Examples with APIMgtAuthorizationFailedException org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException used on opensource projects

Example 6 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class SubscriptionsApiServiceImpl method subscriptionsMultiplePost.

/**
 * Create multiple new subscriptions with the list of subscription details specified in the body parameter.
 *
 * @param body list of new subscription details
 * @return list of newly added subscription as a SubscriptionDTO if successful
 */
@Override
public Response subscriptionsMultiplePost(List<SubscriptionDTO> body, String xWSO2Tenant, MessageContext messageContext) throws APIManagementException {
    String username = RestApiCommonUtil.getLoggedInUsername();
    String organization = RestApiUtil.getValidatedOrganization(messageContext);
    List<SubscriptionDTO> subscriptions = new ArrayList<>();
    for (SubscriptionDTO subscriptionDTO : body) {
        try {
            APIConsumer apiConsumer = RestApiCommonUtil.getConsumer(username);
            String applicationId = subscriptionDTO.getApplicationId();
            APIIdentifier apiIdentifier = APIMappingUtil.getAPIIdentifierFromUUID(subscriptionDTO.getApiId(), organization);
            // this will throw a APIMgtResourceNotFoundException
            if (!org.wso2.carbon.apimgt.rest.api.util.utils.RestAPIStoreUtils.isUserAccessAllowedForAPIByUUID(subscriptionDTO.getApiId(), organization)) {
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, subscriptionDTO.getApiId(), log);
            }
            Application application = apiConsumer.getApplicationByUUID(applicationId);
            if (application == null) {
                // required application not found
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
            }
            if (!RestAPIStoreUtils.isUserAccessAllowedForApplication(application)) {
                // application access failure occurred
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
            }
            ApiTypeWrapper apiTypeWrapper = apiConsumer.getAPIorAPIProductByUUID(subscriptionDTO.getApiId(), organization);
            apiTypeWrapper.setTier(subscriptionDTO.getThrottlingPolicy());
            SubscriptionResponse subscriptionResponse = apiConsumer.addSubscription(apiTypeWrapper, username, application);
            SubscribedAPI addedSubscribedAPI = apiConsumer.getSubscriptionByUUID(subscriptionResponse.getSubscriptionUUID());
            SubscriptionDTO addedSubscriptionDTO = SubscriptionMappingUtil.fromSubscriptionToDTO(addedSubscribedAPI, organization);
            subscriptions.add(addedSubscriptionDTO);
        } catch (APIMgtAuthorizationFailedException e) {
            // this occurs when the api:application:tier mapping is not allowed. The reason for the message is
            // taken from the message of the exception e
            RestApiUtil.handleAuthorizationFailure(e.getMessage(), e, log);
        } catch (SubscriptionAlreadyExistingException e) {
            RestApiUtil.handleResourceAlreadyExistsError("Specified subscription already exists for API " + subscriptionDTO.getApiId() + " for application " + subscriptionDTO.getApplicationId(), e, log);
        } catch (APIManagementException e) {
            if (RestApiUtil.isDueToResourceNotFound(e)) {
                // this happens when the specified API identifier does not exist
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, subscriptionDTO.getApiId(), e, log);
            } else {
                // unhandled exception
                RestApiUtil.handleInternalServerError("Error while adding the subscription API:" + subscriptionDTO.getApiId() + ", application:" + subscriptionDTO.getApplicationId() + ", throttling policy:" + subscriptionDTO.getThrottlingPolicy(), e, log);
            }
        }
    }
    return Response.ok().entity(subscriptions).build();
}

Example 7 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class APIConsumerImpl method checkSubscriptionAllowed.

/**
 * Check if the specified subscription is allowed for the logged in user
 *
 * @param apiTypeWrapper Api Type wrapper that contains either an API or API Product
 * @throws APIManagementException if the subscription allow check was failed. If the user is not allowed to add the
 *                                subscription, this will throw an instance of APIMgtAuthorizationFailedException with the reason as the message
 */
private void checkSubscriptionAllowed(ApiTypeWrapper apiTypeWrapper) throws APIManagementException {
    Set<Tier> tiers;
    String subscriptionAvailability;
    String subscriptionAllowedTenants;
    if (apiTypeWrapper.isAPIProduct()) {
        APIProduct product = apiTypeWrapper.getApiProduct();
        tiers = product.getAvailableTiers();
        subscriptionAvailability = product.getSubscriptionAvailability();
        subscriptionAllowedTenants = product.getSubscriptionAvailableTenants();
    } else {
        API api = apiTypeWrapper.getApi();
        String apiSecurity = api.getApiSecurity();
        if (apiSecurity != null && !apiSecurity.contains(APIConstants.DEFAULT_API_SECURITY_OAUTH2) && !apiSecurity.contains(APIConstants.API_SECURITY_API_KEY)) {
            String msg = "Subscription is not allowed for API " + apiTypeWrapper.toString() + ". To access the API, " + "please use the client certificate";
            throw new APIMgtAuthorizationFailedException(msg);
        }
        tiers = api.getAvailableTiers();
        subscriptionAvailability = api.getSubscriptionAvailability();
        subscriptionAllowedTenants = api.getSubscriptionAvailableTenants();
    }
    String apiOrganization = apiTypeWrapper.getOrganization();
    // Tenant based validation for subscription
    boolean subscriptionAllowed = false;
    if (!organization.equals(apiOrganization)) {
        if (APIConstants.SUBSCRIPTION_TO_ALL_TENANTS.equals(subscriptionAvailability)) {
            subscriptionAllowed = true;
        } else if (APIConstants.SUBSCRIPTION_TO_SPECIFIC_TENANTS.equals(subscriptionAvailability)) {
            if (subscriptionAllowedTenants != null) {
                String[] allowedTenants = subscriptionAllowedTenants.split(",");
                for (String tenant : allowedTenants) {
                    if (tenant != null && tenantDomain.equals(tenant.trim())) {
                        subscriptionAllowed = true;
                        break;
                    }
                }
            }
        }
    } else {
        subscriptionAllowed = true;
    }
    if (!subscriptionAllowed) {
        throw new APIMgtAuthorizationFailedException("Subscription is not allowed for " + userNameWithoutChange);
    }
    // check whether the specified tier is within the allowed tiers for the API
    Iterator<Tier> iterator = tiers.iterator();
    boolean isTierAllowed = false;
    List<String> allowedTierList = new ArrayList<>();
    while (iterator.hasNext()) {
        Tier t = iterator.next();
        if (t.getName() != null && (t.getName()).equals(apiTypeWrapper.getTier())) {
            isTierAllowed = true;
        }
        allowedTierList.add(t.getName());
    }
    if (!isTierAllowed) {
        String msg = "Tier " + apiTypeWrapper.getTier() + " is not allowed for API/API Product " + apiTypeWrapper + ". Only " + Arrays.toString(allowedTierList.toArray()) + " Tiers are allowed.";
        throw new APIManagementException(msg, ExceptionCodes.from(ExceptionCodes.SUBSCRIPTION_TIER_NOT_ALLOWED, apiTypeWrapper.getTier(), username));
    }
}