List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java
/** * Remove an item//from w w w . j a v a2 s .c o m * NOTE: only admins can fully remove a registration * @param item the ClickerRegistration to remove * @throws SecurityException if the user not allowed to remove the registration */ public void removeItem(ClickerRegistration item) { log.debug("In removeItem with item:" + item); // check if current user can remove this item if (externalLogic.isUserAdmin(externalLogic.getCurrentUserId())) { dao.delete(item); log.info("Removing clicker registration: " + item); } else { throw new SecurityException("Current user cannot remove registration " + item + " because they do not have permission, only admins can remove"); } }
From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java
/** * Sets the given task as viewed, if the user has the required permissions * therefor.// w w w . j ava2s. co m * * @param taskId * The TaskId, from which task the Status should be changed to * Constants.TASK_STATUS_VIEWED * * @see de.juwimm.cms.remote.UserServiceSpring#setTaskViewed(java.lang.Integer) */ @Override protected void handleSetTaskViewed(Integer taskId) throws Exception { try { UserHbm user = null; TaskHbm task = null; user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); task = super.getTaskHbmDao().load(taskId); if (task != null) { if (!!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !!getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { throw new SecurityException("User is not responsible to change this Task. RECEIVER:" + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } task.setStatus(Constants.TASK_STATUS_VIEWED); } } catch (Exception e) { throw new UserException(e.getMessage()); } }
From source file:com.evolveum.midpoint.testing.conntest.AbstractLdapTest.java
protected LdapNetworkConnection ldapConnect(String bindDn, String bindPassword) throws LdapException { LOGGER.trace("LDAP connect to {}:{} as {}", getLdapServerHost(), getLdapServerPort(), bindDn); LdapConnectionConfig config = new LdapConnectionConfig(); config.setLdapHost(getLdapServerHost()); config.setLdapPort(getLdapServerPort()); if (useSsl()) { config.setUseSsl(true);// ww w .ja va 2 s . co m TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }; config.setTrustManagers(trustManager); } config.setBinaryAttributeDetector(binaryAttributeDetector); LdapNetworkConnection connection = new LdapNetworkConnection(config); boolean connected = connection.connect(); if (!connected) { AssertJUnit.fail("Cannot connect to LDAP server " + getLdapServerHost() + ":" + getLdapServerPort()); } LOGGER.trace("LDAP connected to {}:{}, executing bind as {}", getLdapServerHost(), getLdapServerPort(), bindDn); BindRequest bindRequest = new BindRequestImpl(); bindRequest.setDn(new Dn(bindDn)); bindRequest.setCredentials(bindPassword); bindRequest.setSimple(true); BindResponse bindResponse = connection.bind(bindRequest); if (bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) { throw new SecurityException( "Bind as " + bindDn + " failed: " + bindResponse.getLdapResult().getDiagnosticMessage() + " (" + bindResponse.getLdapResult().getResultCode() + ")"); } LOGGER.trace("LDAP connected to {}:{}, bound as {}", getLdapServerHost(), getLdapServerPort(), bindDn); return connection; }
From source file:com.thebuzzmedia.exiftool.ExifToolNew3.java
@Override public <T> void addImageMetadata(File image, Map<T, Object> values) throws IOException { // public void addImageMetadata(File image, Map<Tag, Object> values) // throws IOException { if (image == null) { throw new IllegalArgumentException("image cannot be null and must be a valid stream of image data."); }/*from www.j av a 2s . c o m*/ if (values == null || values.isEmpty()) { throw new IllegalArgumentException( "values cannot be null and must contain 1 or more tag to value mappings"); } if (!image.canWrite()) { throw new SecurityException("Unable to write the given image [" + image.getAbsolutePath() + "], ensure that the image exists at the given path and that the executing Java process has permissions to write to it."); } LOG.info("Adding Tags {} to {}", values, image.getAbsolutePath()); // start process long startTime = System.currentTimeMillis(); execute(null, image, values); // Print out how long the call to external ExifToolNew3 process took. if (LOG.isDebugEnabled()) { LOG.debug(String.format("Image Meta Processed in %d ms [added %d tags]", (System.currentTimeMillis() - startTime), values.size())); } }
From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java
/** * Save (Create or Update) an item (uses the current site) * @param item the ClickerRegistration to create or update * @throws IllegalArgumentException if the item is null OR the owner id is not a valid user * @throws SecurityException if the user cannot save the registration for lack of perms * @throws ClickerIdInvalidException if the clicker ID is invalid for some reason, * the exception will indicate the type of validation failure *//* w w w. j a va2 s .co m*/ public void saveItem(ClickerRegistration item) { log.debug("In saveItem with item:" + item); if (item == null) { throw new IllegalArgumentException("item cannot be null"); } String clickerId = StringUtils.trimToNull(item.getClickerId()); if (item.isActivated() || clickerId == null) { // only validate when activating or clearly invalid clickerId = validateClickerId(item.getClickerId()); } item.setClickerId(clickerId); // set the owner to current if not set if (item.getOwnerId() == null) { item.setOwnerId(externalLogic.getCurrentUserId()); } else { // check for valid user id User u = externalLogic.getUser(item.getOwnerId()); if (u == null) { throw new IllegalArgumentException( "user id (" + item.getOwnerId() + ") is invalid (cannot match to user)"); } } Date now = new Date(); if (item.getDateCreated() == null) { item.setDateCreated(now); } item.setDateModified(now); // save item if new OR check if the current user can update the existing item if ((item.getId() == null) || canWriteItem(item, externalLogic.getCurrentUserId())) { dao.save(item); log.info("Saving clicker registration: " + item); } else { throw new SecurityException( "Current user cannot update item " + item.getId() + " because they do not have permission"); } }
From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java
/** * Updates a User.<br>/*w w w . j a va 2 s .co m*/ * For security reasons, only the following fields are updated: * <ul> * <li>FirstName</li> * <li>LastName</li> * <li>EMail</li> * <li>ConfigXML (only if parameter is not null and not empty)</li> * </ul> * <b>SECURITY INFORMATION:</b> Available only to: <i>changeUser, * siteRoot</i> * * @param userValue * UserValue Object representing the user * * @see de.juwimm.cms.remote.UserServiceSpring#updateUser(de.juwimm.cms.authorization.vo.UserValue) */ @Override protected void handleUpdateUser(UserValue userValue) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userValue.getUserName()); if (user != null) { if (this.hasRightsForChangeUser(user)) { user.setFirstName(userValue.getFirstName()); user.setLastName(userValue.getLastName()); user.setEmail(userValue.getEmail()); if (userValue.getConfigXML() != null && !userValue.getConfigXML().equals("")) { user.setConfigXML(userValue.getConfigXML()); } this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userValue.getUserName() + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } }
From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java
/** * Creates a new clicker remote registration in the system, * will push the registration to national as well * //from w w w . j a v a 2 s.co m * @param clickerId the clicker remote ID * @param ownerId the owner of this registration * @return the registration * @throws ClickerIdInvalidException if the clicker ID is invalid for some reason, * the exception will indicate the type of validation failure * @throws ClickerRegisteredException if the clickerId is already registered * @throws IllegalArgumentException if the owner id is not a valid user * @throws SecurityException if the user cannot save the registration for lacks of perms */ public ClickerRegistration createRegistration(String clickerId, String ownerId) { clickerId = validateClickerId(clickerId); String currentUserId = externalLogic.getCurrentUserId(); if (currentUserId == null) { throw new SecurityException("user must be logged in"); } String userId = ownerId; if (ownerId == null || "".equals(ownerId)) { userId = currentUserId; } ClickerRegistration registration = getItemByClickerId(clickerId, userId); // NOTE: we probably want to check the national system here to see if this is already registered if (registration != null) { if (registration.getOwnerId().equals(currentUserId)) { // reactivate the clicker if needed if (!registration.isActivated()) { registration.setActivated(true); saveItem(registration); } } else { throw new ClickerRegisteredException(userId, registration.getClickerId(), registration.getOwnerId()); //throw new IllegalStateException("Registration exists with clickerId ("+clickerId+") for the current user ("+userId+")"); } } else { registration = new ClickerRegistration(clickerId, userId); saveItem(registration); //syncClickerRegistrationWithNational(registration); } return registration; }
From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java
/** * Adds a User to a specific Group. <b>SECURITY INFORMATION:</b> Available * only to: <i>changeUser, siteRoot</i> * /*w w w .j ava 2s . com*/ * @param groupValue * The Group * @param userName * The Use * * @see de.juwimm.cms.remote.UserServiceSpring#addUserToGroup(de.juwimm.cms.authorization.vo.GroupValue, * java.lang.String) */ @Override protected void handleAddUserToGroup(GroupValue groupValue, String userName) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userName); if (user != null) { if (this.hasRightsForChangeUser(user)) { GroupHbm group = super.getGroupHbmDao().load(groupValue.getGroupId()); getUserHbmDao().addGroup(group, AuthenticationHelper.getUserName(), userName); this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userName + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } }
From source file:org.codice.ddf.catalog.ui.metacard.MetacardApplication.java
/** * Caution should be used with this, as it elevates the permissions to the System user. * * @param func What to execute as the System * @param <T> Generic return type of func * @return result of the callable func//w w w.j a va 2 s .co m */ private <T> T executeAsSystem(Callable<T> func) { Subject systemSubject = SECURITY.runAsAdmin(SECURITY::getSystemSubject); if (systemSubject == null) { throw new SecurityException("Could not get systemSubject to version metacards."); } return systemSubject.execute(func); }
From source file:de.juwimm.cms.remote.UserServiceSpringImpl.java
/** * Removes a User from a specific Group. <b>SECURITY INFORMATION:</b> * Available only to: <i>changeUser, siteRoot</i> * /*w w w . jav a 2 s. c om*/ * @param gv * The Group * @param userName * The User * * @see de.juwimm.cms.remote.UserServiceSpring#removeUserFromGroup(de.juwimm.cms.authorization.vo.GroupValue, * java.lang.String) */ @Override protected void handleRemoveUserFromGroup(GroupValue gv, String userName) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userName); if (user != null) { if (this.hasRightsForChangeUser(user)) { GroupHbm gl = super.getGroupHbmDao().load(gv.getGroupId()); user.dropGroup(gl); this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userName + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } }