Examples with NotAuthorizedException org.summerb.approaches.security.api.exceptions.NotAuthorizedException used on opensource projects

Example 1 with NotAuthorizedException

use of org.summerb.approaches.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.

the class RestExceptionTranslator method determineFailureResult.

private DtoBase determineFailureResult(Exception ex, HttpServletRequest request, HttpServletResponse response) {
    // first see if it is FVE
    FieldValidationException fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class);
    if (fve != null) {
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        return fve.getErrorDescriptionObject();
    }
    boolean translateAuthErrors = Boolean.TRUE.equals(Boolean.valueOf(request.getHeader(X_TRANSLATE_AUTHORIZATION_ERRORS)));
    GenericServerErrorResult ret = null;
    if (translateAuthErrors) {
        ret = new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
    }
    NotAuthorizedException naex = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class);
    if (naex != null) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return ret != null ? ret : naex.getResult();
    }
    AuthenticationException ae = ExceptionUtils.findExceptionOfType(ex, AuthenticationException.class);
    if (ae != null) {
        // NOTE: See how we did that in AuthenticationFailureHandlerImpl...
        // Looks like we need to augment our custom RestLoginFilter so it
        // will put username to request
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return ret != null ? ret : new NotAuthorizedResult("(username not resolved)", SecurityMessageCodes.AUTH_FATAL);
    }
    AccessDeniedException ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class);
    if (ade != null) {
        if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
        }
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.ACCESS_DENIED);
    }
    CurrentUserNotFoundException cunfe = ExceptionUtils.findExceptionOfType(ex, CurrentUserNotFoundException.class);
    if (cunfe != null) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
    }
    // TODO: Do we really need to send whole stack trace to client ??? I think we
    // should do it only during development
    response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    return new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
}

Example 2 with NotAuthorizedException

use of org.summerb.approaches.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.

the class EasyCrudM2mServiceImpl method removeReferencee.

@Override
public void removeReferencee(T1Id referencerId, T2Id referenceeId) throws NotAuthorizedException {
    try {
        Query q = Query.n();
        addEqQuery(ManyToManyDto.FN_SRC, referencerId, q);
        addEqQuery(ManyToManyDto.FN_DST, referenceeId, q);
        ManyToManyDto<T1Id, T2Id> pair = findOneByQuery(q);
        try {
            deleteById(pair.getId());
        } catch (EntityNotFoundException e) {
        // that's ok, we wanted it to not exist, it's not there. This
        // state
        // is acceptable
        }
    } catch (Throwable t) {
        Throwables.throwIfInstanceOf(t, NotAuthorizedException.class);
        throw new RuntimeException("Failed to remove reference from " + serviceFrom.getEntityTypeMessageCode() + " identified by " + referencerId + " to " + serviceTo.getEntityTypeMessageCode() + " identified by " + referenceeId, t);
    }
}

Example 3 with NotAuthorizedException

use of org.summerb.approaches.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.

the class EasyCrudRestControllerBase method resolveReferences.

private void resolveReferences(List<String> referencesToResolve, CrudQueryResult<TId, TDto> ret, List<TDto> items) throws EntityNotFoundException, NotAuthorizedException {
    Preconditions.checkState(dataSetLoader != null, "DataSetLoader is required to resolve references");
    Preconditions.checkState(referencesRegistry != null, "referencesRegistry is required to resolve references");
    DataSet ds = new DataSet();
    DataTable<TId, TDto> table = new DataTable<>(service.getEntityTypeMessageCode());
    table.putAll(items);
    ds.getTables().put(table.getName(), table);
    List<Ref> references = referencesToResolve.stream().map(name -> referencesRegistry.getRefByName(name)).collect(Collectors.toList());
    Ref[] refsArr = (Ref[]) references.toArray(new Ref[references.size()]);
    dataSetLoader.resolveReferencedObjects(ds, refsArr);
    // now remove initial table from dataset because we don't want to
    // duplicate this. It's already populated to rows
    ds.getTables().remove(table.getName());
    // x. ret
    ret.setRefsResolved(references.stream().collect(Collectors.toMap(Ref::getName, Function.identity())));
    ret.setRefs(ds);
}

Example 4 with NotAuthorizedException

use of org.summerb.approaches.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.

the class ControllerExceptionHandlerStrategyLegacyImpl method buildJsonError.

/**
 * This peace of crap needs to be removed. Because in case of JSON it's rest
 * API, there is no place for {@link ModelAndView}. Response should be pure JSON
 * content.
 *
 * So instead of implementing it here it's better to just re-throw exception and
 * let {@link RestExceptionTranslator} handle it and gracefully convert it into
 * json description of error happened
 */
protected ModelAndView buildJsonError(Throwable ex, HttpServletRequest req, HttpServletResponse res) {
    String msg = exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale());
    NotAuthorizedException nae;
    FieldValidationException fve;
    AccessDeniedException ade;
    boolean translateAuthExc = Boolean.TRUE.equals(Boolean.valueOf(req.getHeader(RestExceptionTranslator.X_TRANSLATE_AUTHORIZATION_ERRORS)));
    if ((nae = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class)) != null) {
        NotAuthorizedResult naeResult = nae.getResult();
        res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
        if (translateAuthExc) {
            return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
        } else {
            respondWithJson(naeResult, res);
            return null;
        }
    } else if ((ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class)) != null) {
        res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
        if (translateAuthExc) {
            return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
        } else {
            respondWithJson(new NotAuthorizedResult(getCurrentUser(), SecurityMessageCodes.ACCESS_DENIED), res);
            return null;
        }
    } else if ((fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class)) != null) {
        res.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        ValidationErrorsVm vepm = new ValidationErrorsVm(fve.getErrors());
        return new ModelAndView(jsonView, ControllerBase.ATTR_VALIDATION_ERRORS, vepm.getMsg());
    }
    log.warn("Failed to process request", ex);
    res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
}