Examples with AuthorizationException org.apache.shiro.authz.AuthorizationException used on opensource projects

Search in sources :

Example 26 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.

the class DataAccessRequestResource method updateStartDate.

@PUT
@Path("/_start-date")
@Timed
public Response updateStartDate(@PathParam("id") String id, @QueryParam("date") String date) {
    if (!SecurityUtils.getSubject().hasRole(Roles.MICA_DAO) && !SecurityUtils.getSubject().hasRole(Roles.MICA_ADMIN)) {
        throw new AuthorizationException();
    }
    DataAccessRequest request = dataAccessRequestService.findById(id);
    if (request.isArchived())
        throw new BadRequestException("Data access request is archived");
    if (Strings.isNullOrEmpty(date))
        request.setStartDate(null);
    else {
        try {
            request.setStartDate(DataAccessRequestUtilService.ISO_8601.parse(date));
        } catch (ParseException e) {
            e.printStackTrace();
        }
    }
    dataAccessRequestService.save(request);
    return Response.noContent().build();
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) DataAccessRequest(org.obiba.mica.access.domain.DataAccessRequest) ParseException(java.text.ParseException) Timed(com.codahale.metrics.annotation.Timed)

Example 27 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.

the class DataAccessRequestResource method updateActionLogs.

@PUT
@Path("/_log-actions")
@Timed
public Response updateActionLogs(@PathParam("id") String id, Mica.DataAccessRequestDto dto) {
    if (!SecurityUtils.getSubject().hasRole(Roles.MICA_DAO) && !SecurityUtils.getSubject().hasRole(Roles.MICA_ADMIN)) {
        throw new AuthorizationException();
    }
    if (!id.equals(dto.getId()))
        throw new BadRequestException();
    DataAccessRequest originalRequest = dataAccessRequestService.findById(id);
    if (originalRequest.isArchived())
        throw new BadRequestException("Data access request is archived");
    DataAccessRequest request = dtos.fromDto(dto);
    dataAccessRequestService.saveActionsLogs(request);
    return Response.noContent().build();
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) DataAccessRequest(org.obiba.mica.access.domain.DataAccessRequest) Timed(com.codahale.metrics.annotation.Timed)

Example 28 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.

the class PublishedDatasetVariablesSetsResource method compose.

@POST
@Path("operations")
public Response compose(@Context UriInfo uriInfo, @QueryParam("s1") String set1, @QueryParam("s2") String set2, @QueryParam("s3") String set3) {
    if (!subjectAclService.hasMicaRole())
        throw new AuthorizationException();
    List<DocumentSet> sets = Lists.newArrayList();
    sets.add(variableSetService.get(set1));
    sets.add(variableSetService.get(set2));
    if (!Strings.isNullOrEmpty(set3))
        sets.add(variableSetService.get(set3));
    SetOperation setOperation = variableSetOperationService.create(sets);
    return Response.created(uriInfo.getBaseUriBuilder().segment("variables", "sets", "operation", setOperation.getId()).build()).build();
}
Also used : SetOperation(org.obiba.mica.core.domain.SetOperation) AuthorizationException(org.apache.shiro.authz.AuthorizationException) DocumentSet(org.obiba.mica.core.domain.DocumentSet)

Example 29 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project mica2 by obiba.

the class PublishedDatasetVariablesSetResource method createOpalViewsGet.

@GET
@Path("/documents/_opal")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response createOpalViewsGet(@PathParam("id") String id, @QueryParam("ids") String identifiers) {
    DocumentSet set = getSecuredDocumentSet(id);
    if (!subjectAclService.isAdministrator() && !subjectAclService.isDataAccessOfficer())
        throw new AuthorizationException();
    StreamingOutput streamingOutput;
    if (!Strings.isNullOrEmpty(identifiers)) {
        streamingOutput = stream -> variableSetService.createOpalViewsZip(variableSetService.getVariables(Sets.newHashSet(identifiers.split(","))), micaConfigService.getConfig().getOpalViewsGrouping(), new BufferedOutputStream(stream));
    } else {
        streamingOutput = stream -> variableSetService.createOpalViewsZip(variableSetService.getVariables(set), micaConfigService.getConfig().getOpalViewsGrouping(), new BufferedOutputStream(stream));
    }
    return Response.ok(streamingOutput, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition", "attachment; filename=\"opal-views-" + id + ".zip\"").build();
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) StreamingOutput(javax.ws.rs.core.StreamingOutput) DocumentSet(org.obiba.mica.core.domain.DocumentSet) BufferedOutputStream(java.io.BufferedOutputStream)

Example 30 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project airpal by airbnb.

the class ExampleLDAPRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    Set<String> roles = Sets.newHashSet("user");
    Set<Permission> permissions = Sets.newHashSet();
    Collection<AllowAllUser> principalsCollection = principals.byType(AllowAllUser.class);
    if (principalsCollection.isEmpty()) {
        throw new AuthorizationException("No principals!");
    }
    for (AllowAllUser user : principalsCollection) {
        for (UserGroup userGroup : groups) {
            if (userGroup.representedByGroupStrings(user.getGroups())) {
                permissions.addAll(userGroup.getPermissions());
                break;
            }
        }
    }
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(roles);
    authorizationInfo.setObjectPermissions(permissions);
    return authorizationInfo;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) AuthorizationException(org.apache.shiro.authz.AuthorizationException) Permission(org.apache.shiro.authz.Permission)

Aggregations

AuthorizationException (org.apache.shiro.authz.AuthorizationException)35 IOException (java.io.IOException)10 Map (java.util.Map)7 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 Response (org.asynchttpclient.Response)6 DataAccessRequest (org.obiba.mica.access.domain.DataAccessRequest)6 List (java.util.List)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)4 Permission (org.apache.shiro.authz.Permission)4 Subject (org.apache.shiro.subject.Subject)4 Timed (com.codahale.metrics.annotation.Timed)3 ParseException (java.text.ParseException)3 HashSet (java.util.HashSet)3 TimeoutException (java.util.concurrent.TimeoutException)3 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 BoundRequestBuilder (org.asynchttpclient.BoundRequestBuilder)3 Test (org.junit.Test)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial