Examples with AuthorizationException - org.apache.shiro.authz.AuthorizationException

Example 11 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class KillBillAuth0Realm method doGetRequest.

private Response doGetRequest(final String path, final String token) {
    final BoundRequestBuilder builder = httpClient.prepareGet(securityConfig.getShiroAuth0Url() + path);
    builder.addHeader("Authorization", "Bearer " + token);
    final Response response;
    try {
        final ListenableFuture<Response> futureStatus = builder.execute(new AsyncCompletionHandler<Response>() {

            @Override
            public Response onCompleted(final Response response) throws Exception {
                return response;
            }
        });
        response = futureStatus.get(DEFAULT_TIMEOUT_SECS, TimeUnit.SECONDS);
    } catch (final TimeoutException toe) {
        log.warn("Timeout while connecting to Auth0", toe);
        throw new AuthorizationException(toe);
    } catch (final Exception e) {
        log.warn("Error while connecting to Auth0", e);
        throw new AuthorizationException(e);
    }
    return response;
}

Also used : Response(org.asynchttpclient.Response) BoundRequestBuilder(org.asynchttpclient.BoundRequestBuilder) AuthorizationException(org.apache.shiro.authz.AuthorizationException) TimeoutException(java.util.concurrent.TimeoutException) AuthorizationException(org.apache.shiro.authz.AuthorizationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) SignatureException(io.jsonwebtoken.security.SignatureException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) JwtException(io.jsonwebtoken.JwtException) TimeoutException(java.util.concurrent.TimeoutException)

Example 12 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class KillBillOktaRealm method doGetRequest.

private Response doGetRequest(final String path) {
    final BoundRequestBuilder builder = httpClient.prepareGet(securityConfig.getShiroOktaUrl() + path);
    builder.addHeader("Authorization", "SSWS " + securityConfig.getShiroOktaAPIToken());
    builder.addHeader("Content-Type", "application/json; charset=UTF-8");
    final Response response;
    try {
        final ListenableFuture<Response> futureStatus = builder.execute(new AsyncCompletionHandler<Response>() {

            @Override
            public Response onCompleted(final Response response) throws Exception {
                return response;
            }
        });
        response = futureStatus.get(DEFAULT_TIMEOUT_SECS, TimeUnit.SECONDS);
    } catch (final TimeoutException toe) {
        log.warn("Timeout while connecting to Okta");
        throw new AuthorizationException(toe);
    } catch (final Exception e) {
        log.warn("Error while connecting to Okta");
        throw new AuthorizationException(e);
    }
    return response;
}

Also used : Response(org.asynchttpclient.Response) BoundRequestBuilder(org.asynchttpclient.BoundRequestBuilder) AuthorizationException(org.apache.shiro.authz.AuthorizationException) TimeoutException(java.util.concurrent.TimeoutException) IOException(java.io.IOException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) AuthorizationException(org.apache.shiro.authz.AuthorizationException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) TimeoutException(java.util.concurrent.TimeoutException)

Example 13 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class TestKillBillJdbcRealm method testAuthorization.

@Test(groups = "slow")
public void testAuthorization() throws SecurityApiException {
    final String username = "i like";
    final String password = "c0ff33";
    securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext);
    securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext);
    final AuthenticationToken goodToken = new UsernamePasswordToken(username, password);
    final Subject subject = securityManager.login(null, goodToken);
    subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString());
    subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString());
    subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString());
    try {
        subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString());
        Assert.fail("Subject should not have rights to delete tag definitions");
    } catch (AuthorizationException e) {
    }
    subject.logout();
    securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext);
    securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext);
    final Subject newSubject = securityManager.login(null, goodToken);
    newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString());
    newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString());
    newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString());
    try {
        newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString());
        Assert.fail("Subject should not have rights to create tag definitions");
    } catch (AuthorizationException e) {
    }
}

Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) AuthorizationException(org.apache.shiro.authz.AuthorizationException) DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.testng.annotations.Test)

Example 14 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project zeppelin by apache.

the class KerberosRealm method mapGroupPrincipals.

/**
 * Query the Hadoop implementation of {@link Groups} to retrieve groups for
 * provided user.
 */
public Set<String> mapGroupPrincipals(final String mappedPrincipalName) throws AuthorizationException {
    /* return the groups as seen by Hadoop */
    Set<String> groups;
    try {
        hadoopGroups.refresh();
        final List<String> groupList = hadoopGroups.getGroups(mappedPrincipalName);
        LOG.debug(String.format("group found %s, %s", mappedPrincipalName, groupList.toString()));
        groups = new HashSet<>(groupList);
    } catch (final IOException e) {
        if (e.toString().contains("No groups found for user")) {
            /* no groups found move on */
            LOG.info(String.format("No groups found for user %s", mappedPrincipalName));
        } else {
            /* Log the error and return empty group */
            LOG.info(String.format("errorGettingUserGroups for %s", mappedPrincipalName));
            throw new AuthorizationException(e);
        }
        groups = new HashSet<>();
    }
    return groups;
}

Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) IOException(java.io.IOException)

Example 15 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project airpal by airbnb.

the class AllowAllRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    Set<String> roles = Sets.newHashSet("user");
    Set<Permission> permissions = Sets.newHashSet();
    Collection<AllowAllUser> principalsCollection = principals.byType(AllowAllUser.class);
    if (principalsCollection.isEmpty()) {
        throw new AuthorizationException("No principals!");
    }
    for (AllowAllUser user : principalsCollection) {
        for (UserGroup userGroup : groups) {
            if (userGroup.representedByGroupStrings(user.getGroups())) {
                permissions.addAll(userGroup.getPermissions());
                break;
            }
        }
    }
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(roles);
    authorizationInfo.setObjectPermissions(permissions);
    return authorizationInfo;
}

Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) AuthorizationException(org.apache.shiro.authz.AuthorizationException) Permission(org.apache.shiro.authz.Permission)

Aggregations

AuthorizationException (org.apache.shiro.authz.AuthorizationException)35 IOException (java.io.IOException)10 Map (java.util.Map)7 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 Response (org.asynchttpclient.Response)6 DataAccessRequest (org.obiba.mica.access.domain.DataAccessRequest)6 List (java.util.List)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)4 Permission (org.apache.shiro.authz.Permission)4 Subject (org.apache.shiro.subject.Subject)4 Timed (com.codahale.metrics.annotation.Timed)3 ParseException (java.text.ParseException)3 HashSet (java.util.HashSet)3 TimeoutException (java.util.concurrent.TimeoutException)3 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 BoundRequestBuilder (org.asynchttpclient.BoundRequestBuilder)3 Test (org.junit.Test)3