Example 21 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.
the class DataAccessRequestResource method addActionLog.
@POST
@Path("/_log-actions")
@Consumes("application/json")
public Response addActionLog(@PathParam("id") String id, Map<String, String> action) {
if (!SecurityUtils.getSubject().hasRole(Roles.MICA_DAO) && !SecurityUtils.getSubject().hasRole(Roles.MICA_ADMIN)) {
throw new AuthorizationException();
}
DataAccessRequest request = dataAccessRequestService.findById(id);
if (request.isArchived())
throw new BadRequestException("Data access request is archived");
if (Strings.isNullOrEmpty(action.get("text")))
return Response.status(Response.Status.BAD_REQUEST).build();
try {
request.getActionLogHistory().add(ActionLog.newBuilder().action(action.get("text")).changedOn(DateTime.parse(action.get("date"))).author(SecurityUtils.getSubject().getPrincipal().toString()).build());
dataAccessRequestService.saveActionsLogs(request);
} catch (Exception e) {
return Response.status(Response.Status.BAD_REQUEST).build();
}
return Response.noContent().build();
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
DataAccessRequest(org.obiba.mica.access.domain.DataAccessRequest)
ParseException(java.text.ParseException)
NoSuchCommentException(org.obiba.mica.core.domain.NoSuchCommentException)
NoSuchEntityException(org.obiba.mica.NoSuchEntityException)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
NoSuchDataAccessRequestException(org.obiba.mica.access.NoSuchDataAccessRequestException)
UnauthorizedCommentException(org.obiba.mica.core.domain.UnauthorizedCommentException)
IOException(java.io.IOException)
Example 22 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.
the class AbstractPublishedDocumentsSetResource method getSecuredDocumentSet.
protected DocumentSet getSecuredDocumentSet(String id) {
DocumentSet documentSet = getDocumentSetService().get(id);
if (!subjectAclService.isCurrentUser(documentSet.getUsername()) && !subjectAclService.isAdministrator() && !subjectAclService.isDataAccessOfficer())
throw new AuthorizationException();
boolean enabled = isCartEnabled(micaConfigService.getConfig());
// cart
if (!enabled && !documentSet.hasName())
throw new AuthorizationException();
if (enabled && !subjectAclService.hasMicaRole() && !documentSet.hasName())
// cart
throw new AuthorizationException();
if (documentSet.hasName() && !subjectAclService.hasMicaRole())
throw new AuthorizationException();
getDocumentSetService().touch(documentSet);
return documentSet;
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
DocumentSet(org.obiba.mica.core.domain.DocumentSet)
Example 23 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project perry by ca-cwds.
the class AbacMethodInterceptor method filterResult.
@SuppressWarnings("unchecked")
private Collection filterResult(Authorize authorize, Collection results) throws ScriptException {
Collection out = initOutput(results);
for (Object result : results) {
try {
checkPermissions(authorize, result);
out.add(result);
} catch (AuthorizationException e) {
// ignore
}
}
return out;
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Collection(java.util.Collection)
Example 24 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project api-core by ca-cwds.
the class AbstractBaseAuthorizer method authorizeInstanceOperation.
protected boolean authorizeInstanceOperation(final T instance, List<Object> authorizationFacts) {
try {
final PerryAccount perryAccount = PerrySubject.getPerryAccount();
final Set<StaffPrivilegeType> staffPrivilegeTypes = toStaffPersonPrivilegeTypes(perryAccount);
if (staffPrivilegeTypes.isEmpty()) {
return false;
}
if (authorizationFacts == null) {
authorizationFacts = new ArrayList<>();
}
authorizationFacts.add(instance);
authorizationFacts.add(perryAccount);
final boolean authorizationResult = droolsAuthorizationService.authorizeObjectOperation(staffPrivilegeTypes, droolsConfiguration, authorizationFacts);
logAuthorization(perryAccount, staffPrivilegeTypes, instance, authorizationResult);
return authorizationResult;
} catch (DroolsException e) {
throw new AuthorizationException(e.getMessage(), e);
}
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
DroolsException(gov.ca.cwds.drools.DroolsException)
PerryAccount(gov.ca.cwds.security.realm.PerryAccount)
Example 25 with AuthorizationException
use of org.apache.shiro.authz.AuthorizationException in project fruit-manage by liuzhaozhao.
the class ShiroInterceptor method intercept.
public void intercept(Invocation ai) {
AuthzHandler ah = ShiroKit.getAuthzHandler(ai.getActionKey());
// 存在访问控制处理器。
if (ah != null) {
Controller c = ai.getController();
try {
// 执行权限检查。
ah.assertAuthorized();
} catch (UnauthenticatedException lae) {
// 如果没有进行身份验证,返回HTTP401状态码,或者跳转到默认登录页面
if (StrKit.notBlank(this.loginUrl)) {
// 保存登录前的页面信息,只保存GET请求。其他请求不处理。
if (c.getRequest().getMethod().equalsIgnoreCase("GET")) {
// SecurityUtils.getSubject().getSession().setAttribute(this.savedRequestKey, ai.getControllerKey()+"/" + ai.getMethodName() + this.extName);
if (c.getSessionAttr(this.savedRequestKey) == null) {
/*getRequestURL: http://localhost:10086/dafei/index.do
getRequestURI: /dafei/index.do
getQueryString: tt=121212&32323*/
HttpServletRequest req = c.getRequest();
String saveUrl = req.getRequestURI().substring(req.getContextPath().length());
String saveQs = req.getQueryString();
if (StrKit.notBlank(saveQs)) {
saveUrl = saveUrl + "?" + saveQs;
}
if (StrKit.notBlank(saveUrl)) {
c.setSessionAttr(this.savedRequestKey, saveUrl);
}
}
}
c.redirect(this.loginUrl);
} else {
ai.getController().renderError(401);
}
return;
} catch (AuthorizationException ae) {
// 如果没有权限访问对应的资源,返回HTTP状态码403,或者调转到为授权页面
if (StrKit.notBlank(this.unauthorizedUrl)) {
c.redirect(this.unauthorizedUrl);
} else {
c.renderError(403);
}
return;
}
}
// 执行正常逻辑
ai.invoke();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UnauthenticatedException(org.apache.shiro.authz.UnauthenticatedException)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Controller(com.jfinal.core.Controller)
Aggregations
AuthorizationException (org.apache.shiro.authz.AuthorizationException)35
IOException (java.io.IOException)10
Map (java.util.Map)7
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
Response (org.asynchttpclient.Response)6
DataAccessRequest (org.obiba.mica.access.domain.DataAccessRequest)6
List (java.util.List)4
AuthenticationException (org.apache.shiro.authc.AuthenticationException)4
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)4
Permission (org.apache.shiro.authz.Permission)4
Subject (org.apache.shiro.subject.Subject)4
Timed (com.codahale.metrics.annotation.Timed)3
ParseException (java.text.ParseException)3
HashSet (java.util.HashSet)3
TimeoutException (java.util.concurrent.TimeoutException)3
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
BoundRequestBuilder (org.asynchttpclient.BoundRequestBuilder)3
Test (org.junit.Test)3
