Example 36 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project motech by motech.
the class UserControllerTest method shouldReturnEmptyListForUsersWithoutAccess.
@Test
public void shouldReturnEmptyListForUsersWithoutAccess() throws Exception {
when(motechUserService.getUsers()).thenThrow(new AccessDeniedException("denied"));
controller.perform(get("/users")).andExpect(status().isOk()).andExpect(content().string("[]"));
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Test(org.junit.Test)
Example 37 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project motech by motech.
the class EntityServiceImpl method getEntityDraft.
@Override
@Transactional
public EntityDraft getEntityDraft(Long entityId, String username) {
Entity entity = allEntities.retrieveById(entityId);
assertEntityExists(entity, entityId);
if (entity instanceof EntityDraft) {
return (EntityDraft) entity;
}
if (username == null) {
throw new AccessDeniedException("Cannot save draft - no user");
}
// get the draft
EntityDraft draft = allEntityDrafts.retrieve(entity, username);
if (draft == null) {
draft = allEntityDrafts.create(entity, username);
}
return draft;
}
Also used :
MdsEntity(org.motechproject.mds.domain.MdsEntity)
Entity(org.motechproject.mds.domain.Entity)
MdsVersionedEntity(org.motechproject.mds.domain.MdsVersionedEntity)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
EntityDraft(org.motechproject.mds.domain.EntityDraft)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 38 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project irida by phac-nml.
the class AnnouncementServiceImplIT method testUserMarkAnnouncementAsReadSuccess.
@Test
@WithMockUser(username = "user3", roles = "USER")
public void testUserMarkAnnouncementAsReadSuccess() {
final Announcement a = announcementService.read(2L);
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
final User user = userService.getUserByUsername(auth.getName());
try {
announcementService.markAnnouncementAsReadByUser(a, user);
} catch (AccessDeniedException e) {
fail("User should be able able to mark announcement as read.");
} catch (EntityExistsException e) {
fail("Failed for unknown reason, stack trace follows:");
e.printStackTrace();
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
WithMockUser(org.springframework.security.test.context.support.WithMockUser)
User(ca.corefacility.bioinformatics.irida.model.user.User)
Announcement(ca.corefacility.bioinformatics.irida.model.announcements.Announcement)
Authentication(org.springframework.security.core.Authentication)
EntityExistsException(ca.corefacility.bioinformatics.irida.exceptions.EntityExistsException)
WithMockUser(org.springframework.security.test.context.support.WithMockUser)
Test(org.junit.Test)
Example 39 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project ma-core-public by infiniteautomation.
the class UrlSecurityFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// Assume an http request.
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
boolean foundMapping = false;
User user = Common.getHttpUser();
String msg;
String uri = request.getRequestURI();
for (UriMappingDefinition uriDef : ModuleRegistry.getDefinitions(UriMappingDefinition.class)) {
if (matcher.match(uriDef.getPath(), uri)) {
boolean allowed = true;
foundMapping = true;
switch(uriDef.getPermission()) {
case ADMINISTRATOR:
if ((user == null) || (!Permissions.hasAdmin(user)))
allowed = false;
break;
case DATA_SOURCE:
if ((user == null) || (!user.isDataSourcePermission()))
allowed = false;
break;
case USER:
if (user == null) {
allowed = false;
}
break;
case CUSTOM:
try {
allowed = uriDef.hasCustomPermission(user);
} catch (PermissionException e) {
allowed = false;
}
break;
case ANONYMOUS:
break;
}
if (!allowed) {
if (user == null) {
msg = "Denying access to page where user isn't logged in, uri=" + uri + ", remote host ip= " + request.getRemoteHost();
} else {
msg = "Denying access to page where user hasn't sufficient permission, user=" + user.getUsername() + ", uri=" + uri + ", remote host ip= " + request.getRemoteHost();
}
LOG.warn(msg);
throw new AccessDeniedException(msg);
}
break;
}
}
// if not set then check our other definitions
if (!foundMapping) {
for (ControllerMappingDefinition uriDef : ModuleRegistry.getDefinitions(ControllerMappingDefinition.class)) {
if (matcher.match(uriDef.getPath(), uri)) {
boolean allowed = true;
foundMapping = true;
switch(uriDef.getPermission()) {
case ADMINISTRATOR:
if ((user == null) || (!Permissions.hasAdmin(user)))
allowed = false;
break;
case DATA_SOURCE:
if ((user == null) || (!user.isDataSourcePermission()))
allowed = false;
break;
case USER:
if (user == null) {
allowed = false;
}
break;
case CUSTOM:
try {
allowed = uriDef.hasCustomPermission(user);
} catch (PermissionException e) {
allowed = false;
}
break;
case ANONYMOUS:
break;
}
if (!allowed) {
if (user == null) {
msg = "Denying access to page where user isn't logged in, uri=" + uri + ", remote host ip= " + request.getRemoteHost();
} else {
msg = "Denying access to page where user hasn't sufficient permission, user=" + user.getUsername() + ", uri=" + uri + ", remote host ip= " + request.getRemoteHost();
}
LOG.info(msg);
throw new AccessDeniedException(msg);
}
break;
}
}
}
// if not set then check our other definitions
if (!foundMapping) {
for (UrlMappingDefinition uriDef : ModuleRegistry.getDefinitions(UrlMappingDefinition.class)) {
if (matcher.match(uriDef.getUrlPath(), uri)) {
boolean allowed = true;
foundMapping = true;
switch(uriDef.getPermission()) {
case ADMINISTRATOR:
if ((user == null) || (!Permissions.hasAdmin(user)))
allowed = false;
break;
case DATA_SOURCE:
if ((user == null) || (!user.isDataSourcePermission()))
allowed = false;
break;
case USER:
if (user == null) {
allowed = false;
}
break;
case ANONYMOUS:
break;
}
if (!allowed) {
if (user == null) {
msg = "Denying access to page where user isn't logged in, uri=" + uri + ", remote host ip= " + request.getRemoteHost();
} else {
msg = "Denying access to page where user hasn't sufficient permission, user=" + user.getUsername() + ", uri=" + uri + ", remote host ip= " + request.getRemoteHost();
}
LOG.info(msg);
throw new AccessDeniedException(msg);
}
break;
}
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PermissionException(com.serotonin.m2m2.vo.permission.PermissionException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
User(com.serotonin.m2m2.vo.User)
UriMappingDefinition(com.serotonin.m2m2.module.UriMappingDefinition)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ControllerMappingDefinition(com.serotonin.m2m2.module.ControllerMappingDefinition)
UrlMappingDefinition(com.serotonin.m2m2.module.UrlMappingDefinition)
Example 40 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project cloudbreak by hortonworks.
the class AutoScaleClusterCommonService method setCluster.
private AutoscaleClusterResponse setCluster(PeriscopeUser user, AutoscaleClusterRequest json, Long clusterId) {
Ambari ambari = ambariConverter.convert(json);
Long stackId = json.getStackId();
boolean access = clusterSecurityService.hasAccess(user, ambari, stackId);
if (!access) {
String host = ambari.getHost();
LOGGER.info("Illegal access to Ambari cluster '{}' from user '{}'", host, user.getEmail());
throw new AccessDeniedException(String.format("Accessing Ambari cluster '%s' is not allowed", host));
} else {
Cluster cluster = clusterRequestConverter.convert(json);
if (!hasAmbariConnectionDetailsSpecified(json)) {
AmbariStack ambariStack = new AmbariStack(ambari, stackId, null);
cluster = clusterService.create(cluster, user, ambariStack, PENDING);
} else {
AmbariStack resolvedAmbari = clusterSecurityService.tryResolve(ambari);
cluster = clusterId == null ? clusterService.create(cluster, user, resolvedAmbari, RUNNING) : clusterService.update(clusterId, resolvedAmbari, cluster.isAutoscalingEnabled());
}
createHistoryAndNotification(cluster);
return createClusterJsonResponse(cluster);
}
}
Also used :
AmbariStack(com.sequenceiq.periscope.model.AmbariStack)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Cluster(com.sequenceiq.periscope.domain.Cluster)
Ambari(com.sequenceiq.periscope.domain.Ambari)
Aggregations
AccessDeniedException (org.springframework.security.access.AccessDeniedException)186
Test (org.junit.Test)33
Test (org.junit.jupiter.api.Test)20
Authentication (org.springframework.security.core.Authentication)18
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)17
ArrayList (java.util.ArrayList)15
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)14
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)14
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)14
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)13
Method (java.lang.reflect.Method)12
JoinPoint (org.aspectj.lang.JoinPoint)11
MethodSignature (org.aspectj.lang.reflect.MethodSignature)11
SecurityContext (org.springframework.security.core.context.SecurityContext)11
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)10
Credential (com.sequenceiq.cloudbreak.domain.Credential)8
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)8
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)8
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)7
Interpretation (org.hisp.dhis.interpretation.Interpretation)7
