use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.
the class RestAPIStoreUtils method isUserAccessAllowedForAPI.
/**
* Check whether the specified API exists and the current logged in user has access to it.
* <p>
* When it tries to retrieve the resource from the registry, it will fail with AuthorizationFailedException if user
* does not have enough privileges. If the API does not exist, this will throw a APIMgtResourceNotFoundException
*
* @param apiId API identifier
* @throws APIManagementException
*/
public static boolean isUserAccessAllowedForAPI(APIIdentifier apiId) throws APIManagementException {
String username = RestApiCommonUtil.getLoggedInUsername();
// this is just to check whether the user has access to the api or the api exists.
try {
APIConsumer apiConsumer = RestApiCommonUtil.getLoggedInUserConsumer();
String organization = ApiMgtDAO.getInstance().getOrganizationByAPIUUID(apiId.getUUID());
apiConsumer.getLightweightAPIByUUID(apiId.getUUID(), organization);
} catch (APIManagementException e) {
if (RestApiUtil.isDueToAuthorizationFailure(e)) {
String message = "user " + username + " failed to access the API " + apiId + " due to an authorization failure";
log.info(message);
return false;
} else {
// This is an unexpected failure
String message = "Failed to retrieve the API " + apiId + " to check user " + username + " has access to the API";
throw new APIManagementException(message, e);
}
}
return true;
}
use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.
the class RestAPIStoreUtils method isUserAccessAllowedForAPIByUUID.
/**
* Check whether the specified API exists and the current logged in user has access to it.
* <p>
* When it tries to retrieve the resource from the registry, it will fail with AuthorizationFailedException if user
* does not have enough privileges. If the API does not exist, this will throw a APIMgtResourceNotFoundException
*
* @param apiId API UUID
* @param organization Identifier of the organization
* @throws APIManagementException
*/
public static boolean isUserAccessAllowedForAPIByUUID(String apiId, String organization) throws APIManagementException {
String username = RestApiCommonUtil.getLoggedInUsername();
APIConsumer consumer = RestApiCommonUtil.getLoggedInUserConsumer();
// this is just to check whether the user has access to the api or the api exists.
try {
consumer.getLightweightAPIByUUID(apiId, organization);
} catch (APIManagementException e) {
if (RestApiUtil.isDueToAuthorizationFailure(e)) {
String message = "user " + username + " failed to access the API " + apiId + " due to an authorization failure";
log.info(message);
return false;
} else {
// This is an unexpected failure
String message = "Failed to retrieve the API " + apiId + " to check user " + username + " has access to the API";
throw new APIManagementException(message, e);
}
}
return true;
}
use of org.wso2.carbon.registry.core.secure.AuthorizationFailedException in project carbon-apimgt by wso2.
the class RestApiUtilTest method testisDueToAuthorizationFailureWithAuthorizationFailedException.
@Test
public void testisDueToAuthorizationFailureWithAuthorizationFailedException() throws Exception {
AuthorizationFailedException sampleAuthorizationFailedException = new AuthorizationFailedException("New Sample exception");
Throwable testThrowable = new Throwable();
PowerMockito.spy(RestApiUtil.class);
PowerMockito.doReturn(sampleAuthorizationFailedException).when(RestApiUtil.class, "getPossibleErrorCause", testThrowable);
Assert.assertTrue("Invalid exception has been passed.", RestApiUtil.isDueToAuthorizationFailure(testThrowable));
}
Aggregations