Example 81 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project dhis2-core by dhis2.
the class SpringSecurityActionAccessResolver method hasAccess.
// -------------------------------------------------------------------------
// ActionAccessResolver implementation
// -------------------------------------------------------------------------
@Override
public boolean hasAccess(String module, String name) {
// ---------------------------------------------------------------------
// Get ObjectDefinitionSource
// ---------------------------------------------------------------------
Configuration config = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
PackageConfig packageConfig = config.getPackageConfig(module);
if (packageConfig == null) {
throw new IllegalArgumentException("Module doesn't exist: '" + module + "'");
}
ActionConfig actionConfig = packageConfig.getActionConfigs().get(name);
if (actionConfig == null) {
throw new IllegalArgumentException("Module " + module + " doesn't have an action named: '" + name + "'");
}
SecurityMetadataSource securityMetadataSource = requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig);
// ---------------------------------------------------------------------
// Test access
// ---------------------------------------------------------------------
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
try {
if (securityMetadataSource.getAttributes(actionConfig) != null) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
accessDecisionManager.decide(authentication, actionConfig, securityMetadataSource.getAttributes(actionConfig));
}
log.debug("Access to [" + module + ", " + name + "]: TRUE");
return true;
} catch (AccessDeniedException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (access denied)");
return false;
} catch (InsufficientAuthenticationException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)");
return false;
}
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Configuration(com.opensymphony.xwork2.config.Configuration)
SecurityMetadataSource(org.springframework.security.access.SecurityMetadataSource)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig)
Example 82 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project dhis2-core by dhis2.
the class LogicalOrAccessDecisionManager method decide.
// -------------------------------------------------------------------------
// Interface implementation
// -------------------------------------------------------------------------
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
AccessDeniedException ade = null;
InsufficientAuthenticationException iae = null;
for (AccessDecisionManager accessDecisionManager : accessDecisionManagers) {
if (accessDecisionManager.supports(object.getClass())) {
try {
accessDecisionManager.decide(authentication, object, configAttributes);
log.debug("ACCESS GRANTED [" + object.toString() + "]");
return;
} catch (AccessDeniedException e) {
ade = e;
} catch (InsufficientAuthenticationException e) {
iae = e;
}
}
}
log.debug("ACCESS DENIED [" + object.toString() + "]");
if (ade != null) {
throw ade;
}
if (iae != null) {
throw iae;
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
AccessDecisionManager(org.springframework.security.access.AccessDecisionManager)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Example 83 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project engine by craftercms.
the class CrafterPageAccessManager method checkAccess.
/**
* Checks if the user has sufficient rights to access the specified page:
*
* <ol>
* <li>If the page doesn't contain any required role, no authentication is needed.</li>
* <li>If the page has the role "Anonymous", no authentication is needed.</li>
* <li>If the page has the role "Authenticated", just authentication is needed.</li>
* <li>If the page has any other the roles, the user needs to have any of those roles.</li>
* </ol>
*/
@RunIfSecurityEnabled
public void checkAccess(SiteItem page) {
String pageUrl = page.getStoreUrl();
Authentication auth = null;
SecurityContext context = SecurityContextHolder.getContext();
if (context != null && context.getAuthentication() != null) {
auth = context.getAuthentication();
}
List<String> authorizedRoles = getAuthorizedRolesForPage(page);
if (CollectionUtils.isNotEmpty(authorizedRoles) && !containsRole("anonymous", authorizedRoles)) {
// If auth == null it is anonymous
if (auth == null || auth instanceof AnonymousAuthenticationToken) {
throw new AccessDeniedException("User is anonymous but page '" + pageUrl + "' requires authentication");
}
if (!containsRole("authenticated", authorizedRoles) && !hasAnyRole(auth, authorizedRoles)) {
throw new AccessDeniedException("User '" + auth.getName() + "' is not authorized " + "to view page '" + pageUrl + "'");
}
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
RunIfSecurityEnabled(org.craftercms.security.annotations.RunIfSecurityEnabled)
Example 84 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project ontrack by nemerosa.
the class StructureServiceImpl method getProjectList.
@Override
public List<Project> getProjectList() {
SecuritySettings securitySettings = securityService.getSecuritySettings();
List<Project> list = structureRepository.getProjectList();
if (securitySettings.isGrantProjectViewToAll() || securityService.isGlobalFunctionGranted(ProjectList.class)) {
return list;
} else if (securityService.isLogged()) {
return list.stream().filter(p -> securityService.isProjectFunctionGranted(p.id(), ProjectView.class)).collect(Collectors.toList());
} else {
throw new AccessDeniedException("Authentication is required.");
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecuritySettings(net.nemerosa.ontrack.model.settings.SecuritySettings)
Example 85 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project ontrack by nemerosa.
the class PropertyServiceImpl method editProperty.
private <T> Ack editProperty(ProjectEntity entity, PropertyType<T> propertyType, T value) {
// Checks for edition
if (!propertyType.canEdit(entity, securityService)) {
throw new AccessDeniedException("Property is not opened for edition.");
}
// Gets the JSON for the storage
JsonNode storage = propertyType.forStorage(value);
// Search key
String searchKey = propertyType.getSearchKey(value);
// Stores the property
propertyRepository.saveProperty(propertyType.getClass().getName(), entity.getProjectEntityType(), entity.getId(), storage, searchKey);
// Property change event
eventPostService.post(eventFactory.propertyChange(entity, propertyType));
// Listener
propertyType.onPropertyChanged(entity, value);
// OK
return Ack.OK;
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Aggregations
AccessDeniedException (org.springframework.security.access.AccessDeniedException)189
Test (org.junit.Test)32
Test (org.junit.jupiter.api.Test)21
Authentication (org.springframework.security.core.Authentication)18
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)17
ArrayList (java.util.ArrayList)15
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)14
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)14
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)14
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)13
Method (java.lang.reflect.Method)12
JoinPoint (org.aspectj.lang.JoinPoint)11
MethodSignature (org.aspectj.lang.reflect.MethodSignature)11
SecurityContext (org.springframework.security.core.context.SecurityContext)11
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)10
Credential (com.sequenceiq.cloudbreak.domain.Credential)8
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)8
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)8
ModelAndView (org.springframework.web.servlet.ModelAndView)8
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)7
