List of usage examples for org.springframework.http HttpStatus FORBIDDEN
HttpStatus FORBIDDEN
To view the source code for org.springframework.http HttpStatus FORBIDDEN.
Click Source Link
From source file:comsat.sample.ui.method.SampleMethodSecurityApplicationTests.java
@Test public void testManagementUnauthorizedAccess() throws Exception { ResponseEntity<String> entity = new TestRestTemplate("user", "user") .getForEntity("http://localhost:" + this.port + "/beans", String.class); assertEquals(HttpStatus.FORBIDDEN, entity.getStatusCode()); }
From source file:com.cicdaas.nasasoundapiautomation.test.NASASoundAPITest.java
@Test(groups = { "nasa-sound-api-regression", "nasa-sound-api-sanity" })
public void testNegNASASoundAPIGETCallwithoutKey() {
try {/*from w ww . j av a2s . c om*/
client.getSoundTrackWithoutAPIKey();
fail("Sound API returned valid response w/o API Key!");
} catch (HttpClientErrorException hcee) {
assertEquals(HttpStatus.FORBIDDEN, hcee.getStatusCode(), "HTTP Status code didn't match!");
} catch (Exception e) {
fail(defaultAPIClientErrorMsg, e);
}
}
From source file:cn.edu.zjnu.acm.judge.controller.MailController.java
@GetMapping("/showmail") public String showmail(Model model, @RequestParam("mail_id") long mailId, Authentication authentication) { Mail mail = mailMapper.findOne(mailId); if (mail == null) { throw new MessageException("No such mail", HttpStatus.NOT_FOUND); }//ww w . j a va 2s .c om if (!UserDetailService.isUser(authentication, mail.getTo())) { throw new MessageException("Sorry, invalid access", HttpStatus.FORBIDDEN); } mailMapper.readed(mailId); model.addAttribute("mail", mail); return "mails/view"; }
From source file:org.mitre.oauth2.web.IntrospectionEndpoint.java
@RequestMapping("/" + URL) public String verify(@RequestParam("token") String tokenValue, @RequestParam(value = "token_type_hint", required = false) String tokenType, Authentication auth, Model model) {// w ww . java 2 s . c om ClientDetailsEntity authClient = null; Set<String> authScopes = new HashSet<>(); if (auth instanceof OAuth2Authentication) { // the client authenticated with OAuth, do our UMA checks ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); // get out the client that was issued the access token (not the token being introspected) OAuth2Authentication o2a = (OAuth2Authentication) auth; String authClientId = o2a.getOAuth2Request().getClientId(); authClient = clientService.loadClientByClientId(authClientId); // the owner is the user who authorized the token in the first place String ownerId = o2a.getUserAuthentication().getName(); authScopes.addAll(authClient.getScope()); // UMA style clients also get a subset of scopes of all the resource sets they've registered Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId); // collect all the scopes for (ResourceSet rs : resourceSets) { authScopes.addAll(rs.getScopes()); } } else { // the client authenticated directly, make sure it's got the right access String authClientId = auth.getName(); // direct authentication puts the client_id into the authentication's name field authClient = clientService.loadClientByClientId(authClientId); // directly authenticated clients get a subset of any scopes that they've registered for authScopes.addAll(authClient.getScope()); if (!AuthenticationUtilities.hasRole(auth, "ROLE_CLIENT") || !authClient.isAllowIntrospection()) { // this client isn't allowed to do direct introspection logger.error( "Client " + authClient.getClientId() + " is not allowed to call introspection endpoint"); model.addAttribute("code", HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } } // by here we're allowed to introspect, now we need to look up the token in our token stores // first make sure the token is there if (Strings.isNullOrEmpty(tokenValue)) { logger.error("Verify failed; token value is null"); Map<String, Boolean> entity = ImmutableMap.of("active", Boolean.FALSE); model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } OAuth2AccessTokenEntity accessToken = null; OAuth2RefreshTokenEntity refreshToken = null; ClientDetailsEntity tokenClient; UserInfo user; try { // check access tokens first (includes ID tokens) accessToken = tokenServices.readAccessToken(tokenValue); tokenClient = accessToken.getClient(); // get the user information of the user that authorized this token in the first place String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId()); } catch (InvalidTokenException e) { logger.info("Invalid access token. Checking refresh token."); try { // check refresh tokens next refreshToken = tokenServices.getRefreshToken(tokenValue); tokenClient = refreshToken.getClient(); // get the user information of the user that authorized this token in the first place String userName = refreshToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId()); } catch (InvalidTokenException e2) { logger.error("Invalid refresh token"); Map<String, Boolean> entity = ImmutableMap.of(IntrospectionResultAssembler.ACTIVE, Boolean.FALSE); model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } } // if it's a valid token, we'll print out information on it if (accessToken != null) { Map<String, Object> entity = introspectionResultAssembler.assembleFrom(accessToken, user, authScopes); model.addAttribute(JsonEntityView.ENTITY, entity); } else if (refreshToken != null) { Map<String, Object> entity = introspectionResultAssembler.assembleFrom(refreshToken, user, authScopes); model.addAttribute(JsonEntityView.ENTITY, entity); } else { // no tokens were found (we shouldn't get here) logger.error("Verify failed; Invalid access/refresh token"); Map<String, Boolean> entity = ImmutableMap.of(IntrospectionResultAssembler.ACTIVE, Boolean.FALSE); model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } return JsonEntityView.VIEWNAME; }
From source file:org.craftercms.profile.services.AuthenticationServiceIT.java
@Test @DirtiesContext/* ww w. j a v a 2s . c o m*/ public void testUnallowedAccessTokenError() throws Exception { accessTokenIdResolver.setAccessTokenId(UNALLOWED_ACCESS_TOKEN_ID); try { authenticationService.authenticate(DEFAULT_TENANT_NAME, ADMIN_USERNAME, ADMIN_PASSWORD); fail("Exception " + ProfileRestServiceException.class.getName() + " expected"); } catch (ProfileRestServiceException e) { assertEquals(HttpStatus.FORBIDDEN, e.getStatus()); assertEquals(ErrorCode.ACTION_DENIED, e.getErrorCode()); } }
From source file:org.craftercms.profile.services.TenantServiceIT.java
@Test @DirtiesContext//from w ww .j ava 2 s. c o m public void testUnallowedAccessTokenError() throws Exception { accessTokenIdResolver.setAccessTokenId(UNALLOWED_ACCESS_TOKEN_ID); try { tenantService.createTenant(getCorporateTenant()); fail("Exception " + ProfileRestServiceException.class.getName() + " expected"); } catch (ProfileRestServiceException e) { assertEquals(HttpStatus.FORBIDDEN, e.getStatus()); assertEquals(ErrorCode.ACTION_DENIED, e.getErrorCode()); } }
From source file:org.cloudfoundry.identity.uaa.integration.VmcScimUserEndpointIntegrationTests.java
@Test public void deleteUserFails() throws Exception { RestOperations client = serverRunning.getRestTemplate(); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = deleteUser(client, joe.getId(), joe.getVersion()); assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode()); @SuppressWarnings("unchecked") Map<String, String> error = response.getBody(); // System.err.println(error); assertEquals("access_denied", error.get("error")); }
From source file:ru.org.linux.auth.LoginController.java
/** * ? ? ? ?/*from ww w.jav a2 s.co m*/ */ @ExceptionHandler(UserBanedException.class) @ResponseStatus(HttpStatus.FORBIDDEN) public ModelAndView handleUserBanedException(UserBanedException ex) { return new ModelAndView("errors/user-banned", "exception", ex); }
From source file:org.cloudfoundry.android.cfdroid.CloudFoundry.java
/** * Ensures that a proper {@link CloudFoundryClient} exists and handles * connection errors./*from w ww .ja v a 2 s . c om*/ */ private <R> R doWithClient(Callable<R> work) { ensureClient(); try { return work.call(); } catch (CloudFoundryException e) { // Landing here surely means that // our client object holds a stale token. // Throw it away and retry. if (attempt == 0 && e.getStatusCode() == HttpStatus.FORBIDDEN) { Ln.w(e, "Caught exception for the first time. Assuming stale token, will retry."); attempt++; cache.client = null; accountManager.invalidateAuthToken(Accounts.ACCOUNT_TYPE, cache.token); cache.token = null; R result = doWithClient(work); attempt--; return result; } else { Ln.w(e, "Caught exception for the second time. Rethrowing"); throw e; } } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.mitre.uma.web.ClaimsAPI.java
@RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String deleteResourceSet(@PathVariable("rsid") Long id, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(id); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute(JsonErrorView.ERROR, "not_found"); return JsonErrorView.VIEWNAME; } else {/*from w w w. ja v a 2s . co m*/ if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { resourceSetService.remove(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); return HttpCodeView.VIEWNAME; } } }