Examples with AccessDeniedException org.craftercms.security.exception.AccessDeniedException used on opensource projects

Search in sources :

Example 1 with AccessDeniedException

use of org.craftercms.security.exception.AccessDeniedException in project engine by craftercms.

the class CrafterPageAccessManager method checkAccess.

/**
     * Checks if the user has sufficient rights to access the specified page:
     *
     * <ol>
     *     <li>If the page doesn't contain any required role, no authentication is needed.</li>
     *     <li>If the page has the role "Anonymous", no authentication is needed.</li>
     *     <li>If the page has the role "Authenticated", just authentication is needed.</li>
     *     <li>If the page has any other the roles, the user needs to have any of those roles.</li>
     * </ol>
     */
@RunIfSecurityEnabled
public void checkAccess(SiteItem page) throws AuthenticationRequiredException, AccessDeniedException {
    String pageUrl = page.getStoreUrl();
    Profile profile = null;
    Authentication auth = SecurityUtils.getCurrentAuthentication();
    if (auth != null) {
        profile = auth.getProfile();
    }
    List<String> authorizedRoles = getAuthorizedRolesForPage(page);
    if (CollectionUtils.isNotEmpty(authorizedRoles) && !containsRole("anonymous", authorizedRoles)) {
        // If profile == null it is anonymous
        if (profile == null) {
            throw new AuthenticationRequiredException("User is anonymous but page '" + pageUrl + "' requires authentication");
        }
        if (!containsRole("authenticated", authorizedRoles) && !profile.hasAnyRole(authorizedRoles)) {
            throw new AccessDeniedException("User '" + profile.getUsername() + "' is not authorized " + "to view page '" + pageUrl + "'");
        }
    }
}
Also used : AccessDeniedException(org.craftercms.security.exception.AccessDeniedException) Authentication(org.craftercms.security.authentication.Authentication) AuthenticationRequiredException(org.craftercms.security.exception.AuthenticationRequiredException) Profile(org.craftercms.profile.api.Profile) RunIfSecurityEnabled(org.craftercms.security.annotations.RunIfSecurityEnabled)

Example 2 with AccessDeniedException

use of org.craftercms.security.exception.AccessDeniedException in project engine by craftercms.

the class ConfigAwareAccessDeniedHandlerTest method testProcessRequest.

@Test
public void testProcessRequest() throws Exception {
    handler.handle(RequestContext.getCurrent(), new AccessDeniedException(""));
    assertEquals(config.getString(ACCESS_DENIED_ERROR_PAGE_URL_KEY), ((MockHttpServletResponse) RequestContext.getCurrent().getResponse()).getForwardedUrl());
}
Also used : AccessDeniedException(org.craftercms.security.exception.AccessDeniedException) Test(org.junit.Test)

Aggregations

AccessDeniedException (org.craftercms.security.exception.AccessDeniedException)2 Profile (org.craftercms.profile.api.Profile)1 RunIfSecurityEnabled (org.craftercms.security.annotations.RunIfSecurityEnabled)1 Authentication (org.craftercms.security.authentication.Authentication)1 AuthenticationRequiredException (org.craftercms.security.exception.AuthenticationRequiredException)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial