use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class AbstractCLIApprover method doIt.
@Override
public void doIt() throws Exception {
Set keys = se.getClientApprovalStore().keySet();
LinkedList<ClientApproval> linkedList = new LinkedList<ClientApproval>();
info("starting approval");
int i = 0;
for (Object k : keys) {
ClientApproval ca = (ClientApproval) se.getClientApprovalStore().get(k);
linkedList.add(ca);
say((i++) + ". " + (ca.isApproved() ? "(A) " : "(D) ") + linkedList.getLast().getIdentifierString());
}
if (linkedList.isEmpty()) {
say("(No entries found. You will need to manually enter the id.)");
}
boolean keepAsking = true;
String inString;
ClientApproval ca = null;
while (keepAsking) {
say("Enter the number of the client to approve or disapprove, OR, enter an id, starting with a " + ID_DELIMITER);
inString = readline();
if (inString.startsWith(ID_DELIMITER)) {
ca = new ClientApproval(new BasicIdentifier(inString.substring(ID_DELIMITER.length())));
keepAsking = false;
} else {
try {
int index = Integer.parseInt(inString);
if (0 <= index && index < linkedList.size()) {
ca = linkedList.get(index);
keepAsking = false;
} else {
say("Sorry, that index is out of range. Try again.");
}
} catch (NumberFormatException xx) {
boolean noInput = inString == null || inString.length() == 0;
say("Woops. Didn't understand " + (noInput ? "(empty)" : "\"" + inString + "\"") + ". Try again.");
}
}
}
if (ca == null) {
// future proof. Should never happen.
warn("No client approval found. Aborting session");
throw new GeneralException("Internal error: Somehow the client approval was not found. Fix that.");
}
Client client = (Client) se.getClientStore().get(ca.getIdentifier());
if (client == null) {
info("No client found for the given identifier. Aborting.");
say("no client found for the id. You probably want to fix that.\nexiting...");
return;
} else {
say("You have chosen the following client");
say(formatClient(client));
}
say("Enter your approver name [" + ANONYMOUS + "]:");
inString = readline();
ca.setApproved(true);
if (inString == null || 0 == inString.length()) {
ca.setApprover(ANONYMOUS);
} else {
ca.setApprover(inString);
}
info("Approver is identifier as " + ca.getApprover());
say("Enter Approve or Deny (A/D) [D]");
inString = readline();
if (inString != null && inString.toLowerCase().equals("a")) {
ca.setApproved(true);
}
info("Approver " + (ca.isApproved() ? "denies" : "allows") + " approval.");
say("Commit changes? (y/n)");
inString = readline();
if (!inString.toLowerCase().equals("y")) {
info("Approval aborted manually. No changes saved.");
say("You didn't explicitly say to save it -- operation aborted.\nexiting...");
return;
}
// update timestamp to now.
ca.setApprovalTimestamp(new Date());
if (pollingDir != null) {
// use polling
File tempFile = File.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX, pollingDir);
FileOutputStream fos = new FileOutputStream(tempFile);
ObjectOutputStream oos = new ObjectOutputStream(fos);
oos.writeObject(ca);
fos.flush();
fos.close();
} else {
// do the approval directly
se.getClientApprovalStore().save(ca);
}
info("Approval for client with id \"" + ca.getIdentifierString() + "\" finished.");
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class PermissionServer method addClient.
/**
* Adds a given client to the list of clients managed by this admin
*
* @param request
* @return
*/
public PermissionResponse addClient(AddClientRequest request) {
// request needs admin and client.
// Check if there is one already -- don't fill up table with redundant permissions.
Permission p = null;
PermissionList pList = getPermissionStore().get(request.getAdminClient().getIdentifier(), request.getClient().getIdentifier());
switch(pList.size()) {
case 0:
p = getPermissionStore().create();
break;
case 1:
p = pList.get(0);
break;
default:
throw new GeneralException("Internal error. Multiple permissiions entries found");
}
p.setAdminID(request.getAdminClient().getIdentifier());
p.setClientID(request.getClient().getIdentifier());
p.setApprove(true);
p.setCreate(true);
p.setDelete(true);
p.setRead(true);
p.setWrite(true);
getPermissionStore().save(p);
return new AddClientResponse();
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class LDAPClaimsSource method handleException.
public void handleException(Throwable throwable) {
if (throwable instanceof CommunicationException) {
warn("Communication exception talking to LDAP.");
return;
}
if (getCfg().isFailOnError()) {
String subjectTemplate = "Error on ${host} contacting LDAP server";
String messageTemplate = "The following error message was received attempting to contact the " + "LDAP server at ${ldap_host}:\n\n${message}\n\n. The operation did not complete.";
Map<String, String> replacements = new HashMap<>();
URI address = getOa2SE().getServiceAddress();
String x = "localhost";
if (address != null) {
x = address.getHost();
}
replacements.put("host", x);
replacements.put("ldap_host", getCfg().getServer());
replacements.put("message", throwable.getMessage());
if (getCfg().isNotifyOnFail()) {
getOa2SE().getMailUtil().sendMessage(subjectTemplate, messageTemplate, replacements);
}
throw new GeneralException("Error: Could not communicate with LDAP server. \"" + throwable.getMessage() + "\"");
}
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2CertServlet method getClient.
/**
* This looks for the information about the client and checks the secret.
*
* @param req
* @return
*/
@Override
public Client getClient(HttpServletRequest req) {
String rawID = req.getParameter(CONST(CONSUMER_KEY));
String rawSecret = getFirstParameterValue(req, CLIENT_SECRET);
// According to the spec. this must be in a Basic Authz header if it is not sent as parameter
List<String> basicTokens = HeaderUtils.getAuthHeader(req, "Basic");
if (2 < basicTokens.size()) {
// too many tokens to unscramble
throw new OA2GeneralError(OA2Errors.INVALID_TOKEN, "Error: Too many authorization tokens.", HttpStatus.SC_UNAUTHORIZED);
// throw new GeneralException("Too many authorization tokens");
}
if (rawID == null) {
for (String x : basicTokens) {
try {
// Here is some detective work. We get up to TWO basic Authz headers with the id and secret.
// Since ids are valid URIs the idea here is anything that is uri must be an id and the other
// one is the secret. This also handles the case that one of these is sent as a parameter
// in the call and the other is in the header.
URI test = URI.create(x);
// be the secret.
if (test.getScheme() != null) {
rawID = x;
} else {
rawSecret = x;
}
} catch (Throwable t) {
if (rawSecret == null) {
rawSecret = x;
}
}
}
}
if (rawID == null) {
throw new UnknownClientException("No client id");
}
Identifier id = BasicIdentifier.newID(rawID);
OA2Client client = (OA2Client) getClient(id);
if (client.isPublicClient()) {
throw new GeneralException("Error: public clients not supported for this operation.");
}
if (rawSecret == null) {
throw new GeneralException("Error: No secret. request refused.");
}
if (!client.getSecret().equals(DigestUtils.shaHex(rawSecret))) {
throw new GeneralException("Error: Secret is incorrect. request refused.");
}
return client;
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2CertServlet method getAccessToken.
@Override
protected AccessToken getAccessToken(HttpServletRequest request) {
try {
return getServiceEnvironment().getTokenForge().getAccessToken(request);
} catch (Throwable t) {
// this just means that the access token was not sent as a parameter. It
// might have been sent as a bearer token.
}
List<String> bearerTokens = HeaderUtils.getAuthHeader(request, "Bearer");
if (bearerTokens.isEmpty()) {
throw new GeneralException("Error: no access token");
}
if (1 < bearerTokens.size()) {
throw new GeneralException("Error: too many access tokens");
}
AccessToken at = getServiceEnvironment().getTokenForge().getAccessToken(bearerTokens.get(0));
return at;
}
Aggregations