Example usage for java.lang SecurityException SecurityException

List of usage examples for java.lang SecurityException SecurityException

Introduction

In this page you can find the example usage for java.lang SecurityException SecurityException.

Prototype

public SecurityException(Throwable cause) 

Source Link

Document

Creates a SecurityException with the specified cause and a detail message of (cause==null ?

Usage

From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java

public void reschedualeTrigger(String token, CiBean trigger) {
    long start = System.currentTimeMillis();
    log.info("WSDL: reschedualeTrigger(" + token + ", " + trigger.getAlias() + ")");
    // Update all beans.
    ISession session = onecmdb.getSession(token);
    if (session == null) {
        throw new SecurityException("No Session found! Try to do auth() first!");
    }/*from ww w  .ja  v  a  2s . c  o m*/
    ICi ci = getICI(session, trigger);

    IJobService jobSvc = (IJobService) session.getService(IJobService.class);

    jobSvc.reschedualeTrigger(session, ci);
    long stop = System.currentTimeMillis();
    log.info("WSDL: {" + (stop - start) + "} reschedualeTrigger(" + token + ", " + trigger.getAlias() + ")");
}

From source file:org.apereo.portal.portlets.portletadmin.PortletAdministrationHelper.java

/**
 * Delete the portlet with the given portlet ID.
 *
 * @param person the person removing the portlet
 * @param form// w  ww.jav a 2s .  c o  m
 */
public void removePortletRegistration(IPerson person, PortletDefinitionForm form) {

    /* TODO:  Service-Layer Security Reboot (great need of refactoring with a community-approved plan in place) */
    // Arguably a check here is redundant since -- in the current
    // portlet-manager webflow -- you can't get to this point in the
    // conversation with out first obtaining a PortletDefinitionForm;  but
    // it makes sense to check permissions here as well since the route(s)
    // to reach this method could evolve in the future.

    // Let's enforce the policy that you may only delete a portlet thet's
    // currently in a lifecycle state you have permission to MANAGE.
    // (They're hierarchical.)
    if (!hasLifecyclePermission(person, form.getLifecycleState(), form.getCategories())) {
        logger.warn("User '" + person.getUserName() + "' attempted to remove portlet '" + form.getFname()
                + "' without the proper MANAGE permission");
        throw new SecurityException("Not Authorized");
    }

    IPortletDefinition def = portletDefinitionRegistry.getPortletDefinition(form.getId());
    /*
     * It's very important to remove portlets via the portletPublishingService
     * because that API cleans up details like category memberships and permissions.
     */
    portletPublishingService.removePortletDefinition(def, person);

}

From source file:com.auditbucket.engine.service.TrackService.java

private MetaHeader getValidHeader(String headerKey, boolean inflate) throws DatagioException {
    MetaHeader header = trackDao.findHeader(headerKey, inflate);
    if (header == null) {
        throw new DatagioException("No metaHeader for [" + headerKey + "]");
    }/*from ww  w.  j a  v a 2  s .co  m*/
    String userName = securityHelper.getLoggedInUser();
    SystemUser sysUser = sysUserService.findByName(userName);

    if (!header.getFortress().getCompany().getId().equals(sysUser.getCompany().getId())) {
        throw new SecurityException("Not authorised to work with this meta data");
    }
    return header;

}

From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java

public IJobStartResult startJob(String token, CiBean job) {
    long start = System.currentTimeMillis();
    log.info("WSDL: startJob(" + token + ", " + job.getAlias() + ")");
    // Update all beans.
    ISession session = onecmdb.getSession(token);
    if (session == null) {
        throw new SecurityException("No Session found! Try to do auth() first!");
    }// ww w .  j  a  va 2 s. co m
    ICi ci = getICI(session, job);

    IJobService jobSvc = (IJobService) session.getService(IJobService.class);

    IJobStartResult result = jobSvc.startJob(session, ci);
    long stop = System.currentTimeMillis();
    log.info("WSDL: {" + (stop - start) + "} startJob(" + token + ", " + job.getAlias() + ")=" + result);

    return (result);
}

From source file:org.fao.geonet.api.records.MetadataInsertDeleteApi.java

@ApiOperation(value = "Create a new record", notes = "Create a record from a template or by copying an existing record."
        + "Return the UUID of the newly created record. Existing links in the "
        + "source record are preserved, this means that the new record may "
        + "contains link to the source attachements. They need to be manually "
        + "updated after creation.", nickname = "create")
@RequestMapping(value = "/duplicate", method = { RequestMethod.PUT }, produces = {
        MediaType.APPLICATION_JSON_VALUE }, consumes = { MediaType.APPLICATION_JSON_VALUE })
@ApiResponses(value = {//  w  ww . j  ava 2  s  .  c om
        @ApiResponse(code = 201, message = "Return the internal id of the newly created record."),
        @ApiResponse(code = 403, message = ApiParams.API_RESPONSE_NOT_ALLOWED_ONLY_EDITOR) })
@PreAuthorize("hasRole('Editor')")
@ResponseStatus(HttpStatus.CREATED)
public @ResponseBody String create(
        @ApiParam(value = API_PARAM_RECORD_TYPE, required = false, defaultValue = "METADATA") @RequestParam(required = false, defaultValue = "METADATA") final MetadataType metadataType,
        @ApiParam(value = "UUID of the source record to copy.", required = true) @RequestParam(required = true) String sourceUuid,
        @ApiParam(value = "Assign a custom UUID. If this UUID already exist an error is returned. "
                + "This is enabled only if metadata create / generate UUID settings is activated.", required = false) @RequestParam(required = false) String targetUuid,
        @ApiParam(value = API_PARAP_RECORD_GROUP, required = true) @RequestParam(required = true) final String group,
        @ApiParam(value = "Is published to all user group members? "
                + "If not, only the author and administrator can edit the record.", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false")
        // TODO: Would be more flexible to add a privilege object ?
        final boolean isVisibleByAllGroupMembers,
        @ApiParam(value = API_PARAM_RECORD_TAGS, required = false) @RequestParam(required = false) final String[] category,
        @ApiParam(value = "Copy categories from source?", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false") final boolean hasCategoryOfSource,
        @ApiParam(value = "Is child of the record to copy?", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false") final boolean isChildOfSource,
        @ApiIgnore @ApiParam(hidden = true) HttpSession httpSession, HttpServletRequest request)
        throws Exception {

    AbstractMetadata sourceMetadata = ApiUtils.getRecord(sourceUuid);
    ApplicationContext applicationContext = ApplicationContextHolder.get();

    SettingManager sm = applicationContext.getBean(SettingManager.class);
    boolean generateUuid = sm.getValueAsBool(Settings.SYSTEM_METADATACREATE_GENERATE_UUID);

    // User assigned uuid: check if already exists
    String metadataUuid = null;
    if (generateUuid) {
        metadataUuid = UUID.randomUUID().toString();
    } else {
        if (StringUtils.isEmpty(targetUuid)) {
            // Create a random UUID
            metadataUuid = UUID.randomUUID().toString();
        } else {
            // Check if the UUID exists
            try {
                AbstractMetadata checkRecord = ApiUtils.getRecord(targetUuid);
                if (checkRecord != null) {
                    throw new BadParameterEx(String.format(
                            "You can't create a new record with the UUID '%s' because a record already exist with this UUID.",
                            targetUuid), targetUuid);
                }
            } catch (ResourceNotFoundException e) {
                // Ignore. Ok to create a new record with the requested UUID.
            }

            metadataUuid = targetUuid;
        }
    }

    // TODO : Check user can create a metadata in that group
    UserSession user = ApiUtils.getUserSession(httpSession);
    if (user.getProfile() != Profile.Administrator) {
        final Specifications<UserGroup> spec = where(UserGroupSpecs.hasProfile(Profile.Editor))
                .and(UserGroupSpecs.hasUserId(user.getUserIdAsInt()))
                .and(UserGroupSpecs.hasGroupId(Integer.valueOf(group)));

        final List<UserGroup> userGroups = applicationContext.getBean(UserGroupRepository.class).findAll(spec);

        if (userGroups.size() == 0) {
            throw new SecurityException(String
                    .format("You can't create a record in this group. User MUST be an Editor in that group"));
        }
    }

    DataManager dataManager = applicationContext.getBean(DataManager.class);
    ServiceContext context = ApiUtils.createServiceContext(request);
    String newId = dataManager.createMetadata(context, String.valueOf(sourceMetadata.getId()), group,
            sm.getSiteId(), context.getUserSession().getUserIdAsInt(),
            isChildOfSource ? sourceMetadata.getUuid() : null, metadataType.toString(),
            isVisibleByAllGroupMembers, metadataUuid);

    triggerCreationEvent(request, newId);

    dataManager.activateWorkflowIfConfigured(context, newId, group);

    try {
        copyDataDir(context, sourceMetadata.getId(), newId, Params.Access.PUBLIC);
        copyDataDir(context, sourceMetadata.getId(), newId, Params.Access.PRIVATE);
    } catch (IOException e) {
        Log.warning(Geonet.DATA_MANAGER,
                String.format("Error while copying metadata resources. Error is %s. "
                        + "Metadata is created but without resources from the source record with id '%d':",
                        e.getMessage(), newId));
    }
    if (hasCategoryOfSource) {
        final Collection<MetadataCategory> categories = dataManager.getCategories(sourceMetadata.getId() + "");
        try {
            for (MetadataCategory c : categories) {
                dataManager.setCategory(context, newId, c.getId() + "");
            }
        } catch (Exception e) {
            Log.warning(Geonet.DATA_MANAGER,
                    String.format("Error while copying source record category to new record. Error is %s. "
                            + "Metadata is created but without the categories from the source record with id '%d':",
                            e.getMessage(), newId));
        }
    }

    if (category != null && category.length > 0) {
        try {
            for (String c : category) {
                dataManager.setCategory(context, newId, c);
            }
        } catch (Exception e) {
            Log.warning(Geonet.DATA_MANAGER,
                    String.format(
                            "Error while setting record category to new record. Error is %s. "
                                    + "Metadata is created but without the requested categories.",
                            e.getMessage(), newId));
        }
    }

    return newId;
}

From source file:org.opensaml.xml.security.SecurityHelper.java

/**
 * Build an instance of {@link KeyEncryptionParameters} suitable for passing to an {@link Encrypter}.
 * //  w w  w.  jav a2 s .c om
 * <p>
 * The following parameter values will be added:
 * <ul>
 * <li>the key encryption credential</li>
 * <li>key transport encryption algorithm URI</li>
 * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element
 * from the key encryption credential</li>
 * <li>intended recipient of the resultant encrypted key (optional)</li>
 * </ul>
 * </p>
 * 
 * <p>
 * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not
 * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
 * used.
 * </p>
 * 
 * <p>
 * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value
 * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used.
 * </p>
 * 
 * <p>
 * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security
 * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager
 * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()})
 * of the security configuration's named generator manager will be used.
 * </p>
 * 
 * @param encryptionCredential the credential with which the key will be encrypted
 * @param wrappedKeyAlgorithm the JCA key algorithm name of the key to be encrypted (may be null)
 * @param config the SecurityConfiguration to use (may be null)
 * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
 * @param recipient the intended recipient of the resultant encrypted key, typically the owner of the key encryption
 *            key (may be null)
 * @return a new instance of KeyEncryptionParameters
 * @throws SecurityException if encryption credential is not supplied
 * 
 */
public static KeyEncryptionParameters buildKeyEncryptionParams(Credential encryptionCredential,
        String wrappedKeyAlgorithm, SecurityConfiguration config, String keyInfoGenName, String recipient)
        throws SecurityException {

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
    kekParams.setEncryptionCredential(encryptionCredential);

    if (encryptionCredential == null) {
        throw new SecurityException("Key encryption credential may not be null");
    }

    kekParams.setAlgorithm(
            secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm));

    KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName);
    if (kiGenerator != null) {
        kekParams.setKeyInfoGenerator(kiGenerator);
    } else {
        log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName,
                encryptionCredential.getCredentialType().getName());
        log.info("No KeyInfo will be generated for EncryptedKey");
    }

    kekParams.setRecipient(recipient);

    return kekParams;
}

From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java

public String getUpdateInfo(String token, boolean force) {
    long start = System.currentTimeMillis();
    log.info("WSDL: getUpdateInfo(" + token + ", " + force + ")");
    // Update all beans.
    ISession session = onecmdb.getSession(token);
    if (session == null) {
        throw new SecurityException("No Session found! Try to do auth() first!");
    }//from  w  ww.  ja va  2  s .  com
    IUpdateService updSvc = (IUpdateService) session.getService(IUpdateService.class);

    if (updSvc == null) {
        log.info("WSDL: getUpdateInfo(" + token + "," + force + ") - Service not available!");
        return (null);
    }
    if (force) {
        updSvc.checkForUpdate();
    }
    String result = updSvc.getLatestUpdateInfo();
    log.info("WSDL: getUpdateInfo(" + token + "," + force + ")=" + result);
    return (result);
}

From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java

/**
 * This returns an item based on an id if the user is allowed to access it
 * @param id the id of the item to fetch
 * @return a ClickerRegistration or null if none found
 * @throws SecurityException if the current user cannot access this item
 *//*  w ww. j a  va  2  s .c o  m*/
public ClickerRegistration getItemById(Long id) {
    log.debug("Getting item by id: " + id);
    ClickerRegistration item = dao.findById(ClickerRegistration.class, id);
    if (item != null) {
        if (!canReadItem(item, externalLogic.getCurrentUserId())) {
            throw new SecurityException("User (" + externalLogic.getCurrentUserId()
                    + ") not allowed to access registration (" + item + ")");
        }
    }
    return item;
}

From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java

public boolean isUpdateAvailable(String token, boolean force) {
    long start = System.currentTimeMillis();
    log.info("WSDL: isUpdateAvailable(" + token + ", " + force + ")");
    // Update all beans.
    ISession session = onecmdb.getSession(token);
    if (session == null) {
        throw new SecurityException("No Session found! Try to do auth() first!");
    }/*from  w  ww  . j  av a  2s  .  c o m*/
    IUpdateService updSvc = (IUpdateService) session.getService(IUpdateService.class);

    if (updSvc == null) {
        log.info("WSDL: isUpdateAvailable(" + token + "," + force + ") - Service not available!");
        return (false);
    }
    if (force) {
        updSvc.checkForUpdate();
    }
    boolean result = updSvc.isUpdateAvaliable();
    log.info("WSDL: getUpdateInfo(" + token + "," + force + ")=" + result);
    return (result);
}

From source file:org.getlantern.firetweet.provider.FiretweetDataProvider.java

private void checkReadPermission(final int id, final String table, final String[] projection) {
    switch (id) {
    case VIRTUAL_TABLE_ID_PREFERENCES:
    case VIRTUAL_TABLE_ID_DNS: {
        if (!checkPermission(PERMISSION_PREFERENCES))
            throw new SecurityException("Access preferences requires level PERMISSION_LEVEL_PREFERENCES");
        break;/*w  ww  .  ja v a 2s.c o  m*/
    }
    case TABLE_ID_ACCOUNTS: {
        // Reading some infomation like user_id, screen_name etc is
        // okay, but reading columns like password requires higher
        // permission level.
        final String[] credentialsCols = { Accounts.BASIC_AUTH_PASSWORD, Accounts.OAUTH_TOKEN,
                Accounts.OAUTH_TOKEN_SECRET, Accounts.CONSUMER_KEY, Accounts.CONSUMER_SECRET };
        if (projection == null || FiretweetArrayUtils.contains(projection, credentialsCols)
                && !checkPermission(PERMISSION_ACCOUNTS))
            throw new SecurityException("Access column " + FiretweetArrayUtils.toString(projection, ',', true)
                    + " in database accounts requires level PERMISSION_LEVEL_ACCOUNTS");
        if (!checkPermission(PERMISSION_READ))
            throw new SecurityException("Access database " + table + " requires level PERMISSION_LEVEL_READ");
        break;
    }
    case TABLE_ID_DIRECT_MESSAGES:
    case TABLE_ID_DIRECT_MESSAGES_INBOX:
    case TABLE_ID_DIRECT_MESSAGES_OUTBOX:
    case TABLE_ID_DIRECT_MESSAGES_CONVERSATION:
    case TABLE_ID_DIRECT_MESSAGES_CONVERSATION_SCREEN_NAME:
    case TABLE_ID_DIRECT_MESSAGES_CONVERSATIONS_ENTRIES: {
        if (!checkPermission(PERMISSION_DIRECT_MESSAGES))
            throw new SecurityException(
                    "Access database " + table + " requires level PERMISSION_LEVEL_DIRECT_MESSAGES");
        break;
    }
    case TABLE_ID_STATUSES:
    case TABLE_ID_MENTIONS:
    case TABLE_ID_TABS:
    case TABLE_ID_DRAFTS:
    case TABLE_ID_CACHED_USERS:
    case TABLE_ID_FILTERED_USERS:
    case TABLE_ID_FILTERED_KEYWORDS:
    case TABLE_ID_FILTERED_SOURCES:
    case TABLE_ID_FILTERED_LINKS:
    case TABLE_ID_TRENDS_LOCAL:
    case TABLE_ID_CACHED_STATUSES:
    case TABLE_ID_CACHED_HASHTAGS: {
        if (!checkPermission(PERMISSION_READ))
            throw new SecurityException("Access database " + table + " requires level PERMISSION_LEVEL_READ");
        break;
    }
    }
}