List of usage examples for javax.servlet.http HttpServletResponse SC_FORBIDDEN
int SC_FORBIDDEN
To view the source code for javax.servlet.http HttpServletResponse SC_FORBIDDEN.
Click Source Link
From source file:eu.dasish.annotation.backend.rest.TargetResource.java
/** * /*from w w w . j ava2 s.com*/ * @param externalIdentifier the external UUId of a target. * @return a {@link Target} element representing a target object with "externalIdentifier". * @throws IOException if sending an error fails. */ @GET @Produces(MediaType.TEXT_XML) @Path("{targetid: " + BackendConstants.regExpIdentifier + "}") @Transactional(readOnly = true) public JAXBElement<Target> getTarget(@PathParam("targetid") String externalIdentifier) throws IOException { Map params = new HashMap(); try { Target result = (Target) (new RequestWrappers(this)).wrapRequestResource(params, new GetTarget(), Resource.TARGET, Access.READ, externalIdentifier); if (result != null) { return new ObjectFactory().createTarget(result); } else { return new ObjectFactory().createTarget(new Target()); } } catch (NotInDataBaseException e1) { httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, e1.getMessage()); return new ObjectFactory().createTarget(new Target()); } catch (ForbiddenException e2) { httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e2.getMessage()); return new ObjectFactory().createTarget(new Target()); } }
From source file:com.thoughtworks.go.domain.ChecksumFileHandlerTest.java
@Test public void shouldHandleResultIfHttpCodeSaysFilePermissionDenied() { StubGoPublisher goPublisher = new StubGoPublisher(); assertThat(checksumFileHandler.handleResult(HttpServletResponse.SC_FORBIDDEN, goPublisher), is(false)); }
From source file:net.duckling.ddl.web.api.rest.TeamController.java
@RequestMapping(method = RequestMethod.POST) public void create(@RequestParam("teamCode") String teamCode, @RequestParam("displayName") String displayName, @RequestParam("description") String description, @RequestParam(value = "accessType", required = false) String accessType, @RequestParam(value = "autoTeamCode", required = false) Boolean autoTeamCode, @RequestParam(value = "type", required = false) String type, HttpServletRequest request, HttpServletResponse response) {//from ww w . ja va2 s .c om String uid = getCurrentUid(request); accessType = StringUtils.defaultIfBlank(accessType, Team.ACCESS_PRIVATE); autoTeamCode = autoTeamCode == null ? false : autoTeamCode; teamCode = StringUtils.defaultString(teamCode).trim(); LOG.info("create team start... {uid:" + uid + ",teamCode:" + teamCode + ",displayName:" + displayName + ",accessType:" + accessType + ",autoTeamCode:" + autoTeamCode + ",type:" + type + "}"); //?? if (!ClientValidator.validate(request)) { LOG.warn("client is not allowed. {teamCode:" + teamCode + ",type:" + type + ",host:" + ClientValidator.getRealIp(request) + ",pattern:" + ClientValidator.getClientIpPattern(request) + "}"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); JsonUtil.write(response, ErrorMsg.NEED_PERMISSION); return; } if (Team.CONFERENCE_TEAM.equals(type)) { //nothing } else { // type = Team.COMMON_TEAM; } if (autoTeamCode) { teamCode = tidyTeamCode(teamCode); if ("".equals(teamCode)) { teamCode = getRandomString(5); } teamCode = teamCodeIncrement(teamCode, 0); } if (!checkParams(teamCode, displayName, description, accessType, response)) { return; } Map<String, String> params = getParamsForCreate(uid, teamCode, displayName, description, accessType, type); int teamId = teamService.createAndStartTeam(uid, params); teamService.addTeamMembers(teamId, new String[] { uid }, new String[] { super.getCurrentUsername(request) }, Team.AUTH_ADMIN); LOG.info("create team success. {uid:" + uid + ", tid:" + teamId + ", parmas:" + params + "}"); response.setStatus(HttpServletResponse.SC_CREATED); JsonUtil.write(response, VoUtil.getTeamVo(teamService.getTeamByID(teamId))); }
From source file:com.amazon.dtasdk.v2.servlets.InstantAccessServlet.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) { try {//from ww w. j a va 2 s . co m Request req = new Request(request); if (!signer.verify(req, getCredentialStore())) { throw new SigningException("Request validation failed."); } String requestBody = req.getBody(); // deserialize the content to a InstantAccessRequest object so we can check which operation is going // to be called InstantAccessRequest iaRequest = serializer.decode(requestBody, InstantAccessRequest.class); // process the request according to the operation InstantAccessResponse<?> iaResponse = processOperation(iaRequest.getOperation(), requestBody); response.setStatus(HttpServletResponse.SC_OK); response.getOutputStream().write(serializer.encode(iaResponse).getBytes(CHARSET)); } catch (IOException e) { log.error("Unable to read the request.", e); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } catch (SigningException e) { log.error("Unable to verify the request against the credential store.", e); response.setStatus(HttpServletResponse.SC_FORBIDDEN); } catch (SerializationException e) { log.error("Serialization error.", e); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } catch (Exception e) { log.error("Unable to process the request.", e); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } }
From source file:jipdbs.web.processors.PlayerPenaltyProcessor.java
@SuppressWarnings("unchecked") @Override// ww w . ja va 2s.c om public String doProcess(ResolverContext ctx) throws ProcessorException { IDDBService app = (IDDBService) ctx.getServletContext().getAttribute("jipdbs"); HttpServletRequest req = ctx.getRequest(); String playerId = ctx.getRequest().getParameter("k"); String type = ctx.getParameter("type"); String reason = ctx.getRequest().getParameter("reason"); String duration = ctx.getRequest().getParameter("duration"); //String durationType = ctx.getRequest().getParameter("dt"); String durationType = "w"; String rm = ctx.getParameter("rm"); UrlReverse reverse = new UrlReverse(ctx.getServletContext()); String redirect; try { redirect = reverse.resolve("playerinfo", new Entry[] { new SimpleEntry("key", playerId) }); } catch (Exception e) { log.error(e.getMessage()); throw new ProcessorException(e); } Player player = null; try { player = app.getPlayer(playerId); } catch (EntityDoesNotExistsException e) { log.error(e.getMessage()); throw new HttpError(HttpServletResponse.SC_NOT_FOUND); } Server server; try { server = app.getServer(player.getServer(), true); } catch (EntityDoesNotExistsException e) { log.error(e.getMessage()); throw new ProcessorException(e); } catch (ApplicationError e) { log.error(e.getMessage()); throw new ProcessorException(e); } if (!UserServiceFactory.getUserService().hasPermission(server.getKey(), server.getAdminLevel())) { Flash.error(req, MessageResource.getMessage("forbidden")); log.debug("Forbidden"); throw new HttpError(HttpServletResponse.SC_FORBIDDEN); } Player currentPlayer = UserServiceFactory.getUserService().getSubjectPlayer(player.getServer()); if (currentPlayer == null) { log.error("No player for current user"); throw new HttpError(HttpServletResponse.SC_FORBIDDEN); } if (currentPlayer.getLevel() <= player.getLevel()) { Flash.error(req, MessageResource.getMessage("low_level_admin")); return redirect; } Integer funcId; Penalty penalty = null; if ("true".equals(rm)) { funcId = PenaltyHistory.FUNC_ID_RM; String penaltyId = ctx.getParameter("key"); try { penalty = app.getPenalty(Long.parseLong(penaltyId)); } catch (NumberFormatException e) { log.debug("Invalid penalty id"); Flash.error(req, MessageResource.getMessage("forbidden")); throw new HttpError(HttpServletResponse.SC_FORBIDDEN); } catch (EntityDoesNotExistsException e) { log.debug("Invalid penalty id"); throw new HttpError(HttpServletResponse.SC_NOT_FOUND); } String res = removePenalty(req, redirect, player, server, penalty); if (res != null) return res; } else { if (StringUtils.isEmpty(reason)) { Flash.error(req, MessageResource.getMessage("reason_field_required")); return redirect; } funcId = PenaltyHistory.FUNC_ID_ADD; penalty = new Penalty(); String res = createPenalty(req, penalty, type, reason, duration, durationType, redirect, player, server, currentPlayer); if (res != null) return res; } try { app.updatePenalty(penalty, UserServiceFactory.getUserService().getCurrentUser().getKey(), funcId); } catch (Exception e) { log.error(e.getMessage()); Flash.error(req, e.getMessage()); } return redirect; }
From source file:net.prasenjit.auth.config.CustomAjaxAwareHandler.java
/** {@inheritDoc} */ @Override//w w w .jav a2 s.c o m public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { request.setAttribute("javax.servlet.error.status_code", HttpServletResponse.SC_FORBIDDEN); request.setAttribute("org.springframework.boot.autoconfigure.web.DefaultErrorAttributes.ERROR", accessDeniedException); if (accessDeniedException instanceof CsrfException && !response.isCommitted()) { // Remove the session cookie so that client knows it's time to obtain a new CSRF token String pCookieName = "CSRF-TOKEN"; Cookie cookie = new Cookie(pCookieName, ""); cookie.setMaxAge(0); cookie.setHttpOnly(false); cookie.setPath("/"); response.addCookie(cookie); } delegatedAccessDeniedHandler.handle(request, response, accessDeniedException); }
From source file:dtu.ds.warnme.ws.rest.json.AbstractRestWS.java
@ExceptionHandler(ServiceException.class) @ResponseBody//from w w w . j a v a 2 s. co m String handleServiceExceptions(Exception ex, HttpServletRequest request, HttpServletResponse response) { log.info(ex.getMessage(), ex); response.setStatus(HttpServletResponse.SC_FORBIDDEN); String responseBody = getMessage(ex, request.getLocale()); RestUtils.decorateResponseHeaderWithMD5(response, responseBody); RestUtils.decorateResponseHeaderForJsonContentType(response); return responseBody; }
From source file:alpine.filters.BlacklistUrlFilter.java
/** * Check for denied or ignored URLs being requested. * * @param request The request object.// ww w. ja v a 2s . c o m * @param response The response object. * @param chain Refers to the {@code FilterChain} object to pass control to the next {@code Filter}. * @throws IOException a IOException * @throws ServletException a ServletException */ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { final HttpServletRequest req = (HttpServletRequest) request; final HttpServletResponse res = (HttpServletResponse) response; final String requestUri = req.getRequestURI(); if (requestUri != null) { for (String url : denyUrls) { if (requestUri.startsWith(url.trim())) { res.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } } for (String url : ignoreUrls) { if (requestUri.startsWith(url.trim())) { res.setStatus(HttpServletResponse.SC_NOT_FOUND); return; } } } chain.doFilter(request, response); }
From source file:it.biztech.btable.api.FileApi.java
@GET @Path("/read") @Produces("text/plain") public void read(@QueryParam(MethodParams.PATH) @DefaultValue("") String path, @Context HttpServletResponse response) throws IOException { try {//from www . j ava2s . c o m IBasicFile file = Utils.getFile(path, null); if (file == null) { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } IPluginResourceLoader resLoader = PentahoSystem.get(IPluginResourceLoader.class, null); String maxAge = resLoader.getPluginSetting(this.getClass(), "max-age"); String mimeType; try { final MimeTypes.FileType fileType = MimeTypes.FileType.valueOf(file.getExtension().toUpperCase()); mimeType = MimeTypes.getMimeType(fileType); } catch (java.lang.IllegalArgumentException ex) { mimeType = ""; } catch (EnumConstantNotPresentException ex) { mimeType = ""; } response.setHeader("Content-Type", mimeType); response.setHeader("content-disposition", "inline; filename=\"" + file.getName() + "\""); if (maxAge != null) { response.setHeader("Cache-Control", "max-age=" + maxAge); } byte[] contents = IOUtils.toByteArray(file.getContents()); IOUtils.write(contents, response.getOutputStream()); response.getOutputStream().flush(); } catch (SecurityException e) { response.sendError(HttpServletResponse.SC_FORBIDDEN); } }
From source file:org.jboss.as.test.integration.web.security.servlet.methods.DenyUncoveredHttpMethodsTestCase.java
@Test public void testDeleteMethod() throws Exception { HttpDelete httpDelete = new HttpDelete(getURL()); HttpResponse response = getHttpResponse(httpDelete); assertThat(statusCodeOf(response), is(HttpServletResponse.SC_FORBIDDEN)); }