Example 11 with OrcidUnauthorizedException
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method getOrcidFromToken.
@Override
public String getOrcidFromToken() {
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
if (oAuth2Authentication == null) {
throw new OrcidUnauthorizedException("No OAuth2 authentication found");
}
checkScopes(ScopePathType.AUTHENTICATE);
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
if (userAuthentication != null) {
Object principal = userAuthentication.getPrincipal();
if (principal instanceof ProfileEntity) {
ProfileEntity profileEntity = (ProfileEntity) principal;
return profileEntity.getId();
} else {
throw new OrcidUnauthorizedException("Missing user authentication");
}
} else {
throw new IllegalStateException("Non client credential scope found in client request");
}
}
Also used :
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
Example 12 with OrcidUnauthorizedException
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method isMyToken.
private void isMyToken(String orcid) {
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
if (oAuth2Authentication == null) {
throw new OrcidUnauthorizedException("No OAuth2 authentication found");
}
// Verify the client is not a public client
checkClientType();
String clientId = sourceManager.retrieveSourceOrcid();
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
if (userAuthentication != null) {
Object principal = userAuthentication.getPrincipal();
if (principal instanceof ProfileEntity) {
ProfileEntity profileEntity = (ProfileEntity) principal;
if (!orcid.equals(profileEntity.getId())) {
throw new OrcidUnauthorizedException("Access token is for a different record");
}
} else {
throw new OrcidUnauthorizedException("Missing user authentication");
}
} else if (isNonClientCredentialScope(oAuth2Authentication) && !clientIsProfileSource(clientId, profile)) {
throw new IllegalStateException("Non client credential scope found in client request");
}
}
Also used :
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
Example 13 with OrcidUnauthorizedException
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkAndFilter.
@Override
public void checkAndFilter(String orcid, WorkBulk workBulk, ScopePathType scopePathType) {
isMyToken(orcid);
List<BulkElement> bulkElements = workBulk.getBulk();
List<BulkElement> filteredElements = new ArrayList<>();
for (int i = 0; i < bulkElements.size(); i++) {
BulkElement element = bulkElements.get(i);
if (element instanceof OrcidError) {
filteredElements.add(element);
continue;
}
try {
checkAndFilter(orcid, (Work) element, scopePathType, true);
filteredElements.add(element);
} catch (Exception e) {
if (e instanceof OrcidUnauthorizedException) {
throw e;
}
OrcidError error = orcidCoreExceptionMapper.getV3OrcidError(e);
filteredElements.add(error);
}
}
workBulk.setBulk(filteredElements);
}
Also used :
OrcidError(org.orcid.jaxb.model.v3.dev1.error.OrcidError)
BulkElement(org.orcid.jaxb.model.record.bulk.BulkElement)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
ArrayList(java.util.ArrayList)
NoResultException(javax.persistence.NoResultException)
OrcidNotClaimedException(org.orcid.core.exception.OrcidNotClaimedException)
OrcidDeprecatedException(org.orcid.core.exception.OrcidDeprecatedException)
WrongSourceException(org.orcid.core.exception.WrongSourceException)
LockedException(org.orcid.core.security.aop.LockedException)
AccessControlException(java.security.AccessControlException)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
DeactivatedException(org.orcid.core.exception.DeactivatedException)
Example 14 with OrcidUnauthorizedException
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_BiogrphyTest method testReadPublicScope_Biography.
@Test
public void testReadPublicScope_Biography() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
Response r = serviceDelegator.viewBiography(ORCID);
assertNotNull(r);
assertEquals(Biography.class.getName(), r.getEntity().getClass().getName());
try {
// Bio for 0000-0000-0000-0002 should be limited
String otherOrcid = "0000-0000-0000-0002";
r = serviceDelegator.viewBiography(otherOrcid);
fail();
} catch (OrcidUnauthorizedException e) {
}
}
Also used :
Response(javax.ws.rs.core.Response)
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
Biography(org.orcid.jaxb.model.v3.dev1.record.Biography)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 15 with OrcidUnauthorizedException
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class SelfServiceController method checkAccess.
private void checkAccess(String memberId) {
List<String> usersAuthorizedAccountIds = salesForceManager.retrieveAccountIdsByOrcid(sourceManager.retrieveSourceOrcid());
MemberDetails memberDetails = salesForceManager.retrieveDetails(memberId);
if (!(usersAuthorizedAccountIds.contains(memberId) || usersAuthorizedAccountIds.contains(memberDetails.getMember().getConsortiumLeadId()))) {
throw new OrcidUnauthorizedException("You are not authorized for account ID = " + memberId);
}
}
Also used :
OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)
MemberDetails(org.orcid.core.salesforce.model.MemberDetails)
Aggregations
OrcidUnauthorizedException (org.orcid.core.exception.OrcidUnauthorizedException)16
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)4
Authentication (org.springframework.security.core.Authentication)4
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4
AccessControlException (java.security.AccessControlException)3
ArrayList (java.util.ArrayList)3
Test (org.junit.Test)3
NoResultException (javax.persistence.NoResultException)2
Response (javax.ws.rs.core.Response)2
OrcidString (org.orcid.core.cache.OrcidString)2
DeactivatedException (org.orcid.core.exception.DeactivatedException)2
OrcidAccessControlException (org.orcid.core.exception.OrcidAccessControlException)2
OrcidDeprecatedException (org.orcid.core.exception.OrcidDeprecatedException)2
OrcidNotClaimedException (org.orcid.core.exception.OrcidNotClaimedException)2
OrcidVisibilityException (org.orcid.core.exception.OrcidVisibilityException)2
WrongSourceException (org.orcid.core.exception.WrongSourceException)2
Contact (org.orcid.core.salesforce.model.Contact)2
MemberDetails (org.orcid.core.salesforce.model.MemberDetails)2
LockedException (org.orcid.core.security.aop.LockedException)2
BulkElement (org.orcid.jaxb.model.record.bulk.BulkElement)2
