List of usage examples for org.springframework.http HttpStatus FORBIDDEN
HttpStatus FORBIDDEN
To view the source code for org.springframework.http HttpStatus FORBIDDEN.
Click Source Link
From source file:com.haulmont.restapi.service.EntitiesControllerManager.java
protected void checkCanReadEntity(MetaClass metaClass) { if (!security.isEntityOpPermitted(metaClass, EntityOp.READ)) { throw new RestAPIException("Reading forbidden", String.format("Reading of the %s is forbidden", metaClass.getName()), HttpStatus.FORBIDDEN); }/* w w w .j a va 2s.c o m*/ }
From source file:com.haulmont.restapi.service.EntitiesControllerManager.java
protected void checkCanCreateEntity(MetaClass metaClass) { if (!security.isEntityOpPermitted(metaClass, EntityOp.CREATE)) { throw new RestAPIException("Creation forbidden", String.format("Creation of the %s is forbidden", metaClass.getName()), HttpStatus.FORBIDDEN); }// ww w .ja v a 2s . co m }
From source file:de.zib.gndms.dspace.service.SliceServiceImpl.java
@Override @RequestMapping(value = "/_{subspaceId}/_{sliceKindId}/_{sliceId}/_{fileName:.*}", method = RequestMethod.GET) @Secured("ROLE_USER") public ResponseEntity<Integer> listFileContent(@PathVariable final String subspaceId, @PathVariable final String sliceKindId, @PathVariable final String sliceId, @PathVariable final String fileName, @RequestParam(value = "attrs", required = false) final List<String> attrs, @RequestHeader("DN") final String dn, final OutputStream out) { GNDMSResponseHeader headers = setHeaders(subspaceId, sliceKindId, sliceId, dn); try {//from w w w.j a va 2 s. c o m Subspace space = subspaceProvider.get(subspaceId); Slice slice = findSliceOfKind(subspaceId, sliceKindId, sliceId); String path = space.getPathForSlice(slice); File file = new File(path + File.separatorChar + fileName); if (out == null) { final IllegalStateException illegalStateException = new IllegalStateException( "OutputStream not defined."); logger.warn(illegalStateException.getMessage()); throw illegalStateException; } if (file.exists() && file.canRead() && file.isFile()) { // TODO get requested file attributes if (attrs == null || attrs.contains("contents")) { FileCopyUtils.copy(new FileInputStream(file), out); } return new ResponseEntity<Integer>(0, headers, HttpStatus.OK); } else { logger.warn("File " + file + " cannot be read or is no file."); return new ResponseEntity<Integer>(0, headers, HttpStatus.FORBIDDEN); } } catch (NoSuchElementException ne) { logger.warn(ne.getMessage()); return new ResponseEntity<Integer>(0, headers, HttpStatus.NOT_FOUND); } catch (FileNotFoundException e) { logger.warn(e.getMessage()); return new ResponseEntity<Integer>(0, headers, HttpStatus.FORBIDDEN); } catch (IOException e) { logger.warn(e.getMessage()); return new ResponseEntity<Integer>(0, headers, HttpStatus.FORBIDDEN); } }
From source file:com.haulmont.restapi.service.EntitiesControllerManager.java
protected void checkCanDeleteEntity(MetaClass metaClass) { if (!security.isEntityOpPermitted(metaClass, EntityOp.DELETE)) { throw new RestAPIException("Deletion forbidden", String.format("Deletion of the %s is forbidden", metaClass.getName()), HttpStatus.FORBIDDEN); }/*from w w w .j a va 2 s . co m*/ }
From source file:com.ge.predix.integration.test.AccessControlServiceIT.java
@Test(dataProvider = "endpointProvider") public void testPolicyUpdateWithInsufficientScope(final String endpoint) throws Exception { String testPolicyName;//from ww w . j a v a 2s . com try { String policyFile = "src/test/resources/policy-set-with-multiple-policies-na-with-condition.json"; testPolicyName = this.policyHelper.setTestPolicy(this.acsNoPolicyScopeRestTemplate, this.zone1Headers, endpoint, policyFile); this.policyHelper.deletePolicySet(this.acsAdminRestTemplate, this.acsUrl, testPolicyName, this.zone1Headers); Assert.fail("No exception when trying to create policy set with no acs scope"); } catch (HttpClientErrorException e) { Assert.assertEquals(e.getStatusCode(), HttpStatus.FORBIDDEN); } }
From source file:com.haulmont.restapi.service.EntitiesControllerManager.java
protected void checkCanUpdateEntity(MetaClass metaClass) { if (!security.isEntityOpPermitted(metaClass, EntityOp.UPDATE)) { throw new RestAPIException("Updating forbidden", String.format("Updating of the %s is forbidden", metaClass.getName()), HttpStatus.FORBIDDEN); }//from www . ja v a 2s . co m }
From source file:de.steilerdev.myVerein.server.controller.admin.EventManagementController.java
/** * This function deletes an event, specified by the event ID. The function is invoked by DELETEing the URI /api/admin/event. * @param id The ID of the event, that should be deleted. * @param currentUser The currently logged in user. * @return An HTTP response with a status code. If an error occurred an error message is bundled into the response, otherwise a success message is available *//*from ww w. j a v a2s. co m*/ @RequestMapping(method = RequestMethod.DELETE) public ResponseEntity<String> deleteEvent(@RequestParam String id, @CurrentUser User currentUser) { logger.trace("[" + currentUser + "] Deleting event with id " + id); if (id.isEmpty()) { logger.warn("[" + currentUser + "] The id of an event is not allowed to be empty."); return new ResponseEntity<>("The ID of an event is not allowed to be empty", HttpStatus.BAD_REQUEST); } Event event = eventRepository.findEventById(id); if (event == null) { logger.warn("[" + currentUser + "] Unable to find the selected event with id " + id); return new ResponseEntity<>("Unable to find the selected event", HttpStatus.BAD_REQUEST); } else if (!currentUser.isAllowedToAdministrate(event)) { logger.warn("[" + currentUser + "] The user is not allowed to modify the event owned by " + event.getEventAdmin()); return new ResponseEntity<>("You are not allowed to modify the selected event", HttpStatus.FORBIDDEN); } else { try { eventRepository.delete(event); logger.info("[" + currentUser + "] Successfully delete the selected event"); return new ResponseEntity<>("Successfully deleted selected event", HttpStatus.OK); } catch (IllegalArgumentException e) { logger.warn("[" + currentUser + "] Unable to delete selected event: " + e.getMessage()); return new ResponseEntity<>("Unable to delete the selected event", HttpStatus.INTERNAL_SERVER_ERROR); } } }
From source file:com.ge.predix.integration.test.AccessControlServiceIT.java
@Test(dataProvider = "endpointProvider") public void testPolicyUpdateWithReadOnlyAccess(final String endpoint) throws Exception { try {//from ww w .j a va2 s. c o m String policyFile = "src/test/resources/policy-set-with-multiple-policies-na-with-condition.json"; this.policyHelper.setTestPolicy(this.acsReadOnlyRestTemplate, this.zone1Headers, endpoint, policyFile); } catch (HttpClientErrorException e) { Assert.assertEquals(e.getStatusCode(), HttpStatus.FORBIDDEN); } }
From source file:access.controller.AccessController.java
/** * Deletes Deployment information for an active deployment. * /*from w w w . j a v a 2s . c o m*/ * @param deploymentId * The Id of the deployment to delete. * @return OK confirmation if deleted, or an ErrorResponse if exceptions occur */ @RequestMapping(value = "/deployment/{deploymentId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity<PiazzaResponse> deleteDeployment( @PathVariable(value = "deploymentId") String deploymentId) { try { // Query for the Deployment Id Deployment deployment = accessor.getDeployment(deploymentId); if (deployment == null) { pzLogger.log(String.format("Deployment not found for requested Id %s", deploymentId), Severity.WARNING); return new ResponseEntity<>( new ErrorResponse(String.format("Deployment not found: %s", deploymentId), ACCESS_COMPONENT_NAME), HttpStatus.NOT_FOUND); } // Delete the Deployment deployer.undeploy(deploymentId); // Return OK return new ResponseEntity<>( new SuccessResponse("Deployment " + deploymentId + " was deleted successfully", ACCESS_COMPONENT_NAME), HttpStatus.OK); } catch (GeoServerException exception) { String error = String.format("Error Deleting Deployment %s: %s", deploymentId, exception.getMessage()); LOGGER.error(error, exception); pzLogger.log(error, Severity.ERROR, new AuditElement(ACCESS, "errorReadingDeploymentId", deploymentId)); return new ResponseEntity<>(new ErrorResponse(error, ACCESS_COMPONENT_NAME), HttpStatus.FORBIDDEN); } catch (Exception exception) { String error = String.format("Error Deleting Deployment %s: %s", deploymentId, exception.getMessage()); LOGGER.error(error, exception); pzLogger.log(error, Severity.ERROR, new AuditElement(ACCESS, "errorReadingDeploymentId", deploymentId)); return new ResponseEntity<>(new ErrorResponse(error, ACCESS_COMPONENT_NAME), HttpStatus.INTERNAL_SERVER_ERROR); } }
From source file:net.maritimecloud.identityregistry.controllers.ServiceController.java
/** * Returns keycloak.json the service identified by the given ID * * @return a reply.../*from www. j av a 2 s. c o m*/ * @throws McBasicRestException */ @RequestMapping(value = "/api/org/{orgMrn}/service/{serviceMrn}/jbossxml", method = RequestMethod.GET) @ResponseBody @PreAuthorize("hasRole('SERVICE_ADMIN') and @accessControlUtil.hasAccessToOrg(#orgMrn)") public ResponseEntity<String> getServiceJbossXml(HttpServletRequest request, @PathVariable String orgMrn, @PathVariable String serviceMrn) throws McBasicRestException { Organization org = this.organizationService.getOrganizationByMrn(orgMrn); if (org != null) { // Check that the entity being queried belongs to the organization if (!MrnUtil.getOrgShortNameFromOrgMrn(orgMrn) .equals(MrnUtil.getOrgShortNameFromEntityMrn(serviceMrn))) { throw new McBasicRestException(HttpStatus.BAD_REQUEST, MCIdRegConstants.MISSING_RIGHTS, request.getServletPath()); } Service service = this.entityService.getByMrn(serviceMrn); if (service == null) { throw new McBasicRestException(HttpStatus.NOT_FOUND, MCIdRegConstants.ENTITY_NOT_FOUND, request.getServletPath()); } if (service.getIdOrganization().compareTo(org.getId()) == 0) { // Get the jboss xml for the client the service represents if it exists if (service.getOidcAccessType() != null && !service.getOidcAccessType().trim().isEmpty()) { keycloakAU.init(KeycloakAdminUtil.BROKER_INSTANCE); String jbossXml = keycloakAU.getClientJbossXml(service.getMrn()); HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.setContentLength(jbossXml.length()); responseHeaders.setContentType(MediaType.APPLICATION_XML); return new ResponseEntity<>(jbossXml, responseHeaders, HttpStatus.OK); } throw new McBasicRestException(HttpStatus.NOT_FOUND, MCIdRegConstants.OIDC_CONF_FILE_NOT_AVAILABLE, request.getServletPath()); } throw new McBasicRestException(HttpStatus.FORBIDDEN, MCIdRegConstants.MISSING_RIGHTS, request.getServletPath()); } else { throw new McBasicRestException(HttpStatus.NOT_FOUND, MCIdRegConstants.ORG_NOT_FOUND, request.getServletPath()); } }