Examples with CamelAuthorizationException org.apache.camel.CamelAuthorizationException used on opensource projects

Example 1 with CamelAuthorizationException

use of org.apache.camel.CamelAuthorizationException in project camel by apache.

the class SpringSecurityAuthorizationPolicyTest method testAuthenticationFailed.

@Test
public void testAuthenticationFailed() throws Exception {
    MockEndpoint end = getMockEndpoint("mock:end");
    end.expectedMessageCount(0);
    try {
        sendMessageWithAuthentication("bob", "jimspassword");
        fail("we should get the access deny exception here");
    } catch (Exception exception) {
        // the exception should be caused by CamelAuthorizationException
        assertTrue("Expect CamelAuthorizationException here", exception.getCause() instanceof CamelAuthorizationException);
        assertEquals("admin", ((CamelAuthorizationException) exception.getCause()).getPolicyId());
    }
    end.assertIsSatisfied();
}

Example 2 with CamelAuthorizationException

use of org.apache.camel.CamelAuthorizationException in project camel by apache.

the class SpringSecurityAuthorizationPolicy method beforeProcess.

protected void beforeProcess(Exchange exchange) throws Exception {
    List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
    try {
        Authentication authToken = getAuthentication(exchange.getIn());
        if (authToken == null) {
            CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
            throw authorizationException;
        }
        Authentication authenticated = authenticateIfRequired(authToken);
        // Attempt authorization with exchange
        try {
            this.accessDecisionManager.decide(authenticated, exchange, attributes);
        } catch (AccessDeniedException accessDeniedException) {
            exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
            publishEvent(event);
            throw accessDeniedException;
        }
        publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
    } catch (RuntimeException exception) {
        exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
        CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
        throw authorizationException;
    }
}

Example 3 with CamelAuthorizationException

use of org.apache.camel.CamelAuthorizationException in project camel by apache.

the class ShiroSecurityProcessor method authorizeUser.

private void authorizeUser(Subject currentUser, Exchange exchange) throws CamelAuthorizationException {
    boolean authorized = false;
    if (!policy.getPermissionsList().isEmpty()) {
        if (policy.isAllPermissionsRequired()) {
            authorized = currentUser.isPermittedAll(policy.getPermissionsList());
        } else {
            for (Permission permission : policy.getPermissionsList()) {
                if (currentUser.isPermitted(permission)) {
                    authorized = true;
                    break;
                }
            }
        }
    } else if (!policy.getRolesList().isEmpty()) {
        if (policy.isAllRolesRequired()) {
            authorized = currentUser.hasAllRoles(policy.getRolesList());
        } else {
            for (String role : policy.getRolesList()) {
                if (currentUser.hasRole(role)) {
                    authorized = true;
                    break;
                }
            }
        }
    } else {
        LOG.trace("Valid Permissions or Roles List not specified for ShiroSecurityPolicy. " + "No authorization checks will be performed for current user.");
        authorized = true;
    }
    if (!authorized) {
        throw new CamelAuthorizationException("Authorization Failed. Subject's role set does " + "not have the necessary roles or permissions to perform further processing.", exchange);
    }
    LOG.debug("Current user {} is successfully authorized.", currentUser.getPrincipal());
}

Example 4 with CamelAuthorizationException

use of org.apache.camel.CamelAuthorizationException in project camel by apache.

the class SpringSecurityAuthorizationPolicyTest method testAuthorizationFailed.

@Test
public void testAuthorizationFailed() throws Exception {
    MockEndpoint end = getMockEndpoint("mock:end");
    end.expectedMessageCount(0);
    try {
        sendMessageWithAuthentication("bob", "bobspassword", "ROLE_USER");
        fail("we should get the access deny exception here");
    } catch (Exception exception) {
        // the exception should be caused by CamelAuthorizationException
        assertTrue("Expect CamelAuthorizationException here", exception.getCause() instanceof CamelAuthorizationException);
    }
    end.assertIsSatisfied();
}

Example 5 with CamelAuthorizationException

use of org.apache.camel.CamelAuthorizationException in project camel by apache.

the class SimpleTest method testExceptionOGNLSimple.

public void testExceptionOGNLSimple() throws Exception {
    exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, "myPolicy");
    exchange.setProperty(Exchange.EXCEPTION_CAUGHT, new CamelAuthorizationException("The camel authorization exception", exchange));
    assertExpression("${exception.getPolicyId}", "myPolicy");
}