List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:org.georchestra.extractorapp.ws.extractor.csw.CSWExtractor.java
/** * checks the permissions to access to the CSW * /* w ww .j a v a 2s . c o m*/ * @param request * @param username request user name * @param roles * * @throws IOException */ public void checkPermission(ExtractorLayerRequest request, String username, String roles) throws IOException { InputStream content = null; boolean isMetadata = false; try { final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); httpClientBuilder.setUserAgent(this.userAgent); HttpClientContext localContext = HttpClientContext.create(); final HttpHost httpHost = new HttpHost(request._isoMetadataURL.getHost(), request._isoMetadataURL.getPort()); HttpGet get = new HttpGet(request._isoMetadataURL.toURI()); if (username != null && (_secureHost.equalsIgnoreCase(request._isoMetadataURL.getHost()) || "127.0.0.1".equalsIgnoreCase(request._isoMetadataURL.getHost()) || "localhost".equalsIgnoreCase(request._isoMetadataURL.getHost()))) { LOG.debug(getClass().getName() + ".checkPermission - Secured Server: adding username header and role headers to request for checkPermission"); WfsExtractor.addImpersonateUserHeaders(username, roles, get); WfsExtractor.enablePreemptiveBasicAuth(request._isoMetadataURL, httpClientBuilder, localContext, httpHost, _adminUserName, _adminPassword); } else { LOG.debug("WcsExtractor.checkPermission - Non Secured Server"); } // checks whether it is a metadata final CloseableHttpClient httpclient = httpClientBuilder.build(); content = httpclient.execute(httpHost, get, localContext).getEntity().getContent(); String metadata = FileUtils.asString(content); Pattern regex = Pattern.compile("<(gmd:)?MD_Metadata*"); isMetadata = regex.matcher(metadata).find(); } catch (Exception e) { throw new IOException(e); } finally { if (content != null) content.close(); } if (!isMetadata) { throw new SecurityException("The metadata is not available: " + request._isoMetadataURL); } }
From source file:org.alfresco.extension.bulkimport.source.fs.FilesystemBulkImportSource.java
/** * @see org.alfresco.extension.bulkimport.source.AbstractBulkImportSource#init(org.alfresco.extension.bulkimport.source.BulkImportSourceStatus, java.util.Map) *//*from w w w . j ava 2 s.co m*/ @Override public void init(final BulkImportSourceStatus importStatus, final Map<String, List<String>> parameters) { final List<String> sourceDirectoryParameterValues = parameters.get(PARAMETER_SOURCE_DIRECTORY); String sourceDirectoryName = null; if (sourceDirectoryParameterValues == null || sourceDirectoryParameterValues.size() != 1) { throw new IllegalArgumentException("Mandatory parameter '" + PARAMETER_SOURCE_DIRECTORY + "' was missing, or provided more than once."); } sourceDirectoryName = sourceDirectoryParameterValues.get(0); if (sourceDirectoryName == null || sourceDirectoryName.trim().length() == 0) { throw new IllegalArgumentException("Source directory was provided, but is empty."); } sourceDirectory = new File(sourceDirectoryName); if (!sourceDirectory.exists()) { sourceDirectory = null; throw new RuntimeException( new FileNotFoundException("Source directory '" + sourceDirectoryName + "' doesn't exist.")); // Checked exceptions == #fail } if (!sourceDirectory.canRead()) { sourceDirectory = null; throw new SecurityException("No read access to source directory '" + sourceDirectoryName + "'."); } directoryAnalyser.init(importStatus); }
From source file:org.jactr.tools.async.controller.RemoteIOHandler.java
final synchronized public boolean isOwner(IoSession session) { boolean couldBeOwner = getCredentials().equals(session.getAttribute(CREDENTIALS)); if (couldBeOwner) { if (_ownerSession == null) { _ownerSession = session;/*from w ww .j a v a 2 s. c o m*/ if (LOGGER.isDebugEnabled()) LOGGER.debug("Acknowledging login"); session.write(new LoginAcknowledgedMessage(true, "You are the owner of this runtime")); } if (session != _ownerSession) { String msg = "Another session with the same credentials owns this runtime"; if (LOGGER.isDebugEnabled()) LOGGER.debug("Rejecting login : " + msg); session.write(new LoginAcknowledgedMessage(false, msg)); throw new SecurityException(msg); } } else if (LOGGER.isDebugEnabled()) LOGGER.debug(getCredentials() + " do not match those of session " + session.getAttribute(CREDENTIALS)); return couldBeOwner; }
From source file:com.tc.management.JMXConnectorProxy.java
private void determineConnector() throws Exception { JMXServiceURL url = new JMXServiceURL(getSecureJMXConnectorURL(m_host, m_port)); if (m_secured) { RMIClientSocketFactory csf; if (Boolean.getBoolean("tc.ssl.trustAllCerts")) { csf = new TSASSLSocketFactory(); } else {//from ww w . ja v a2 s .c om csf = new SslRMIClientSocketFactory(); } SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(); m_env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf); m_env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf); // Needed to avoid "non-JRMP server at remote endpoint" error m_env.put("com.sun.jndi.rmi.factory.socket", csf); m_serviceURL = new JMXServiceURL("service:jmx:rmi://" + m_host + ":" + m_port + "/jndi/rmi://" + m_host + ":" + m_port + "/jmxrmi"); m_connector = JMXConnectorFactory.connect(url, m_env); } else { try { m_connector = JMXConnectorFactory.connect(url, m_env); m_serviceURL = url; } catch (IOException ioe) { if (isConnectException(ioe)) { throw ioe; } if (isAuthenticationException(ioe)) { throw new SecurityException("Invalid login name or credentials"); } url = new JMXServiceURL(getJMXConnectorURL(m_host, m_port)); m_connector = JMXConnectorFactory.connect(url, m_env); m_serviceURL = url; } } }
From source file:org.directwebremoting.dwrp.PollHandler.java
public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException { // If you're new to understanding this file, you may wish to skip this // step and come back to it later ;-) // So Jetty does something a bit weird with Ajax Continuations. You // suspend a request (which works via an exception) while keeping hold // of a continuation object. There are methods on this continuation // object to restart the request. Also you can write to the output at // any time the request is suspended. When the continuation is // restarted, rather than restart the thread from where is was // suspended, it starts it from the beginning again. Since we are able // to write to the response outside of the servlet thread, there is no // need for us to do anything if we have been restarted. So we ignore // all Jetty continuation restarts. if (JettyContinuationSleeper.isRestart(request)) { JettyContinuationSleeper.restart(request); return;/*from w w w . ja va2 s. c o m*/ } // A PollBatch is the information that we expect from the request. // if the parse fails we can do little more than tell the browser that // something went wrong. final PollBatch batch; try { batch = new PollBatch(request, pageNormalizer); } catch (ServerException ex) { // Send a batch exception to the server because the parse failed String script = EnginePrivate.getRemoteHandleBatchExceptionScript(null, ex); sendErrorScript(response, script); return; } String bodySessionId = batch.getHttpSessionId(); if (crossDomainSessionSecurity) { checkNotCsrfAttack(request, bodySessionId); } // We might need to complain that reverse ajax is not enabled. if (!activeReverseAjaxEnabled) { log.error( "Polling and Comet are disabled. To enable them set the init-param activeReverseAjaxEnabled to true. See http://getahead.org/dwr/server/servlet for more."); String script = EnginePrivate.getRemotePollCometDisabledScript(batch.getBatchId()); sendErrorScript(response, script); return; } // Complain if GET is disallowed if (batch.isGet() && !allowGetForSafariButMakeForgeryEasier) { // Send a batch exception to the server because the parse failed String script = EnginePrivate.getRemoteHandleBatchExceptionScript(batch.getBatchId(), new SecurityException("GET Disallowed")); sendErrorScript(response, script); return; } // A script conduit is some route from a ScriptSession back to the page // that belongs to the session. There may be zero or many of these // conduits (although if there are more than 2, something is strange) // All scripts destined for a page go to a ScriptSession and then out // via a ScriptConduit. final RealScriptSession scriptSession = batch.getScriptSession(); // Create a conduit depending on the type of request (from the URL) final BaseScriptConduit conduit = createScriptConduit(batch, response); // So we're going to go to sleep. How do we wake up? final Sleeper sleeper; // If this is Jetty then we can use Continuations if (Continuation.isJetty()) { sleeper = new JettyContinuationSleeper(request); } else { sleeper = new ThreadWaitSleeper(); } // There are various reasons why we want to wake up and carry on ... final List alarms = new ArrayList(); // If the conduit has an error flushing data, it needs to give up alarms.add(conduit.getErrorAlarm()); // Set the system up to resume on output (perhaps with delay) if (batch.getPartialResponse() == PartialResponse.NO || maxWaitAfterWrite != -1) { // add an output listener to the script session that calls the // "wake me" method on whatever is putting us to sleep alarms.add(new OutputAlarm(scriptSession, maxWaitAfterWrite)); } // Set the system up to resume anyway after maxConnectedTime long connectedTime = serverLoadMonitor.getConnectedTime(); alarms.add(new TimedAlarm(connectedTime)); // We also need to wake-up if the server is being shut down // WARNING: This code has a non-obvious side effect - The server load // monitor (which hands out shutdown messages) also monitors usage by // looking at the number of connected alarms. alarms.add(new ShutdownAlarm(serverLoadMonitor)); // Make sure that all the alarms know what to wake for (Iterator it = alarms.iterator(); it.hasNext();) { Alarm alarm = (Alarm) it.next(); alarm.setAlarmAction(sleeper); } // Register the conduit with a script session so messages can get out. // This must happen late on in this method because this will cause any // scripts cached in the script session (because there was no conduit // available when they were written) to be sent to the conduit. // We need any AlarmScriptConduits to be notified so they can make // maxWaitWfterWrite work for all cases scriptSession.addScriptConduit(conduit); // We need to do something sensible when we wake up ... Runnable onAwakening = new Runnable() { public void run() { // Cancel all the alarms for (Iterator it = alarms.iterator(); it.hasNext();) { Alarm alarm = (Alarm) it.next(); alarm.cancel(); } // We can't be used as a conduit to the browser any more scriptSession.removeScriptConduit(conduit); // Tell the browser to come back at the right time try { int timeToNextPoll = serverLoadMonitor.getDisconnectedTime(); conduit.close(timeToNextPoll); } catch (IOException ex) { log.warn("Failed to write reconnect info to browser"); } } }; // Actually go to sleep. This *must* be the last thing in this method to // cope with all the methods of affecting Threads. Jetty throws, // Weblogic continues, others wait(). sleeper.goToSleep(onAwakening); }
From source file:it.greenvulcano.gvesb.gviamx.service.internal.PasswordResetManager.java
public PasswordResetRequest retrievePasswordResetRequest(String email, String token) { PasswordResetRequest signupRequest = repository.get(email.toLowerCase(), PasswordResetRequest.class) .orElseThrow(() -> new IllegalArgumentException("No password reset request found for this email")); if (DigestUtils.sha256Hex(token).equals(signupRequest.getToken())) { if (System.currentTimeMillis() > signupRequest.getIssueTime().getTime() + signupRequest.getExpireTime()) { repository.remove(signupRequest); throw new SecurityException("No password reset request found for this email"); }//from w ww .j ava 2s . c om return signupRequest; } else { throw new SecurityException("Token missmatch"); } }
From source file:cn.newgxu.lab.info.controller.NoticeController.java
@RequestMapping(value = "/notices/{notice_id}", method = RequestMethod.POST) public String modify(Notice notice, HttpSession session, RedirectAttributes attributes, @PathVariable("notice_id") long nid, @RequestParam("name") String fileName, @RequestParam("file") MultipartFile file) { AuthorizedUser au = checkLogin(session); Notice persistentNotice = noticeService.find(nid); Assert.notNull("????", persistentNotice); if (!persistentNotice.getUser().equals(au)) { throw new SecurityException("???"); }/*from w w w . j a v a 2 s. c om*/ if (!file.isEmpty()) { fileDelete(persistentNotice); } persistentNotice.setTitle(notice.getTitle()); persistentNotice.setContent(notice.getContent()); fileUpload(notice, fileName, file); persistentNotice.setDocName(notice.getDocName()); persistentNotice.setDocUrl(notice.getDocUrl()); noticeService.update(persistentNotice); attributes.addAttribute("from", -1); attributes.addAttribute("status", "ok"); return "redirect:/" + Config.APP + "/notices/" + nid; }
From source file:android.framework.util.jar.JarVerifier.java
private SecurityException failedVerification(String jarName, String signatureFile) { throw new SecurityException(jarName + " failed verification of " + signatureFile); }
From source file:net.sourceforge.subsonic.service.PlaylistService.java
private void checkAccess(File file) { if (!securityService.isWriteAllowed(file)) { throw new SecurityException("Access denied to file " + file); }//from www. j a va 2 s . co m }
From source file:org.madsonic.service.MediaFileService.java
/** * Returns a media file instance for the given file. If possible, a cached value is returned. * * @param file A file on the local file system. * @return A media file instance, or null if not found. * @throws SecurityException If access is denied to the given file. *//*from ww w . j av a 2 s. c om*/ public MediaFile getMediaFile(File file, boolean useFastCache) { // Look in fast memory cache first. MediaFile result = getFromMemoryCache(file); if (result != null) { return result; } if (!securityService.isReadAllowed(file)) { throw new SecurityException("Access denied to file " + file); } // Secondly, look in database. result = mediaFileDao.getMediaFile(file.getPath()); if (result != null) { result = checkLastModified(result, useFastCache); putInMemoryCache(file, result); return result; } if (!FileUtil.exists(file)) { return null; } // Not found in database, must read from disk. result = createMediaFile(file); // Put in cache and database. putInMemoryCache(file, result); mediaFileDao.createOrUpdateMediaFile(result); return result; }