Example usage for javax.servlet.http HttpServletResponse SC_FORBIDDEN

List of usage examples for javax.servlet.http HttpServletResponse SC_FORBIDDEN

Introduction

In this page you can find the example usage for javax.servlet.http HttpServletResponse SC_FORBIDDEN.

Prototype

int SC_FORBIDDEN

To view the source code for javax.servlet.http HttpServletResponse SC_FORBIDDEN.

Click Source Link

Document

Status code (403) indicating the server understood the request but refused to fulfill it.

Usage

From source file:org.cloudfoundry.identity.uaa.error.JsonAwareAccessDeniedHandler.java

@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
        AccessDeniedException authException) throws IOException, ServletException {
    String accept = request.getHeader("Accept");
    boolean json = false;
    if (StringUtils.hasText(accept)) {
        for (MediaType mediaType : MediaType.parseMediaTypes(accept)) {
            if (mediaType.includes(MediaType.APPLICATION_JSON)) {
                json = true;/*from www  .j  av a 2  s .c o  m*/
                break;
            }
        }
    }
    if (json) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        response.getWriter().append(String.format("{\"error\":\"%s\"}", authException.getMessage()));
    } else {
        response.sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage());
    }
}

From source file:org.cloudfoundry.identity.uaa.error.JsonAwareAccessDeniedHandlerTests.java

@Test
public void testCommenceWithEmptyAccept() throws Exception {
    entryPoint.handle(request, response, new AccessDeniedException("Bad"));
    assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
    assertEquals("Bad", response.getErrorMessage());
}

From source file:eu.trentorise.game.api.rest.AuthorizationInterceptor.java

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
        throws Exception {
    @SuppressWarnings("unchecked")
    Map<String, String> pathVariables = (Map<String, String>) request
            .getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);

    String gameId = (String) pathVariables.get("gameId");
    String user = identityLookup.getName();
    boolean isOk = permissionManager.checkGamePermission(user, gameId);
    if (!isOk) {//  w w w  .j  ava2  s. co m
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "access not permitted");
    }
    return isOk;
}

From source file:com.thinkberg.moxo.dav.PutHandler.java

public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
    FileObject object = getResourceManager().getFileObject(request.getPathInfo());

    try {/*w  w  w .j  av  a2 s .  c  o  m*/
        LockManager.getInstance().checkCondition(object, getIf(request));
    } catch (LockException e) {
        if (e.getLocks() != null) {
            response.sendError(SC_LOCKED);
        } else {
            response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
        }
        return;
    }

    // it is forbidden to write data on a folder
    if (object.exists() && FileType.FOLDER.equals(object.getType())) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }

    FileObject parent = object.getParent();
    if (!parent.exists()) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }

    if (!FileType.FOLDER.equals(parent.getType())) {
        response.sendError(HttpServletResponse.SC_CONFLICT);
        return;
    }

    InputStream is = request.getInputStream();
    OutputStream os = object.getContent().getOutputStream();
    log("PUT sends " + request.getHeader("Content-length") + " bytes");
    log("PUT copied " + Util.copyStream(is, os) + " bytes");
    os.flush();
    object.close();

    response.setStatus(HttpServletResponse.SC_CREATED);
}

From source file:com.thinkberg.moxo.dav.DeleteHandler.java

public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
    FileObject object = getResourceManager().getFileObject(request.getPathInfo());
    if (request instanceof Request) {
        String fragment = ((Request) request).getUri().getFragment();
        if (fragment != null) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return;
        }//  w  w w .  j  ava2 s . c  o m
    }

    try {
        LockManager.getInstance().checkCondition(object, getIf(request));
    } catch (LockException e) {
        if (e.getLocks() != null) {
            response.sendError(SC_LOCKED);
        } else {
            response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
        }
        return;
    }

    if (object.exists()) {
        if (object.delete(ALL_FILES_SELECTOR) > 0) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
        }
    } else {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
    }
}

From source file:com.mirth.connect.server.servlets.ExtensionServlet.java

public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    // MIRTH-1745
    response.setCharacterEncoding("UTF-8");

    if (!isUserLoggedIn(request)) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
    } else {/*from  w w  w  . j  a v a 2  s.  c om*/
        try {
            ExtensionController extensionController = ControllerFactory.getFactory()
                    .createExtensionController();
            ObjectXMLSerializer serializer = new ObjectXMLSerializer();
            PrintWriter out = response.getWriter();
            FileItem multiPartFileItem = null;
            Operation operation = null;
            Map<String, Object> parameterMap = new HashMap<String, Object>();

            if (ServletFileUpload.isMultipartContent(request)) {
                Map<String, String> multipartParameters = new HashMap<String, String>();
                File installTempDir = new File(ExtensionController.getExtensionsPath(), "install_temp");

                if (!installTempDir.exists()) {
                    installTempDir.mkdir();
                }

                // we need to load properties from the multipart data
                DiskFileItemFactory factory = new DiskFileItemFactory();
                factory.setRepository(installTempDir);
                ServletFileUpload upload = new ServletFileUpload(factory);
                List<FileItem> items = upload.parseRequest(request);

                for (FileItem item : items) {
                    if (item.isFormField()) {
                        multipartParameters.put(item.getFieldName(), item.getString());
                    } else {
                        // only supports a single file
                        multiPartFileItem = item;
                    }
                }

                operation = Operations.getOperation(multipartParameters.get("op"));
            } else {
                operation = Operations.getOperation(request.getParameter("op"));
            }

            if (operation.equals(Operations.PLUGIN_PROPERTIES_GET)) {
                String pluginName = request.getParameter("name");

                if (isUserAuthorizedForExtension(request, pluginName, operation.getName(), null)) {
                    response.setContentType(APPLICATION_XML);
                    serializer.toXML(extensionController.getPluginProperties(pluginName), out);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            } else if (operation.equals(Operations.PLUGIN_PROPERTIES_SET)) {
                String pluginName = request.getParameter("name");

                if (isUserAuthorizedForExtension(request, pluginName, operation.getName(), null)) {
                    Properties properties = (Properties) serializer.fromXML(request.getParameter("properties"));
                    extensionController.setPluginProperties(pluginName, properties);
                    extensionController.updatePluginProperties(pluginName, properties);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            } else if (operation.equals(Operations.PLUGIN_METADATA_GET)) {
                response.setContentType(APPLICATION_XML);
                serializer.toXML(extensionController.getPluginMetaData(), out);
            } else if (operation.equals(Operations.EXTENSION_SET_ENABLED)) {
                String pluginName = request.getParameter("name");
                boolean enabled = BooleanUtils.toBoolean(request.getParameter("enabled"));
                parameterMap.put("extension", pluginName);
                parameterMap.put("enabled", enabled);

                if (isUserAuthorized(request, parameterMap)) {
                    extensionController.setExtensionEnabled(pluginName, enabled);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            } else if (operation.equals(Operations.CONNECTOR_METADATA_GET)) {
                response.setContentType(APPLICATION_XML);
                serializer.toXML(extensionController.getConnectorMetaData(), out);
            } else if (operation.equals(Operations.EXTENSION_IS_ENABLED)) {
                String extensionName = request.getParameter("name");
                response.setContentType(TEXT_PLAIN);
                out.print(extensionController.isExtensionEnabled(extensionName));
            } else if (operation.equals(Operations.PLUGIN_SERVICE_INVOKE)) {
                String pluginName = request.getParameter("name");
                String method = request.getParameter("method");
                Object object = serializer.fromXML(request.getParameter("object"));
                String sessionId = request.getSession().getId();

                if (isUserAuthorizedForExtension(request, pluginName, method, null)) {
                    serializer.toXML(
                            extensionController.invokePluginService(pluginName, method, object, sessionId),
                            out);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            } else if (operation.equals(Operations.CONNECTOR_SERVICE_INVOKE)) {
                String name = request.getParameter("name");
                String method = request.getParameter("method");
                Object object = serializer.fromXML(request.getParameter("object"));
                String sessionId = request.getSession().getId();
                response.setContentType(APPLICATION_XML);
                serializer.toXML(extensionController.invokeConnectorService(name, method, object, sessionId),
                        out);
            } else if (operation.equals(Operations.EXTENSION_UNINSTALL)) {
                String packageName = request.getParameter("packageName");
                parameterMap.put("packageName", packageName);

                if (isUserAuthorized(request, parameterMap)) {
                    extensionController.prepareExtensionForUninstallation(packageName);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            } else if (operation.equals(Operations.EXTENSION_INSTALL)) {
                if (isUserAuthorized(request, null)) {
                    /*
                     * This is a multi-part method, so we need our
                     * parameters from the new map
                     */
                    extensionController.extractExtension(multiPartFileItem);
                } else {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                }
            }
        } catch (RuntimeIOException rio) {
            logger.debug(rio);
        } catch (Throwable t) {
            logger.error(ExceptionUtils.getStackTrace(t));
            throw new ServletException(t);
        }
    }
}

From source file:jp.or.openid.eiwg.scim.servlet.ResourceTypes.java

/**
 * ?/*from   w  w w  . ja  v  a 2s.co m*/
 *
 * @param request 
 * @param response ?
 * @throws ServletException
 * @throws IOException
 */
protected void service(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    String method = request.getMethod();
    if (method.equals("GET")) {
        doGet(request, response);
    } else {
        errorResponse(response, HttpServletResponse.SC_FORBIDDEN, null,
                MessageConstants.ERROR_NOT_SUPPORT_OPERATION);
    }
}

From source file:edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController.java

/**
 * Sub-classes should not override this. Instead, implement doRequest().
 *///from  www .j ava2s  .c  om
@Override
protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, IOException {
    VitroRequest vreq = new VitroRequest(req);
    if (PolicyHelper.isAuthorizedForActions(vreq, requiredActions(vreq))) {
        doRequest(vreq, resp);
    } else {
        resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
    }
}

From source file:com.taobao.diamond.server.interceptor.ACLControlInterceptor.java

public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
        throws Exception {
    boolean handlerOk = super.preHandle(request, response, handler);
    if (handlerOk) {
        String remoteIp = getRemoteIP(request);
        boolean aclAccess = aCLService.check(remoteIp);
        if (!aclAccess) {
            String msg = "[" + remoteIp + "] access denied by ACL Control";
            System.out.println(msg);
            log.warn(msg);/*from   ww  w  .j a v  a2 s .c om*/
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "acl_control_denied");
            return false;
        }
        return true;
    }
    return false;
}

From source file:com.mirth.connect.server.servlets.MessageObjectServlet.java

public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    // MIRTH-1745
    response.setCharacterEncoding("UTF-8");

    if (!isUserLoggedIn(request)) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
    } else {/*from w ww.  ja  v  a 2s  .c  om*/
        try {
            MessageObjectController messageObjectController = ControllerFactory.getFactory()
                    .createMessageObjectController();
            ObjectXMLSerializer serializer = new ObjectXMLSerializer();
            PrintWriter out = response.getWriter();
            Operation operation = Operations.getOperation(request.getParameter("op"));
            String uid = null;
            boolean useNewTempTable = false;
            Map<String, Object> parameterMap = new HashMap<String, Object>();

            if (request.getParameter("uid") != null && !request.getParameter("uid").equals("")) {
                uid = request.getParameter("uid");
                useNewTempTable = true;
            } else {
                uid = request.getSession().getId();
            }

            if (operation.equals(Operations.MESSAGE_CREATE_TEMP_TABLE)) {
                MessageObjectFilter filter = (MessageObjectFilter) serializer
                        .fromXML(request.getParameter("filter"));
                redactMessageObjectFilter(request, filter);
                parameterMap.put("messageFilter", filter);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    response.setContentType(TEXT_PLAIN);
                    out.println(messageObjectController.createMessagesTempTable(filter, uid, useNewTempTable));
                }
            } else if (operation.equals(Operations.MESSAGE_FILTER_TABLES_REMOVE)) {
                if (!isUserAuthorized(request, null)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.removeFilterTable(uid);
                }
            } else if (operation.equals(Operations.MESSAGE_GET_BY_PAGE)) {
                if (!isUserAuthorized(request, null)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    int page = Integer.parseInt(request.getParameter("page"));
                    int pageSize = Integer.parseInt(request.getParameter("pageSize"));
                    int max = Integer.parseInt(request.getParameter("maxMessages"));
                    response.setContentType(APPLICATION_XML);
                    serializer.toXML(messageObjectController.getMessagesByPage(page, pageSize, max, uid, true),
                            out);
                }

            } else if (operation.equals(Operations.MESSAGE_GET_BY_PAGE_LIMIT)) {
                MessageObjectFilter filter = (MessageObjectFilter) serializer
                        .fromXML(request.getParameter("filter"));
                redactMessageObjectFilter(request, filter);
                parameterMap.put("filter", filter);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    int page = Integer.parseInt(request.getParameter("page"));
                    int pageSize = Integer.parseInt(request.getParameter("pageSize"));
                    int max = Integer.parseInt(request.getParameter("maxMessages"));
                    response.setContentType(APPLICATION_XML);
                    serializer.toXML(
                            messageObjectController.getMessagesByPageLimit(page, pageSize, max, uid, filter),
                            out);
                }
            } else if (operation.equals(Operations.MESSAGE_REMOVE)) {
                MessageObjectFilter filter = (MessageObjectFilter) serializer
                        .fromXML(request.getParameter("filter"));
                redactMessageObjectFilter(request, filter);
                parameterMap.put("filter", filter);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.removeMessages(filter);
                }
            } else if (operation.equals(Operations.MESSAGE_CLEAR)) {
                String channelId = request.getParameter("data");
                parameterMap.put("channelId", channelId);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.clearMessages(channelId);
                }
            } else if (operation.equals(Operations.MESSAGE_REPROCESS)) {
                MessageObjectFilter filter = (MessageObjectFilter) serializer
                        .fromXML(request.getParameter("filter"));
                redactMessageObjectFilter(request, filter);
                boolean replace = Boolean.valueOf(request.getParameter("replace"));
                List<String> destinations = (List<String>) serializer
                        .fromXML(request.getParameter("destinations"));
                parameterMap.put("filter", filter);
                parameterMap.put("replace", replace);
                parameterMap.put("destinations", destinations);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.reprocessMessages(filter, replace, destinations);
                }
            } else if (operation.equals(Operations.MESSAGE_PROCESS)) {
                MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message"));
                parameterMap.put("message", message);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.processMessage(message);
                }
            } else if (operation.equals(Operations.MESSAGE_IMPORT)) {
                MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message"));
                parameterMap.put("message", message);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    messageObjectController.importMessage(message);
                }
            } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET)) {
                String attachmentId = request.getParameter("attachmentId");
                parameterMap.put("attachmentId", attachmentId);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    response.setContentType(APPLICATION_XML);
                    Attachment attachment = messageObjectController.getAttachment(attachmentId);
                    serializer.toXML(attachment, out);
                }
            } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET_BY_MESSAGE_ID)) {
                String messageId = request.getParameter("messageId");
                parameterMap.put("messageId", messageId);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    response.setContentType(APPLICATION_XML);
                    List<Attachment> list = messageObjectController.getAttachmentsByMessageId(messageId);
                    serializer.toXML(list, out);
                    out.println("");
                }
            } else if (operation.equals(Operations.MESSAGE_ATTACHMENT_GET_ID_BY_MESSAGE_ID)) {
                String messageId = request.getParameter("messageId");
                parameterMap.put("messageId", messageId);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    response.setContentType(APPLICATION_XML);
                    List<Attachment> list = messageObjectController.getAttachmentIdsByMessageId(messageId);
                    serializer.toXML(list, out);
                    out.println("");
                }
            } else if (operation.equals(Operations.MESSAGE_DICOM_MESSAGE_GET)) {
                MessageObject message = (MessageObject) serializer.fromXML(request.getParameter("message"));
                parameterMap.put("message", message);

                if (!isUserAuthorized(request, parameterMap)) {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } else {
                    String dicomMessage = DICOMUtil.getDICOMRawData(message);
                    out.println(dicomMessage);
                }
            }
        } catch (RuntimeIOException rio) {
            logger.debug(rio);
        } catch (Throwable t) {
            logger.error(ExceptionUtils.getStackTrace(t));
            throw new ServletException(t);
        }
    }
}