Example 1 with VSecurityException
use of io.vertigo.vega.webservice.exception.VSecurityException in project vertigo by KleeGroup.
the class ServerSideStateWebServiceHandlerPlugin method readServerSideUiObject.
private void readServerSideUiObject(final UiObject<DtObject> uiObject, final boolean consumeServerSideToken) {
final String accessToken = uiObject.getServerSideToken();
if (accessToken == null) {
// same message for no ServerSideToken or bad ServerSideToken
throw new VSecurityException(SERVER_SIDE_MANDATORY);
}
final Optional<Serializable> serverSideObjectOpt;
if (consumeServerSideToken) {
// if exception : token is consume. It's for security reason : no replay on bad request (brute force password)
serverSideObjectOpt = tokenManager.getAndRemove(accessToken);
} else {
serverSideObjectOpt = tokenManager.get(accessToken);
}
final Serializable serverSideObject = serverSideObjectOpt.orElseThrow(() -> new VSecurityException(SERVER_SIDE_MANDATORY));
uiObject.setServerSideObject((DtObject) serverSideObject);
}
Also used :
Serializable(java.io.Serializable)
VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException)
Example 2 with VSecurityException
use of io.vertigo.vega.webservice.exception.VSecurityException in project vertigo by KleeGroup.
the class SessionWebServiceHandlerPlugin method handle.
/**
* {@inheritDoc}
*/
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
// obtain session (create if needed)
final Session session = request.session(true);
final UserSession user = obtainUserSession(session);
try {
// Bind userSession to SecurityManager
securityManager.startCurrentUserSession(user);
return chain.handle(request, response, routeContext);
} catch (final VSecurityException e) {
if (session.isNew()) {
// If a new session is badly use, we invalid it (light protection against DDOS)
session.invalidate();
// If session was just created, we translate securityException as a Session expiration.
throw (SessionException) new SessionException("Session has expired").initCause(e);
}
throw e;
} finally {
// Unbind userSession to SecurityManager
securityManager.stopCurrentUserSession();
}
}
Also used :
UserSession(io.vertigo.persona.security.UserSession)
SessionException(io.vertigo.vega.webservice.exception.SessionException)
VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException)
Session(spark.Session)
UserSession(io.vertigo.persona.security.UserSession)
Example 3 with VSecurityException
use of io.vertigo.vega.webservice.exception.VSecurityException in project vertigo by KleeGroup.
the class RestfulServiceWebServiceHandlerPlugin method handle.
/**
* {@inheritDoc}
*/
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
final WebServiceDefinition webServiceDefinition = routeContext.getWebServiceDefinition();
final Object[] serviceArgs = makeArgs(routeContext);
final Method method = webServiceDefinition.getMethod();
final WebServices webServices = (WebServices) Home.getApp().getComponentSpace().resolve(method.getDeclaringClass());
if (method.getName().startsWith("create")) {
// by convention, if method starts with 'create', an http 201 status code is returned (if ok)
response.status(HttpServletResponse.SC_CREATED);
}
try {
return ClassUtil.invoke(webServices, method, serviceArgs);
} catch (final RuntimeException e) {
// If throwed exception was ValidationUserException, VUserException, SessionException, VSecurityException, RuntimeException
// we re throw it
final Throwable cause = e.getCause();
if (cause instanceof InvocationTargetException) {
final Throwable targetException = ((InvocationTargetException) cause).getTargetException();
if (targetException instanceof ValidationUserException) {
throw (ValidationUserException) targetException;
} else if (targetException instanceof VUserException) {
throw (VUserException) targetException;
} else if (targetException instanceof SessionException) {
throw (SessionException) targetException;
} else if (targetException instanceof VSecurityException) {
throw (VSecurityException) targetException;
} else if (targetException instanceof RuntimeException) {
throw (RuntimeException) targetException;
}
}
throw e;
}
}
Also used :
WebServiceDefinition(io.vertigo.vega.webservice.metamodel.WebServiceDefinition)
ValidationUserException(io.vertigo.vega.webservice.validation.ValidationUserException)
WebServices(io.vertigo.vega.webservice.WebServices)
SessionException(io.vertigo.vega.webservice.exception.SessionException)
Method(java.lang.reflect.Method)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException)
VUserException(io.vertigo.lang.VUserException)
Aggregations
VSecurityException (io.vertigo.vega.webservice.exception.VSecurityException)3
SessionException (io.vertigo.vega.webservice.exception.SessionException)2
VUserException (io.vertigo.lang.VUserException)1
UserSession (io.vertigo.persona.security.UserSession)1
WebServices (io.vertigo.vega.webservice.WebServices)1
WebServiceDefinition (io.vertigo.vega.webservice.metamodel.WebServiceDefinition)1
ValidationUserException (io.vertigo.vega.webservice.validation.ValidationUserException)1
Serializable (java.io.Serializable)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
Session (spark.Session)1
