List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:be.fedict.eid.applet.service.impl.handler.AuthenticationDataMessageHandler.java
public Object handleMessage(AuthenticationDataMessage message, Map<String, String> httpHeaders, HttpServletRequest request, HttpSession session) throws ServletException { LOG.debug("authentication data message received"); if (null == message.authnCert) { /*// w w w. j a v a2s. com * Can be the case for future (Kids) eID cards that have some * certificates missing. */ String msg = "authentication certificate not present"; LOG.warn(msg); throw new ServletException(msg); } byte[] signatureValue = message.signatureValue; LOG.debug("authn signing certificate subject: " + message.authnCert.getSubjectX500Principal()); PublicKey signingKey = message.authnCert.getPublicKey(); if (this.sessionIdChannelBinding) { checkSessionIdChannelBinding(message, request); if (null == this.serverCertificate) { LOG.warn("adviced to use in combination with server certificate channel binding"); } } ChannelBindingService channelBindingService = this.channelBindingServiceLocator.locateService(); if (null != this.serverCertificate || null != channelBindingService) { LOG.debug("using server certificate channel binding"); } if (false == this.sessionIdChannelBinding && null == this.serverCertificate && null == channelBindingService) { LOG.warn("not using any secure channel binding"); } byte[] challenge; try { challenge = AuthenticationChallenge.getAuthnChallenge(session, this.maxMaturity); } catch (SecurityException e) { AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { String remoteAddress = request.getRemoteAddr(); auditService.authenticationError(remoteAddress, message.authnCert); } throw new ServletException("security error: " + e.getMessage(), e); } byte[] serverCertificateClientPOV = null; try { if (null != message.serverCertificate) { serverCertificateClientPOV = message.serverCertificate.getEncoded(); } } catch (CertificateEncodingException e) { throw new ServletException("server cert decoding error: " + e.getMessage(), e); } /* * We validate the authentication contract using the client-side * communicated server SSL certificate in case of secure channel * binding. */ AuthenticationContract authenticationContract = new AuthenticationContract(message.saltValue, this.hostname, this.inetAddress, message.sessionId, serverCertificateClientPOV, challenge); byte[] toBeSigned; try { toBeSigned = authenticationContract.calculateToBeSigned(); } catch (IOException e) { throw new ServletException("IO error: " + e.getMessage(), e); } try { Signature signature = Signature.getInstance("SHA1withRSA"); signature.initVerify(signingKey); signature.update(toBeSigned); boolean result = signature.verify(signatureValue); if (false == result) { AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { String remoteAddress = request.getRemoteAddr(); auditService.authenticationError(remoteAddress, message.authnCert); } throw new SecurityException("authn signature incorrect"); } } catch (NoSuchAlgorithmException e) { throw new SecurityException("algo error"); } catch (InvalidKeyException e) { throw new SecurityException("authn key error"); } catch (SignatureException e) { throw new SecurityException("signature error"); } RequestContext requestContext = new RequestContext(session); String transactionMessage = requestContext.getTransactionMessage(); if (null != transactionMessage) { LOG.debug("verifying TransactionMessage signature"); byte[] transactionMessageSignature = message.transactionMessageSignature; if (null == transactionMessageSignature) { throw new SecurityException("missing TransactionMessage signature"); } try { Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, signingKey); byte[] signatureDigestInfoValue = cipher.doFinal(transactionMessageSignature); ASN1InputStream aIn = new ASN1InputStream(signatureDigestInfoValue); DigestInfo signatureDigestInfo = new DigestInfo((ASN1Sequence) aIn.readObject()); if (false == PLAIN_TEXT_DIGEST_ALGO_OID .equals(signatureDigestInfo.getAlgorithmId().getObjectId().getId())) { throw new SecurityException("TransactionMessage signature algo OID incorrect"); } if (false == Arrays.equals(transactionMessage.getBytes(), signatureDigestInfo.getDigest())) { throw new SecurityException("signed TransactionMessage incorrect"); } LOG.debug("TransactionMessage signature validated"); } catch (Exception e) { LOG.error("error verifying TransactionMessage signature", e); AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { String remoteAddress = request.getRemoteAddr(); auditService.authenticationError(remoteAddress, message.authnCert); } throw new SecurityException("error verifying TransactionMessage signature: " + e.getMessage()); } } /* * Secure channel binding verification. */ if (null != channelBindingService) { X509Certificate serverCertificate = channelBindingService.getServerCertificate(); if (null == serverCertificate) { LOG.warn("could not verify secure channel binding as the server does not know its identity yet"); } else { if (false == serverCertificate.equals(message.serverCertificate)) { AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { String remoteAddress = request.getRemoteAddr(); auditService.authenticationError(remoteAddress, message.authnCert); } throw new SecurityException("secure channel binding identity mismatch"); } LOG.debug("secure channel binding verified"); } } else { if (null != this.serverCertificate) { if (false == this.serverCertificate.equals(message.serverCertificate)) { AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { String remoteAddress = request.getRemoteAddr(); auditService.authenticationError(remoteAddress, message.authnCert); } throw new SecurityException("secure channel binding identity mismatch"); } LOG.debug("secure channel binding verified"); } } AuthenticationService authenticationService = this.authenticationServiceLocator.locateService(); List<X509Certificate> certificateChain = new LinkedList<X509Certificate>(); certificateChain.add(message.authnCert); certificateChain.add(message.citizenCaCert); certificateChain.add(message.rootCaCert); certificateChain.add(message.rrnCertificate); try { authenticationService.setHttpSessionObject(request.getSession()); authenticationService.validateCertificateChain(certificateChain); } catch (ExpiredCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED); } catch (RevokedCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED); } catch (TrustCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED); } catch (CertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE); } catch (Exception e) { /* * We don't want to depend on the full JavaEE profile in this * artifact. */ if ("javax.ejb.EJBException".equals(e.getClass().getName())) { Exception exception; try { Method getCausedByExceptionMethod = e.getClass().getMethod("getCausedByException", new Class[] {}); exception = (Exception) getCausedByExceptionMethod.invoke(e, new Object[] {}); } catch (Exception e2) { LOG.debug("error: " + e.getMessage(), e); throw new SecurityException("error retrieving the root cause: " + e2.getMessage()); } if (exception instanceof ExpiredCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED); } if (exception instanceof RevokedCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED); } if (exception instanceof TrustCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED); } if (exception instanceof CertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE); } } throw new SecurityException("authn service error: " + e.getMessage()); } String userId = UserIdentifierUtil.getUserId(message.authnCert); LOG.info("authenticated: " + userId + " @ " + request.getRemoteAddr()); if (null != this.nrcidSecret) { userId = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId, this.nrcidOrgId, this.nrcidAppId, this.nrcidSecret); } /* * Some people state that you cannot use the national register number * without hashing. Problem is that hashing introduces hash collision * problems. The probability is very low, but what if it's your leg * they're cutting of because of a patient mismatch based on the SHA1 of * your national register number? */ /* * Push authenticated used Id into the HTTP session. */ session.setAttribute(AUTHENTICATED_USER_IDENTIFIER_SESSION_ATTRIBUTE, userId); EIdData eidData = (EIdData) session.getAttribute(IdentityDataMessageHandler.EID_SESSION_ATTRIBUTE); if (null == eidData) { eidData = new EIdData(); session.setAttribute(IdentityDataMessageHandler.EID_SESSION_ATTRIBUTE, eidData); } eidData.identifier = userId; AuditService auditService = this.auditServiceLocator.locateService(); if (null != auditService) { auditService.authenticated(userId); } boolean includeIdentity = requestContext.includeIdentity(); boolean includeAddress = requestContext.includeAddress(); boolean includeCertificates = requestContext.includeCertificates(); boolean includePhoto = requestContext.includePhoto(); /* * Also process the identity data in case it was requested. */ if (includeIdentity) { if (null == message.identityData) { throw new ServletException("identity data not included while requested"); } } if (includeAddress) { if (null == message.addressData) { throw new ServletException("address data not included while requested"); } } if (includePhoto) { if (null == message.photoData) { throw new ServletException("photo data not included while requested"); } } IdentityIntegrityService identityIntegrityService = this.identityIntegrityServiceLocator.locateService(); if (null != identityIntegrityService) { if (null == message.rrnCertificate) { throw new ServletException("national registry certificate not included while requested"); } List<X509Certificate> rrnCertificateChain = new LinkedList<X509Certificate>(); rrnCertificateChain.add(message.rrnCertificate); rrnCertificateChain.add(message.rootCaCert); try { identityIntegrityService.checkNationalRegistrationCertificate(rrnCertificateChain); } catch (ExpiredCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED); } catch (RevokedCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED); } catch (TrustCertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED); } catch (CertificateSecurityException e) { return new FinishedMessage(ErrorCode.CERTIFICATE); } catch (Exception e) { if ("javax.ejb.EJBException".equals(e.getClass().getName())) { Exception exception; try { Method getCausedByExceptionMethod = e.getClass().getMethod("getCausedByException", new Class[] {}); exception = (Exception) getCausedByExceptionMethod.invoke(e, new Object[] {}); } catch (Exception e2) { LOG.debug("error: " + e.getMessage(), e); throw new SecurityException("error retrieving the root cause: " + e2.getMessage()); } if (exception instanceof ExpiredCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_EXPIRED); } if (exception instanceof RevokedCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_REVOKED); } if (exception instanceof TrustCertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE_NOT_TRUSTED); } if (exception instanceof CertificateSecurityException) { return new FinishedMessage(ErrorCode.CERTIFICATE); } } throw new SecurityException("error checking the NRN certificate: " + e.getMessage(), e); } PublicKey rrnPublicKey = message.rrnCertificate.getPublicKey(); if (includeIdentity) { if (null == message.identitySignatureData) { throw new ServletException("identity signature data not included while requested"); } verifySignature(message.rrnCertificate.getSigAlgName(), message.identitySignatureData, rrnPublicKey, request, message.identityData); } if (includeAddress) { if (null == message.addressSignatureData) { throw new ServletException("address signature data not included while requested"); } byte[] addressFile = trimRight(message.addressData); verifySignature(message.rrnCertificate.getSigAlgName(), message.addressSignatureData, rrnPublicKey, request, addressFile, message.identitySignatureData); } } if (includeIdentity) { Identity identity = TlvParser.parse(message.identityData, Identity.class); if (false == UserIdentifierUtil.getUserId(message.authnCert).equals(identity.nationalNumber)) { throw new ServletException("national number mismatch"); } session.setAttribute(IdentityDataMessageHandler.IDENTITY_SESSION_ATTRIBUTE, identity); eidData.identity = identity; auditService = this.auditServiceLocator.locateService(); if (null != auditService) { auditService.identified(identity.nationalNumber); } } if (includeAddress) { Address address = TlvParser.parse(message.addressData, Address.class); session.setAttribute(IdentityDataMessageHandler.ADDRESS_SESSION_ATTRIBUTE, address); eidData.address = address; } if (includePhoto) { if (includeIdentity) { byte[] expectedPhotoDigest = eidData.identity.photoDigest; byte[] actualPhotoDigest = digestPhoto(getDigestAlgo(expectedPhotoDigest.length), message.photoData); if (false == Arrays.equals(expectedPhotoDigest, actualPhotoDigest)) { throw new ServletException("photo digest incorrect"); } } session.setAttribute(IdentityDataMessageHandler.PHOTO_SESSION_ATTRIBUTE, message.photoData); eidData.photo = message.photoData; } if (includeCertificates) { if (includeIdentity) { eidData.certs = new EIdCertsData(); eidData.certs.authn = message.authnCert; eidData.certs.ca = message.citizenCaCert; eidData.certs.root = message.rootCaCert; eidData.certs.sign = message.signCert; } session.setAttribute(IdentityDataMessageHandler.AUTHN_CERT_SESSION_ATTRIBUTE, message.authnCert); session.setAttribute(IdentityDataMessageHandler.CA_CERT_SESSION_ATTRIBUTE, message.citizenCaCert); session.setAttribute(IdentityDataMessageHandler.ROOT_CERT_SESSION_ATTRIBTUE, message.rootCaCert); session.setAttribute(IdentityDataMessageHandler.SIGN_CERT_SESSION_ATTRIBUTE, message.signCert); } if (this.includeDataFiles) { session.setAttribute(IdentityDataMessageHandler.EID_DATA_IDENTITY_SESSION_ATTRIBUTE, message.identityData); session.setAttribute(IdentityDataMessageHandler.EID_DATA_ADDRESS_SESSION_ATTRIBUTE, message.addressData); } AuthenticationSignatureService authenticationSignatureService = this.authenticationSignatureServiceLocator .locateService(); if (null != authenticationSignatureService) { List<X509Certificate> authnCertificateChain; if (null != message.authnCert) { authnCertificateChain = new LinkedList<X509Certificate>(); authnCertificateChain.add(message.authnCert); authnCertificateChain.add(message.citizenCaCert); authnCertificateChain.add(message.rootCaCert); authnCertificateChain.add(message.rrnCertificate); } else { authnCertificateChain = null; } AuthenticationSignatureContext authenticationSignatureContext = new AuthenticationSignatureContextImpl( session); PreSignResult preSignResult = authenticationSignatureService.preSign(authnCertificateChain, authenticationSignatureContext); if (null == preSignResult) { return new FinishedMessage(); } boolean logoff = preSignResult.getLogoff(); byte[] computedDigestValue = preSignResult.getDigestInfo().digestValue; String digestAlgo = preSignResult.getDigestInfo().digestAlgo; String authnMessage = preSignResult.getDigestInfo().description; AuthSignRequestMessage authSignRequestMessage = new AuthSignRequestMessage(computedDigestValue, digestAlgo, authnMessage, logoff); return authSignRequestMessage; } return new FinishedMessage(); }
From source file:com.jkoolcloud.jesl.net.http.HttpClient.java
/** * {@inheritDoc}//from w ww . ja v a2 s .co m */ @Override public synchronized String read() throws IOException { HttpResponse resp = getResponse(); String content = resp.getContentString(); logger.log(OpLevel.TRACE, "Received response from {0}: {1}", uri, content); int status = resp.getStatus(); if (status >= 400) { if (AccessResponse.isAccessResponse(content)) { close(); AccessResponse accessResp = AccessResponse.parseMsg(content); String reason = accessResp.getReason(); if (StringUtils.isEmpty(reason)) reason = "Access Denied"; throw new SecurityException(reason); } else { throw new HttpRequestException(status, content); } } return content; }
From source file:org.apache.bookkeeper.tls.TLSContextFactory.java
private void createServerContext(AbstractConfiguration conf) throws SecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeySpecException, IllegalArgumentException { final SslContextBuilder sslContextBuilder; final ServerConfiguration serverConf; final SslProvider provider; final boolean clientAuthentication; // get key-file and trust-file locations and passwords if (!(conf instanceof ServerConfiguration)) { throw new SecurityException("Server configruation not provided"); }// www. j a v a 2s.c om serverConf = (ServerConfiguration) conf; provider = getTLSProvider(serverConf.getTLSProvider()); clientAuthentication = serverConf.getTLSClientAuthentication(); switch (KeyStoreType.valueOf(serverConf.getTLSKeyStoreType())) { case PEM: final String keyPassword; if (Strings.isNullOrEmpty(serverConf.getTLSKeyStore())) { throw new SecurityException("Key path is required"); } if (Strings.isNullOrEmpty(serverConf.getTLSCertificatePath())) { throw new SecurityException("Certificate path is required"); } if (!Strings.isNullOrEmpty(serverConf.getTLSKeyStorePasswordPath())) { keyPassword = getPasswordFromFile(serverConf.getTLSKeyStorePasswordPath()); } else { keyPassword = null; } sslContextBuilder = SslContextBuilder .forServer(new File(serverConf.getTLSCertificatePath()), new File(serverConf.getTLSKeyStore()), keyPassword) .ciphers(null).sessionCacheSize(0).sessionTimeout(0).sslProvider(provider).startTls(true); break; case JKS: // falling thru, same as PKCS12 case PKCS12: KeyManagerFactory kmf = initKeyManagerFactory(serverConf.getTLSKeyStoreType(), serverConf.getTLSKeyStore(), serverConf.getTLSKeyStorePasswordPath()); sslContextBuilder = SslContextBuilder.forServer(kmf).ciphers(null).sessionCacheSize(0).sessionTimeout(0) .sslProvider(provider).startTls(true); break; default: throw new SecurityException("Invalid Keyfile type" + serverConf.getTLSKeyStoreType()); } if (clientAuthentication) { sslContextBuilder.clientAuth(ClientAuth.REQUIRE); switch (KeyStoreType.valueOf(serverConf.getTLSTrustStoreType())) { case PEM: if (Strings.isNullOrEmpty(serverConf.getTLSTrustStore())) { throw new SecurityException("CA Certificate chain is required"); } sslContextBuilder.trustManager(new File(serverConf.getTLSTrustStore())); break; case JKS: // falling thru, same as PKCS12 case PKCS12: TrustManagerFactory tmf = initTrustManagerFactory(serverConf.getTLSTrustStoreType(), serverConf.getTLSTrustStore(), serverConf.getTLSTrustStorePasswordPath()); sslContextBuilder.trustManager(tmf); break; default: throw new SecurityException("Invalid Truststore type" + serverConf.getTLSTrustStoreType()); } } sslContext = sslContextBuilder.build(); }
From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java
public RfcResult update(String auth, CiBean[] local, CiBean[] base) { long start = System.currentTimeMillis(); log.info("WSDL: update(" + auth + ", " + local + ", " + base + ")"); // Update all beans. ISession session = onecmdb.getSession(auth); if (session == null) { throw new SecurityException("No Session found! Try to do auth() first!"); }//www . j ava2 s .c o m ImportBeanProvider importBeans = new ImportBeanProvider(); importBeans.setValidation(false); importBeans.setSession(session); importBeans.setProvider(new MemoryBeanProvider(local)); if (base != null) { importBeans.setBaseProvider(new MemoryBeanProvider(base)); } IRfcResult result = importBeans.processProvider(); long stop = System.currentTimeMillis(); log.info("WSDL: update completed in " + (stop - start) + "ms result = " + result); return ((RfcResult) result); }
From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java
/** * Relates some ViewComponents to this Task. * /*w w w.j ava2 s . c o m*/ * @param taskId * TaskId of the related Task * @param vcIds * Integer Array of ViewComponents to relate. * * @see de.juwimm.cms.remote.UserServiceSpring#addViewComponentsToTask(java.lang.Integer, * java.lang.Integer[]) */ @Override protected void handleAddViewComponentsToTask(Integer taskId, Integer[] vcIds) throws Exception { UserHbm user = null; TaskHbm task = null; try { user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); task = super.getTaskHbmDao().load(taskId); if (task != null) { if (!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { throw new SecurityException("User is not responsible to change this Task. RECEIVER:" + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } Collection<ViewComponentHbm> coll = task.getViewComponents(); for (int i = 0; i < vcIds.length; i++) { ViewComponentHbm vc = super.getViewComponentHbmDao().load(vcIds[i]); coll.add(vc); } task.setViewComponents(coll); } else { log.warn("Task with Id " + taskId + " was not found"); } } catch (Exception e) { throw new UserException(e.getMessage()); } }
From source file:org.sakaiproject.poll.service.impl.PollListManagerImpl.java
public Poll getPollById(Long pollId, boolean includeOptions) throws SecurityException { Search search = new Search(); search.addRestriction(new Restriction("pollId", pollId)); Poll poll = dao.findOneBySearch(Poll.class, search); if (poll != null) { if (includeOptions) { List<Option> optionList = getOptionsForPoll(poll); poll.setOptions(optionList); }//from w ww . j a v a2s .com } if (poll == null) return null; //user needs at least site visit to read a poll if (!externalLogic.isAllowedInLocation("site.visit", externalLogic.getSiteRefFromId(poll.getSiteId()), externalLogic.getCurrentuserReference()) && !externalLogic.isUserAdmin()) { throw new SecurityException( "user:" + externalLogic.getCurrentuserReference() + " can't read poll " + pollId); } return poll; }
From source file:com.seeburger.vfs2.util.VFSClassLoader.java
/** * Calls super.getPermissions both for the code source and also * adds the permissions granted to the parent layers. * @param cs the CodeSource.// w ww . ja v a 2 s . c o m * @return The PermissionCollections. */ @Override protected PermissionCollection getPermissions(final CodeSource cs) { try { final String url = cs.getLocation().toString(); FileObject file = lookupFileObject(url); if (file == null) { return super.getPermissions(cs); } FileObject parentLayer = file.getFileSystem().getParentLayer(); if (parentLayer == null) { return super.getPermissions(cs); } Permissions combi = new Permissions(); PermissionCollection permCollect = super.getPermissions(cs); copyPermissions(permCollect, combi); for (FileObject parent = parentLayer; parent != null; parent = parent.getFileSystem() .getParentLayer()) { final CodeSource parentcs = new CodeSource(parent.getURL(), parent.getContent().getCertificates()); permCollect = super.getPermissions(parentcs); copyPermissions(permCollect, combi); } return combi; } catch (final FileSystemException fse) { throw new SecurityException(fse.getMessage()); } }
From source file:edu.ku.brc.af.auth.specify.SpecifySecurityMgr.java
/** * @param permissionClass/*from w ww . j a va 2 s .c om*/ * @param name * @return */ protected int getPermissionOptions(final Class<?> permissionClass, final String name) { if (!(BasicSpPermission.class.isAssignableFrom(permissionClass))) { throw new SecurityException( permissionClass.getName() + " class is not part of Specify permission hierarchy."); //$NON-NLS-1$ } int options = PermissionSettings.NO_PERM; Constructor<?> constructor = null; try { constructor = permissionClass.getConstructor(String.class, String.class); if (debug) { log.debug("******************* Can View: " + name + " - " + checkPermission((BasicSpPermission) constructor.newInstance(name, VIEW_PERM))); log.debug("******************* Can Mod : " + name + " - " + checkPermission((BasicSpPermission) constructor.newInstance(name, MODIFY_PERM))); log.debug("******************* Can Del : " + name + " - " + checkPermission((BasicSpPermission) constructor.newInstance(name, DELETE_PERM))); log.debug("******************* Can Add : " + name + " - " + checkPermission((BasicSpPermission) constructor.newInstance(name, ADD_PERM))); } options |= checkPermission((BasicSpPermission) constructor.newInstance(name, MODIFY_PERM)) ? PermissionSettings.CAN_MODIFY : 0; options |= checkPermission((BasicSpPermission) constructor.newInstance(name, VIEW_PERM)) ? PermissionSettings.CAN_VIEW : 0; options |= checkPermission((BasicSpPermission) constructor.newInstance(name, ADD_PERM)) ? PermissionSettings.CAN_ADD : 0; options |= checkPermission((BasicSpPermission) constructor.newInstance(name, DELETE_PERM)) ? PermissionSettings.CAN_DELETE : 0; } catch (Exception e) { edu.ku.brc.af.core.UsageTracker.incrHandledUsageCount(); edu.ku.brc.exceptions.ExceptionTracker.getInstance().capture(SpecifySecurityMgr.class, e); throw new RuntimeException(e); } return options; }
From source file:nl.surfnet.coin.teams.control.InvitationController.java
@RequestMapping("/resendInvitation.shtml") public String resendInvitation(ModelMap modelMap, HttpServletRequest request) { Person person = (Person) request.getSession().getAttribute(LoginInterceptor.PERSON_SESSION_KEY); Invitation invitation = getAllInvitationByRequest(request); if (invitation == null) { throw new IllegalArgumentException("Cannot find the invitation. Invitations expire after 14 days."); }//from ww w. ja va 2 s . c o m Member member = grouperTeamService.findMember(invitation.getTeamId(), person.getId()); if (member == null) { throw new SecurityException("You are not a member of this team"); } Set<Role> roles = member.getRoles(); if (!(roles.contains(Role.Admin) || roles.contains(Role.Manager))) { throw new SecurityException("You have insufficient rights to perform this action."); } modelMap.addAttribute("invitation", invitation); Role[] inviteRoles = { Role.Member, Role.Manager, Role.Admin }; modelMap.addAttribute("roles", inviteRoles); InvitationMessage invitationMessage = invitation.getLatestInvitationMessage(); if (invitationMessage != null) { modelMap.addAttribute("messageText", invitationMessage.getMessage()); } ViewUtil.addViewToModelMap(request, modelMap); return "resendinvitation"; }
From source file:com.glaf.core.security.SecurityUtils.java
/** * ?????????/*w ww . j av a 2 s.c om*/ * * @param ctx * * @param content * ?? * @param privateKey * ? * @return byte[] ??? */ public static byte[] sign(SecurityContext ctx, byte[] content, Key privateKey) { try { Signature sign = Signature.getInstance(ctx.getSignatureAlgorithm(), ctx.getJceProvider()); PrivateKey pk = (PrivateKey) privateKey; sign.initSign(pk); sign.update(content); byte[] signed = sign.sign(); return signed; } catch (Exception ex) { throw new SecurityException(ex); } }