Examples with UnauthorizedException org.opencastproject.security.api.UnauthorizedException used on opensource projects

Example 86 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SearchServiceRemoteImpl method getForAdministrativeRead.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.search.api.SearchService#getForAdministrativeRead(org.opencastproject.search.api.SearchQuery)
 */
@Override
public SearchResult getForAdministrativeRead(SearchQuery q) throws SearchException, UnauthorizedException {
    HttpGet get = new HttpGet(getSearchUrl(q, true));
    HttpResponse response = getResponse(get);
    try {
        if (response != null)
            return SearchResultImpl.valueOf(response.getEntity().getContent());
    } catch (Exception e) {
        throw new SearchException("Unable to parse results of a getForAdministrativeRead request from remote search index: ", e);
    } finally {
        closeConnection(response);
    }
    throw new SearchException("Unable to perform getForAdministrativeRead from remote search index");
}

Example 87 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SearchServiceImpl method addSynchronously.

/**
 * Immediately adds the mediapackage to the search index.
 *
 * @param mediaPackage
 *          the media package
 * @throws SearchException
 *           if the media package cannot be added to the search index
 * @throws MediaPackageException
 *           if the mediapckage is invalid
 * @throws IllegalArgumentException
 *           if the mediapackage is <code>null</code>
 * @throws UnauthorizedException
 *           if the user does not have the rights to add the mediapackage
 */
public void addSynchronously(MediaPackage mediaPackage) throws SearchException, MediaPackageException, IllegalArgumentException, UnauthorizedException {
    User currentUser = securityService.getUser();
    String orgAdminRole = securityService.getOrganization().getAdminRole();
    if (!currentUser.hasRole(orgAdminRole) && !currentUser.hasRole(GLOBAL_ADMIN_ROLE) && !authorizationService.hasPermission(mediaPackage, Permissions.Action.WRITE.toString())) {
        throw new UnauthorizedException(currentUser, Permissions.Action.WRITE.toString());
    }
    if (mediaPackage == null) {
        throw new IllegalArgumentException("Unable to add a null mediapackage");
    }
    logger.debug("Attempting to add mediapackage {} to search index", mediaPackage.getIdentifier());
    AccessControlList acl = authorizationService.getActiveAcl(mediaPackage).getA();
    Date now = new Date();
    try {
        if (indexManager.add(mediaPackage, acl, now)) {
            logger.info("Added mediapackage `{}` to the search index, using ACL `{}`", mediaPackage, acl);
        } else {
            logger.warn("Failed to add mediapackage {} to the search index", mediaPackage.getIdentifier());
        }
    } catch (SolrServerException e) {
        throw new SearchException(e);
    }
    try {
        persistence.storeMediaPackage(mediaPackage, acl, now);
    } catch (SearchServiceDatabaseException e) {
        logger.error("Could not store media package to search database {}: {}", mediaPackage.getIdentifier(), e);
        throw new SearchException(e);
    }
}

Example 88 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SchedulerServiceImpl method removeTransactionsAfterRestart.

/**
 * Remove incomplete transactions after a restart
 */
private void removeTransactionsAfterRestart() {
    logger.info("Checking for incomplete transactions from a shutdown or restart.");
    for (final Organization org : orgDirectoryService.getOrganizations()) {
        SecurityUtil.runAs(securityService, org, SecurityUtil.createSystemUser(systemUserName, org), new Effect0() {

            private void rollbackTransaction(String transactionID) throws NotFoundException, UnauthorizedException, SchedulerException {
                SchedulerTransaction transaction = getTransaction(transactionID);
                logger.info("Rolling back transaction with id: {}", transactionID);
                transaction.rollback();
                logger.info("Finished rolling back transaction with id: {}", transactionID);
            }

            @Override
            protected void run() {
                try {
                    for (String transactionID : persistence.getTransactions()) {
                        try {
                            rollbackTransaction(transactionID);
                        } catch (NotFoundException e) {
                            logger.info("Unable to find the transaction with id {}, so it wasn't rolled back.", transactionID);
                        } catch (UnauthorizedException e) {
                            logger.error("Unable to delete transaction with id: {} using organization {} because: {}", new Object[] { transactionID, org, getStackTrace(e) });
                        } catch (Exception e) {
                            logger.error("Unable to rollback transaction because: {}", getStackTrace(e));
                        }
                    }
                } catch (SchedulerServiceDatabaseException e) {
                    logger.error("Unable to get transactions to cleanup incomplete transactions because: {}", getStackTrace(e));
                }
            }
        });
    }
    logger.info("Finished checking for incomplete transactions from a shutdown or a restart.");
}

Example 89 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaUserAndRoleProvider method addUser.

/**
 * Adds a user to the persistence
 *
 * @param user
 *          the user to add
 *
 * @throws org.opencastproject.security.api.UnauthorizedException
 *          if the user is not allowed to create other user with the given roles
 */
public void addUser(JpaUser user) throws UnauthorizedException {
    if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, user.getRoles()))
        throw new UnauthorizedException("The user is not allowed to set the admin role on other users");
    // Create a JPA user with an encoded password.
    String encodedPassword = PasswordEncoder.encode(user.getPassword(), user.getUsername());
    // Only save internal roles
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(filterRoles(user.getRoles()), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization((JpaOrganization) user.getOrganization(), emf);
    JpaUser newUser = new JpaUser(user.getUsername(), encodedPassword, organization, user.getName(), user.getEmail(), user.getProvider(), user.isManageable(), roles);
    // Then save the user
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        em.persist(newUser);
        tx.commit();
        cache.put(user.getUsername() + DELIMITER + user.getOrganization().getId(), newUser);
    } finally {
        if (tx.isActive()) {
            tx.rollback();
        }
        if (em != null)
            em.close();
    }
    updateGroupMembership(user);
}

Example 90 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaUserAndRoleProvider method updateUser.

/**
 * Updates a user to the persistence
 *
 * @param user
 *          the user to save
 * @throws NotFoundException
 * @throws org.opencastproject.security.api.UnauthorizedException
 *          if the current user is not allowed to update user with the given roles
 */
public User updateUser(JpaUser user) throws NotFoundException, UnauthorizedException {
    if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, user.getRoles()))
        throw new UnauthorizedException("The user is not allowed to set the admin role on other users");
    JpaUser updateUser = UserDirectoryPersistenceUtil.findUser(user.getUsername(), user.getOrganization().getId(), emf);
    if (updateUser == null)
        throw new NotFoundException("User " + user.getUsername() + " not found.");
    logger.debug("updateUser({})", user.getUsername());
    if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, updateUser.getRoles()))
        throw new UnauthorizedException("The user is not allowed to update an admin user");
    String encodedPassword = null;
    // only update Password if a value is set
    if (user.getPassword().isEmpty()) {
        JpaUser old = UserDirectoryPersistenceUtil.findUser(user.getUsername(), user.getOrganization().getId(), emf);
        encodedPassword = old.getPassword();
    } else {
        // Update an JPA user with an encoded password.
        encodedPassword = PasswordEncoder.encode(user.getPassword(), user.getUsername());
    }
    // Only save internal roles
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(filterRoles(user.getRoles()), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization((JpaOrganization) user.getOrganization(), emf);
    JpaUser updatedUser = UserDirectoryPersistenceUtil.saveUser(new JpaUser(user.getUsername(), encodedPassword, organization, user.getName(), user.getEmail(), user.getProvider(), true, roles), emf);
    cache.put(user.getUsername() + DELIMITER + organization.getId(), updatedUser);
    updateGroupMembership(user);
    return updatedUser;
}