Example usage for java.lang SecurityException SecurityException

List of usage examples for java.lang SecurityException SecurityException

Introduction

In this page you can find the example usage for java.lang SecurityException SecurityException.

Prototype

public SecurityException(Throwable cause) 

Source Link

Document

Creates a SecurityException with the specified cause and a detail message of (cause==null ?

Usage

From source file:be.fedict.eid.applet.service.impl.handler.AuthenticationDataMessageHandler.java

public Object handleMessage(AuthenticationDataMessage message, Map<String, String> httpHeaders,
        HttpServletRequest request, HttpSession session) throws ServletException {
    LOG.debug("authentication data message received");

    if (null == message.authnCert) {
        /*//  w  w  w. j  a v a2s.  com
         * Can be the case for future (Kids) eID cards that have some
         * certificates missing.
         */
        String msg = "authentication certificate not present";
        LOG.warn(msg);
        throw new ServletException(msg);
    }
    byte[] signatureValue = message.signatureValue;
    LOG.debug("authn signing certificate subject: " + message.authnCert.getSubjectX500Principal());
    PublicKey signingKey = message.authnCert.getPublicKey();

    if (this.sessionIdChannelBinding) {
        checkSessionIdChannelBinding(message, request);
        if (null == this.serverCertificate) {
            LOG.warn("adviced to use in combination with server certificate channel binding");
        }
    }

    ChannelBindingService channelBindingService = this.channelBindingServiceLocator.locateService();
    if (null != this.serverCertificate || null != channelBindingService) {
        LOG.debug("using server certificate channel binding");
    }

    if (false == this.sessionIdChannelBinding && null == this.serverCertificate
            && null == channelBindingService) {
        LOG.warn("not using any secure channel binding");
    }

    byte[] challenge;
    try {
        challenge = AuthenticationChallenge.getAuthnChallenge(session, this.maxMaturity);
    } catch (SecurityException e) {
        AuditService auditService = this.auditServiceLocator.locateService();
        if (null != auditService) {
            String remoteAddress = request.getRemoteAddr();
            auditService.authenticationError(remoteAddress, message.authnCert);
        }
        throw new ServletException("security error: " + e.getMessage(), e);
    }

    byte[] serverCertificateClientPOV = null;
    try {
        if (null != message.serverCertificate) {
            serverCertificateClientPOV = message.serverCertificate.getEncoded();
        }
    } catch (CertificateEncodingException e) {
        throw new ServletException("server cert decoding error: " + e.getMessage(), e);
    }
    /*
     * We validate the authentication contract using the client-side
     * communicated server SSL certificate in case of secure channel
     * binding.
     */
    AuthenticationContract authenticationContract = new AuthenticationContract(message.saltValue, this.hostname,
            this.inetAddress, message.sessionId, serverCertificateClientPOV, challenge);
    byte[] toBeSigned;
    try {
        toBeSigned = authenticationContract.calculateToBeSigned();
    } catch (IOException e) {
        throw new ServletException("IO error: " + e.getMessage(), e);
    }

    try {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(signingKey);
        signature.update(toBeSigned);
        boolean result = signature.verify(signatureValue);
        if (false == result) {
            AuditService auditService = this.auditServiceLocator.locateService();
            if (null != auditService) {
                String remoteAddress = request.getRemoteAddr();
                auditService.authenticationError(remoteAddress, message.authnCert);
            }
            throw new SecurityException("authn signature incorrect");
        }
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityException("algo error");
    } catch (InvalidKeyException e) {
        throw new SecurityException("authn key error");
    } catch (SignatureException e) {
        throw new SecurityException("signature error");
    }

    RequestContext requestContext = new RequestContext(session);
    String transactionMessage = requestContext.getTransactionMessage();
    if (null != transactionMessage) {
        LOG.debug("verifying TransactionMessage signature");
        byte[] transactionMessageSignature = message.transactionMessageSignature;
        if (null == transactionMessageSignature) {
            throw new SecurityException("missing TransactionMessage signature");
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(Cipher.DECRYPT_MODE, signingKey);
            byte[] signatureDigestInfoValue = cipher.doFinal(transactionMessageSignature);
            ASN1InputStream aIn = new ASN1InputStream(signatureDigestInfoValue);
            DigestInfo signatureDigestInfo = new DigestInfo((ASN1Sequence) aIn.readObject());
            if (false == PLAIN_TEXT_DIGEST_ALGO_OID
                    .equals(signatureDigestInfo.getAlgorithmId().getObjectId().getId())) {
                throw new SecurityException("TransactionMessage signature algo OID incorrect");
            }
            if (false == Arrays.equals(transactionMessage.getBytes(), signatureDigestInfo.getDigest())) {
                throw new SecurityException("signed TransactionMessage incorrect");
            }
            LOG.debug("TransactionMessage signature validated");
        } catch (Exception e) {
            LOG.error("error verifying TransactionMessage signature", e);
            AuditService auditService = this.auditServiceLocator.locateService();
            if (null != auditService) {
                String remoteAddress = request.getRemoteAddr();
                auditService.authenticationError(remoteAddress, message.authnCert);
            }
            throw new SecurityException("error verifying TransactionMessage signature: " + e.getMessage());
        }
    }

    /*
     * Secure channel binding verification.
     */
    if (null != channelBindingService) {
        X509Certificate serverCertificate = channelBindingService.getServerCertificate();
        if (null == serverCertificate) {
            LOG.warn("could not verify secure channel binding as the server does not know its identity yet");
        } else {
            if (false == serverCertificate.equals(message.serverCertificate)) {
                AuditService auditService = this.auditServiceLocator.locateService();
                if (null != auditService) {
                    String remoteAddress = request.getRemoteAddr();
                    auditService.authenticationError(remoteAddress, message.authnCert);
                }
                throw new SecurityException("secure channel binding identity mismatch");
            }
            LOG.debug("secure channel binding verified");
        }
    } else {
        if (null != this.serverCertificate) {
            if (false == this.serverCertificate.equals(message.serverCertificate)) {
                AuditService auditService = this.auditServiceLocator.locateService();
                if (null != auditService) {
                    String remoteAddress = request.getRemoteAddr();
                    auditService.authenticationError(remoteAddress, message.authnCert);
                }
                throw new SecurityException("secure channel binding identity mismatch");
            }
            LOG.debug("secure channel binding verified");
        }
    }

    AuthenticationService authenticationService = this.authenticationServiceLocator.locateService();
    List<X509Certificate> certificateChain = new LinkedList<X509Certificate>();
    certificateChain.add(message.authnCert);
    certificateChain.add(message.citizenCaCert);
    certificateChain.add(message.rootCaCert);
    certificateChain.add(message.rrnCertificate);
    try {
        authenticationService.setHttpSessionObject(request.getSession());
        authenticationService.validateCertificateChain(certificateChain);
    } catch (ExpiredCertificateSecurityException e) {
        return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED);
    } catch (RevokedCertificateSecurityException e) {
        return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED);
    } catch (TrustCertificateSecurityException e) {
        return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED);
    } catch (CertificateSecurityException e) {
        return new FinishedMessage(ErrorCode.CERTIFICATE);
    } catch (Exception e) {
        /*
         * We don't want to depend on the full JavaEE profile in this
         * artifact.
         */
        if ("javax.ejb.EJBException".equals(e.getClass().getName())) {
            Exception exception;
            try {
                Method getCausedByExceptionMethod = e.getClass().getMethod("getCausedByException",
                        new Class[] {});
                exception = (Exception) getCausedByExceptionMethod.invoke(e, new Object[] {});
            } catch (Exception e2) {
                LOG.debug("error: " + e.getMessage(), e);
                throw new SecurityException("error retrieving the root cause: " + e2.getMessage());
            }
            if (exception instanceof ExpiredCertificateSecurityException) {
                return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED);
            }
            if (exception instanceof RevokedCertificateSecurityException) {
                return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED);
            }
            if (exception instanceof TrustCertificateSecurityException) {
                return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED);
            }
            if (exception instanceof CertificateSecurityException) {
                return new FinishedMessage(ErrorCode.CERTIFICATE);
            }
        }
        throw new SecurityException("authn service error: " + e.getMessage());
    }

    String userId = UserIdentifierUtil.getUserId(message.authnCert);
    LOG.info("authenticated: " + userId + " @ " + request.getRemoteAddr());
    if (null != this.nrcidSecret) {
        userId = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId, this.nrcidOrgId, this.nrcidAppId,
                this.nrcidSecret);
    }
    /*
     * Some people state that you cannot use the national register number
     * without hashing. Problem is that hashing introduces hash collision
     * problems. The probability is very low, but what if it's your leg
     * they're cutting of because of a patient mismatch based on the SHA1 of
     * your national register number?
     */

    /*
     * Push authenticated used Id into the HTTP session.
     */
    session.setAttribute(AUTHENTICATED_USER_IDENTIFIER_SESSION_ATTRIBUTE, userId);

    EIdData eidData = (EIdData) session.getAttribute(IdentityDataMessageHandler.EID_SESSION_ATTRIBUTE);
    if (null == eidData) {
        eidData = new EIdData();
        session.setAttribute(IdentityDataMessageHandler.EID_SESSION_ATTRIBUTE, eidData);
    }
    eidData.identifier = userId;

    AuditService auditService = this.auditServiceLocator.locateService();
    if (null != auditService) {
        auditService.authenticated(userId);
    }

    boolean includeIdentity = requestContext.includeIdentity();
    boolean includeAddress = requestContext.includeAddress();
    boolean includeCertificates = requestContext.includeCertificates();
    boolean includePhoto = requestContext.includePhoto();

    /*
     * Also process the identity data in case it was requested.
     */
    if (includeIdentity) {
        if (null == message.identityData) {
            throw new ServletException("identity data not included while requested");
        }
    }
    if (includeAddress) {
        if (null == message.addressData) {
            throw new ServletException("address data not included while requested");
        }
    }
    if (includePhoto) {
        if (null == message.photoData) {
            throw new ServletException("photo data not included while requested");
        }
    }
    IdentityIntegrityService identityIntegrityService = this.identityIntegrityServiceLocator.locateService();
    if (null != identityIntegrityService) {
        if (null == message.rrnCertificate) {
            throw new ServletException("national registry certificate not included while requested");
        }
        List<X509Certificate> rrnCertificateChain = new LinkedList<X509Certificate>();
        rrnCertificateChain.add(message.rrnCertificate);
        rrnCertificateChain.add(message.rootCaCert);

        try {
            identityIntegrityService.checkNationalRegistrationCertificate(rrnCertificateChain);
        } catch (ExpiredCertificateSecurityException e) {
            return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED);
        } catch (RevokedCertificateSecurityException e) {
            return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED);
        } catch (TrustCertificateSecurityException e) {
            return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED);
        } catch (CertificateSecurityException e) {
            return new FinishedMessage(ErrorCode.CERTIFICATE);
        } catch (Exception e) {
            if ("javax.ejb.EJBException".equals(e.getClass().getName())) {
                Exception exception;
                try {
                    Method getCausedByExceptionMethod = e.getClass().getMethod("getCausedByException",
                            new Class[] {});
                    exception = (Exception) getCausedByExceptionMethod.invoke(e, new Object[] {});
                } catch (Exception e2) {
                    LOG.debug("error: " + e.getMessage(), e);
                    throw new SecurityException("error retrieving the root cause: " + e2.getMessage());
                }
                if (exception instanceof ExpiredCertificateSecurityException) {
                    return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED);
                }
                if (exception instanceof RevokedCertificateSecurityException) {
                    return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED);
                }
                if (exception instanceof TrustCertificateSecurityException) {
                    return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED);
                }
                if (exception instanceof CertificateSecurityException) {
                    return new FinishedMessage(ErrorCode.CERTIFICATE);
                }
            }
            throw new SecurityException("error checking the NRN certificate: " + e.getMessage(), e);
        }

        PublicKey rrnPublicKey = message.rrnCertificate.getPublicKey();
        if (includeIdentity) {
            if (null == message.identitySignatureData) {
                throw new ServletException("identity signature data not included while requested");
            }
            verifySignature(message.rrnCertificate.getSigAlgName(), message.identitySignatureData, rrnPublicKey,
                    request, message.identityData);
        }
        if (includeAddress) {
            if (null == message.addressSignatureData) {
                throw new ServletException("address signature data not included while requested");
            }
            byte[] addressFile = trimRight(message.addressData);
            verifySignature(message.rrnCertificate.getSigAlgName(), message.addressSignatureData, rrnPublicKey,
                    request, addressFile, message.identitySignatureData);
        }
    }
    if (includeIdentity) {
        Identity identity = TlvParser.parse(message.identityData, Identity.class);
        if (false == UserIdentifierUtil.getUserId(message.authnCert).equals(identity.nationalNumber)) {
            throw new ServletException("national number mismatch");
        }
        session.setAttribute(IdentityDataMessageHandler.IDENTITY_SESSION_ATTRIBUTE, identity);
        eidData.identity = identity;
        auditService = this.auditServiceLocator.locateService();
        if (null != auditService) {
            auditService.identified(identity.nationalNumber);
        }
    }
    if (includeAddress) {
        Address address = TlvParser.parse(message.addressData, Address.class);
        session.setAttribute(IdentityDataMessageHandler.ADDRESS_SESSION_ATTRIBUTE, address);
        eidData.address = address;
    }
    if (includePhoto) {
        if (includeIdentity) {
            byte[] expectedPhotoDigest = eidData.identity.photoDigest;
            byte[] actualPhotoDigest = digestPhoto(getDigestAlgo(expectedPhotoDigest.length),
                    message.photoData);
            if (false == Arrays.equals(expectedPhotoDigest, actualPhotoDigest)) {
                throw new ServletException("photo digest incorrect");
            }
        }
        session.setAttribute(IdentityDataMessageHandler.PHOTO_SESSION_ATTRIBUTE, message.photoData);
        eidData.photo = message.photoData;
    }
    if (includeCertificates) {
        if (includeIdentity) {
            eidData.certs = new EIdCertsData();
            eidData.certs.authn = message.authnCert;
            eidData.certs.ca = message.citizenCaCert;
            eidData.certs.root = message.rootCaCert;
            eidData.certs.sign = message.signCert;
        }
        session.setAttribute(IdentityDataMessageHandler.AUTHN_CERT_SESSION_ATTRIBUTE, message.authnCert);
        session.setAttribute(IdentityDataMessageHandler.CA_CERT_SESSION_ATTRIBUTE, message.citizenCaCert);
        session.setAttribute(IdentityDataMessageHandler.ROOT_CERT_SESSION_ATTRIBTUE, message.rootCaCert);
        session.setAttribute(IdentityDataMessageHandler.SIGN_CERT_SESSION_ATTRIBUTE, message.signCert);
    }

    if (this.includeDataFiles) {
        session.setAttribute(IdentityDataMessageHandler.EID_DATA_IDENTITY_SESSION_ATTRIBUTE,
                message.identityData);
        session.setAttribute(IdentityDataMessageHandler.EID_DATA_ADDRESS_SESSION_ATTRIBUTE,
                message.addressData);
    }

    AuthenticationSignatureService authenticationSignatureService = this.authenticationSignatureServiceLocator
            .locateService();
    if (null != authenticationSignatureService) {
        List<X509Certificate> authnCertificateChain;
        if (null != message.authnCert) {
            authnCertificateChain = new LinkedList<X509Certificate>();
            authnCertificateChain.add(message.authnCert);
            authnCertificateChain.add(message.citizenCaCert);
            authnCertificateChain.add(message.rootCaCert);
            authnCertificateChain.add(message.rrnCertificate);
        } else {
            authnCertificateChain = null;
        }
        AuthenticationSignatureContext authenticationSignatureContext = new AuthenticationSignatureContextImpl(
                session);
        PreSignResult preSignResult = authenticationSignatureService.preSign(authnCertificateChain,
                authenticationSignatureContext);
        if (null == preSignResult) {
            return new FinishedMessage();
        }
        boolean logoff = preSignResult.getLogoff();
        byte[] computedDigestValue = preSignResult.getDigestInfo().digestValue;
        String digestAlgo = preSignResult.getDigestInfo().digestAlgo;
        String authnMessage = preSignResult.getDigestInfo().description;
        AuthSignRequestMessage authSignRequestMessage = new AuthSignRequestMessage(computedDigestValue,
                digestAlgo, authnMessage, logoff);
        return authSignRequestMessage;
    }
    return new FinishedMessage();
}

From source file:com.jkoolcloud.jesl.net.http.HttpClient.java

/**
 * {@inheritDoc}//from   w ww  .  ja v a2  s  .co  m
 */
@Override
public synchronized String read() throws IOException {
    HttpResponse resp = getResponse();
    String content = resp.getContentString();

    logger.log(OpLevel.TRACE, "Received response from {0}: {1}", uri, content);
    int status = resp.getStatus();
    if (status >= 400) {
        if (AccessResponse.isAccessResponse(content)) {
            close();
            AccessResponse accessResp = AccessResponse.parseMsg(content);
            String reason = accessResp.getReason();
            if (StringUtils.isEmpty(reason))
                reason = "Access Denied";
            throw new SecurityException(reason);
        } else {
            throw new HttpRequestException(status, content);
        }
    }
    return content;
}

From source file:org.apache.bookkeeper.tls.TLSContextFactory.java

private void createServerContext(AbstractConfiguration conf)
        throws SecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException,
        IOException, UnrecoverableKeyException, InvalidKeySpecException, IllegalArgumentException {
    final SslContextBuilder sslContextBuilder;
    final ServerConfiguration serverConf;
    final SslProvider provider;
    final boolean clientAuthentication;

    // get key-file and trust-file locations and passwords
    if (!(conf instanceof ServerConfiguration)) {
        throw new SecurityException("Server configruation not provided");
    }//  www.  j a v a  2s.c om

    serverConf = (ServerConfiguration) conf;
    provider = getTLSProvider(serverConf.getTLSProvider());
    clientAuthentication = serverConf.getTLSClientAuthentication();

    switch (KeyStoreType.valueOf(serverConf.getTLSKeyStoreType())) {
    case PEM:
        final String keyPassword;

        if (Strings.isNullOrEmpty(serverConf.getTLSKeyStore())) {
            throw new SecurityException("Key path is required");
        }

        if (Strings.isNullOrEmpty(serverConf.getTLSCertificatePath())) {
            throw new SecurityException("Certificate path is required");
        }

        if (!Strings.isNullOrEmpty(serverConf.getTLSKeyStorePasswordPath())) {
            keyPassword = getPasswordFromFile(serverConf.getTLSKeyStorePasswordPath());
        } else {
            keyPassword = null;
        }

        sslContextBuilder = SslContextBuilder
                .forServer(new File(serverConf.getTLSCertificatePath()), new File(serverConf.getTLSKeyStore()),
                        keyPassword)
                .ciphers(null).sessionCacheSize(0).sessionTimeout(0).sslProvider(provider).startTls(true);

        break;
    case JKS:
        // falling thru, same as PKCS12
    case PKCS12:
        KeyManagerFactory kmf = initKeyManagerFactory(serverConf.getTLSKeyStoreType(),
                serverConf.getTLSKeyStore(), serverConf.getTLSKeyStorePasswordPath());

        sslContextBuilder = SslContextBuilder.forServer(kmf).ciphers(null).sessionCacheSize(0).sessionTimeout(0)
                .sslProvider(provider).startTls(true);

        break;
    default:
        throw new SecurityException("Invalid Keyfile type" + serverConf.getTLSKeyStoreType());
    }

    if (clientAuthentication) {
        sslContextBuilder.clientAuth(ClientAuth.REQUIRE);

        switch (KeyStoreType.valueOf(serverConf.getTLSTrustStoreType())) {
        case PEM:
            if (Strings.isNullOrEmpty(serverConf.getTLSTrustStore())) {
                throw new SecurityException("CA Certificate chain is required");
            }
            sslContextBuilder.trustManager(new File(serverConf.getTLSTrustStore()));
            break;
        case JKS:
            // falling thru, same as PKCS12
        case PKCS12:
            TrustManagerFactory tmf = initTrustManagerFactory(serverConf.getTLSTrustStoreType(),
                    serverConf.getTLSTrustStore(), serverConf.getTLSTrustStorePasswordPath());
            sslContextBuilder.trustManager(tmf);
            break;
        default:
            throw new SecurityException("Invalid Truststore type" + serverConf.getTLSTrustStoreType());
        }
    }

    sslContext = sslContextBuilder.build();
}

From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java

public RfcResult update(String auth, CiBean[] local, CiBean[] base) {
    long start = System.currentTimeMillis();
    log.info("WSDL: update(" + auth + ", " + local + ", " + base + ")");
    // Update all beans.
    ISession session = onecmdb.getSession(auth);
    if (session == null) {
        throw new SecurityException("No Session found! Try to do auth() first!");
    }//www  .  j ava2  s .c  o m

    ImportBeanProvider importBeans = new ImportBeanProvider();
    importBeans.setValidation(false);
    importBeans.setSession(session);
    importBeans.setProvider(new MemoryBeanProvider(local));
    if (base != null) {
        importBeans.setBaseProvider(new MemoryBeanProvider(base));
    }

    IRfcResult result = importBeans.processProvider();
    long stop = System.currentTimeMillis();
    log.info("WSDL: update completed in " + (stop - start) + "ms result = " + result);
    return ((RfcResult) result);
}

From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java

/**
 * Relates some ViewComponents to this Task.
 * /*w w w.j ava2 s .  c  o m*/
 * @param taskId
 *            TaskId of the related Task
 * @param vcIds
 *            Integer Array of ViewComponents to relate.
 * 
 * @see de.juwimm.cms.remote.UserServiceSpring#addViewComponentsToTask(java.lang.Integer,
 *      java.lang.Integer[])
 */
@Override
protected void handleAddViewComponentsToTask(Integer taskId, Integer[] vcIds) throws Exception {
    UserHbm user = null;
    TaskHbm task = null;
    try {
        user = super.getUserHbmDao().load(AuthenticationHelper.getUserName());
        task = super.getTaskHbmDao().load(taskId);
        if (task != null) {

            if (!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite())
                    && !user.equals(task.getReceiver()) && !user.equals(task.getSender())
                    && !getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) {
                throw new SecurityException("User is not responsible to change this Task. RECEIVER:"
                        + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:"
                        + task.getReceiverRole() + " THIS USER:" + user.getUserId());
            }

            Collection<ViewComponentHbm> coll = task.getViewComponents();
            for (int i = 0; i < vcIds.length; i++) {
                ViewComponentHbm vc = super.getViewComponentHbmDao().load(vcIds[i]);
                coll.add(vc);
            }
            task.setViewComponents(coll);
        } else {
            log.warn("Task with Id " + taskId + " was not found");
        }
    } catch (Exception e) {
        throw new UserException(e.getMessage());
    }
}

From source file:org.sakaiproject.poll.service.impl.PollListManagerImpl.java

public Poll getPollById(Long pollId, boolean includeOptions) throws SecurityException {

    Search search = new Search();
    search.addRestriction(new Restriction("pollId", pollId));
    Poll poll = dao.findOneBySearch(Poll.class, search);
    if (poll != null) {
        if (includeOptions) {
            List<Option> optionList = getOptionsForPoll(poll);
            poll.setOptions(optionList);
        }//from  w  ww  . j  a v a2s .com
    }

    if (poll == null)
        return null;
    //user needs at least site visit to read a poll
    if (!externalLogic.isAllowedInLocation("site.visit", externalLogic.getSiteRefFromId(poll.getSiteId()),
            externalLogic.getCurrentuserReference()) && !externalLogic.isUserAdmin()) {
        throw new SecurityException(
                "user:" + externalLogic.getCurrentuserReference() + " can't read poll " + pollId);
    }

    return poll;
}

From source file:com.seeburger.vfs2.util.VFSClassLoader.java

/**
 * Calls super.getPermissions both for the code source and also
 * adds the permissions granted to the parent layers.
 * @param cs the CodeSource.// w ww . ja v  a 2  s .  c o m
 * @return The PermissionCollections.
 */
@Override
protected PermissionCollection getPermissions(final CodeSource cs) {
    try {
        final String url = cs.getLocation().toString();
        FileObject file = lookupFileObject(url);
        if (file == null) {
            return super.getPermissions(cs);
        }

        FileObject parentLayer = file.getFileSystem().getParentLayer();
        if (parentLayer == null) {
            return super.getPermissions(cs);
        }

        Permissions combi = new Permissions();
        PermissionCollection permCollect = super.getPermissions(cs);
        copyPermissions(permCollect, combi);

        for (FileObject parent = parentLayer; parent != null; parent = parent.getFileSystem()
                .getParentLayer()) {
            final CodeSource parentcs = new CodeSource(parent.getURL(), parent.getContent().getCertificates());
            permCollect = super.getPermissions(parentcs);
            copyPermissions(permCollect, combi);
        }

        return combi;
    } catch (final FileSystemException fse) {
        throw new SecurityException(fse.getMessage());
    }
}

From source file:edu.ku.brc.af.auth.specify.SpecifySecurityMgr.java

/**
 * @param permissionClass/*from w  ww  . j  a va  2 s .c om*/
 * @param name
 * @return
 */
protected int getPermissionOptions(final Class<?> permissionClass, final String name) {
    if (!(BasicSpPermission.class.isAssignableFrom(permissionClass))) {
        throw new SecurityException(
                permissionClass.getName() + " class is not part of Specify permission hierarchy."); //$NON-NLS-1$
    }

    int options = PermissionSettings.NO_PERM;

    Constructor<?> constructor = null;
    try {
        constructor = permissionClass.getConstructor(String.class, String.class);

        if (debug) {
            log.debug("******************* Can View: " + name + " - "
                    + checkPermission((BasicSpPermission) constructor.newInstance(name, VIEW_PERM)));
            log.debug("******************* Can Mod : " + name + " - "
                    + checkPermission((BasicSpPermission) constructor.newInstance(name, MODIFY_PERM)));
            log.debug("******************* Can Del : " + name + " - "
                    + checkPermission((BasicSpPermission) constructor.newInstance(name, DELETE_PERM)));
            log.debug("******************* Can Add : " + name + " - "
                    + checkPermission((BasicSpPermission) constructor.newInstance(name, ADD_PERM)));
        }

        options |= checkPermission((BasicSpPermission) constructor.newInstance(name, MODIFY_PERM))
                ? PermissionSettings.CAN_MODIFY
                : 0;
        options |= checkPermission((BasicSpPermission) constructor.newInstance(name, VIEW_PERM))
                ? PermissionSettings.CAN_VIEW
                : 0;
        options |= checkPermission((BasicSpPermission) constructor.newInstance(name, ADD_PERM))
                ? PermissionSettings.CAN_ADD
                : 0;
        options |= checkPermission((BasicSpPermission) constructor.newInstance(name, DELETE_PERM))
                ? PermissionSettings.CAN_DELETE
                : 0;
    } catch (Exception e) {
        edu.ku.brc.af.core.UsageTracker.incrHandledUsageCount();
        edu.ku.brc.exceptions.ExceptionTracker.getInstance().capture(SpecifySecurityMgr.class, e);
        throw new RuntimeException(e);
    }

    return options;
}

From source file:nl.surfnet.coin.teams.control.InvitationController.java

@RequestMapping("/resendInvitation.shtml")
public String resendInvitation(ModelMap modelMap, HttpServletRequest request) {
    Person person = (Person) request.getSession().getAttribute(LoginInterceptor.PERSON_SESSION_KEY);
    Invitation invitation = getAllInvitationByRequest(request);
    if (invitation == null) {
        throw new IllegalArgumentException("Cannot find the invitation. Invitations expire after 14 days.");
    }//from  ww w. ja va 2  s  . c  o  m

    Member member = grouperTeamService.findMember(invitation.getTeamId(), person.getId());
    if (member == null) {
        throw new SecurityException("You are not a member of this team");
    }
    Set<Role> roles = member.getRoles();
    if (!(roles.contains(Role.Admin) || roles.contains(Role.Manager))) {
        throw new SecurityException("You have insufficient rights to perform this action.");
    }

    modelMap.addAttribute("invitation", invitation);
    Role[] inviteRoles = { Role.Member, Role.Manager, Role.Admin };
    modelMap.addAttribute("roles", inviteRoles);
    InvitationMessage invitationMessage = invitation.getLatestInvitationMessage();
    if (invitationMessage != null) {
        modelMap.addAttribute("messageText", invitationMessage.getMessage());
    }
    ViewUtil.addViewToModelMap(request, modelMap);
    return "resendinvitation";
}

From source file:com.glaf.core.security.SecurityUtils.java

/**
 * ?????????/*w ww  .  j av a 2 s.c om*/
 * 
 * @param ctx
 *            
 * @param content
 *            ??
 * @param privateKey
 *            ?
 * @return byte[] ???
 */
public static byte[] sign(SecurityContext ctx, byte[] content, Key privateKey) {
    try {
        Signature sign = Signature.getInstance(ctx.getSignatureAlgorithm(), ctx.getJceProvider());
        PrivateKey pk = (PrivateKey) privateKey;
        sign.initSign(pk);
        sign.update(content);
        byte[] signed = sign.sign();
        return signed;
    } catch (Exception ex) {
        throw new SecurityException(ex);
    }
}