Examples with ForbiddenException org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException used on opensource projects

Example 1 with ForbiddenException

use of org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException in project carbon-apimgt by wso2.

the class RestApiUtilTest method testHandleAuthorizationFailureArgWithEmptyID.

@Test
public void testHandleAuthorizationFailureArgWithEmptyID() {
    String apiId = "";
    String expectedErrormessage = "You don't have permission to access the " + RestApiConstants.RESOURCE_API;
    APIManagementException apiManagementException = new APIManagementException("API management exception test");
    Log log = Mockito.mock(Log.class);
    PowerMockito.mockStatic(LogFactory.class);
    PowerMockito.when(LogFactory.getLog(Mockito.any(Class.class))).thenReturn(log);
    try {
        RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, apiId, apiManagementException, log);
    } catch (ForbiddenException exception) {
        Assert.assertEquals(expectedErrormessage, exception.getMessage());
    }
    Mockito.verify(log).error(expectedErrormessage, apiManagementException);
}

Example 2 with ForbiddenException

use of org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException in project carbon-apimgt by wso2.

the class RestApiUtilTest method testHandleAuthorizationFailure.

@Test
public void testHandleAuthorizationFailure() {
    String errorDescription = "User is not authorized to access the API";
    APIManagementException apiManagementException = new APIManagementException("API management exception test");
    Log log = Mockito.mock(Log.class);
    PowerMockito.mockStatic(LogFactory.class);
    PowerMockito.when(LogFactory.getLog(Mockito.any(Class.class))).thenReturn(log);
    try {
        RestApiUtil.handleAuthorizationFailure(errorDescription, apiManagementException, log);
    } catch (ForbiddenException exception) {
        Assert.assertEquals(errorDescription, exception.getMessage());
        Mockito.verify(log).error(errorDescription, apiManagementException);
    }
}

Example 3 with ForbiddenException

use of org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException in project carbon-apimgt by wso2.

the class RestApiUtil method handleMigrationSpecificPermissionViolations.

/**
 * Handle if any cross tenant access permission violations detected. Cross tenant resources (apis/apps) can be
 * retrieved only by super tenant admin user, only while a migration process(2.6.0 to 3.0.0). APIM server has to be
 * started with the system property 'migrationMode=true' if a migration related exports are to be done.
 *
 * @param targetTenantDomain Tenant domain of which resources are requested
 * @param username           Logged in user name
 * @throws ForbiddenException
 */
public static void handleMigrationSpecificPermissionViolations(String targetTenantDomain, String username) throws ForbiddenException {
    boolean isCrossTenantAccess = !targetTenantDomain.equals(MultitenantUtils.getTenantDomain(username));
    if (!isCrossTenantAccess) {
        return;
    }
    String superAdminRole = null;
    try {
        superAdminRole = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getRealmConfiguration().getAdminRoleName();
    } catch (UserStoreException e) {
        RestApiUtil.handleInternalServerError("Error in getting super admin role name", e, log);
    }
    // check whether logged in user is a super tenant user
    String superTenantDomain = null;
    try {
        superTenantDomain = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getSuperTenantDomain();
    } catch (UserStoreException e) {
        RestApiUtil.handleInternalServerError("Error in getting the super tenant domain", e, log);
    }
    boolean isSuperTenantUser = RestApiCommonUtil.getLoggedInUserTenantDomain().equals(superTenantDomain);
    if (!isSuperTenantUser) {
        String errorMsg = "Cross Tenant resource access is not allowed for this request. User " + username + " is not allowed to access resources in " + targetTenantDomain + " as the requester is not a super " + "tenant user";
        log.error(errorMsg);
        ErrorDTO errorDTO = getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403l, errorMsg);
        throw new ForbiddenException(errorDTO);
    }
    // check whether the user has super tenant admin role
    boolean isSuperAdminRoleNameExist = false;
    try {
        isSuperAdminRoleNameExist = APIUtil.isUserInRole(username, superAdminRole);
    } catch (UserStoreException | APIManagementException e) {
        RestApiUtil.handleInternalServerError("Error in checking whether the user has admin role", e, log);
    }
    if (!isSuperAdminRoleNameExist) {
        String errorMsg = "Cross Tenant resource access is not allowed for this request. User " + username + " is not allowed to access resources in " + targetTenantDomain + " as the requester is not a " + "super tenant admin";
        log.error(errorMsg);
        ErrorDTO errorDTO = getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403l, errorMsg);
        throw new ForbiddenException(errorDTO);
    }
}

Example 4 with ForbiddenException

use of org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException in project carbon-apimgt by wso2.

the class RestApiUtil method buildForbiddenException.

/**
 * Returns a new ForbiddenException
 *
 * @param resource Resource type
 * @param id identifier of the resource
 * @return a new ForbiddenException with the specified details as a response DTO
 */
public static ForbiddenException buildForbiddenException(String resource, String id) {
    String description;
    if (!StringUtils.isEmpty(id)) {
        description = "You don't have permission to access the " + resource + " with Id " + id;
    } else {
        description = "You don't have permission to access the " + resource;
    }
    ErrorDTO errorDTO = getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403l, description);
    return new ForbiddenException(errorDTO);
}

Example 5 with ForbiddenException

use of org.wso2.carbon.apimgt.rest.api.util.exception.ForbiddenException in project carbon-apimgt by wso2.

the class RestApiUtil method handleAuthorizationFailure.

/**
 * Logs the error, builds a ForbiddenException with specified details and throws it
 *
 * @param resource Resource type
 * @param id id of resource
 * @param t Throwable
 * @param log Log instance
 * @throws ForbiddenException
 */
public static void handleAuthorizationFailure(String resource, String id, Throwable t, Log log) throws ForbiddenException {
    ForbiddenException forbiddenException = buildForbiddenException(resource, id);
    log.error(forbiddenException.getMessage(), t);
    throw forbiddenException;
}