Example 6 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplateTests method testTokenIsResetIfInvalid.
@Test
public void testTokenIsResetIfInvalid() throws Exception {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST");
token.setExpiration(new Date(System.currentTimeMillis() - 1000));
restTemplate.getOAuth2ClientContext().setAccessToken(token);
restTemplate.setAccessTokenProvider(new StubAccessTokenProvider() {
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
throw new UserRedirectRequiredException("http://foo.com", Collections.<String, String>emptyMap());
}
});
try {
OAuth2AccessToken newToken = restTemplate.getAccessToken();
assertNotNull(newToken);
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// planned
}
// context token should be reset as it clearly is invalid at this point
assertNull(restTemplate.getOAuth2ClientContext().getAccessToken());
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
BaseOAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails)
OAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails)
AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Date(java.util.Date)
UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)
Test(org.junit.Test)
Example 7 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project camel by apache.
the class SpringSecurityAuthorizationPolicy method beforeProcess.
protected void beforeProcess(Exchange exchange) throws Exception {
List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
try {
Authentication authToken = getAuthentication(exchange.getIn());
if (authToken == null) {
CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
throw authorizationException;
}
Authentication authenticated = authenticateIfRequired(authToken);
// Attempt authorization with exchange
try {
this.accessDecisionManager.decide(authenticated, exchange, attributes);
} catch (AccessDeniedException accessDeniedException) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
} catch (RuntimeException exception) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
throw authorizationException;
}
}
Also used :
CamelAuthorizationException(org.apache.camel.CamelAuthorizationException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Authentication(org.springframework.security.core.Authentication)
AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent)
AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent)
Example 8 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class ExceptionTranslationFilter method doFilter.
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try {
chain.doFilter(request, response);
logger.debug("Chain processed normally");
} catch (IOException ex) {
throw ex;
} catch (Exception ex) {
// Try to extract a SpringSecurityException from the stacktrace
Throwable[] causeChain = throwableAnalyzer.determineCauseChain(ex);
RuntimeException ase = (AuthenticationException) throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain);
if (ase == null) {
ase = (AccessDeniedException) throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
}
if (ase != null) {
handleSpringSecurityException(request, response, chain, ase);
} else {
// Rethrow ServletExceptions and RuntimeExceptions as-is
if (ex instanceof ServletException) {
throw (ServletException) ex;
} else if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
// as we've already covered all the possibilities for doFilter
throw new RuntimeException(ex);
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Example 9 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security-oauth by spring-projects.
the class ClientScopeVoter method vote.
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
if (!(authentication instanceof OAuth2Authentication)) {
return result;
}
OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
OAuth2Request clientAuthentication = oauth2Authentication.getOAuth2Request();
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId());
Set<String> scopes = clientAuthentication.getScope();
if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) {
scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
}
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_GRANTED;
for (String scope : scopes) {
if (!client.getScope().contains(scope)) {
result = ACCESS_DENIED;
break;
}
}
if (result == ACCESS_DENIED && throwException) {
InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", client.getScope());
throw new AccessDeniedException(failure.getMessage(), failure);
}
return result;
}
}
return result;
}
Also used :
InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Example 10 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project dhis2-core by dhis2.
the class InterpretationController method deleteObject.
@Override
public void deleteObject(@PathVariable String uid, HttpServletRequest request, HttpServletResponse response) throws Exception {
Interpretation interpretation = interpretationService.getInterpretation(uid);
if (interpretation == null) {
throw new WebMessageException(WebMessageUtils.notFound("Interpretation does not exist: " + uid));
}
if (!currentUserService.getCurrentUser().equals(interpretation.getUser()) && !currentUserService.currentUserIsSuper()) {
throw new AccessDeniedException("You are not allowed to delete this interpretation.");
}
interpretationService.deleteInterpretation(interpretation);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
Interpretation(org.hisp.dhis.interpretation.Interpretation)
Aggregations
AccessDeniedException (org.springframework.security.access.AccessDeniedException)186
Test (org.junit.Test)33
Test (org.junit.jupiter.api.Test)20
Authentication (org.springframework.security.core.Authentication)18
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)17
ArrayList (java.util.ArrayList)15
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)14
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)14
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)14
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)13
Method (java.lang.reflect.Method)12
JoinPoint (org.aspectj.lang.JoinPoint)11
MethodSignature (org.aspectj.lang.reflect.MethodSignature)11
SecurityContext (org.springframework.security.core.context.SecurityContext)11
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)10
Credential (com.sequenceiq.cloudbreak.domain.Credential)8
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)8
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)8
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)7
Interpretation (org.hisp.dhis.interpretation.Interpretation)7
