Example usage for java.lang SecurityException SecurityException

List of usage examples for java.lang SecurityException SecurityException

Introduction

In this page you can find the example usage for java.lang SecurityException SecurityException.

Prototype

public SecurityException(Throwable cause) 

Source Link

Document

Creates a SecurityException with the specified cause and a detail message of (cause==null ?

Usage

From source file:org.apache.geode.management.internal.security.MBeanServerWrapper.java

private void checkDomain(ObjectName name) {
    if (ManagementConstants.OBJECTNAME__DEFAULTDOMAIN.equals(name.getDomain()))
        throw new SecurityException(ResourceConstants.ACCESS_DENIED_MESSAGE);
}

From source file:de.forsthaus.webui.util.GFCBaseCtrl.java

/**
 * With this method we get the @Secured Annotation for a method.<br>
 * Captured the method call and check if it's allowed. <br>
 * sample: @Secured({"rightName"})/*from   w w  w .  j a  v  a2 s  .  c o m*/
 * 
 * @param mtd
 */
private void isAllowed(Method mtd) {
    Annotation[] annotations = mtd.getAnnotations();
    for (Annotation annotation : annotations) {
        if (annotation instanceof Secured) {
            Secured secured = (Secured) annotation;
            for (String rightName : secured.value()) {
                if (!userWorkspace.isAllowed(rightName)) {
                    throw new SecurityException("Call of this method is not allowed! Missing right: \n\n"
                            + "needed RightName: " + rightName + "\n\n" + "Method: " + mtd);
                }
            }
            return;
        }
    }
}

From source file:ch.rasc.wampspring.cra.DefaultAuthenticationHandler.java

@Override
public Object handleAuth(String clientSignature, CallMessage message) {
    WampSession wampSession = message.getWampSession();

    if (!wampSession.isAuthRequested()) {
        throw new IllegalStateException("No authentication previously requested");
    }// w  w w  . j  ava2s  .c o m

    final String correctSignature;
    try {
        final String secret = this.authenticationSecretProvider.getSecret(wampSession.getAuthKey());
        if (!StringUtils.hasText(secret)) {
            throw new IllegalStateException("Secret does not exist");
        }
        correctSignature = generateHMacSHA256(secret, wampSession.getChallenge());
    } catch (InvalidKeyException | NoSuchAlgorithmException e) {
        throw new IllegalStateException("invalid key", e);
    }

    if (clientSignature.equals(correctSignature)) {
        wampSession.setSignature(clientSignature);
        return null;
    }

    wampSession.setAuthKey(null);
    wampSession.setChallenge(null);
    wampSession.setSignature(null);
    throw new SecurityException("Signature for authentication request is invalid");
}

From source file:SecurityManagerTest.java

public void checkRead(FileDescriptor filedescriptor) {
    if (!accessOK())
        throw new SecurityException("Not a Chance!");
}

From source file:nl.surfnet.coin.selfservice.util.SpringSecurity.java

public static InstitutionIdentityProvider validateIdp(final InstitutionIdentityProvider idp) {
    if (SpringSecurity.getCurrentUser().isSuperUser()) {
        return idp;
    } else {//from   ww  w  .j  a  v a  2 s. c o m
        List<InstitutionIdentityProvider> institutionIdps = SpringSecurity.getCurrentUser()
                .getInstitutionIdps();

        InstitutionIdentityProvider currentInstitutionIdentityProvider = Iterables.find(institutionIdps,
                new Predicate<InstitutionIdentityProvider>() {
                    @Override
                    public boolean apply(InstitutionIdentityProvider input) {
                        return input.getId().equals(idp.getId());
                    }
                }, null);

        if (currentInstitutionIdentityProvider != null) {
            return currentInstitutionIdentityProvider;
        } else {
            throw new SecurityException(
                    idp.getId() + " is unknown for " + SpringSecurity.getCurrentUser().getUsername());
        }
    }
}

From source file:org.apache.rave.provider.opensocial.service.impl.EncryptedBlobSecurityTokenService.java

@Autowired
public EncryptedBlobSecurityTokenService(UserService userService,
        @Value("${portal.opensocial_security.container}") String container,
        @Value("${portal.opensocial_security.domain}") String domain,
        @Value("${portal.opensocial_security.encryptionkey}") String encryptionKey) {
    this.userService = userService;
    this.container = container;
    this.domain = domain;

    if (encryptionKey.startsWith(EMBEDDED_KEY_PREFIX)) {
        this.blobCrypter = new BasicBlobCrypter(encryptionKey.substring(EMBEDDED_KEY_PREFIX.length()));
    } else if (encryptionKey.startsWith(CLASSPATH_KEY_PREFIX)) {
        try {/*from w  ww.j a v a  2 s. co  m*/
            File file = new ClassPathResource(encryptionKey.substring(CLASSPATH_KEY_PREFIX.length())).getFile();
            this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8"));
        } catch (IOException e) {
            throw new SecurityException(
                    "Unable to load encryption key from classpath resource: " + encryptionKey);
        }
    } else {
        try {
            File file = new File(encryptionKey);
            this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8"));
        } catch (IOException e) {
            throw new SecurityException("Unable to load encryption key from file: " + encryptionKey);
        }
    }
}

From source file:be.e_contract.dssp.client.SignResponseVerifier.java

/**
 * Checks the signature on the SignResponse browser POST message.
 * /*from ww  w.  ja  v  a2s . co m*/
 * @param signResponseMessage
 *            the SignResponse message.
 * @param session
 *            the session object.
 * @return the verification result object.
 * @throws JAXBException
 * @throws ParserConfigurationException
 * @throws SAXException
 * @throws IOException
 * @throws MarshalException
 * @throws XMLSignatureException
 * @throws Base64DecodingException
 * @throws UserCancelException
 * @throws ClientRuntimeException
 * @throws SubjectNotAuthorizedException
 */
public static SignResponseVerificationResult checkSignResponse(String signResponseMessage,
        DigitalSignatureServiceSession session) throws JAXBException, ParserConfigurationException,
        SAXException, IOException, MarshalException, XMLSignatureException, Base64DecodingException,
        UserCancelException, ClientRuntimeException, SubjectNotAuthorizedException {
    if (null == session) {
        throw new IllegalArgumentException("missing session");
    }

    byte[] decodedSignResponseMessage;
    try {
        decodedSignResponseMessage = Base64.decode(signResponseMessage);
    } catch (Base64DecodingException e) {
        throw new SecurityException("no Base64");
    }
    // JAXB parsing
    JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class,
            be.e_contract.dssp.ws.jaxb.dss.async.ObjectFactory.class,
            be.e_contract.dssp.ws.jaxb.wsa.ObjectFactory.class,
            be.e_contract.dssp.ws.jaxb.wsu.ObjectFactory.class);
    Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
    SignResponse signResponse;
    try {
        signResponse = (SignResponse) unmarshaller
                .unmarshal(new ByteArrayInputStream(decodedSignResponseMessage));
    } catch (UnmarshalException e) {
        throw new SecurityException("no valid SignResponse XML");
    }

    // DOM parsing
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    InputStream signResponseInputStream = new ByteArrayInputStream(decodedSignResponseMessage);
    Document signResponseDocument = documentBuilder.parse(signResponseInputStream);

    // signature verification
    NodeList signatureNodeList = signResponseDocument
            .getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
    if (signatureNodeList.getLength() != 1) {
        throw new SecurityException("requires 1 ds:Signature element");
    }
    Element signatureElement = (Element) signatureNodeList.item(0);
    SecurityTokenKeySelector keySelector = new SecurityTokenKeySelector(session.getKey());
    DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validSignature = xmlSignature.validate(domValidateContext);
    if (false == validSignature) {
        throw new SecurityException("invalid ds:Signature");
    }

    // verify content
    String responseId = null;
    RelatesToType relatesTo = null;
    AttributedURIType to = null;
    TimestampType timestamp = null;
    String signerIdentity = null;
    AnyType optionalOutputs = signResponse.getOptionalOutputs();
    List<Object> optionalOutputsList = optionalOutputs.getAny();
    for (Object optionalOutputObject : optionalOutputsList) {
        LOG.debug("optional output object type: " + optionalOutputObject.getClass().getName());
        if (optionalOutputObject instanceof JAXBElement) {
            JAXBElement optionalOutputElement = (JAXBElement) optionalOutputObject;
            LOG.debug("optional output name: " + optionalOutputElement.getName());
            LOG.debug("optional output value type: " + optionalOutputElement.getValue().getClass().getName());
            if (RESPONSE_ID_QNAME.equals(optionalOutputElement.getName())) {
                responseId = (String) optionalOutputElement.getValue();
            } else if (optionalOutputElement.getValue() instanceof RelatesToType) {
                relatesTo = (RelatesToType) optionalOutputElement.getValue();
            } else if (TO_QNAME.equals(optionalOutputElement.getName())) {
                to = (AttributedURIType) optionalOutputElement.getValue();
            } else if (optionalOutputElement.getValue() instanceof TimestampType) {
                timestamp = (TimestampType) optionalOutputElement.getValue();
            } else if (optionalOutputElement.getValue() instanceof NameIdentifierType) {
                NameIdentifierType nameIdentifier = (NameIdentifierType) optionalOutputElement.getValue();
                signerIdentity = nameIdentifier.getValue();
            }
        }
    }

    Result result = signResponse.getResult();
    LOG.debug("result major: " + result.getResultMajor());
    LOG.debug("result minor: " + result.getResultMinor());
    if (DigitalSignatureServiceConstants.REQUESTER_ERROR_RESULT_MAJOR.equals(result.getResultMajor())) {
        if (DigitalSignatureServiceConstants.USER_CANCEL_RESULT_MINOR.equals(result.getResultMinor())) {
            throw new UserCancelException();
        }
        if (DigitalSignatureServiceConstants.CLIENT_RUNTIME_RESULT_MINOR.equals(result.getResultMinor())) {
            throw new ClientRuntimeException();
        }
        if (DigitalSignatureServiceConstants.SUBJECT_NOT_AUTHORIZED_RESULT_MINOR
                .equals(result.getResultMinor())) {
            throw new SubjectNotAuthorizedException(signerIdentity);
        }
    }
    if (false == DigitalSignatureServiceConstants.PENDING_RESULT_MAJOR.equals(result.getResultMajor())) {
        throw new SecurityException("invalid dss:ResultMajor");
    }

    if (null == responseId) {
        throw new SecurityException("missing async:ResponseID");
    }
    if (false == responseId.equals(session.getResponseId())) {
        throw new SecurityException("invalid async:ResponseID");
    }

    if (null == relatesTo) {
        throw new SecurityException("missing wsa:RelatesTo");
    }
    if (false == session.getInResponseTo().equals(relatesTo.getValue())) {
        throw new SecurityException("invalid wsa:RelatesTo");
    }

    if (null == to) {
        throw new SecurityException("missing wsa:To");
    }
    if (false == session.getDestination().equals(to.getValue())) {
        throw new SecurityException("invalid wsa:To");
    }

    if (null == timestamp) {
        throw new SecurityException("missing wsu:Timestamp");
    }
    AttributedDateTime expires = timestamp.getExpires();
    if (null == expires) {
        throw new SecurityException("missing wsu:Timestamp/wsu:Expires");
    }
    DateTime expiresDateTime = new DateTime(expires.getValue());
    DateTime now = new DateTime();
    if (now.isAfter(expiresDateTime)) {
        throw new SecurityException("wsu:Timestamp expired");
    }

    session.setSignResponseVerified(true);

    SignResponseVerificationResult signResponseVerificationResult = new SignResponseVerificationResult(
            signerIdentity);
    return signResponseVerificationResult;
}

From source file:com.cloudera.sqoop.util.SubprocessSecurityManager.java

@Override
/**//from w ww .  j a  v a 2  s .c o  m
 * Check a particular permission. Checks with this SecurityManager
 * as well as any previously-installed manager.
 *
 * @param perm the Permission to check; must not be null.
 */
public void checkPermission(Permission perm) {
    if (null != this.parentSecurityManager) {
        // Check if the prior SecurityManager would have rejected this.
        parentSecurityManager.checkPermission(perm);
    }

    if (!allowReplacement && perm.getName().equals("setSecurityManager")) {
        throw new SecurityException("Cannot replace security manager");
    }
}

From source file:org.callistasoftware.netcare.core.spi.impl.ServiceSupport.java

private void verifyAccess(final UserEntity entity, final PermissionRestrictedEntity object,
        final boolean write) {
    final UserEntity user = this.getCurrentUser();
    if (user != null) {

        final boolean access;
        if (write) {
            access = object.isWriteAllowed(user);
        } else {// ww  w.j av a  2s .  c  o  m
            access = object.isReadAllowed(user);
        }

        if (!access) {
            throw new SecurityException("User " + user.getFirstName() + "(" + user.getId()
                    + ") does not have write permissions on this item.");
        }
    } else {
        throw new SecurityException("Anonymous access not allowed.");
    }
}

From source file:binky.reportrunner.service.impl.DatasourceServiceImpl.java

private DataSource getDs(RunnerDataSource runnerDs)
        throws SecurityException, InstantiationException, IllegalAccessException, ClassNotFoundException,
        PropertyVetoException, NamingException, EncryptionException {

    final String jndiDataSource = runnerDs.getJndiName();

    if (StringUtils.isBlank(jndiDataSource)) {
        EncryptionUtil enc = new EncryptionUtil();
        logger.info("using dbcp pooled connection for: " + runnerDs.getDataSourceName());

        String jdbcUser = runnerDs.getUsername();
        if (StringUtils.isBlank(runnerDs.getPassword()))
            throw new SecurityException("password is empty");
        String jdbcPassword = enc.decrpyt(secureKey, runnerDs.getPassword());

        String jdbcUrl = runnerDs.getJdbcUrl();
        String databaseDriver = runnerDs.getJdbcClass();

        Class.forName(databaseDriver).newInstance();

        BasicDataSource ds1 = new BasicDataSource();
        ds1.setDriverClassName(databaseDriver);
        ds1.setUrl(jdbcUrl);/*from w  w w . j  ava2  s.  c om*/
        ds1.setUsername(jdbcUser);
        ds1.setPassword(jdbcPassword);
        ds1.setInitialSize(runnerDs.getInitialPoolSize());
        ds1.setMaxActive(runnerDs.getMaxPoolSize());

        ds1.setRemoveAbandoned(true);
        ds1.setRemoveAbandonedTimeout(600);

        // do not want anything updating anything
        ds1.setDefaultReadOnly(true);

        ds1.setLogAbandoned(true);
        ds1.setTestOnBorrow(true);
        ds1.setTestOnReturn(true);
        ds1.setTestWhileIdle(true);

        // does this work across all RBMS? - no it doesn't
        //ds1.setValidationQuery("select 1");
        //ds1.setValidationQueryTimeout(300);

        return ds1;
    } else {
        logger.info(
                "getting datasource from JNDI url: " + jndiDataSource + " for " + runnerDs.getDataSourceName());
        Context initContext = new InitialContext();
        DataSource ds = (DataSource) initContext.lookup("java:/comp/env/" + jndiDataSource);
        return ds;
    }
}