use of org.summerb.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.
the class EasyCrudM2mServiceImpl method removeReferencee.
@Override
public void removeReferencee(T1Id referencerId, T2Id referenceeId) throws NotAuthorizedException {
try {
Query q = Query.n();
addEqQuery(ManyToManyDto.FN_SRC, referencerId, q);
addEqQuery(ManyToManyDto.FN_DST, referenceeId, q);
ManyToManyDto<T1Id, T2Id> pair = findOneByQuery(q);
try {
if (pair == null) {
throw new GenericEntityNotFoundException(getEntityTypeMessageCode(), "" + referencerId + "<->" + referenceeId);
}
deleteById(pair.getId());
} catch (EntityNotFoundException e) {
// that's ok, we wanted it to not exist, it's not there. This
// state
// is acceptable
}
} catch (Throwable t) {
Throwables.throwIfInstanceOf(t, NotAuthorizedException.class);
throw new RuntimeException("Failed to remove reference from " + serviceFrom.getEntityTypeMessageCode() + " identified by " + referencerId + " to " + serviceTo.getEntityTypeMessageCode() + " identified by " + referenceeId, t);
}
}
use of org.summerb.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.
the class ControllerExceptionHandlerStrategyLegacyImpl method buildJsonError.
/**
* This peace of crap needs to be removed. Because in case of JSON it's rest
* API, there is no place for {@link ModelAndView}. Response should be pure JSON
* content.
*
* So instead of implementing it here it's better to just re-throw exception and
* let {@link RestExceptionTranslator} handle it and gracefully convert it into
* json description of error happened
*/
protected ModelAndView buildJsonError(Throwable ex, HttpServletRequest req, HttpServletResponse res) {
String msg = exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale());
NotAuthorizedException nae;
FieldValidationException fve;
AccessDeniedException ade;
boolean translateAuthExc = Boolean.TRUE.equals(Boolean.valueOf(req.getHeader(RestExceptionTranslator.X_TRANSLATE_AUTHORIZATION_ERRORS)));
if ((nae = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class)) != null) {
NotAuthorizedResult naeResult = nae.getResult();
res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
if (translateAuthExc) {
return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
} else {
respondWithJson(naeResult, res);
return null;
}
} else if ((ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class)) != null) {
res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
if (translateAuthExc) {
return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
} else {
respondWithJson(new NotAuthorizedResult(getCurrentUser(), SecurityMessageCodes.ACCESS_DENIED), res);
return null;
}
} else if ((fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class)) != null) {
res.setStatus(HttpServletResponse.SC_BAD_REQUEST);
ValidationErrorsVm vepm = new ValidationErrorsVm(fve.getErrors());
return new ModelAndView(jsonView, ControllerBase.ATTR_VALIDATION_ERRORS, vepm.getMsg());
}
log.warn("Failed to process request", ex);
res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
}
use of org.summerb.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.
the class RestExceptionTranslator method determineFailureResult.
protected DtoBase determineFailureResult(Exception ex, HttpServletRequest request, HttpServletResponse response) {
// first see if it is FVE
FieldValidationException fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class);
if (fve != null) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return fve.getErrorDescriptionObject();
}
boolean translateAuthErrors = Boolean.TRUE.equals(Boolean.valueOf(request.getHeader(X_TRANSLATE_AUTHORIZATION_ERRORS)));
GenericServerErrorResult ret = null;
if (translateAuthErrors) {
ret = new GenericServerErrorResult(buildUserMessage(ex, request), new ExceptionInfo(ex));
}
NotAuthorizedException naex = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class);
if (naex != null) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return ret != null ? ret : naex.getResult();
}
AuthenticationException ae = ExceptionUtils.findExceptionOfType(ex, AuthenticationException.class);
if (ae != null) {
// NOTE: See how we did that in AuthenticationFailureHandlerImpl...
// Looks like we need to augment our custom RestLoginFilter so it
// will put username to request
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult("(username not resolved)", SecurityMessageCodes.AUTH_FATAL);
}
AccessDeniedException ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class);
if (ade != null) {
if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
}
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.ACCESS_DENIED);
}
CurrentUserNotFoundException cunfe = ExceptionUtils.findExceptionOfType(ex, CurrentUserNotFoundException.class);
if (cunfe != null) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
}
// TBD: Do we really need to send whole stack trace to client ??? I think we
// should do it only during development
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return new GenericServerErrorResult(buildUserMessage(ex, request), new ExceptionInfo(ex));
}
use of org.summerb.security.api.exceptions.NotAuthorizedException in project summerb by skarpushin.
the class EasyCrudRestControllerBase method resolveReferences.
protected void resolveReferences(List<String> referencesToResolve, CrudQueryResult<TId, TDto> ret, List<TDto> items) throws EntityNotFoundException, NotAuthorizedException {
Preconditions.checkState(dataSetLoader != null, "DataSetLoader is required to resolve references");
Preconditions.checkState(referencesRegistry != null, "referencesRegistry is required to resolve references");
DataSet ds = new DataSet();
DataTable<TId, TDto> table = new DataTable<>(service.getEntityTypeMessageCode());
table.putAll(items);
ds.getTables().put(table.getName(), table);
List<Ref> references = referencesToResolve.stream().map(name -> referencesRegistry.getRefByName(name)).collect(Collectors.toList());
Ref[] refsArr = (Ref[]) references.toArray(new Ref[references.size()]);
dataSetLoader.resolveReferencedObjects(ds, refsArr);
// now remove initial table from dataset because we don't want to
// duplicate this. It's already populated to rows
ds.getTables().remove(table.getName());
// x. ret
ret.setRefsResolved(references.stream().collect(Collectors.toMap(Ref::getName, Function.identity())));
ret.setRefs(ds);
}
Aggregations