Search in sources :

Example 1 with AuthenticationFailedException

use of no.mnemonic.act.platform.api.exceptions.AuthenticationFailedException in project act-platform by mnemonic-no.

the class AuthenticationAspect method invoke.

@Override
public Object invoke(MethodInvocation invocation) throws Throwable {
    Service service = getService(invocation);
    RequestHeader requestHeader = getRequestHeader(invocation);
    try {
        // For each service method invocation verify that user is authenticated!
        // noinspection unchecked
        accessController.validate(requestHeader.getCredentials());
    } catch (InvalidCredentialsException ex) {
        throw new AuthenticationFailedException("Could not authenticate user: " + ex.getMessage());
    }
    if (SecurityContext.isSet()) {
        return invocation.proceed();
    }
    try (SecurityContext ignored = SecurityContext.set(service.createSecurityContext(requestHeader.getCredentials()))) {
        return invocation.proceed();
    }
}
Also used : InvalidCredentialsException(no.mnemonic.services.common.auth.InvalidCredentialsException) AuthenticationFailedException(no.mnemonic.act.platform.api.exceptions.AuthenticationFailedException) SecurityContext(no.mnemonic.act.platform.service.contexts.SecurityContext) Service(no.mnemonic.act.platform.service.Service) RequestHeader(no.mnemonic.act.platform.api.service.v1.RequestHeader)

Example 2 with AuthenticationFailedException

use of no.mnemonic.act.platform.api.exceptions.AuthenticationFailedException in project act-platform by mnemonic-no.

the class FactGetCommentsDelegate method handle.

public ResultSet<FactComment> handle(GetFactCommentsRequest request) throws AccessDeniedException, AuthenticationFailedException, InvalidArgumentException, ObjectNotFoundException {
    // Fetch Fact and verify that it exists.
    FactRecord fact = factRequestResolver.resolveFact(request.getFact());
    // Verify that user is allowed to access the Fact.
    securityContext.checkReadPermission(fact);
    // Verify that user is allowed to view the Fact's comments.
    securityContext.checkPermission(TiFunctionConstants.viewThreatIntelFactComment, fact.getOrganizationID());
    // Fetch comments for Fact and filter by 'before' and 'after' timestamps.
    List<FactComment> comments = ListUtils.list(fact.getComments()).stream().filter(comment -> request.getBefore() == null || comment.getTimestamp() < request.getBefore()).filter(comment -> request.getAfter() == null || comment.getTimestamp() > request.getAfter()).map(factCommentResponseConverter).collect(Collectors.toList());
    return StreamingResultSet.<FactComment>builder().setCount(comments.size()).setLimit(0).setValues(comments).build();
}
Also used : AccessDeniedException(no.mnemonic.act.platform.api.exceptions.AccessDeniedException) TiSecurityContext(no.mnemonic.act.platform.service.ti.TiSecurityContext) ResultSet(no.mnemonic.services.common.api.ResultSet) GetFactCommentsRequest(no.mnemonic.act.platform.api.request.v1.GetFactCommentsRequest) FactRequestResolver(no.mnemonic.act.platform.service.ti.resolvers.request.FactRequestResolver) AuthenticationFailedException(no.mnemonic.act.platform.api.exceptions.AuthenticationFailedException) TiFunctionConstants(no.mnemonic.act.platform.service.ti.TiFunctionConstants) FactRecord(no.mnemonic.act.platform.dao.api.record.FactRecord) Collectors(java.util.stream.Collectors) ObjectNotFoundException(no.mnemonic.act.platform.api.exceptions.ObjectNotFoundException) Inject(javax.inject.Inject) List(java.util.List) FactCommentResponseConverter(no.mnemonic.act.platform.service.ti.converters.response.FactCommentResponseConverter) FactComment(no.mnemonic.act.platform.api.model.v1.FactComment) ListUtils(no.mnemonic.commons.utilities.collections.ListUtils) InvalidArgumentException(no.mnemonic.act.platform.api.exceptions.InvalidArgumentException) StreamingResultSet(no.mnemonic.act.platform.api.service.v1.StreamingResultSet) FactRecord(no.mnemonic.act.platform.dao.api.record.FactRecord) FactComment(no.mnemonic.act.platform.api.model.v1.FactComment)

Aggregations

AuthenticationFailedException (no.mnemonic.act.platform.api.exceptions.AuthenticationFailedException)2 List (java.util.List)1 Collectors (java.util.stream.Collectors)1 Inject (javax.inject.Inject)1 AccessDeniedException (no.mnemonic.act.platform.api.exceptions.AccessDeniedException)1 InvalidArgumentException (no.mnemonic.act.platform.api.exceptions.InvalidArgumentException)1 ObjectNotFoundException (no.mnemonic.act.platform.api.exceptions.ObjectNotFoundException)1 FactComment (no.mnemonic.act.platform.api.model.v1.FactComment)1 GetFactCommentsRequest (no.mnemonic.act.platform.api.request.v1.GetFactCommentsRequest)1 RequestHeader (no.mnemonic.act.platform.api.service.v1.RequestHeader)1 StreamingResultSet (no.mnemonic.act.platform.api.service.v1.StreamingResultSet)1 FactRecord (no.mnemonic.act.platform.dao.api.record.FactRecord)1 Service (no.mnemonic.act.platform.service.Service)1 SecurityContext (no.mnemonic.act.platform.service.contexts.SecurityContext)1 TiFunctionConstants (no.mnemonic.act.platform.service.ti.TiFunctionConstants)1 TiSecurityContext (no.mnemonic.act.platform.service.ti.TiSecurityContext)1 FactCommentResponseConverter (no.mnemonic.act.platform.service.ti.converters.response.FactCommentResponseConverter)1 FactRequestResolver (no.mnemonic.act.platform.service.ti.resolvers.request.FactRequestResolver)1 ListUtils (no.mnemonic.commons.utilities.collections.ListUtils)1 ResultSet (no.mnemonic.services.common.api.ResultSet)1