List of usage examples for java.lang SecurityException SecurityException
public SecurityException(Throwable cause)
From source file:org.sakaiproject.iclicker.logic.IClickerLogic.java
/** * Updates the activation of a registration for the current user * @param registrationId the unique id of the registration * @param activated the new activation level * @return the registration if it was updated, null if not updated * @throws IllegalArgumentException if the registrationId is invalid * @throws SecurityException is the current user cannot update the registration *///from w w w.j a v a2 s. c o m public ClickerRegistration setRegistrationActive(Long registrationId, boolean activated) { if (registrationId == null) { throw new IllegalArgumentException("registrationId cannot be null"); } ClickerRegistration registration = getItemById(registrationId); if (registration == null) { throw new IllegalArgumentException("Could not find registration with id: " + registrationId); } String userId = externalLogic.getCurrentUserId(); if (!canWriteItem(registration, userId)) { throw new SecurityException("User (" + userId + ") cannot update registration (" + registration + ")"); } boolean current = registration.isActivated(); if (current != activated) { registration.setActivated(activated); saveItem(registration); return registration; } return null; }
From source file:com.enonic.vertical.adminweb.UserHandlerServlet.java
public void handlerCreate(HttpServletRequest request, HttpServletResponse response, HttpSession session, AdminService admin, ExtendedMap formItems) throws VerticalAdminException, VerticalEngineException { UserStoreKey userStoreKey = new UserStoreKey(formItems.getInt("userstorekey")); UserStoreEntity userStore = null;//from w w w.j a v a2s . c om List<UserStoreEntity> userStores = securityService.getUserStores(); for (UserStoreEntity userStoreEntity : userStores) { if (userStoreEntity.getKey().equals(userStoreKey)) { userStore = userStoreEntity; break; } } User oldUser = securityService.getLoggedInAdminConsoleUser(); UserEntity user = securityService.getUser(oldUser); boolean isEnterpriseAdmin = false; if (user.isEnterpriseAdmin()) { isEnterpriseAdmin = true; } boolean isUserstoreAdmin = false; if (user.isUserstoreAdmin(userStore)) { isUserstoreAdmin = true; } GroupKey enterpriseAdminGroupKey = securityService.getEnterpriseAdministratorGroup(); StoreNewUserCommand command = new StoreNewUserCommand(); command.setStorer(user.getKey()); command.setUserStoreKey(userStoreKey); boolean wizard = false; if (formItems.getString("wizard", "").equals("true")) { wizard = true; String xmlData = (String) session.getAttribute("userxml"); XMLDocument xmlDocument = XMLDocumentFactory.create(xmlData); org.jdom.Document jdomDoc = xmlDocument.getAsJDOMDocument(); org.jdom.Element userEl = jdomDoc.getRootElement(); org.jdom.Element blockEl = userEl.getChild("block"); org.jdom.Element uidEl = blockEl.getChild("uid"); org.jdom.Element passwordEl = blockEl.getChild("password"); org.jdom.Element displayNameEl = blockEl.getChild("displayName"); org.jdom.Element emailEl = blockEl.getChild("email"); command.setUsername(uidEl.getText()); command.setPassword(passwordEl.getText()); command.setDisplayName(displayNameEl.getText()); command.setEmail(emailEl.getText()); final ExtendedMap valuesFromXml = new ExtendedMap(); for (org.jdom.Element userfieldEl : (List<org.jdom.Element>) blockEl.getChildren()) { String userfieldName = userfieldEl.getName(); if ("photo".equals(userfieldName)) { // Do nothing } else if ("addresses".equals(userfieldName)) { int addressIndex = 0; for (org.jdom.Element addressEl : (List<org.jdom.Element>) userfieldEl.getChildren()) { for (org.jdom.Element addressFieldEl : (List<org.jdom.Element>) addressEl.getChildren()) { String addressFieldName = "address[" + addressIndex + "]." + addressFieldEl.getName(); String addressFieldValue = addressFieldEl.getText(); valuesFromXml.put(addressFieldName, addressFieldValue); } addressIndex++; } } else { String userfieldValue = userfieldEl.getText(); valuesFromXml.put(userfieldName, userfieldValue); } } final UserInfo userInfo = parseCustomUserFieldValues(userStoreKey, valuesFromXml); addPhotoFromSession(session, userInfo); command.setUserInfo(userInfo); } else { command.setUsername(formItems.getString("uid_dummy", "")); command.setPassword(formItems.getString("password_dummy", "")); command.setDisplayName(formItems.getString("display_name", "")); command.setEmail(formItems.getString("email", "")); final UserInfo userInfo = parseCustomUserFieldValues(userStoreKey, formItems); command.setUserInfo(userInfo); } // Update user with group memberships TStringArrayList groupMemberships = new TStringArrayList(); if (formItems.containsKey("member")) { String[] groupArray; if (isArrayFormItem(formItems, "member")) { groupArray = (String[]) formItems.get("member"); } else { groupArray = new String[] { formItems.getString("member") }; } for (String aGroupArray : groupArray) { if (isEnterpriseAdmin) { groupMemberships.add(aGroupArray); command.addMembership(new GroupKey(aGroupArray)); } else if (!isEnterpriseAdmin && isUserstoreAdmin && enterpriseAdminGroupKey.toString().equalsIgnoreCase(aGroupArray)) { throw new SecurityException("No access to enterprise administrators group"); } else if (!isEnterpriseAdmin && isUserstoreAdmin && !enterpriseAdminGroupKey.toString().equalsIgnoreCase(aGroupArray)) { groupMemberships.add(aGroupArray); command.addMembership(new GroupKey(aGroupArray)); } } } else if (wizard) { String[] groupArray = (String[]) session.getAttribute("grouparray"); if (groupArray != null) { for (String aGroupArray : groupArray) { if (isEnterpriseAdmin) { // access to all groups/users groupMemberships.add(aGroupArray); command.addMembership(new GroupKey(aGroupArray)); } else if (!isEnterpriseAdmin && isUserstoreAdmin && enterpriseAdminGroupKey.toString().equalsIgnoreCase(aGroupArray)) { throw new SecurityException("No access to enterprise administrators group"); } else if (!isEnterpriseAdmin && isUserstoreAdmin && !enterpriseAdminGroupKey.toString().equalsIgnoreCase(aGroupArray)) { groupMemberships.add(aGroupArray); command.addMembership(new GroupKey(aGroupArray)); } } } } UserKey newUserKey = userStoreService.storeNewUser(command); UserEntity newUser = userDao.findByKey(newUserKey); MultiValueMap queryParams = new MultiValueMap(); if (formItems.containsKey("mode")) { queryParams.put("mode", formItems.getString("mode")); } if (formItems.containsKey("callback")) { queryParams.put("callback", formItems.getString("callback")); } if (formItems.containsKey("modeselector")) { queryParams.put("modeselector", formItems.getString("modeselector")); } if (formItems.containsKey("userstoreselector")) { queryParams.put("userstoreselector", formItems.getString("userstoreselector")); } if (formItems.containsKey("excludekey")) { queryParams.put("excludekey", formItems.getString("excludekey")); } if (wizard) { if ("true".equals(formItems.getString("notification", ""))) { handlerNotification(request, response, session, admin, formItems, "sendnotification"); } else { queryParams.put("page", formItems.get("page")); queryParams.put("op", "browse"); queryParams.put("userstorekey", userStoreKey.toString()); redirectClientToAdminPath("adminpage", queryParams, request, response); } } else { if ("true".equals(formItems.getString("notification", ""))) { queryParams.put("page", formItems.get("page")); queryParams.put("op", "notification"); queryParams.put("userstorekey", userStoreKey.toString()); queryParams.put("uid", newUser.getName()); redirectClientToAdminPath("adminpage", queryParams, request, response); } else { queryParams.put("page", formItems.get("page")); queryParams.put("op", "browse"); queryParams.put("userstorekey", userStoreKey.toString()); redirectClientToAdminPath("adminpage", queryParams, request, response); } } }
From source file:org.openanzo.combus.bayeux.BridgeConnectionManager.java
/** * Checks if the current user has read access to the given graph. * /*from w w w. j a v a 2 s .c o m*/ * @param graphUri * The graph URI to check access. * @param opContext * The operation context to use when communicating with the Anzo authorization service. * @return true if read access is granted, false otherwise. * @throws AnzoException */ private boolean userHasGraphReadAccess(URI graphUri, AnzoPrincipal principal, IOperationContext opContext) throws AnzoException { boolean ret = false; if (principal == null) { throw new SecurityException("No currrently logged in principal."); } Set<URI> principalRoles = principal.getRoles(); if (principal.isSysadmin()) { ret = true; } else { Set<URI> roles = datasource.getAuthorizationService().getRolesForGraph(opContext, graphUri, Privilege.READ); ret = org.openanzo.rdf.utils.Collections.memberOf(roles, principalRoles); } return ret; }
From source file:org.apache.catalina.loader.WebappClassLoader.java
/** * Find specified class in local repositories. * * @return the loaded class, or null if the class isn't found *//*ww w.ja v a 2s. c o m*/ protected Class findClassInternal(String name) throws ClassNotFoundException { if (!validate(name)) throw new ClassNotFoundException(name); String tempPath = name.replace('.', '/'); String classPath = tempPath + ".class"; ResourceEntry entry = null; entry = findResourceInternal(name, classPath); if ((entry == null) || (entry.binaryContent == null)) throw new ClassNotFoundException(name); Class clazz = entry.loadedClass; if (clazz != null) return clazz; // Looking up the package String packageName = null; int pos = name.lastIndexOf('.'); if (pos != -1) packageName = name.substring(0, pos); Package pkg = null; if (packageName != null) { pkg = getPackage(packageName); // Define the package (if null) if (pkg == null) { if (entry.manifest == null) { definePackage(packageName, null, null, null, null, null, null, null); } else { definePackage(packageName, entry.manifest, entry.codeBase); } } } // Create the code source object CodeSource codeSource = new CodeSource(entry.codeBase, entry.certificates); if (securityManager != null) { // Checking sealing if (pkg != null) { boolean sealCheck = true; if (pkg.isSealed()) { sealCheck = pkg.isSealed(entry.codeBase); } else { sealCheck = (entry.manifest == null) || !isPackageSealed(packageName, entry.manifest); } if (!sealCheck) throw new SecurityException( "Sealing violation loading " + name + " : Package " + packageName + " is sealed."); } } if (entry.loadedClass == null) { synchronized (this) { if (entry.loadedClass == null) { clazz = defineClass(name, entry.binaryContent, 0, entry.binaryContent.length, codeSource); entry.loadedClass = clazz; entry.binaryContent = null; entry.source = null; entry.codeBase = null; entry.manifest = null; entry.certificates = null; } else { clazz = entry.loadedClass; } } } else { clazz = entry.loadedClass; } return clazz; }
From source file:org.openanzo.combus.bayeux.BridgeConnectionManager.java
/** * Checks if the current user has read access to the given graph. * // w w w. j av a2s .co m * @param graphUri * The graph URI to check access. * @param opContext * The operation context to use when communicating with the Anzo authorization service. * @return true if read access is granted, false otherwise. * @throws AnzoException */ private boolean userHasGraphAddAccess(URI graphUri, AnzoPrincipal principal, IOperationContext opContext) throws AnzoException { boolean ret = false; if (principal == null) { throw new SecurityException("No currrently logged in principal."); } Set<URI> principalRoles = principal.getRoles(); if (principal.isSysadmin()) { ret = true; } else { Set<URI> roles = datasource.getAuthorizationService().getRolesForGraph(opContext, graphUri, Privilege.ADD); ret = org.openanzo.rdf.utils.Collections.memberOf(roles, principalRoles); } return ret; }
From source file:net.unicon.kaltura.service.KalturaService.java
/** * Get the KME with a permissions check to make sure the user key matches * @param keid the kaltura entry id/*from w w w . j a va 2 s .c om*/ * @param entryService the katura entry service * @return the entry * @throws KalturaApiException if kaltura cannot be accessed * @throws IllegalArgumentException if the keid cannot be found for this user */ private KalturaBaseEntry getKalturaEntry(String userKey, String keid, KalturaBaseEntryService entryService) throws KalturaApiException { // DO NOT CACHE THIS ONE KalturaBaseEntry entry = null; // Cannot use the KMEF because it cannot filter by id correctly -AZ /* KalturaBaseEntryFilter kmef = new KalturaBaseEntryFilter(); kmef.partnerIdEqual = this.kalturaConfig.getPartnerId(); kmef.userIdEqual = currentUserName; kmef.idEqual = keid; //kmef.orderBy = "title"; KalturaMediaListResponse listResponse = mediaService.list(kmef); if (listResponse != null && ! listResponse.objects.isEmpty()) { kme = listResponse.objects.get(0); // just get the first one } */ // have to use - mediaService.get(keid); despite it not even checking if we have access to this - AZ entry = entryService.get(keid); if (entry == null) { // did not find the item by keid so we die throw new IllegalArgumentException( "Cannot find kaltura item (" + keid + ") with for user (" + userKey + ")"); } // also do a manual check for security, not so sure about this check though -AZ if (entry.partnerId != this.kalturaConfig.getPartnerId()) { throw new SecurityException("KME partnerId (" + entry.partnerId + ") does not match current one (" + this.kalturaConfig.getPartnerId() + "), cannot access this KME (" + keid + ")"); } return entry; }
From source file:com.android.server.MountService.java
private void validatePermission(String perm) { if (mContext.checkCallingOrSelfPermission(perm) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException(String.format("Requires %s permission", perm)); }/* ww w . j ava 2s . c o m*/ }
From source file:com.android.server.MountService.java
private void validateUserRestriction(String restriction) { if (hasUserRestriction(restriction)) { throw new SecurityException("User has restriction " + restriction); }/*from ww w .java2 s . c o m*/ }
From source file:org.artifactory.security.SecurityServiceImpl.java
private void assertAdmin() { if (!isAdmin()) { throw new SecurityException( "The attempted action is permitted to users with administrative privileges only."); }/*from w w w . ja va 2s .co m*/ }
From source file:ch.puzzle.itc.mobiliar.business.deploy.boundary.DeploymentBoundary.java
/** * Checks if the validation failed and throws the right exception * * @param validation/*from ww w . j a v a 2s . c o m*/ */ private void checkValidation(DeploymentOperationValidation validation, DeploymentEntity deployment) throws DeploymentStateException { if (DeploymentOperationValidation.MISSING_PERMISSION.equals(validation)) { throw new SecurityException("User " + permissionService.getCurrentUserName() + " has no permisson to change deployment " + deployment.getId()); } else if (DeploymentOperationValidation.WRONG_STATE.equals(validation)) { throw new DeploymentStateException("Deployment " + deployment.getId() + " can not be changed"); } }