Examples with AccessControlException java.security.AccessControlException used on opensource projects

Example 31 with AccessControlException

use of java.security.AccessControlException in project hive by apache.

the class FileUtils method isActionPermittedForFileHierarchy.

public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, String userName, FsAction action, boolean recurse) throws Exception {
    boolean isDir = fileStatus.isDir();
    FsAction dirActionNeeded = action;
    if (isDir) {
        // for dirs user needs execute privileges as well
        dirActionNeeded.and(FsAction.EXECUTE);
    }
    List<FileStatus> subDirsToCheck = null;
    if (isDir && recurse) {
        subDirsToCheck = new ArrayList<FileStatus>();
    }
    try {
        checkFileAccessWithImpersonation(fs, fileStatus, action, userName, subDirsToCheck);
    } catch (AccessControlException err) {
        // Action not permitted for user
        LOG.warn("Action " + action + " denied on " + fileStatus.getPath() + " for user " + userName);
        return false;
    }
    if (subDirsToCheck == null || subDirsToCheck.isEmpty()) {
        // no sub dirs to be checked
        return true;
    }
    // check all children
    for (FileStatus childStatus : subDirsToCheck) {
        // check children recursively - recurse is true if we're here.
        if (!isActionPermittedForFileHierarchy(fs, childStatus, userName, action, true)) {
            return false;
        }
    }
    return true;
}

Example 32 with AccessControlException

use of java.security.AccessControlException in project Payara by payara.

the class SecurityAccessValidator method validateInjection.

private boolean validateInjection(ActiveDescriptor<?> candidate, Injectee injectee, Permission p) {
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Injectee =" + injectee + ", permission= " + p);
    }
    // If this is an Inject, get the protection domain of the injectee
    Class<?> injecteeClass = injectee.getInjecteeClass();
    ProtectionDomain pd = getCallerProtDomain(injecteeClass);
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Protection domain code src= " + pd.getCodeSource());
    }
    if (!pd.implies(p)) {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("permission check failed for " + injectee + ", to get perm " + p + ", for candidate " + candidate);
        }
        throw new AccessControlException(localStrings.getLocalString("sec.validate.injection.deny", "Access denied for injectee {0} to get permission {1}.", injectee, p));
    } else {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("permission check success for " + injectee + " to get " + candidate);
        }
    }
    return true;
}

Example 33 with AccessControlException

use of java.security.AccessControlException in project Payara by payara.

the class WorkContextLocalMap method put.

// Implementation of weblogic.workarea.WorkContextMap
@SuppressWarnings("unchecked")
public WorkContext put(String key, WorkContext workContext, int propagationMode) throws PropertyReadOnlyException {
    if (debugWorkContext.isLoggable(Level.FINEST)) {
        debugWorkContext.log(Level.FINEST, "put(" + key + ", " + workContext + ")");
    }
    if (key == null || key.equals("")) {
        throw new NullPointerException("Cannot use null key");
    }
    if (workContext == null) {
        throw new NullPointerException("Cannot use null WorkContext");
    }
    WorkContextEntry wce = (WorkContextEntry) map.get(key);
    if (wce != null) {
        // Can't modify read-only properties
        if (!WorkContextAccessController.isAccessAllowed(key, WorkContextAccessController.UPDATE)) {
            throw new PropertyReadOnlyException(key);
        }
    } else if (!WorkContextAccessController.isAccessAllowed(key, WorkContextAccessController.CREATE)) {
        throw new AccessControlException("No CREATE permission for key: \"" + key + "\"");
    }
    // Replace whatever is there.
    map.put(key, new WorkContextEntryImpl(key, workContext, propagationMode));
    version++;
    return wce == null ? null : wce.getWorkContext();
}

Example 34 with AccessControlException

use of java.security.AccessControlException in project ORCID-Source by ORCID.

the class MemberV2ApiServiceDelegator_GeneralTest method testSearchByQueryBadScope.

@Test(expected = AccessControlException.class)
public void testSearchByQueryBadScope() {
    OrcidSecurityManager orcidSecurityManager = Mockito.mock(OrcidSecurityManagerImpl.class);
    Mockito.doThrow(new AccessControlException("some problem with scope")).when(orcidSecurityManager).checkScopes(Mockito.any(ScopePathType.class));
    MemberV2ApiServiceDelegatorImpl delegator = new MemberV2ApiServiceDelegatorImpl();
    ReflectionTestUtils.setField(delegator, "orcidSecurityManager", orcidSecurityManager);
    delegator.searchByQuery(new HashMap<>());
}

Example 35 with AccessControlException

use of java.security.AccessControlException in project ORCID-Source by ORCID.

the class DefaultPermissionChecker method getVisibilitiesForOauth2Authentication.

private Set<Visibility> getVisibilitiesForOauth2Authentication(OAuth2Authentication oAuth2Authentication, OrcidMessage orcidMessage, ScopePathType requiredScope) {
    Set<Visibility> visibilities = new HashSet<Visibility>();
    visibilities.add(Visibility.PUBLIC);
    String orcid = orcidMessage.getOrcidProfile().getOrcidIdentifier().getPath();
    // effectively means that the user can only see the public data
    try {
        checkScopes(oAuth2Authentication, requiredScope);
    } catch (AccessControlException e) {
        return visibilities;
    }
    // we can allow for access of protected data
    if (!oAuth2Authentication.isClientOnly() && oAuth2Authentication.getPrincipal() != null && ProfileEntity.class.isAssignableFrom(oAuth2Authentication.getPrincipal().getClass())) {
        ProfileEntity principal = (ProfileEntity) oAuth2Authentication.getPrincipal();
        visibilities.add(Visibility.REGISTERED_ONLY);
        if (principal != null && principal.getId().equals(orcid)) {
            Set<String> requestedScopes = oAuth2Authentication.getOAuth2Request().getScope();
            for (String scope : requestedScopes) {
                if (ScopePathType.hasStringScope(scope, requiredScope)) {
                    visibilities.add(Visibility.LIMITED);
                    break;
                }
            }
        }
    // This is a client credential authenticated client. If the profile
    // was created using this client and it
    // hasn't been claimed, it's theirs to read
    } else if (oAuth2Authentication.isClientOnly()) {
        OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
        String clientId = authorizationRequest.getClientId();
        String sponsorOrcid = getSponsorOrcid(orcidMessage);
        if (StringUtils.isNotBlank(sponsorOrcid) && clientId.equals(sponsorOrcid) && !orcidMessage.getOrcidProfile().getOrcidHistory().isClaimed()) {
            visibilities.add(Visibility.LIMITED);
            visibilities.add(Visibility.PRIVATE);
        }
    }
    return visibilities;
}