use of org.springframework.security.access.AccessDeniedException in project dhis2-core by dhis2.
the class SpringSecurityActionAccessResolver method hasAccess.
// -------------------------------------------------------------------------
// ActionAccessResolver implementation
// -------------------------------------------------------------------------
@Override
public boolean hasAccess(String module, String name) {
// ---------------------------------------------------------------------
// Get ObjectDefinitionSource
// ---------------------------------------------------------------------
Configuration config = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
PackageConfig packageConfig = config.getPackageConfig(module);
if (packageConfig == null) {
throw new IllegalArgumentException("Module doesn't exist: '" + module + "'");
}
ActionConfig actionConfig = packageConfig.getActionConfigs().get(name);
if (actionConfig == null) {
throw new IllegalArgumentException("Module " + module + " doesn't have an action named: '" + name + "'");
}
SecurityMetadataSource securityMetadataSource = requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig);
// ---------------------------------------------------------------------
// Test access
// ---------------------------------------------------------------------
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
try {
if (securityMetadataSource.getAttributes(actionConfig) != null) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
accessDecisionManager.decide(authentication, actionConfig, securityMetadataSource.getAttributes(actionConfig));
}
log.debug("Access to [" + module + ", " + name + "]: TRUE");
return true;
} catch (AccessDeniedException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (access denied)");
return false;
} catch (InsufficientAuthenticationException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)");
return false;
}
}
use of org.springframework.security.access.AccessDeniedException in project dhis2-core by dhis2.
the class LogicalOrAccessDecisionManager method decide.
// -------------------------------------------------------------------------
// Interface implementation
// -------------------------------------------------------------------------
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
AccessDeniedException ade = null;
InsufficientAuthenticationException iae = null;
for (AccessDecisionManager accessDecisionManager : accessDecisionManagers) {
if (accessDecisionManager.supports(object.getClass())) {
try {
accessDecisionManager.decide(authentication, object, configAttributes);
log.debug("ACCESS GRANTED [" + object.toString() + "]");
return;
} catch (AccessDeniedException e) {
ade = e;
} catch (InsufficientAuthenticationException e) {
iae = e;
}
}
}
log.debug("ACCESS DENIED [" + object.toString() + "]");
if (ade != null) {
throw ade;
}
if (iae != null) {
throw iae;
}
}
use of org.springframework.security.access.AccessDeniedException in project engine by craftercms.
the class CrafterPageAccessManager method checkAccess.
/**
* Checks if the user has sufficient rights to access the specified page:
*
* <ol>
* <li>If the page doesn't contain any required role, no authentication is needed.</li>
* <li>If the page has the role "Anonymous", no authentication is needed.</li>
* <li>If the page has the role "Authenticated", just authentication is needed.</li>
* <li>If the page has any other the roles, the user needs to have any of those roles.</li>
* </ol>
*/
@RunIfSecurityEnabled
public void checkAccess(SiteItem page) {
String pageUrl = page.getStoreUrl();
Authentication auth = null;
SecurityContext context = SecurityContextHolder.getContext();
if (context != null && context.getAuthentication() != null) {
auth = context.getAuthentication();
}
List<String> authorizedRoles = getAuthorizedRolesForPage(page);
if (CollectionUtils.isNotEmpty(authorizedRoles) && !containsRole("anonymous", authorizedRoles)) {
// If auth == null it is anonymous
if (auth == null || auth instanceof AnonymousAuthenticationToken) {
throw new AccessDeniedException("User is anonymous but page '" + pageUrl + "' requires authentication");
}
if (!containsRole("authenticated", authorizedRoles) && !hasAnyRole(auth, authorizedRoles)) {
throw new AccessDeniedException("User '" + auth.getName() + "' is not authorized " + "to view page '" + pageUrl + "'");
}
}
}
use of org.springframework.security.access.AccessDeniedException in project ontrack by nemerosa.
the class StructureServiceImpl method getProjectList.
@Override
public List<Project> getProjectList() {
SecuritySettings securitySettings = securityService.getSecuritySettings();
List<Project> list = structureRepository.getProjectList();
if (securitySettings.isGrantProjectViewToAll() || securityService.isGlobalFunctionGranted(ProjectList.class)) {
return list;
} else if (securityService.isLogged()) {
return list.stream().filter(p -> securityService.isProjectFunctionGranted(p.id(), ProjectView.class)).collect(Collectors.toList());
} else {
throw new AccessDeniedException("Authentication is required.");
}
}
use of org.springframework.security.access.AccessDeniedException in project ontrack by nemerosa.
the class PropertyServiceImpl method editProperty.
private <T> Ack editProperty(ProjectEntity entity, PropertyType<T> propertyType, T value) {
// Checks for edition
if (!propertyType.canEdit(entity, securityService)) {
throw new AccessDeniedException("Property is not opened for edition.");
}
// Gets the JSON for the storage
JsonNode storage = propertyType.forStorage(value);
// Search key
String searchKey = propertyType.getSearchKey(value);
// Stores the property
propertyRepository.saveProperty(propertyType.getClass().getName(), entity.getProjectEntityType(), entity.getId(), storage, searchKey);
// Property change event
eventPostService.post(eventFactory.propertyChange(entity, propertyType));
// Listener
propertyType.onPropertyChanged(entity, value);
// OK
return Ack.OK;
}
Aggregations