Example 21 with OrcidAccessControlException
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_ServicesTest method testReadPublicScope_Services.
@Test
public void testReadPublicScope_Services() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
Response r = serviceDelegator.viewService(ORCID, 47L);
assertNotNull(r);
assertEquals(Service.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewServiceSummary(ORCID, 47L);
assertNotNull(r);
assertEquals(ServiceSummary.class.getName(), r.getEntity().getClass().getName());
// Limited that am the source of should work
serviceDelegator.viewService(ORCID, 48L);
serviceDelegator.viewServiceSummary(ORCID, 48L);
// Private that am the source of should work
serviceDelegator.viewService(ORCID, 49L);
serviceDelegator.viewServiceSummary(ORCID, 49L);
// Limited that am not the source of should fail
try {
serviceDelegator.viewService(ORCID, 50L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewServiceSummary(ORCID, 50L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private that am not the source of should fails
try {
serviceDelegator.viewService(ORCID, 50L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewServiceSummary(ORCID, 50L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
Also used :
Response(javax.ws.rs.core.Response)
Service(org.orcid.jaxb.model.v3.dev1.record.Service)
ServiceSummary(org.orcid.jaxb.model.v3.dev1.record.summary.ServiceSummary)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
NoResultException(javax.persistence.NoResultException)
VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException)
WrongSourceException(org.orcid.core.exception.WrongSourceException)
OrcidDuplicatedActivityException(org.orcid.core.exception.OrcidDuplicatedActivityException)
OrcidValidationException(org.orcid.core.exception.OrcidValidationException)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 22 with OrcidAccessControlException
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkAndFilter.
/**
* Check the permissions of a request over an element. Private
* implementation that will also include a parameter that indicates if we
* should check the token or, if it was already checked previously
*
* @param orcid
* The user owner of the element
* @param element
* The element to check
* @param requiredScope
* The required scope to access this element
* @param tokenAlreadyChecked
* Indicates if the token was already checked previously, so, we
* don't expend time checking it again
* @throws OrcidUnauthorizedException
* In case the token used was not issued for the owner of the
* element
* @throws OrcidAccessControlException
* In case the request doesn't have the required scopes
* @throws OrcidVisibilityException
* In case the element is not visible due the visibility
*/
private void checkAndFilter(String orcid, VisibilityType element, ScopePathType requiredScope, boolean tokenAlreadyChecked) {
if (element == null) {
return;
}
// Check the token was issued for this user
if (!tokenAlreadyChecked) {
isMyToken(orcid);
}
// Check if the client is the source of the element
if (element instanceof Filterable) {
Filterable filterable = (Filterable) element;
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
if (oAuth2Authentication != null) {
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
String clientId = authorizationRequest.getClientId();
if (clientId.equals(filterable.retrieveSourcePath())) {
// The client doing the request is the source of the element
return;
}
}
}
// /read-public scope
if (Visibility.PUBLIC.equals(element.getVisibility())) {
try {
checkScopes(ScopePathType.READ_PUBLIC);
// can return it
return;
} catch (OrcidAccessControlException e) {
// Just continue filtering
}
}
// Filter
filter(element, requiredScope);
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
Filterable(org.orcid.jaxb.model.v3.dev1.common.Filterable)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
Example 23 with OrcidAccessControlException
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkScopes.
@Override
public void checkScopes(ScopePathType... requiredScopes) {
// Verify the client is not a public client
checkClientType();
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(authorizationRequest.getScope());
for (ScopePathType scope : requestedScopes) {
for (ScopePathType requiredScope : requiredScopes) if (scope.hasScope(requiredScope)) {
return;
}
}
throw new OrcidAccessControlException();
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
Example 24 with OrcidAccessControlException
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_AddressesTest method testReadPublicScope_Address.
@Test
public void testReadPublicScope_Address() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewAddresses(ORCID);
assertNotNull(r);
assertEquals(Addresses.class.getName(), r.getEntity().getClass().getName());
Addresses a = (Addresses) r.getEntity();
assertNotNull(a);
assertEquals("/0000-0000-0000-0003/address", a.getPath());
Utils.verifyLastModified(a.getLastModifiedDate());
assertEquals(3, a.getAddress().size());
boolean found9 = false, found10 = false, found11 = false;
for (Address address : a.getAddress()) {
if (address.getPutCode() == 9) {
found9 = true;
} else if (address.getPutCode() == 10) {
found10 = true;
} else if (address.getPutCode() == 11) {
found11 = true;
} else {
fail("Invalid put code " + address.getPutCode());
}
}
assertTrue(found9);
assertTrue(found10);
assertTrue(found11);
r = serviceDelegator.viewAddress(ORCID, 9L);
assertNotNull(r);
assertEquals(Address.class.getName(), r.getEntity().getClass().getName());
// Limited where am the source should work
serviceDelegator.viewAddress(ORCID, 10L);
try {
// Limited am not the source should fail
serviceDelegator.viewAddress(ORCID, 12L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private where am the source should work
serviceDelegator.viewAddress(ORCID, 11L);
try {
// Private am not the source should fail
serviceDelegator.viewAddress(ORCID, 13L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
Also used :
Response(javax.ws.rs.core.Response)
Addresses(org.orcid.jaxb.model.v3.dev1.record.Addresses)
Address(org.orcid.jaxb.model.v3.dev1.record.Address)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
NoResultException(javax.persistence.NoResultException)
VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException)
WrongSourceException(org.orcid.core.exception.WrongSourceException)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 25 with OrcidAccessControlException
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_EducationsTest method testReadPublicScope_Educations.
@Test
public void testReadPublicScope_Educations() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
Response r = serviceDelegator.viewEducation(ORCID, 20L);
assertNotNull(r);
assertEquals(Education.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewEducationSummary(ORCID, 20L);
assertNotNull(r);
assertEquals(EducationSummary.class.getName(), r.getEntity().getClass().getName());
// Limited that am the source of should work
serviceDelegator.viewEducation(ORCID, 21L);
serviceDelegator.viewEducationSummary(ORCID, 21L);
// Limited that am not the source of should fail
try {
serviceDelegator.viewEducation(ORCID, 25L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewEducationSummary(ORCID, 25L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private that am the source of should work
serviceDelegator.viewEducation(ORCID, 22L);
serviceDelegator.viewEducationSummary(ORCID, 22L);
// Private that am not the source of should fails
try {
serviceDelegator.viewEducation(ORCID, 26L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewEducationSummary(ORCID, 26L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
Also used :
Response(javax.ws.rs.core.Response)
Education(org.orcid.jaxb.model.v3.dev1.record.Education)
EducationSummary(org.orcid.jaxb.model.v3.dev1.record.summary.EducationSummary)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
NoResultException(javax.persistence.NoResultException)
VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException)
WrongSourceException(org.orcid.core.exception.WrongSourceException)
OrcidDuplicatedActivityException(org.orcid.core.exception.OrcidDuplicatedActivityException)
OrcidValidationException(org.orcid.core.exception.OrcidValidationException)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Aggregations
OrcidAccessControlException (org.orcid.core.exception.OrcidAccessControlException)31
NoResultException (javax.persistence.NoResultException)25
Response (javax.ws.rs.core.Response)25
Test (org.junit.Test)25
OrcidUnauthorizedException (org.orcid.core.exception.OrcidUnauthorizedException)25
OrcidVisibilityException (org.orcid.core.exception.OrcidVisibilityException)25
VisibilityMismatchException (org.orcid.core.exception.VisibilityMismatchException)25
WrongSourceException (org.orcid.core.exception.WrongSourceException)25
DBUnitTest (org.orcid.test.DBUnitTest)25
OrcidDuplicatedActivityException (org.orcid.core.exception.OrcidDuplicatedActivityException)9
OrcidValidationException (org.orcid.core.exception.OrcidValidationException)7
ActivityIdentifierValidationException (org.orcid.core.exception.ActivityIdentifierValidationException)6
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4
ArrayList (java.util.ArrayList)2
List (java.util.List)2
ExceedMaxNumberOfPutCodesException (org.orcid.core.exception.ExceedMaxNumberOfPutCodesException)2
OrcidNoResultException (org.orcid.core.exception.OrcidNoResultException)2
ScopePathType (org.orcid.jaxb.model.message.ScopePathType)2
Filterable (org.orcid.jaxb.model.common_v2.Filterable)1
