Examples with AccessDeniedException org.springframework.security.access.AccessDeniedException used on opensource projects

Search in sources :

Example 1 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project head by mifos.

the class UncaughtExceptionHandler method checkForAccessDenied.

private ModelAndView checkForAccessDenied(Exception ex, HttpServletRequest request) {
    if (ex instanceof AccessDeniedException) {
        ModelAndView modelAndView = null;
        String viewName = determineViewName(ex, request);
        if (viewName != null) {
            modelAndView = getModelAndView(viewName, ex, request);
        }
        return modelAndView;
    }
    if (ex.getCause() != null && ex.getCause() instanceof Exception) {
        return checkForAccessDenied((Exception) ex.getCause(), request);
    }
    return null;
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) ModelAndView(org.springframework.web.servlet.ModelAndView) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MaxUploadSizeExceededException(org.springframework.web.multipart.MaxUploadSizeExceededException) JNDIException(org.mifos.reports.pentaho.util.JNDIException) PageExpiredException(org.mifos.framework.exceptions.PageExpiredException) RESTCallInterruptException(org.mifos.rest.approval.service.RESTCallInterruptException) FlowExecutionRestorationFailureException(org.springframework.webflow.execution.repository.FlowExecutionRestorationFailureException)

Example 2 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project head by mifos.

the class EditCustomerStatusAction method updateStatus.

@CloseSession
@TransactionDemarcate(validateAndResetToken = true)
public ActionForward updateStatus(ActionMapping mapping, ActionForm form, HttpServletRequest request, @SuppressWarnings("unused") HttpServletResponse response) throws Exception {
    EditCustomerStatusActionForm editStatusActionForm = (EditCustomerStatusActionForm) form;
    CustomerBO customerBOInSession = (CustomerBO) SessionUtils.getAttribute(Constants.BUSINESS_KEY, request);
    if (customerBOInSession.isBlackListed() && customerBOInSession.getStatus().getValue() == CustomerConstants.CLIENT_CLOSED) {
        try {
            this.clientServiceFacade.removeFromBlacklist(customerBOInSession.getCustomerId());
            customerBOInSession.setVersionNo(customerBOInSession.getVersionNo() + 1);
        } catch (AccessDeniedException e) {
            throw new CustomerException(SecurityConstants.KEY_ACTIVITY_NOT_ALLOWED);
        }
    }
    try {
        this.centerServiceFacade.updateCustomerStatus(customerBOInSession.getCustomerId(), customerBOInSession.getVersionNo(), editStatusActionForm.getFlagId(), editStatusActionForm.getNewStatusId(), editStatusActionForm.getNotes());
        createClientQuestionnaire.saveResponses(request, editStatusActionForm, customerBOInSession.getCustomerId());
    } catch (BusinessRuleException e) {
        throw new ApplicationException(e.getMessageKey(), e);
    }
    return mapping.findForward(getDetailAccountPage(form));
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) CustomerException(org.mifos.customers.exceptions.CustomerException) BusinessRuleException(org.mifos.service.BusinessRuleException) ApplicationException(org.mifos.framework.exceptions.ApplicationException) EditCustomerStatusActionForm(org.mifos.customers.struts.actionforms.EditCustomerStatusActionForm) CustomerBO(org.mifos.customers.business.CustomerBO) CloseSession(org.mifos.framework.util.helpers.CloseSession) TransactionDemarcate(org.mifos.framework.util.helpers.TransactionDemarcate)

Example 3 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project head by mifos.

the class PentahoReportsServiceImpl method getReport.

@Override
public PentahoReport getReport(Integer reportId, Integer outputTypeId, Map<String, AbstractPentahoParameter> params) {
    ByteArrayOutputStream baos = null;
    if (!checkAccessToReport(reportId)) {
        throw new AccessDeniedException("Access denied");
    }
    try {
        String reportFileName = getReportFilename(reportId);
        // load report definition
        ResourceManager manager = new ResourceManager();
        manager.registerDefaults();
        URL url = PentahoReportLocator.getURLForReport(reportFileName);
        Resource res = manager.createDirectly(url, MasterReport.class);
        MasterReport report = (MasterReport) res.getResource();
        PentahoReport result = new PentahoReport();
        List<PentahoValidationError> errors = new ArrayList<PentahoValidationError>();
        try {
            addParametersToReport(report, params);
            validate(report, errors);
        } catch (ReflectionException ex) {
            errors.add(new PentahoValidationError(ex.getMessage()));
        }
        result.setErrors(errors);
        if (errors.isEmpty()) {
            baos = new ByteArrayOutputStream();
            PentahoOutputType outputType = PentahoOutputType.findById(outputTypeId);
            switch(outputType) {
                case XLS:
                    ExcelReportUtil.createXLS(report, baos);
                    break;
                case RTF:
                    RTFReportUtil.createRTF(report, baos);
                    break;
                case HTML:
                    HtmlReportUtil.createStreamHTML(report, baos);
                    break;
                case CSV:
                    CSVReportUtil.createCSV(report, baos, "UTF-8");
                    break;
                case XML:
                    XmlTableReportUtil.createFlowXML(report, baos);
                    break;
                default:
                    // PDF
                    PdfReportUtil.createPDF(report, baos);
                    break;
            }
            result.setContentType(outputType.getContentType());
            result.setFileExtension(outputType.getFileExtension());
            result.setName(getReportName(reportId));
            result.setContent(baos.toByteArray());
        }
        return result;
    } catch (Exception e) {
        throw new MifosRuntimeException(e);
    } finally {
        closeStream(baos);
    }
}
Also used : PentahoReport(org.mifos.reports.pentaho.PentahoReport) ReflectionException(org.mifos.reports.pentaho.util.ReflectionException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) Resource(org.pentaho.reporting.libraries.resourceloader.Resource) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ResourceManager(org.pentaho.reporting.libraries.resourceloader.ResourceManager) URL(java.net.URL) MifosRuntimeException(org.mifos.core.MifosRuntimeException) PersistenceException(org.mifos.framework.exceptions.PersistenceException) ReflectionException(org.mifos.reports.pentaho.util.ReflectionException) ReportProcessingException(org.pentaho.reporting.engine.classic.core.ReportProcessingException) IOException(java.io.IOException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) PentahoOutputType(org.mifos.reports.pentaho.util.PentahoOutputType) MasterReport(org.pentaho.reporting.engine.classic.core.MasterReport) PentahoValidationError(org.mifos.reports.pentaho.PentahoValidationError) MifosRuntimeException(org.mifos.core.MifosRuntimeException)

Example 4 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project head by mifos.

the class PentahoReportingController method executeReport.

@RequestMapping(value = "/execPentahoReport.ftl", method = RequestMethod.POST)
public ModelAndView executeReport(final HttpServletRequest request, HttpServletResponse response, @RequestParam(value = CANCEL_PARAM, required = false) String cancel, @Valid @ModelAttribute("pentahoReportFormBean") PentahoReportFormBean pentahoReportFormBean, BindingResult bindingResult) throws IOException {
    if (!this.pentahoReportsService.checkAccessToReport(pentahoReportFormBean.getReportId())) {
        throw new AccessDeniedException("Access denied");
    }
    ModelAndView mav = null;
    Integer reportId = pentahoReportFormBean.getReportId();
    if (StringUtils.isNotBlank(cancel)) {
        mav = new ModelAndView("redirect:" + REPORTS_MAIN_URL);
    } else if (bindingResult.hasErrors()) {
        mav = new ModelAndView("viewPentahoReport");
        initFormBean(pentahoReportFormBean, reportId, request);
    } else {
        Integer outputType = Integer.parseInt(pentahoReportFormBean.getOutputType());
        Map<String, AbstractPentahoParameter> reportParams = pentahoReportFormBean.getAllParameteres();
        PentahoReport report = this.pentahoReportsService.getReport(reportId, outputType, reportParams);
        if (report.isInError()) {
            for (PentahoValidationError error : report.getErrors()) {
                addErrorToBindingResult(error, bindingResult);
            }
            mav = new ModelAndView("viewPentahoReport");
            initFormBean(pentahoReportFormBean, reportId, request);
        } else {
            if (report.getContentType().equalsIgnoreCase("text/html")) {
                HashMap<String, String> modelMap = new HashMap<String, String>();
                modelMap.put("reportContent", new String(report.getContent()));
                mav = new ModelAndView("viewHtmlReport", modelMap);
            } else {
                response.setHeader("Content-Disposition", "attachment; filename=\"" + report.getFilename() + "\"");
                response.setContentType(report.getContentType());
                response.setContentLength(report.getContentSize());
                response.getOutputStream().write(report.getContent());
            }
        }
    }
    return mav;
}
Also used : PentahoReport(org.mifos.reports.pentaho.PentahoReport) AccessDeniedException(org.springframework.security.access.AccessDeniedException) HashMap(java.util.HashMap) ModelAndView(org.springframework.web.servlet.ModelAndView) PentahoValidationError(org.mifos.reports.pentaho.PentahoValidationError) HashMap(java.util.HashMap) Map(java.util.Map) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project spring-security-oauth by spring-projects.

the class ScopeVoter method vote.

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    int result = ACCESS_ABSTAIN;
    if (!(authentication instanceof OAuth2Authentication)) {
        return result;
    }
    for (ConfigAttribute attribute : attributes) {
        if (denyAccess.equals(attribute.getAttribute())) {
            return ACCESS_DENIED;
        }
    }
    OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            result = ACCESS_DENIED;
            Set<String> scopes = clientAuthentication.getScope();
            for (String scope : scopes) {
                if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) {
                    return ACCESS_GRANTED;
                }
            }
            if (result == ACCESS_DENIED && throwException) {
                InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", Collections.singleton(attribute.getAttribute().substring(scopePrefix.length())));
                throw new AccessDeniedException(failure.getMessage(), failure);
            }
        }
    }
    return result;
}
Also used : InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ConfigAttribute(org.springframework.security.access.ConfigAttribute) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Aggregations

AccessDeniedException (org.springframework.security.access.AccessDeniedException)186 Test (org.junit.Test)33 Test (org.junit.jupiter.api.Test)20 Authentication (org.springframework.security.core.Authentication)18 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)17 ArrayList (java.util.ArrayList)15 ApplicationUser (org.finra.herd.model.dto.ApplicationUser)14 SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)14 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)14 AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)13 Method (java.lang.reflect.Method)12 JoinPoint (org.aspectj.lang.JoinPoint)11 MethodSignature (org.aspectj.lang.reflect.MethodSignature)11 SecurityContext (org.springframework.security.core.context.SecurityContext)11 NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)10 Credential (com.sequenceiq.cloudbreak.domain.Credential)8 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)8 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)8 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)7 Interpretation (org.hisp.dhis.interpretation.Interpretation)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial