Examples with AccessDeniedException org.springframework.security.access.AccessDeniedException used on opensource projects

Search in sources :

Example 56 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.

the class DelegatingAccessDeniedHandlerTests method matchesDoesNotInvokeDefault.

@Test
public void matchesDoesNotInvokeDefault() throws Exception {
    handlers.put(InvalidCsrfTokenException.class, handler1);
    handlers.put(MissingCsrfTokenException.class, handler2);
    handler = new DelegatingAccessDeniedHandler(handlers, handler3);
    AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123");
    handler.handle(request, response, accessDeniedException);
    verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
    verify(handler2).handle(request, response, accessDeniedException);
    verify(handler3, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MissingCsrfTokenException(org.springframework.security.web.csrf.MissingCsrfTokenException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Example 57 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.

the class DelegatingAccessDeniedHandlerTests method moreSpecificDoesNotInvokeLessSpecific.

@Test
public void moreSpecificDoesNotInvokeLessSpecific() throws Exception {
    handlers.put(CsrfException.class, handler1);
    handler = new DelegatingAccessDeniedHandler(handlers, handler3);
    AccessDeniedException accessDeniedException = new AccessDeniedException("");
    handler.handle(request, response, accessDeniedException);
    verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
    verify(handler3).handle(request, response, accessDeniedException);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AccessDeniedException(org.springframework.security.access.AccessDeniedException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Example 58 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testAccessDeniedWithRememberMe.

@Test
public void testAccessDeniedWithRememberMe() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    request.setServerPort(80);
    request.setScheme("http");
    request.setServerName("www.example.com");
    request.setContextPath("/mycontext");
    request.setRequestURI("/mycontext/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is remembered
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
    SecurityContextHolder.setContext(securityContext);
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
    assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) RememberMeAuthenticationToken(org.springframework.security.authentication.RememberMeAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 59 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testAccessDeniedWhenNonAnonymous.

@Test
public void testAccessDeniedWhenNonAnonymous() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is
    // anonymous
    SecurityContextHolder.clearContext();
    // Setup a new AccessDeniedHandlerImpl that will do a "forward"
    AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
    adh.setErrorPage("/error.jsp");
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
    filter.setAccessDeniedHandler(adh);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getStatus()).isEqualTo(403);
    assertThat(request.getAttribute(WebAttributes.ACCESS_DENIED_403)).isExactlyInstanceOf(AccessDeniedException.class);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 60 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project head by mifos.

the class UncaughtExceptionHandler method doResolveException.

@Override
protected ModelAndView doResolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
    ModelAndView modelAndView = checkForAccessDenied(ex, request);
    if (modelAndView == null) {
        modelAndView = checkForPageJndiException(ex, request);
    }
    if (modelAndView == null) {
        modelAndView = checkForPageExpiredException(ex, request);
    }
    if (modelAndView == null) {
        modelAndView = checkForMaxUploadSizeExceededException(ex, request);
    }
    if (request.getRequestURI().endsWith("json")) {
        if (modelAndView == null && ex instanceof RESTCallInterruptException) {
            // should move to explicit @ExceptionHandler(RESTCallInterruptException) controller method
            modelAndView = new ModelAndView();
            modelAndView.addObject("status", "interrupt");
            modelAndView.addObject("approvalId", ((RESTCallInterruptException) ex).getApprovalId());
            modelAndView.addObject("cause", "The call has been interrupt for approval");
            return modelAndView;
        }
        if (modelAndView == null || ex instanceof AccessDeniedException) {
            // should move to explicit @ExceptionHandler(Exception) controller method
            modelAndView = new ModelAndView();
            modelAndView.addObject("status", "error");
            modelAndView.addObject("cause", ex.getMessage());
            logger.error("REST API exception : URI '" + request.getRequestURI() + "'", ex);
            return modelAndView;
        }
    }
    if (modelAndView == null) {
        modelAndView = super.doResolveException(request, response, handler, ex);
    }
    if (modelAndView != null && !"HEAD".equals(request.getMethod())) {
        String requestUri = request.getRequestURI();
        logger.error("Uncaught exception while accessing '" + requestUri + "'", ex);
        modelAndView.addObject("uncaughtException", ex);
        modelAndView.addObject("requestUri", requestUri);
        if (ex != null) {
            Writer result = new StringWriter();
            ex.printStackTrace(new PrintWriter(result));
            modelAndView.addObject("stackString", result.toString());
        }
    }
    return modelAndView;
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) RESTCallInterruptException(org.mifos.rest.approval.service.RESTCallInterruptException) StringWriter(java.io.StringWriter) ModelAndView(org.springframework.web.servlet.ModelAndView) PrintWriter(java.io.PrintWriter) StringWriter(java.io.StringWriter) Writer(java.io.Writer) PrintWriter(java.io.PrintWriter)

Aggregations

AccessDeniedException (org.springframework.security.access.AccessDeniedException)74 Test (org.junit.Test)21 Authentication (org.springframework.security.core.Authentication)14 ConfigAttribute (org.springframework.security.access.ConfigAttribute)13 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)8 User (amu.zhcet.data.user.User)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)6 ArrayList (java.util.ArrayList)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)5 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)5 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 Interpretation (org.hisp.dhis.interpretation.Interpretation)4 User (org.hisp.dhis.user.User)4 SecurityConfig (org.springframework.security.access.SecurityConfig)4 GetMapping (org.springframework.web.bind.annotation.GetMapping)4 IOException (java.io.IOException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial