Examples with AuthorizationException org.xwiki.security.authorization.AuthorizationException used on opensource projects

Example 1 with AuthorizationException

use of org.xwiki.security.authorization.AuthorizationException in project xwiki-platform by xwiki.

the class WikiManagerScriptService method deleteWiki.

/**
 * Delete the specified wiki.
 *
 * @param wikiId unique identifier of the wiki to delete
 * @return true if the wiki has been successfully deleted
 */
public boolean deleteWiki(String wikiId) {
    // Test if the script has the programming right
    XWikiContext context = xcontextProvider.get();
    try {
        // Check if the current script has the programming rights
        checkProgrammingRights();
        // Test right
        if (!canDeleteWiki(entityReferenceSerializer.serialize(context.getUserReference()), wikiId)) {
            throw new AuthorizationException("You don't have the right to delete the wiki");
        }
        // Delete the wiki
        wikiManager.delete(wikiId);
        // Return success
        return true;
    } catch (Exception e) {
        error(String.format("Failed to delete wiki [%s]", wikiId), e);
    }
    return false;
}

Example 2 with AuthorizationException

use of org.xwiki.security.authorization.AuthorizationException in project xwiki-platform by xwiki.

the class DefaultSecurityEntryReader method getWikiOwner.

/**
 * @param wikiReference the wiki to look for owner
 * @return a reference to the owner of the wiki
 * @throws AuthorizationException if the owner could not be retrieved.
 */
private DocumentReference getWikiOwner(WikiReference wikiReference) throws AuthorizationException {
    XWikiContext context = getXWikiContext();
    String wikiOwner;
    try {
        wikiOwner = context.getWiki().getWikiOwner(wikiReference.getName(), context);
    } catch (XWikiException e) {
        throw new AuthorizationException(wikiReference, "Could not retrieve the owner of this wiki", e);
    }
    if (wikiOwner == null) {
        return null;
    }
    return resolver.resolve(wikiOwner, wikiReference);
}

Example 3 with AuthorizationException

use of org.xwiki.security.authorization.AuthorizationException in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method load.

@Override
public SecurityAccessEntry load(UserSecurityReference user, SecurityReference entity) throws AuthorizationException {
    int retries = 0;
    Exception lastException;
    while (true) {
        rulesInvalidator.suspend();
        try {
            retries++;
            return loadRequiredEntries(user, entity);
        } catch (ParentEntryEvictedException e) {
            lastException = e;
            if (retries < MAX_RETRIES) {
                this.logger.debug("The parent entry was evicted. Have tried {} times.  Trying again...", retries);
                continue;
            }
        } catch (ConflictingInsertionException e) {
            lastException = e;
            if (retries < MAX_RETRIES) {
                this.logger.debug("There were conflicting insertions. Have tried {} times.  Retrying...", retries);
                continue;
            }
        } finally {
            rulesInvalidator.resume();
        }
        String message = String.format("Failed to load the cache in %d attempts. Giving up.", retries);
        this.logger.error(message);
        throw new AuthorizationException(user.getOriginalDocumentReference(), entity.getOriginalReference(), message, lastException);
    }
}

Example 4 with AuthorizationException

use of org.xwiki.security.authorization.AuthorizationException in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoaderTest method loadWithConflictingInsertionException.

@Test
public void loadWithConflictingInsertionException() throws Exception {
    DocumentReference userReference = new DocumentReference("wiki", "Users", "mflorea");
    UserSecurityReference user = securityReferenceFactory.newUserReference(userReference);
    DocumentReference documentReference = new DocumentReference("wiki", "Space", "Document");
    SecurityReference entity = securityReferenceFactory.newEntityReference(documentReference);
    SecurityRuleEntry documentEntry = mock(SecurityRuleEntry.class, "document");
    when(documentEntry.getReference()).thenReturn(entity);
    when(documentEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry spaceEntry = mock(SecurityRuleEntry.class, "space");
    when(spaceEntry.getReference()).thenReturn(entity.getParentSecurityReference());
    when(spaceEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry wikiEntry = mock(SecurityRuleEntry.class, "wiki");
    when(wikiEntry.getReference()).thenReturn(entity.getParentSecurityReference().getParentSecurityReference());
    when(wikiEntry.isEmpty()).thenReturn(true);
    SecurityCache securityCache = mocker.getInstance(SecurityCache.class);
    when(securityCache.get(entity)).thenReturn(documentEntry);
    when(securityCache.get(entity.getParentSecurityReference())).thenReturn(spaceEntry);
    when(securityCache.get(entity.getParentSecurityReference().getParentSecurityReference())).thenReturn(wikiEntry);
    when(securityCache.getGroupsFor(user, null)).thenReturn(null);
    UserBridge userBridge = mocker.getInstance(UserBridge.class);
    DocumentReference groupReference = new DocumentReference("wiki", "Groups", "AllGroup");
    Set<GroupSecurityReference> groups = Collections.singleton(securityReferenceFactory.newGroupReference(groupReference));
    when(userBridge.getAllGroupsFor(user, userReference.getWikiReference())).thenReturn(groups);
    SecurityAccessEntry securityAccessEntry = mock(SecurityAccessEntry.class);
    AuthorizationSettler authorizationSettler = mocker.getInstance(AuthorizationSettler.class);
    Deque<SecurityRuleEntry> securityRuleEntries = new LinkedList<SecurityRuleEntry>(Arrays.asList(documentEntry, spaceEntry, wikiEntry));
    when(authorizationSettler.settle(user, groups, securityRuleEntries)).thenReturn(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry, null);
    try {
        securityCacheLoader.load(user, entity);
        fail();
    } catch (AuthorizationException e) {
        assertEquals("Failed to load the cache in 5 attempts. Giving up. when checking  " + "access to [wiki:Space.Document] for user [wiki:Users.mflorea]", e.getMessage());
        assertTrue(ExceptionUtils.getRootCauseMessage(e).contains("ConflictingInsertionException"));
    }
    // Assert that we've also emitted a log
    assertEquals(1, this.logRule.size());
    assertEquals("Failed to load the cache in 5 attempts. Giving up.", this.logRule.getMessage(0));
}

Example 5 with AuthorizationException

use of org.xwiki.security.authorization.AuthorizationException in project xwiki-platform by xwiki.

the class DefaultUserBridge method getGroupsReferencesFor.

/**
 * Get all groups in a given wiki where a given user or group is a member of.
 *
 * @param wiki the wiki to search groups containing the user/group
 * @param userOrGroupDocumentReference the user/group document reference
 * @return the list of group where the user/group is a member
 * @throws AuthorizationException when an issue arise during retrieval.
 */
private Collection<DocumentReference> getGroupsReferencesFor(WikiReference wiki, DocumentReference userOrGroupDocumentReference) throws AuthorizationException {
    XWikiContext xwikiContext = getXWikiContext();
    XWikiGroupService groupService;
    try {
        groupService = xwikiContext.getWiki().getGroupService(xwikiContext);
    } catch (Exception e) {
        throw new AuthorizationException("Failed to access the group service.", e);
    }
    String currentWiki = xwikiContext.getWikiId();
    Collection<DocumentReference> groupReferences = new HashSet<>();
    try {
        xwikiContext.setWikiId(wiki.getName());
        // We get the groups of the member via the group service but we make sure to not use the group service's
        // cache by calling the method with a limit and an offset.
        // 
        // We do not use the group service's cache because it might not have been refreshed yet (for example, it can
        // happen when the security module is used inside a listener that reacts to the "SaveDocument" event just
        // before the XWikiGroupService listener is called). Because of this race condition, it is not a good idea
        // to have a cache depending on an other cache.
        // 
        // TODO: use a proper component to retrieve the groups of a member without any cache
        final int nb = 1000;
        int i = 0;
        while (groupReferences.addAll(groupService.getAllGroupsReferencesForMember(userOrGroupDocumentReference, nb, i * nb, xwikiContext))) {
            i++;
        }
        return groupReferences;
    } catch (Exception e) {
        throw new AuthorizationException(String.format("Failed to get groups for user or group [%s] in wiki [%s]", userOrGroupDocumentReference, wiki), e);
    } finally {
        xwikiContext.setWikiId(currentWiki);
    }
}