Example 1 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project neo4j by neo4j.
the class LdapRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
AuthorizationInfo info = super.doGetAuthorizationInfo(principals);
securityLog.debug(withRealm("Queried for authorization info for user '%s'", principals.getPrimaryPrincipal()));
return info;
} catch (AuthorizationException e) {
securityLog.error(withRealm("Failed to get authorization info: '%s' caused by '%s'", e.getMessage(), e.getCause().getMessage()));
if (isAuthorizationExceptionAnLdapReadTimeout(e)) {
throw new AuthProviderTimeoutException(LDAP_READ_TIMEOUT_CLIENT_MESSAGE, e);
}
throw new AuthProviderFailedException(LDAP_AUTHORIZATION_FAILURE_CLIENT_MESSAGE, e);
}
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
AuthProviderFailedException(org.neo4j.graphdb.security.AuthProviderFailedException)
AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException)
AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
Example 2 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project ddf by codice.
the class TestWorkspaceQueryService method testRun.
@SuppressWarnings("unchecked")
@Test
public void testRun() throws SchedulerException, UnsupportedQueryException, SourceUnavailableException, FederationException {
String workspaceId = "3";
QueryUpdateSubscriber queryUpdateSubscriber = mock(QueryUpdateSubscriber.class);
WorkspaceService workspaceService = mock(WorkspaceService.class);
CatalogFramework catalogFramework = mock(CatalogFramework.class);
FilterBuilder filterBuilder = mock(FilterBuilder.class);
Scheduler scheduler = mock(Scheduler.class);
when(scheduler.getContext()).thenReturn(mock(SchedulerContext.class));
Supplier<Optional<Scheduler>> schedulerSupplier = () -> Optional.of(scheduler);
SecurityService securityService = new SecurityService() {
@Override
public Subject getSystemSubject() {
return mock(Subject.class);
}
@Override
public Map<String, Serializable> addSystemSubject(Map<String, Serializable> properties) {
return properties;
}
};
FilterService filterService = mock(FilterService.class);
when(filterService.getModifiedDateFilter(any())).thenReturn(mock(Filter.class));
when(filterBuilder.anyOf(Mockito.any(Filter.class))).thenReturn(mock(Or.class));
when(filterBuilder.allOf(Mockito.<Filter>anyVararg())).thenReturn(mock(And.class));
WorkspaceQueryServiceImpl workspaceQueryServiceImpl = new WorkspaceQueryServiceImpl(queryUpdateSubscriber, workspaceService, catalogFramework, filterBuilder, schedulerSupplier, securityService, filterService);
workspaceQueryServiceImpl.setQueryTimeInterval(60);
String ecql = "area( Polygon((10 10, 20 10, 20 20, 10 10)) ) BETWEEN 10000 AND 30000";
WorkspaceMetacardImpl workspaceMetacard = mock(WorkspaceMetacardImpl.class);
when(workspaceMetacard.getId()).thenReturn(workspaceId);
QueryMetacardImpl queryMetacardWithSource = mock(QueryMetacardImpl.class);
when(queryMetacardWithSource.getSources()).thenReturn(Collections.singletonList("SomeSource"));
when(queryMetacardWithSource.getCql()).thenReturn(ecql);
Attribute id1 = mock(Attribute.class);
when(id1.getValue()).thenReturn("1");
when(queryMetacardWithSource.getAttribute(Metacard.ID)).thenReturn(id1);
QueryMetacardImpl queryMetacardWithoutSource = mock(QueryMetacardImpl.class);
when(queryMetacardWithoutSource.getSources()).thenReturn(Collections.emptyList());
when(queryMetacardWithoutSource.getCql()).thenReturn(ecql);
Attribute id2 = mock(Attribute.class);
when(id2.getValue()).thenReturn("2");
when(queryMetacardWithoutSource.getAttribute(Metacard.ID)).thenReturn(id2);
Map<String, Pair<WorkspaceMetacardImpl, List<QueryMetacardImpl>>> queryMetacards = Collections.singletonMap(id2.getValue().toString(), new ImmutablePair<>(workspaceMetacard, Arrays.asList(queryMetacardWithSource, queryMetacardWithoutSource)));
when(workspaceService.getQueryMetacards()).thenReturn(queryMetacards);
long hitCount1 = 10;
long hitCount2 = 20;
QueryResponse queryResponse = mock(QueryResponse.class);
when(queryResponse.getHits()).thenReturn(hitCount1).thenReturn(hitCount2);
when(catalogFramework.query(any())).thenReturn(queryResponse);
workspaceQueryServiceImpl.setSubject(new Subject() {
@Override
public boolean isGuest() {
return false;
}
@Override
public Object getPrincipal() {
return null;
}
@Override
public PrincipalCollection getPrincipals() {
return null;
}
@Override
public boolean isPermitted(String s) {
return false;
}
@Override
public boolean isPermitted(Permission permission) {
return false;
}
@Override
public boolean[] isPermitted(String... strings) {
return new boolean[0];
}
@Override
public boolean[] isPermitted(List<Permission> list) {
return new boolean[0];
}
@Override
public boolean isPermittedAll(String... strings) {
return false;
}
@Override
public boolean isPermittedAll(Collection<Permission> collection) {
return false;
}
@Override
public void checkPermission(String s) throws AuthorizationException {
}
@Override
public void checkPermission(Permission permission) throws AuthorizationException {
}
@Override
public void checkPermissions(String... strings) throws AuthorizationException {
}
@Override
public void checkPermissions(Collection<Permission> collection) throws AuthorizationException {
}
@Override
public boolean hasRole(String s) {
return false;
}
@Override
public boolean[] hasRoles(List<String> list) {
return new boolean[0];
}
@Override
public boolean hasAllRoles(Collection<String> collection) {
return false;
}
@Override
public void checkRole(String s) throws AuthorizationException {
}
@Override
public void checkRoles(Collection<String> collection) throws AuthorizationException {
}
@Override
public void checkRoles(String... strings) throws AuthorizationException {
}
@Override
public void login(AuthenticationToken authenticationToken) throws AuthenticationException {
}
@Override
public boolean isAuthenticated() {
return false;
}
@Override
public boolean isRemembered() {
return false;
}
@Override
public Session getSession() {
return null;
}
@Override
public Session getSession(boolean b) {
return null;
}
@Override
public void logout() {
}
@Override
public <V> V execute(Callable<V> callable) throws ExecutionException {
try {
return callable.call();
} catch (Exception e) {
throw new ExecutionException(e);
}
}
@Override
public void execute(Runnable runnable) {
}
@Override
public <V> Callable<V> associateWith(Callable<V> callable) {
return null;
}
@Override
public Runnable associateWith(Runnable runnable) {
return null;
}
@Override
public void runAs(PrincipalCollection principalCollection) throws NullPointerException, IllegalStateException {
}
@Override
public boolean isRunAs() {
return false;
}
@Override
public PrincipalCollection getPreviousPrincipals() {
return null;
}
@Override
public PrincipalCollection releaseRunAs() {
return null;
}
});
workspaceQueryServiceImpl.setCronString("0 0 0 * * ?");
workspaceQueryServiceImpl.setQueryTimeoutMinutes(5L);
workspaceQueryServiceImpl.run();
ArgumentCaptor<Map> argumentCaptor = ArgumentCaptor.forClass(Map.class);
verify(queryUpdateSubscriber).notify(argumentCaptor.capture());
Map queryUpdateSubscriberArgumentRaw = argumentCaptor.getValue();
Map<String, Pair<WorkspaceMetacardImpl, Long>> queryUpdateSubscriberArgument = (Map<String, Pair<WorkspaceMetacardImpl, Long>>) queryUpdateSubscriberArgumentRaw;
assertThat(queryUpdateSubscriberArgument.get(workspaceId).getRight(), is(hitCount1 + hitCount2));
}
Also used :
Serializable(java.io.Serializable)
Or(org.opengis.filter.Or)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
QueryMetacardImpl(org.codice.ddf.catalog.ui.metacard.workspace.QueryMetacardImpl)
CatalogFramework(ddf.catalog.CatalogFramework)
SchedulerContext(org.quartz.SchedulerContext)
Permission(org.apache.shiro.authz.Permission)
Optional(java.util.Optional)
WorkspaceService(org.codice.ddf.catalog.ui.query.monitor.api.WorkspaceService)
And(org.opengis.filter.And)
QueryUpdateSubscriber(org.codice.ddf.catalog.ui.query.monitor.api.QueryUpdateSubscriber)
Map(java.util.Map)
Attribute(ddf.catalog.data.Attribute)
Scheduler(org.quartz.Scheduler)
FilterService(org.codice.ddf.catalog.ui.query.monitor.api.FilterService)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Callable(java.util.concurrent.Callable)
FilterBuilder(ddf.catalog.filter.FilterBuilder)
SecurityService(org.codice.ddf.catalog.ui.query.monitor.api.SecurityService)
ExecutionException(org.apache.shiro.subject.ExecutionException)
Pair(org.apache.commons.lang3.tuple.Pair)
ImmutablePair(org.apache.commons.lang3.tuple.ImmutablePair)
Subject(ddf.security.Subject)
SourceUnavailableException(ddf.catalog.source.SourceUnavailableException)
UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException)
SchedulerException(org.quartz.SchedulerException)
FederationException(ddf.catalog.federation.FederationException)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
ExecutionException(org.apache.shiro.subject.ExecutionException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
Filter(org.opengis.filter.Filter)
QueryResponse(ddf.catalog.operation.QueryResponse)
WorkspaceMetacardImpl(org.codice.ddf.catalog.ui.metacard.workspace.WorkspaceMetacardImpl)
Session(org.apache.shiro.session.Session)
Test(org.junit.Test)
Example 3 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project tesla by linking12.
the class TeslaUserRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
Long userId = (Long) principals.getPrimaryPrincipal();
List<String> permissions = userDao.findPermissonByUserId(userId);
List<String> roles = userDao.findRoleByUserId(userId);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(permissions);
return info;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Example 4 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project nutzboot by nutzam.
the class SimpleAuthorizingRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
long userId = ((Number) principals.getPrimaryPrincipal()).longValue();
User user = dao().fetch(User.class, userId);
if (user == null)
return null;
SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();
auth.addRole(user.getName());
auth.addStringPermission("user:list");
return auth;
}
Also used :
User(io.nutz.demo.simple.bean.User)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Example 5 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project shiro by apache.
the class QuickStart method run.
public void run() {
// get the current subject
Subject subject = SecurityUtils.getSubject();
// Subject is not authenticated yet
Assert.isTrue(!subject.isAuthenticated());
// login the subject with a username / password
UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password");
subject.login(token);
// joe.coder has the "user" role
subject.checkRole("user");
// joe.coder does NOT have the admin role
Assert.isTrue(!subject.hasRole("admin"));
// joe.coder has the "read" permission
subject.checkPermission("read");
// current user is allowed to execute this method.
simpleService.readRestrictedCall();
try {
// but not this one!
simpleService.writeRestrictedCall();
} catch (AuthorizationException e) {
log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'");
}
// logout
subject.logout();
Assert.isTrue(!subject.isAuthenticated());
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Aggregations
AuthorizationException (org.apache.shiro.authz.AuthorizationException)35
IOException (java.io.IOException)10
Map (java.util.Map)7
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
Response (org.asynchttpclient.Response)6
DataAccessRequest (org.obiba.mica.access.domain.DataAccessRequest)6
List (java.util.List)4
AuthenticationException (org.apache.shiro.authc.AuthenticationException)4
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)4
Permission (org.apache.shiro.authz.Permission)4
Subject (org.apache.shiro.subject.Subject)4
Timed (com.codahale.metrics.annotation.Timed)3
ParseException (java.text.ParseException)3
HashSet (java.util.HashSet)3
TimeoutException (java.util.concurrent.TimeoutException)3
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
BoundRequestBuilder (org.asynchttpclient.BoundRequestBuilder)3
Test (org.junit.Test)3
