Examples with PermissionException org.jbei.ice.lib.access.PermissionException used on opensource projects

Search in sources :

Example 46 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class RestResource method getUserId.

/**
     * Extract the User ID from a query parameter value or header values in the resource request.
     */
protected String getUserId(String sessionId) {
    if (StringUtils.isEmpty(sessionId) && !StringUtils.isEmpty(querySessionId))
        sessionId = querySessionId;
    String userId = UserSessions.getUserIdBySession(sessionId);
    if (!StringUtils.isEmpty(userId))
        return userId;
    // check api key
    if (!StringUtils.isEmpty(apiToken)) {
        String clientId = !StringUtils.isEmpty(apiClientId) ? apiClientId : request.getRemoteHost();
        try {
            TokenVerification tokenVerification = new TokenVerification();
            userId = tokenVerification.verifyAPIKey(apiToken, clientId, apiUser);
        } catch (PermissionException pe) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        // being a bit generous in terms of allowing other auth methods to be attempted even though apiToken is set
        if (userId != null)
            return userId;
    }
    // check hmac signature
    final Object hmac = request.getAttribute(AuthenticationInterceptor.HMAC_SIGNATURE);
    final Object valid = request.getAttribute(AuthenticationInterceptor.EXPECTED_SIGNATURE);
    if (hmac != null && hmac instanceof HmacSignature) {
        final HmacSignature generated = (HmacSignature) hmac;
        if (generated.generateSignature().equals(valid)) {
            // TODO validation of meaningful userId
            // e.g. "admin" account on EDD won't mean anything to ICE
            userId = generated.getUserId();
        }
    }
    return userId;
}
Also used : PermissionException(org.jbei.ice.lib.access.PermissionException) WebApplicationException(javax.ws.rs.WebApplicationException) HmacSignature(org.jbei.auth.hmac.HmacSignature) TokenVerification(org.jbei.ice.lib.access.TokenVerification)

Aggregations

PermissionException (org.jbei.ice.lib.access.PermissionException)46 Account (org.jbei.ice.storage.model.Account)9 RegistryPartner (org.jbei.ice.lib.dto.web.RegistryPartner)6 RemotePartner (org.jbei.ice.storage.model.RemotePartner)6 FolderDetails (org.jbei.ice.lib.dto.folder.FolderDetails)4 UserGroup (org.jbei.ice.lib.dto.group.UserGroup)4 Group (org.jbei.ice.storage.model.Group)4 ArrayList (java.util.ArrayList)3 AccountController (org.jbei.ice.lib.account.AccountController)3 TokenHash (org.jbei.ice.lib.account.TokenHash)3 DNAFeature (org.jbei.ice.lib.dto.DNAFeature)3 Results (org.jbei.ice.lib.dto.common.Results)3 Annotations (org.jbei.ice.lib.entry.sequence.annotation.Annotations)3 Experiments (org.jbei.ice.lib.experiment.Experiments)3 Gson (com.google.gson.Gson)2 GsonBuilder (com.google.gson.GsonBuilder)2 Type (java.lang.reflect.Type)2 AccountTransfer (org.jbei.ice.lib.account.AccountTransfer)2 AccountResults (org.jbei.ice.lib.dto.AccountResults)2 Entries (org.jbei.ice.lib.entry.Entries)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial