Search in sources :

Example 1 with AuthorizationFailedException

use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.

the class RestAPIStoreUtils method isUserAccessAllowedForAPI.

/**
 * Check whether the specified API exists and the current logged in user has access to it.
 * <p>
 * When it tries to retrieve the resource from the registry, it will fail with AuthorizationFailedException if user
 * does not have enough privileges. If the API does not exist, this will throw a APIMgtResourceNotFoundException
 *
 * @param apiId API identifier
 * @throws APIManagementException
 */
public static boolean isUserAccessAllowedForAPI(APIIdentifier apiId) throws APIManagementException {
    String username = RestApiCommonUtil.getLoggedInUsername();
    // this is just to check whether the user has access to the api or the api exists.
    try {
        APIConsumer apiConsumer = RestApiCommonUtil.getLoggedInUserConsumer();
        String organization = ApiMgtDAO.getInstance().getOrganizationByAPIUUID(apiId.getUUID());
        apiConsumer.getLightweightAPIByUUID(apiId.getUUID(), organization);
    } catch (APIManagementException e) {
        if (RestApiUtil.isDueToAuthorizationFailure(e)) {
            String message = "user " + username + " failed to access the API " + apiId + " due to an authorization failure";
            log.info(message);
            return false;
        } else {
            // This is an unexpected failure
            String message = "Failed to retrieve the API " + apiId + " to check user " + username + " has access to the API";
            throw new APIManagementException(message, e);
        }
    }
    return true;
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) APIConsumer(org.wso2.carbon.apimgt.api.APIConsumer)

Example 2 with AuthorizationFailedException

use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.

the class RestAPIStoreUtils method isUserAccessAllowedForAPIByUUID.

/**
 * Check whether the specified API exists and the current logged in user has access to it.
 * <p>
 * When it tries to retrieve the resource from the registry, it will fail with AuthorizationFailedException if user
 * does not have enough privileges. If the API does not exist, this will throw a APIMgtResourceNotFoundException
 *
 * @param apiId API UUID
 * @param organization Identifier of the organization
 * @throws APIManagementException
 */
public static boolean isUserAccessAllowedForAPIByUUID(String apiId, String organization) throws APIManagementException {
    String username = RestApiCommonUtil.getLoggedInUsername();
    APIConsumer consumer = RestApiCommonUtil.getLoggedInUserConsumer();
    // this is just to check whether the user has access to the api or the api exists.
    try {
        consumer.getLightweightAPIByUUID(apiId, organization);
    } catch (APIManagementException e) {
        if (RestApiUtil.isDueToAuthorizationFailure(e)) {
            String message = "user " + username + " failed to access the API " + apiId + " due to an authorization failure";
            log.info(message);
            return false;
        } else {
            // This is an unexpected failure
            String message = "Failed to retrieve the API " + apiId + " to check user " + username + " has access to the API";
            throw new APIManagementException(message, e);
        }
    }
    return true;
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) APIConsumer(org.wso2.carbon.apimgt.api.APIConsumer)

Example 3 with AuthorizationFailedException

use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.

the class RestApiUtilTest method testisDueToAuthorizationFailureWithAuthorizationFailedException.

@Test
public void testisDueToAuthorizationFailureWithAuthorizationFailedException() throws Exception {
    AuthorizationFailedException sampleAuthorizationFailedException = new AuthorizationFailedException("New Sample exception");
    Throwable testThrowable = new Throwable();
    PowerMockito.spy(RestApiUtil.class);
    PowerMockito.doReturn(sampleAuthorizationFailedException).when(RestApiUtil.class, "getPossibleErrorCause", testThrowable);
    Assert.assertTrue("Invalid exception has been passed.", RestApiUtil.isDueToAuthorizationFailure(testThrowable));
}
Also used : AuthorizationFailedException(org.wso2.carbon.registry.core.secure.AuthorizationFailedException) APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

APIConsumer (org.wso2.carbon.apimgt.api.APIConsumer)2 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)2 Test (org.junit.Test)1 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1 APIMgtAuthorizationFailedException (org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException)1 AuthorizationFailedException (org.wso2.carbon.registry.core.secure.AuthorizationFailedException)1