List of usage examples for javax.servlet.http HttpServletResponse SC_FORBIDDEN
int SC_FORBIDDEN
To view the source code for javax.servlet.http HttpServletResponse SC_FORBIDDEN.
Click Source Link
From source file:org.cloudfoundry.identity.uaa.error.JsonAwareAccessDeniedHandler.java
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException { String accept = request.getHeader("Accept"); boolean json = false; if (StringUtils.hasText(accept)) { for (MediaType mediaType : MediaType.parseMediaTypes(accept)) { if (mediaType.includes(MediaType.APPLICATION_JSON)) { json = true;/*from www .j av a 2 s .c o m*/ break; } } } if (json) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); response.setContentType(MediaType.APPLICATION_JSON_VALUE); response.getWriter().append(String.format("{\"error\":\"%s\"}", authException.getMessage())); } else { response.sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage()); } }
From source file:org.cloudfoundry.identity.uaa.error.JsonAwareAccessDeniedHandlerTests.java
@Test public void testCommenceWithEmptyAccept() throws Exception { entryPoint.handle(request, response, new AccessDeniedException("Bad")); assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); assertEquals("Bad", response.getErrorMessage()); }
From source file:eu.trentorise.game.api.rest.AuthorizationInterceptor.java
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { @SuppressWarnings("unchecked") Map<String, String> pathVariables = (Map<String, String>) request .getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE); String gameId = (String) pathVariables.get("gameId"); String user = identityLookup.getName(); boolean isOk = permissionManager.checkGamePermission(user, gameId); if (!isOk) {// w w w .j ava2 s. co m response.sendError(HttpServletResponse.SC_FORBIDDEN, "access not permitted"); } return isOk; }
From source file:com.thinkberg.moxo.dav.PutHandler.java
public void service(HttpServletRequest request, HttpServletResponse response) throws IOException { FileObject object = getResourceManager().getFileObject(request.getPathInfo()); try {/*w w w .j av a2 s . c o m*/ LockManager.getInstance().checkCondition(object, getIf(request)); } catch (LockException e) { if (e.getLocks() != null) { response.sendError(SC_LOCKED); } else { response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED); } return; } // it is forbidden to write data on a folder if (object.exists() && FileType.FOLDER.equals(object.getType())) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } FileObject parent = object.getParent(); if (!parent.exists()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } if (!FileType.FOLDER.equals(parent.getType())) { response.sendError(HttpServletResponse.SC_CONFLICT); return; } InputStream is = request.getInputStream(); OutputStream os = object.getContent().getOutputStream(); log("PUT sends " + request.getHeader("Content-length") + " bytes"); log("PUT copied " + Util.copyStream(is, os) + " bytes"); os.flush(); object.close(); response.setStatus(HttpServletResponse.SC_CREATED); }
From source file:com.thinkberg.moxo.dav.DeleteHandler.java
public void service(HttpServletRequest request, HttpServletResponse response) throws IOException { FileObject object = getResourceManager().getFileObject(request.getPathInfo()); if (request instanceof Request) { String fragment = ((Request) request).getUri().getFragment(); if (fragment != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; }// w w w . j ava2 s . c o m } try { LockManager.getInstance().checkCondition(object, getIf(request)); } catch (LockException e) { if (e.getLocks() != null) { response.sendError(SC_LOCKED); } else { response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED); } return; } if (object.exists()) { if (object.delete(ALL_FILES_SELECTOR) > 0) { response.setStatus(HttpServletResponse.SC_OK); } else { response.sendError(HttpServletResponse.SC_FORBIDDEN); } } else { response.sendError(HttpServletResponse.SC_NOT_FOUND); } }
From source file:com.mirth.connect.server.servlets.ExtensionServlet.java
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // MIRTH-1745 response.setCharacterEncoding("UTF-8"); if (!isUserLoggedIn(request)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); } else {/*from w w w . j a v a 2 s. c om*/ try { ExtensionController extensionController = ControllerFactory.getFactory() .createExtensionController(); ObjectXMLSerializer serializer = new ObjectXMLSerializer(); PrintWriter out = response.getWriter(); FileItem multiPartFileItem = null; Operation operation = null; Map<String, Object> parameterMap = new HashMap<String, Object>(); if (ServletFileUpload.isMultipartContent(request)) { Map<String, String> multipartParameters = new HashMap<String, String>(); File installTempDir = new File(ExtensionController.getExtensionsPath(), "install_temp"); if (!installTempDir.exists()) { installTempDir.mkdir(); } // we need to load properties from the multipart data DiskFileItemFactory factory = new DiskFileItemFactory(); factory.setRepository(installTempDir); ServletFileUpload upload = new ServletFileUpload(factory); List<FileItem> items = upload.parseRequest(request); for (FileItem item : items) { if (item.isFormField()) { multipartParameters.put(item.getFieldName(), item.getString()); } else { // only supports a single file multiPartFileItem = item; } } operation = Operations.getOperation(multipartParameters.get("op")); } else { operation = Operations.getOperation(request.getParameter("op")); } if (operation.equals(Operations.PLUGIN_PROPERTIES_GET)) { String pluginName = request.getParameter("name"); if (isUserAuthorizedForExtension(request, pluginName, operation.getName(), null)) { response.setContentType(APPLICATION_XML); serializer.toXML(extensionController.getPluginProperties(pluginName), out); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else if (operation.equals(Operations.PLUGIN_PROPERTIES_SET)) { String pluginName = request.getParameter("name"); if (isUserAuthorizedForExtension(request, pluginName, operation.getName(), null)) { Properties properties = (Properties) serializer.fromXML(request.getParameter("properties")); extensionController.setPluginProperties(pluginName, properties); extensionController.updatePluginProperties(pluginName, properties); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else if (operation.equals(Operations.PLUGIN_METADATA_GET)) { response.setContentType(APPLICATION_XML); serializer.toXML(extensionController.getPluginMetaData(), out); } else if (operation.equals(Operations.EXTENSION_SET_ENABLED)) { String pluginName = request.getParameter("name"); boolean enabled = BooleanUtils.toBoolean(request.getParameter("enabled")); parameterMap.put("extension", pluginName); parameterMap.put("enabled", enabled); if (isUserAuthorized(request, parameterMap)) { extensionController.setExtensionEnabled(pluginName, enabled); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else if (operation.equals(Operations.CONNECTOR_METADATA_GET)) { response.setContentType(APPLICATION_XML); serializer.toXML(extensionController.getConnectorMetaData(), out); } else if (operation.equals(Operations.EXTENSION_IS_ENABLED)) { String extensionName = request.getParameter("name"); response.setContentType(TEXT_PLAIN); out.print(extensionController.isExtensionEnabled(extensionName)); } else if (operation.equals(Operations.PLUGIN_SERVICE_INVOKE)) { String pluginName = request.getParameter("name"); String method = request.getParameter("method"); Object object = serializer.fromXML(request.getParameter("object")); String sessionId = request.getSession().getId(); if (isUserAuthorizedForExtension(request, pluginName, method, null)) { serializer.toXML( extensionController.invokePluginService(pluginName, method, object, sessionId), out); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else if (operation.equals(Operations.CONNECTOR_SERVICE_INVOKE)) { String name = request.getParameter("name"); String method = request.getParameter("method"); Object object = serializer.fromXML(request.getParameter("object")); String sessionId = request.getSession().getId(); response.setContentType(APPLICATION_XML); serializer.toXML(extensionController.invokeConnectorService(name, method, object, sessionId), out); } else if (operation.equals(Operations.EXTENSION_UNINSTALL)) { String packageName = request.getParameter("packageName"); parameterMap.put("packageName", packageName); if (isUserAuthorized(request, parameterMap)) { extensionController.prepareExtensionForUninstallation(packageName); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else if (operation.equals(Operations.EXTENSION_INSTALL)) { if (isUserAuthorized(request, null)) { /* * This is a multi-part method, so we need our * parameters from the new map */ extensionController.extractExtension(multiPartFileItem); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } } catch (RuntimeIOException rio) { logger.debug(rio); } catch (Throwable t) { logger.error(ExceptionUtils.getStackTrace(t)); throw new ServletException(t); } } }
From source file:jp.or.openid.eiwg.scim.servlet.ResourceTypes.java
/** * ?/*from w w w . ja v a 2s.co m*/ * * @param request * @param response ? * @throws ServletException * @throws IOException */ protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String method = request.getMethod(); if (method.equals("GET")) { doGet(request, response); } else { errorResponse(response, HttpServletResponse.SC_FORBIDDEN, null, MessageConstants.ERROR_NOT_SUPPORT_OPERATION); } }
From source file:edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController.java
/** * Sub-classes should not override this. Instead, implement doRequest(). *///from www .j ava2s .c om @Override protected final void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { VitroRequest vreq = new VitroRequest(req); if (PolicyHelper.isAuthorizedForActions(vreq, requiredActions(vreq))) { doRequest(vreq, resp); } else { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized"); } }
From source file:com.taobao.diamond.server.interceptor.ACLControlInterceptor.java
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { boolean handlerOk = super.preHandle(request, response, handler); if (handlerOk) { String remoteIp = getRemoteIP(request); boolean aclAccess = aCLService.check(remoteIp); if (!aclAccess) { String msg = "[" + remoteIp + "] access denied by ACL Control"; System.out.println(msg); log.warn(msg);/*from ww w .j a v a2 s .c om*/ response.sendError(HttpServletResponse.SC_FORBIDDEN, "acl_control_denied"); return false; } return true; } return false; }
From source file:com.mirth.connect.server.servlets.MessageObjectServlet.java
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // MIRTH-1745 response.setCharacterEncoding("UTF-8"); if (!isUserLoggedIn(request)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); } else {/*from w ww. ja v a 2s .c om*/ try { MessageObjectController messageObjectController = ControllerFactory.getFactory() .createMessageObjectController(); ObjectXMLSerializer serializer = new ObjectXMLSerializer(); PrintWriter out = response.getWriter(); Operation operation = Operations.getOperation(request.getParameter("op")); String uid = null; boolean useNewTempTable = false; Map<String, Object> parameterMap = new HashMap<String, Object>(); if (request.getParameter("uid") != null && !request.getParameter("uid").equals("")) { uid = request.getParameter("uid"); useNewTempTable = true; } else { uid = request.getSession().getId(); } if (operation.equals(Operations.MESSAGE_CREATE_TEMP_TABLE)) { MessageObjectFilter filter = (MessageObjectFilter) serializer .fromXML(request.getParameter("filter")); redactMessageObjectFilter(request, filter); parameterMap.put("messageFilter", filter); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { response.setContentType(TEXT_PLAIN); out.println(messageObjectController.createMessagesTempTable(filter, uid, useNewTempTable)); } } else if (operation.equals(Operations.MESSAGE_FILTER_TABLES_REMOVE)) { if (!isUserAuthorized(request, null)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.removeFilterTable(uid); } } else if (operation.equals(Operations.MESSAGE_GET_BY_PAGE)) { if (!isUserAuthorized(request, null)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { int page = Integer.parseInt(request.getParameter("page")); int pageSize = Integer.parseInt(request.getParameter("pageSize")); int max = Integer.parseInt(request.getParameter("maxMessages")); response.setContentType(APPLICATION_XML); serializer.toXML(messageObjectController.getMessagesByPage(page, pageSize, max, uid, true), out); } } else if (operation.equals(Operations.MESSAGE_GET_BY_PAGE_LIMIT)) { MessageObjectFilter filter = (MessageObjectFilter) serializer .fromXML(request.getParameter("filter")); redactMessageObjectFilter(request, filter); parameterMap.put("filter", filter); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { int page = Integer.parseInt(request.getParameter("page")); int pageSize = Integer.parseInt(request.getParameter("pageSize")); int max = Integer.parseInt(request.getParameter("maxMessages")); response.setContentType(APPLICATION_XML); serializer.toXML( messageObjectController.getMessagesByPageLimit(page, pageSize, max, uid, filter), out); } } else if (operation.equals(Operations.MESSAGE_REMOVE)) { MessageObjectFilter filter = (MessageObjectFilter) serializer .fromXML(request.getParameter("filter")); redactMessageObjectFilter(request, filter); parameterMap.put("filter", filter); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.removeMessages(filter); } } else if (operation.equals(Operations.MESSAGE_CLEAR)) { String channelId = request.getParameter("data"); parameterMap.put("channelId", channelId); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.clearMessages(channelId); } } else if (operation.equals(Operations.MESSAGE_REPROCESS)) { MessageObjectFilter filter = (MessageObjectFilter) serializer .fromXML(request.getParameter("filter")); redactMessageObjectFilter(request, filter); boolean replace = Boolean.valueOf(request.getParameter("replace")); List<String> destinations = (List<String>) serializer .fromXML(request.getParameter("destinations")); parameterMap.put("filter", filter); parameterMap.put("replace", replace); parameterMap.put("destinations", destinations); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.reprocessMessages(filter, replace, destinations); } } else if (operation.equals(Operations.MESSAGE_PROCESS)) { MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message")); parameterMap.put("message", message); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.processMessage(message); } } else if (operation.equals(Operations.MESSAGE_IMPORT)) { MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message")); parameterMap.put("message", message); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { messageObjectController.importMessage(message); } } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET)) { String attachmentId = request.getParameter("attachmentId"); parameterMap.put("attachmentId", attachmentId); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { response.setContentType(APPLICATION_XML); Attachment attachment = messageObjectController.getAttachment(attachmentId); serializer.toXML(attachment, out); } } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET_BY_MESSAGE_ID)) { String messageId = request.getParameter("messageId"); parameterMap.put("messageId", messageId); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { response.setContentType(APPLICATION_XML); List<Attachment> list = messageObjectController.getAttachmentsByMessageId(messageId); serializer.toXML(list, out); out.println(""); } } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET_ID_BY_MESSAGE_ID)) { String messageId = request.getParameter("messageId"); parameterMap.put("messageId", messageId); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { response.setContentType(APPLICATION_XML); List<Attachment> list = messageObjectController.getAttachmentIdsByMessageId(messageId); serializer.toXML(list, out); out.println(""); } } else if (operation.equals(Operations.MESSAGE_DICOM_MESSAGE_GET)) { MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message")); parameterMap.put("message", message); if (!isUserAuthorized(request, parameterMap)) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { String dicomMessage = DICOMUtil.getDICOMRawData(message); out.println(dicomMessage); } } } catch (RuntimeIOException rio) { logger.debug(rio); } catch (Throwable t) { logger.error(ExceptionUtils.getStackTrace(t)); throw new ServletException(t); } } }