List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java
public void reschedualeTrigger(String token, CiBean trigger) { long start = System.currentTimeMillis(); log.info("WSDL: reschedualeTrigger(" + token + ", " + trigger.getAlias() + ")"); // Update all beans. ISession session = onecmdb.getSession(token); if (session == null) { throw new SecurityException("No Session found! Try to do auth() first!"); }/*from ww w .ja v a 2s . c o m*/ ICi ci = getICI(session, trigger); IJobService jobSvc = (IJobService) session.getService(IJobService.class); jobSvc.reschedualeTrigger(session, ci); long stop = System.currentTimeMillis(); log.info("WSDL: {" + (stop - start) + "} reschedualeTrigger(" + token + ", " + trigger.getAlias() + ")"); }
From source file:org.apereo.portal.portlets.portletadmin.PortletAdministrationHelper.java
/** * Delete the portlet with the given portlet ID. * * @param person the person removing the portlet * @param form// w ww.jav a 2s . c o m */ public void removePortletRegistration(IPerson person, PortletDefinitionForm form) { /* TODO: Service-Layer Security Reboot (great need of refactoring with a community-approved plan in place) */ // Arguably a check here is redundant since -- in the current // portlet-manager webflow -- you can't get to this point in the // conversation with out first obtaining a PortletDefinitionForm; but // it makes sense to check permissions here as well since the route(s) // to reach this method could evolve in the future. // Let's enforce the policy that you may only delete a portlet thet's // currently in a lifecycle state you have permission to MANAGE. // (They're hierarchical.) if (!hasLifecyclePermission(person, form.getLifecycleState(), form.getCategories())) { logger.warn("User '" + person.getUserName() + "' attempted to remove portlet '" + form.getFname() + "' without the proper MANAGE permission"); throw new SecurityException("Not Authorized"); } IPortletDefinition def = portletDefinitionRegistry.getPortletDefinition(form.getId()); /* * It's very important to remove portlets via the portletPublishingService * because that API cleans up details like category memberships and permissions. */ portletPublishingService.removePortletDefinition(def, person); }
From source file:com.auditbucket.engine.service.TrackService.java
private MetaHeader getValidHeader(String headerKey, boolean inflate) throws DatagioException { MetaHeader header = trackDao.findHeader(headerKey, inflate); if (header == null) { throw new DatagioException("No metaHeader for [" + headerKey + "]"); }/*from ww w. j a v a 2 s .co m*/ String userName = securityHelper.getLoggedInUser(); SystemUser sysUser = sysUserService.findByName(userName); if (!header.getFortress().getCompany().getId().equals(sysUser.getCompany().getId())) { throw new SecurityException("Not authorised to work with this meta data"); } return header; }
From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java
public IJobStartResult startJob(String token, CiBean job) { long start = System.currentTimeMillis(); log.info("WSDL: startJob(" + token + ", " + job.getAlias() + ")"); // Update all beans. ISession session = onecmdb.getSession(token); if (session == null) { throw new SecurityException("No Session found! Try to do auth() first!"); }// ww w . j a va 2 s. co m ICi ci = getICI(session, job); IJobService jobSvc = (IJobService) session.getService(IJobService.class); IJobStartResult result = jobSvc.startJob(session, ci); long stop = System.currentTimeMillis(); log.info("WSDL: {" + (stop - start) + "} startJob(" + token + ", " + job.getAlias() + ")=" + result); return (result); }
From source file:org.fao.geonet.api.records.MetadataInsertDeleteApi.java
@ApiOperation(value = "Create a new record", notes = "Create a record from a template or by copying an existing record." + "Return the UUID of the newly created record. Existing links in the " + "source record are preserved, this means that the new record may " + "contains link to the source attachements. They need to be manually " + "updated after creation.", nickname = "create") @RequestMapping(value = "/duplicate", method = { RequestMethod.PUT }, produces = { MediaType.APPLICATION_JSON_VALUE }, consumes = { MediaType.APPLICATION_JSON_VALUE }) @ApiResponses(value = {// w ww . j ava 2 s . c om @ApiResponse(code = 201, message = "Return the internal id of the newly created record."), @ApiResponse(code = 403, message = ApiParams.API_RESPONSE_NOT_ALLOWED_ONLY_EDITOR) }) @PreAuthorize("hasRole('Editor')") @ResponseStatus(HttpStatus.CREATED) public @ResponseBody String create( @ApiParam(value = API_PARAM_RECORD_TYPE, required = false, defaultValue = "METADATA") @RequestParam(required = false, defaultValue = "METADATA") final MetadataType metadataType, @ApiParam(value = "UUID of the source record to copy.", required = true) @RequestParam(required = true) String sourceUuid, @ApiParam(value = "Assign a custom UUID. If this UUID already exist an error is returned. " + "This is enabled only if metadata create / generate UUID settings is activated.", required = false) @RequestParam(required = false) String targetUuid, @ApiParam(value = API_PARAP_RECORD_GROUP, required = true) @RequestParam(required = true) final String group, @ApiParam(value = "Is published to all user group members? " + "If not, only the author and administrator can edit the record.", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false") // TODO: Would be more flexible to add a privilege object ? final boolean isVisibleByAllGroupMembers, @ApiParam(value = API_PARAM_RECORD_TAGS, required = false) @RequestParam(required = false) final String[] category, @ApiParam(value = "Copy categories from source?", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false") final boolean hasCategoryOfSource, @ApiParam(value = "Is child of the record to copy?", required = false, defaultValue = "false") @RequestParam(required = false, defaultValue = "false") final boolean isChildOfSource, @ApiIgnore @ApiParam(hidden = true) HttpSession httpSession, HttpServletRequest request) throws Exception { AbstractMetadata sourceMetadata = ApiUtils.getRecord(sourceUuid); ApplicationContext applicationContext = ApplicationContextHolder.get(); SettingManager sm = applicationContext.getBean(SettingManager.class); boolean generateUuid = sm.getValueAsBool(Settings.SYSTEM_METADATACREATE_GENERATE_UUID); // User assigned uuid: check if already exists String metadataUuid = null; if (generateUuid) { metadataUuid = UUID.randomUUID().toString(); } else { if (StringUtils.isEmpty(targetUuid)) { // Create a random UUID metadataUuid = UUID.randomUUID().toString(); } else { // Check if the UUID exists try { AbstractMetadata checkRecord = ApiUtils.getRecord(targetUuid); if (checkRecord != null) { throw new BadParameterEx(String.format( "You can't create a new record with the UUID '%s' because a record already exist with this UUID.", targetUuid), targetUuid); } } catch (ResourceNotFoundException e) { // Ignore. Ok to create a new record with the requested UUID. } metadataUuid = targetUuid; } } // TODO : Check user can create a metadata in that group UserSession user = ApiUtils.getUserSession(httpSession); if (user.getProfile() != Profile.Administrator) { final Specifications<UserGroup> spec = where(UserGroupSpecs.hasProfile(Profile.Editor)) .and(UserGroupSpecs.hasUserId(user.getUserIdAsInt())) .and(UserGroupSpecs.hasGroupId(Integer.valueOf(group))); final List<UserGroup> userGroups = applicationContext.getBean(UserGroupRepository.class).findAll(spec); if (userGroups.size() == 0) { throw new SecurityException(String .format("You can't create a record in this group. User MUST be an Editor in that group")); } } DataManager dataManager = applicationContext.getBean(DataManager.class); ServiceContext context = ApiUtils.createServiceContext(request); String newId = dataManager.createMetadata(context, String.valueOf(sourceMetadata.getId()), group, sm.getSiteId(), context.getUserSession().getUserIdAsInt(), isChildOfSource ? sourceMetadata.getUuid() : null, metadataType.toString(), isVisibleByAllGroupMembers, metadataUuid); triggerCreationEvent(request, newId); dataManager.activateWorkflowIfConfigured(context, newId, group); try { copyDataDir(context, sourceMetadata.getId(), newId, Params.Access.PUBLIC); copyDataDir(context, sourceMetadata.getId(), newId, Params.Access.PRIVATE); } catch (IOException e) { Log.warning(Geonet.DATA_MANAGER, String.format("Error while copying metadata resources. Error is %s. " + "Metadata is created but without resources from the source record with id '%d':", e.getMessage(), newId)); } if (hasCategoryOfSource) { final Collection<MetadataCategory> categories = dataManager.getCategories(sourceMetadata.getId() + ""); try { for (MetadataCategory c : categories) { dataManager.setCategory(context, newId, c.getId() + ""); } } catch (Exception e) { Log.warning(Geonet.DATA_MANAGER, String.format("Error while copying source record category to new record. Error is %s. " + "Metadata is created but without the categories from the source record with id '%d':", e.getMessage(), newId)); } } if (category != null && category.length > 0) { try { for (String c : category) { dataManager.setCategory(context, newId, c); } } catch (Exception e) { Log.warning(Geonet.DATA_MANAGER, String.format( "Error while setting record category to new record. Error is %s. " + "Metadata is created but without the requested categories.", e.getMessage(), newId)); } } return newId; }
From source file:org.opensaml.xml.security.SecurityHelper.java
/** * Build an instance of {@link KeyEncryptionParameters} suitable for passing to an {@link Encrypter}. * // w w w. jav a2 s .c om * <p> * The following parameter values will be added: * <ul> * <li>the key encryption credential</li> * <li>key transport encryption algorithm URI</li> * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element * from the key encryption credential</li> * <li>intended recipient of the resultant encrypted key (optional)</li> * </ul> * </p> * * <p> * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be * used. * </p> * * <p> * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used. * </p> * * <p> * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()}) * of the security configuration's named generator manager will be used. * </p> * * @param encryptionCredential the credential with which the key will be encrypted * @param wrappedKeyAlgorithm the JCA key algorithm name of the key to be encrypted (may be null) * @param config the SecurityConfiguration to use (may be null) * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null) * @param recipient the intended recipient of the resultant encrypted key, typically the owner of the key encryption * key (may be null) * @return a new instance of KeyEncryptionParameters * @throws SecurityException if encryption credential is not supplied * */ public static KeyEncryptionParameters buildKeyEncryptionParams(Credential encryptionCredential, String wrappedKeyAlgorithm, SecurityConfiguration config, String keyInfoGenName, String recipient) throws SecurityException { SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(encryptionCredential); if (encryptionCredential == null) { throw new SecurityException("Key encryption credential may not be null"); } kekParams.setAlgorithm( secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { kekParams.setKeyInfoGenerator(kiGenerator); } else { log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName, encryptionCredential.getCredentialType().getName()); log.info("No KeyInfo will be generated for EncryptedKey"); } kekParams.setRecipient(recipient); return kekParams; }
From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java
public String getUpdateInfo(String token, boolean force) { long start = System.currentTimeMillis(); log.info("WSDL: getUpdateInfo(" + token + ", " + force + ")"); // Update all beans. ISession session = onecmdb.getSession(token); if (session == null) { throw new SecurityException("No Session found! Try to do auth() first!"); }//from w ww. ja va 2 s . com IUpdateService updSvc = (IUpdateService) session.getService(IUpdateService.class); if (updSvc == null) { log.info("WSDL: getUpdateInfo(" + token + "," + force + ") - Service not available!"); return (null); } if (force) { updSvc.checkForUpdate(); } String result = updSvc.getLatestUpdateInfo(); log.info("WSDL: getUpdateInfo(" + token + "," + force + ")=" + result); return (result); }
From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java
/** * This returns an item based on an id if the user is allowed to access it * @param id the id of the item to fetch * @return a ClickerRegistration or null if none found * @throws SecurityException if the current user cannot access this item *//* w ww. j a va 2 s .c o m*/ public ClickerRegistration getItemById(Long id) { log.debug("Getting item by id: " + id); ClickerRegistration item = dao.findById(ClickerRegistration.class, id); if (item != null) { if (!canReadItem(item, externalLogic.getCurrentUserId())) { throw new SecurityException("User (" + externalLogic.getCurrentUserId() + ") not allowed to access registration (" + item + ")"); } } return item; }
From source file:org.onecmdb.core.utils.wsdl.OneCMDBWebServiceImpl.java
public boolean isUpdateAvailable(String token, boolean force) { long start = System.currentTimeMillis(); log.info("WSDL: isUpdateAvailable(" + token + ", " + force + ")"); // Update all beans. ISession session = onecmdb.getSession(token); if (session == null) { throw new SecurityException("No Session found! Try to do auth() first!"); }/*from w ww . j av a 2s . c o m*/ IUpdateService updSvc = (IUpdateService) session.getService(IUpdateService.class); if (updSvc == null) { log.info("WSDL: isUpdateAvailable(" + token + "," + force + ") - Service not available!"); return (false); } if (force) { updSvc.checkForUpdate(); } boolean result = updSvc.isUpdateAvaliable(); log.info("WSDL: getUpdateInfo(" + token + "," + force + ")=" + result); return (result); }
From source file:org.getlantern.firetweet.provider.FiretweetDataProvider.java
private void checkReadPermission(final int id, final String table, final String[] projection) { switch (id) { case VIRTUAL_TABLE_ID_PREFERENCES: case VIRTUAL_TABLE_ID_DNS: { if (!checkPermission(PERMISSION_PREFERENCES)) throw new SecurityException("Access preferences requires level PERMISSION_LEVEL_PREFERENCES"); break;/*w ww . ja v a 2s.c o m*/ } case TABLE_ID_ACCOUNTS: { // Reading some infomation like user_id, screen_name etc is // okay, but reading columns like password requires higher // permission level. final String[] credentialsCols = { Accounts.BASIC_AUTH_PASSWORD, Accounts.OAUTH_TOKEN, Accounts.OAUTH_TOKEN_SECRET, Accounts.CONSUMER_KEY, Accounts.CONSUMER_SECRET }; if (projection == null || FiretweetArrayUtils.contains(projection, credentialsCols) && !checkPermission(PERMISSION_ACCOUNTS)) throw new SecurityException("Access column " + FiretweetArrayUtils.toString(projection, ',', true) + " in database accounts requires level PERMISSION_LEVEL_ACCOUNTS"); if (!checkPermission(PERMISSION_READ)) throw new SecurityException("Access database " + table + " requires level PERMISSION_LEVEL_READ"); break; } case TABLE_ID_DIRECT_MESSAGES: case TABLE_ID_DIRECT_MESSAGES_INBOX: case TABLE_ID_DIRECT_MESSAGES_OUTBOX: case TABLE_ID_DIRECT_MESSAGES_CONVERSATION: case TABLE_ID_DIRECT_MESSAGES_CONVERSATION_SCREEN_NAME: case TABLE_ID_DIRECT_MESSAGES_CONVERSATIONS_ENTRIES: { if (!checkPermission(PERMISSION_DIRECT_MESSAGES)) throw new SecurityException( "Access database " + table + " requires level PERMISSION_LEVEL_DIRECT_MESSAGES"); break; } case TABLE_ID_STATUSES: case TABLE_ID_MENTIONS: case TABLE_ID_TABS: case TABLE_ID_DRAFTS: case TABLE_ID_CACHED_USERS: case TABLE_ID_FILTERED_USERS: case TABLE_ID_FILTERED_KEYWORDS: case TABLE_ID_FILTERED_SOURCES: case TABLE_ID_FILTERED_LINKS: case TABLE_ID_TRENDS_LOCAL: case TABLE_ID_CACHED_STATUSES: case TABLE_ID_CACHED_HASHTAGS: { if (!checkPermission(PERMISSION_READ)) throw new SecurityException("Access database " + table + " requires level PERMISSION_LEVEL_READ"); break; } } }