 s .com*/ return userConfigDirectory; }
From source file:org.apereo.portal.soffit.service.AbstractJwtService.java
protected Jws<Claims> parseEncrypteToken(String encryptedToken, Class<? extends ITokenizable> clazz) { // Decryption final String jwt = textEncryptor.decrypt(encryptedToken); final Jws<Claims> rslt = Jwts.parser().setSigningKey(signatureKey).parseClaimsJws(jwt); // Token expired? final Date expires = rslt.getBody().getExpiration(); if (expires.before(new Date())) { final String msg = "The specified token is expired: " + rslt; throw new SecurityException(msg); }/*from w w w .j av a2 s.co m*/ // Sanity check final String s = (String) rslt.getBody().get(JwtClaims.CLASS.getName()); if (!clazz.getName().equals(s)) { // Opportunity for future versioning of the data model... needs work String msg = "Token class mismatch; expected '" + clazz.getName() + "' but was '" + s + "'"; throw new RuntimeException(msg); } return rslt; }
From source file:be.fedict.eid.idp.model.applet.AuthenticationServiceBean.java
public void validateCertificateChain(List<X509Certificate> certificateChain) throws SecurityException { LOG.debug("validate certificate: " + certificateChain.get(0).getSubjectX500Principal()); String xkmsUrl = this.configuration.getValue(ConfigProperty.XKMS_URL, String.class); if (null == xkmsUrl || xkmsUrl.trim().isEmpty()) { LOG.warn("no XKMS URL configured!"); return;/*w w w .j ava 2 s .c o m*/ } RPEntity rp = AppletUtil.getSessionAttribute(Constants.RP_SESSION_ATTRIBUTE); String xkmsTrustDomain = null; if (null != rp) { xkmsTrustDomain = rp.getAuthnTrustDomain(); } if (null == xkmsTrustDomain || xkmsTrustDomain.trim().isEmpty()) { xkmsTrustDomain = this.configuration.getValue(ConfigProperty.XKMS_AUTH_TRUST_DOMAIN, String.class); } if (null != xkmsTrustDomain) { if (xkmsTrustDomain.trim().isEmpty()) { xkmsTrustDomain = null; } } LOG.debug("Trust domain=" + xkmsTrustDomain); XKMS2Client xkms2Client = new XKMS2Client(xkmsUrl); Boolean useHttpProxy = this.configuration.getValue(ConfigProperty.HTTP_PROXY_ENABLED, Boolean.class); if (null != useHttpProxy && useHttpProxy) { String httpProxyHost = this.configuration.getValue(ConfigProperty.HTTP_PROXY_HOST, String.class); int httpProxyPort = this.configuration.getValue(ConfigProperty.HTTP_PROXY_PORT, Integer.class); LOG.debug("use proxy: " + httpProxyHost + ":" + httpProxyPort); xkms2Client.setProxy(httpProxyHost, httpProxyPort); } else { // disable previously set proxy xkms2Client.setProxy(null, 0); } try { LOG.debug("validating certificate chain"); if (null != xkmsTrustDomain) { xkms2Client.validate(xkmsTrustDomain, certificateChain); } else { xkms2Client.validate(certificateChain); } } catch (ValidationFailedException e) { LOG.warn("invalid certificate: " + e.getMessage()); for (String reason : e.getReasons()) { if (reason.equals(XKMSConstants.KEY_BINDING_REASON_VALIDITY_INTERVAL_URI)) { throw new ExpiredCertificateSecurityException(); } else if (reason.equals(XKMSConstants.KEY_BINDING_REASON_REVOCATION_STATUS_URI)) { throw new RevokedCertificateSecurityException(); } else if (reason.equals(XKMSConstants.KEY_BINDING_REASON_ISSUER_TRUST_URI)) { throw new TrustCertificateSecurityException(); } else { throw new CertificateSecurityException(); } } throw new SecurityException("invalid certificate"); } catch (Exception e) { LOG.warn("eID Trust Service error: " + e.getMessage(), e); throw new SecurityException("eID Trust Service error"); } }
From source file:com.sibvisions.rad.server.security.spring.SpringSecurityManager.java
/** * {@inheritDoc}//from w w w . j a va 2 s . c o m */ public void validateAuthentication(ISession pSession) { SecurityContext securityContext = SecurityContextHolder.getContext(); if (securityContext != null) { Authentication authentication = securityContext.getAuthentication(); if (authentication != null && authentication.isAuthenticated()) { Hashtable<String, Object> metadataProperties = new Hashtable<String, Object>(); metadataProperties.put("authentication", authentication); ISpringMetaDataHandler metaDataHandler = getAuthenticationMetaDataHandler(metadataProperties, pSession); if (pSession instanceof AbstractSession) { ((AbstractSession) pSession).setUserName(metaDataHandler.getUsername()); ((AbstractSession) pSession).setPassword(metaDataHandler.getPassword()); } pSession.setProperty(METADATA_HANDLER, metaDataHandler); if (!(authentication instanceof WrappedAuthentication)) { authentication = new WrappedAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication); } // set the jvx session id into the authentication object for the logout (success) handler ((WrappedAuthentication) authentication).setProperty(SESSION_ID, pSession.getId()); // set the logout process url Object logoutProcessUrl = ((WrappedAuthentication) authentication).getProperty(LOGOUT_PROCESS_URL); if (logoutProcessUrl == null) { HttpContext context = HttpContext.getCurrentInstance(); if (context != null) { HttpSession session = ((HttpServletRequest) context.getRequest()).getSession(false); if (session != null) { logoutProcessUrl = session.getAttribute(LOGOUT_PROCESS_URL); } } } pSession.setProperty(LOGOUT_PROCESS_URL, logoutProcessUrl); } else { throw new SecurityException("Access denied! The authentication could not be established."); } } else { throw new SecurityException("Access denied! The security context could not be established."); } }
From source file:com.mastercard.test.spring.security.SpringSecurityJUnit4ClassRunnerMethodAnnotationTests.java
@Test(expected = SecurityException.class) @WithUserDetails/*from w w w .ja v a 2 s. c o m*/ public void runningWithOneBasicUserThatRequiresAutowiringSupportsExpectedExceptionsAndExecutesOneTime() { throw new SecurityException("Test"); }
From source file:android.framework.util.jar.JarVerifier.java
private SecurityException invalidDigest(String signatureFile, String name, String jarName) { throw new SecurityException(signatureFile + " has invalid digest for " + name + " in " + jarName); }