Example usage for org.springframework.http HttpStatus FORBIDDEN

Introduction

In this page you can find the example usage for org.springframework.http HttpStatus FORBIDDEN.

Prototype

HttpStatus FORBIDDEN

To view the source code for org.springframework.http HttpStatus FORBIDDEN.

Click Source Link

Document

403 Forbidden .

Usage

From source file:org.cloudfoundry.identity.uaa.integration.CheckTokenEndpointIntegrationTests.java

@Test
public void testForbidden() throws Exception {
    MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
    formData.add("token", "FOO");
    HttpHeaders headers = new HttpHeaders();
    headers.set("Authorization", "Basic " + new String(Base64.encode("cf:".getBytes("UTF-8"))));
    headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));

    @SuppressWarnings("rawtypes")
    ResponseEntity<Map> response = serverRunning.postForMap("/check_token", formData, headers);
    assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode());

    @SuppressWarnings("unchecked")
    Map<String, String> map = response.getBody();
    assertTrue(map.containsKey("error"));
}

---

From source file:org.cloudfoundry.identity.uaa.integration.LoginServerSecurityIntegrationTests.java

@Test
@OAuth2ContextConfiguration(LoginClient.class)
public void testLoginServerCfInvalidClientPasswordToken() throws Exception {
    ImplicitResourceDetails resource = testAccounts.getDefaultImplicitResource();
    HttpHeaders headers = new HttpHeaders();
    headers.add("Accept", MediaType.APPLICATION_JSON_VALUE);
    params.set("client_id", resource.getClientId());
    params.set("client_secret", "bogus");
    params.set("source", "login");
    params.set(UaaAuthenticationDetails.ADD_NEW, "false");
    params.set("grant_type", "password");

    String redirect = resource.getPreEstablishedRedirectUri();
    if (redirect != null) {
        params.set("redirect_uri", redirect);
    }//from w w w  .  jav  a 2  s . c  o  m
    @SuppressWarnings("rawtypes")
    ResponseEntity<Map> response = serverRunning.postForMap(serverRunning.getAccessTokenUri(), params, headers);
    HttpStatus statusCode = response.getStatusCode();
    assertTrue("Status code should be 401 or 403.",
            statusCode == HttpStatus.FORBIDDEN || statusCode == HttpStatus.UNAUTHORIZED);
}

---

From source file:org.cloudfoundry.identity.uaa.integration.LoginServerSecurityIntegrationTests.java

@Test
@OAuth2ContextConfiguration(AppClient.class)
public void testLoginServerCfInvalidClientToken() throws Exception {
    ImplicitResourceDetails resource = testAccounts.getDefaultImplicitResource();
    HttpHeaders headers = new HttpHeaders();
    headers.add("Accept", MediaType.APPLICATION_JSON_VALUE);
    params.set("client_id", resource.getClientId());
    params.set("client_secret", "bogus");
    params.set("source", "login");
    params.set(UaaAuthenticationDetails.ADD_NEW, "false");
    params.set("grant_type", "password");

    String redirect = resource.getPreEstablishedRedirectUri();
    if (redirect != null) {
        params.set("redirect_uri", redirect);
    }/* w  w  w . jav a  2  s .c o m*/
    @SuppressWarnings("rawtypes")
    ResponseEntity<Map> response = serverRunning.postForMap(serverRunning.getAccessTokenUri(), params, headers);
    HttpStatus statusCode = response.getStatusCode();

    assertTrue("Status code should be 401 or 403.",
            statusCode == HttpStatus.FORBIDDEN || statusCode == HttpStatus.UNAUTHORIZED);
}

---

From source file:org.cloudfoundry.identity.uaa.scim.endpoints.ScimUserEndpointsMockMvcTests.java

@Test
public void testGetUserWithScimCreateToken() throws Exception {
    getUser(scimCreateToken, HttpStatus.FORBIDDEN.value());
}

---

From source file:org.cloudfoundry.identity.uaa.scim.endpoints.ScimUserEndpointsMockMvcTests.java

@Test
public void testUpdateUserWithScimCreateToken() throws Exception {
    updateUser(scimCreateToken, HttpStatus.FORBIDDEN.value());
}

---

From source file:org.cloudfoundry.identity.uaa.web.CorsFilter.java

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
        final FilterChain filterChain) throws ServletException, IOException {

    if (isXhrRequest(request)) {
        String method = request.getMethod();
        if (!isCorsXhrAllowedMethod(method)) {
            response.setStatus(HttpStatus.METHOD_NOT_ALLOWED.value());
            return;
        }//ww w . j av  a  2s  .  co  m
        String origin = request.getHeader(HttpHeaders.ORIGIN);
        String requestUri = request.getRequestURI();
        if (!isCorsXhrAllowedRequestUri(requestUri) || !isCorsXhrAllowedOrigin(origin)) {
            response.setStatus(HttpStatus.FORBIDDEN.value());
            return;
        }
        response.addHeader("Access-Control-Allow-Origin", origin);
        if ("OPTIONS".equals(request.getMethod())) {
            buildCorsXhrPreFlightResponse(request, response);
        } else {
            filterChain.doFilter(request, response);
        }
        return;
    }

    response.addHeader("Access-Control-Allow-Origin", "*");
    if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
        // CORS "pre-flight" request
        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        response.addHeader("Access-Control-Allow-Headers", "Authorization");
        response.addHeader("Access-Control-Max-Age", "1728000");
    } else {
        filterChain.doFilter(request, response);
    }
}

---

From source file:org.cloudfoundry.identity.uaa.web.CorsFilter.java

void buildCorsXhrPreFlightResponse(final HttpServletRequest request, final HttpServletResponse response) {
    String accessControlRequestMethod = request.getHeader("Access-Control-Request-Method");
    if (null == accessControlRequestMethod) {
        response.setStatus(HttpStatus.BAD_REQUEST.value());
        return;/*from   ww w  .  java 2  s  . c  om*/
    }
    if (!"GET".equalsIgnoreCase(accessControlRequestMethod)) {
        response.setStatus(HttpStatus.METHOD_NOT_ALLOWED.value());
        return;
    }
    response.addHeader("Access-Control-Allow-Methods", "GET");

    String accessControlRequestHeaders = request.getHeader("Access-Control-Request-Headers");
    if (null == accessControlRequestHeaders) {
        response.setStatus(HttpStatus.BAD_REQUEST.value());
        return;
    }
    if (!headersAllowed(accessControlRequestHeaders)) {
        response.setStatus(HttpStatus.FORBIDDEN.value());
        return;
    }
    response.addHeader("Access-Control-Allow-Headers", "Authorization, X-Requested-With");
    response.addHeader("Access-Control-Max-Age", "1728000");
}

---

From source file:org.dockhouse.web.rest.AccountResource.java

/**
 * POST  /change_password -> changes the current user's password
 *//*from www  .  ja  va  2  s .  c o  m*/
@RequestMapping(value = "/account/change_password", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<?> changePassword(@RequestBody String password) {
    if (StringUtils.isEmpty(password)) {
        return new ResponseEntity<>(HttpStatus.FORBIDDEN);
    }
    userService.changePassword(password);
    return new ResponseEntity<>(HttpStatus.OK);
}

---

From source file:org.encuestame.mvc.controller.AbstractJsonController.java

/**
 * Handler for {@link AccessDeniedException}
 * @param ex exception//w ww . j  a v  a  2s .c  o m
 * @return {@link ModelAndView}.
 */
@SuppressWarnings("static-access")
@ResponseStatus(value = HttpStatus.FORBIDDEN)
@ExceptionHandler(AccessDeniedException.class)
public ModelAndView handleException(final AccessDeniedException ex, HttpServletResponse httpResponse,
        final HttpServletRequest request) {
    ModelAndView mav = new ModelAndView();
    mav.setViewName("jsonView");
    final Map<String, Object> response = new HashMap<String, Object>();
    response.put("message", ex.getMessage());
    response.put("description", getMessage("error.access.denied", request, null));
    response.put("status", httpResponse.SC_FORBIDDEN);
    response.put("session", SecurityUtils.checkIsSessionIsExpired(getSecCtx().getAuthentication()));
    response.put(EnMeUtils.ANONYMOUS_USER,
            SecurityUtils.checkIsSessionIsAnonymousUser(getSecCtx().getAuthentication()));
    httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
    mav.addObject("error", response);
    return mav;
}

---

From source file:org.esupportail.publisher.web.rest.SubscriberResource.java

/**
 * POST /subscribers -> Create a new subscriber.
 *///from w  ww.  ja  v  a 2s. co  m
@RequestMapping(value = "/subscribers", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize(SecurityConstants.IS_ROLE_ADMIN + " || " + SecurityConstants.IS_ROLE_USER
        + " && @permissionService.canEditCtxTargets(authentication, #subscriber.subjectCtxId.context)")
@Timed
public ResponseEntity<Void> create(@Validated @RequestBody Subscriber subscriber)
        throws URISyntaxException, UnsupportedEncodingException {
    log.debug("REST request to save Subscriber : {}", subscriber);
    if (subscriberRepository.findOne(subscriber.getId()) != null) {
        return ResponseEntity.badRequest().header("Failure", "The subscriber should not already exist").build();
    }
    // TODO: check if the context can support subscribers
    EnumSet<ContextType> ctxTypes = EnumSet.of(ContextType.ORGANIZATION, ContextType.PUBLISHER);
    boolean subscribersOnCtx = false;
    switch (subscriber.getSubjectCtxId().getContext().getKeyType()) {
    case ORGANIZATION:
        subscribersOnCtx = true;
        break;
    case PUBLISHER:
        subscribersOnCtx = true;
        break;
    case CATEGORY:

    case FEED:
        AbstractClassification classif = classificationRepository
                .findOne(subscriber.getSubjectCtxId().getContext().getKeyId());
        if (classif != null
                && !WritingMode.TARGETS_ON_ITEM
                        .equals(classif.getPublisher().getContext().getRedactor().getWritingMode())
                && classif.getPublisher().isHasSubPermsManagement()) {
            subscribersOnCtx = true;
        }
        break;
    case ITEM:
        AbstractItem item = itemRepository.findOne(subscriber.getSubjectCtxId().getContext().getKeyId());
        if (item != null && WritingMode.TARGETS_ON_ITEM.equals(item.getRedactor().getWritingMode())) {
            subscribersOnCtx = true;
        }
        break;
    default:
        // non bloquant
        log.warn("ContextType unknown !");
        break;
    }
    if (!subscribersOnCtx) {
        return new ResponseEntity<>(HttpStatus.FORBIDDEN);
    }
    subscriberRepository.save(subscriber);
    String composedIdURL = new String(
            Base64.encodeBase64(subscriber.getId().getSubject().getKeyValue().getBytes(StandardCharsets.UTF_8)))
            + "/";
    composedIdURL += subscriber.getId().getSubject().getKeyType().getId() + "/";
    composedIdURL += subscriber.getId().getSubject().getKeyAttribute() + "/";
    composedIdURL += subscriber.getId().getContext().getKeyId() + "/";
    composedIdURL += subscriber.getId().getContext().getKeyType().name();
    log.debug(composedIdURL);
    return ResponseEntity
            .created(new URI(
                    "/api/subscribers/" + UriUtils.encodeQuery(composedIdURL, StandardCharsets.UTF_8.name())))
            .build();
}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• »