org.apache.cxf.interceptor.security.AccessDeniedException Java Examples
The following examples show how to use
org.apache.cxf.interceptor.security.AccessDeniedException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthorizationHandler.java From geofence with GNU General Public License v2.0 | 6 votes |
public void handleMessage(Message message) throws Fault { SecurityContext sc = message.get(SecurityContext.class); if (sc == null) { return; } Method method = getTargetMethod(message); if (authorize(sc, method)) { return; } throw new AccessDeniedException("Unauthorized"); }
Example #2
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testMultipleClaims() throws Exception { doTestClaims("multipleClaims", createDefaultClaim("admin"), createClaim("http://authentication", "http://claims", "smartcard"), createClaim("http://location", "http://claims", "UK")); doTestClaims("multipleClaims", createDefaultClaim("admin"), createClaim("http://authentication", "http://claims", "password"), createClaim("http://location", "http://claims", "USA")); try { doTestClaims("multipleClaims", createDefaultClaim("admin"), createClaim("http://authentication", "http://claims", "unsecuretransport"), createClaim("http://location", "http://claims", "UK")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #3
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testClaimMatchAll() throws Exception { doTestClaims("claimMatchAll", createDefaultClaim("admin", "manager"), createClaim("http://authentication", "http://claims", "password")); try { doTestClaims("claimMatchAll", createDefaultClaim("admin"), createClaim("http://authentication", "http://claims", "password")); doTestClaims("claimMatchAll", createDefaultClaim("manager"), createClaim("http://authentication", "http://claims", "password")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #4
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testNonSAMLClaimDefaultNameAndFormat() throws Exception { org.apache.cxf.rt.security.claims.Claim claim1 = new org.apache.cxf.rt.security.claims.Claim(); claim1.setClaimType("role"); claim1.setValues(Arrays.asList("admin", "user")); org.apache.cxf.rt.security.claims.Claim claim2 = new org.apache.cxf.rt.security.claims.Claim(); claim2.setClaimType("http://authentication"); claim2.setValues(Arrays.asList("password")); Message m = prepareMessage(TestService.class, "claimWithSpecificName", "role", claim1, claim2); interceptor.handleMessage(m); try { claim1.setValues(Arrays.asList("user")); m = prepareMessage(TestService.class, "claimWithSpecificName", "role", claim1, claim2); interceptor.handleMessage(m); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #5
Source File: SecurityOutFaultInterceptor.java From cxf with Apache License 2.0 | 6 votes |
public void handleMessage(Message message) throws Fault { Fault fault = (Fault)message.getContent(Exception.class); Throwable ex = fault.getCause(); if (!(ex instanceof SecurityException)) { throw new RuntimeException("Security Exception is expected"); } HttpServletResponse response = (HttpServletResponse)message.getExchange().getInMessage() .get(AbstractHTTPDestination.HTTP_RESPONSE); int status = ex instanceof AccessDeniedException ? 403 : 401; response.setStatus(status); try { response.getOutputStream().write(ex.getMessage().getBytes()); response.getOutputStream().flush(); } catch (IOException iex) { // ignore } message.getInterceptorChain().abort(); }
Example #6
Source File: NetworkAddressValidatingInterceptor.java From sakai with Educational Community License v2.0 | 6 votes |
protected Method getTargetMethod(Message m) { // Used the SOAP BindingOperationInfo bop = m.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) m.getExchange().get(Service.class).get(MethodDispatcher.class.getName()); return md.getMethod(bop); } // Used for JAX-RS // This doesn't work for JAX-RS sub-resources as the lookup is only done on the original method, not the // sub-resource Method method = (Method) m.get("org.apache.cxf.resource.method"); if (method != null) { return method; } throw new AccessDeniedException("Method is not available : Unauthorized"); }
Example #7
Source File: StratosAuthorizingHandler.java From attic-stratos with Apache License 2.0 | 6 votes |
/** * Here we are getting the target invocation method. The method get set as a * properties in the * message by the * {@link org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor} * * @param message incoming message * @return */ protected Method getTargetMethod(Message message) { BindingOperationInfo bop = message.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) message.getExchange().get(Service.class) .get(MethodDispatcher.class.getName()); return md.getMethod(bop); } Method method = (Method) message.get("org.apache.cxf.resource.method"); if (method != null) { return method; } log.error("The requested resource is not found. Please check the resource path etc.."); throw new AccessDeniedException("Method is not available : Unauthorized"); }
Example #8
Source File: AuthorizationHandler.java From geofence with GNU General Public License v2.0 | 6 votes |
protected Method getTargetMethod(Message m) { BindingOperationInfo bop = m.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) m.getExchange().get(Service.class).get(MethodDispatcher.class.getName()); return md.getMethod(bop); } Method method = (Method) m.get("org.apache.cxf.resource.method"); if (method != null) { return method; } throw new AccessDeniedException("Method is not available : Unauthorized"); }
Example #9
Source File: NetworkAddressValidatingInterceptor.java From sakai with Educational Community License v2.0 | 6 votes |
protected Method getTargetMethod(Message m) { // Used the SOAP BindingOperationInfo bop = m.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) m.getExchange().get(Service.class).get(MethodDispatcher.class.getName()); return md.getMethod(bop); } // Used for JAX-RS // This doesn't work for JAX-RS sub-resources as the lookup is only done on the original method, not the // sub-resource Method method = (Method) m.get("org.apache.cxf.resource.method"); if (method != null) { return method; } throw new AccessDeniedException("Method is not available : Unauthorized"); }
Example #10
Source File: ClaimsAuthorizingInterceptor.java From cxf with Apache License 2.0 | 5 votes |
public void handleMessage(Message message) throws Fault { SecurityContext sc = message.get(SecurityContext.class); if (!(sc instanceof ClaimsSecurityContext)) { throw new AccessDeniedException("Security Context is unavailable or unrecognized"); } Method method = MessageUtils.getTargetMethod(message).orElseThrow(() -> new AccessDeniedException("Method is not available : Unauthorized")); if (authorize((ClaimsSecurityContext)sc, method)) { return; } throw new AccessDeniedException("Unauthorized"); }
Example #11
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testClaimDefaultNameAndFormat() throws Exception { doTestClaims("claimWithDefaultNameAndFormat", createDefaultClaim("admin", "user"), createClaim("http://authentication", "http://claims", "password")); try { doTestClaims("claimWithDefaultNameAndFormat", createDefaultClaim("user"), createClaim("http://authentication", "http://claims", "password")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #12
Source File: StratosAuthorizingHandler.java From attic-stratos with Apache License 2.0 | 5 votes |
/** * Here we are getting the target invocation method. The method get set as a property in the * message by the {@link org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor} * * @param message incoming message * @return */ protected Method getTargetMethod(Message message) { BindingOperationInfo bop = message.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) message.getExchange().get(Service.class).get(MethodDispatcher.class.getName()); return md.getMethod(bop); } Method method = (Method) message.get("org.apache.cxf.resource.method"); if (method != null) { return method; } log.error("The requested resource is not found. Please check the resource path, etc"); throw new AccessDeniedException("Method is not available: Unauthorized"); }
Example #13
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testMissingExpectedClaim() throws Exception { doTestClaims("claimWithDefaultNameAndFormat", createDefaultClaim("admin"), createClaim("http://authentication", "http://claims", "password")); try { doTestClaims("claimWithDefaultNameAndFormat", createDefaultClaim("admin")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #14
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testClaimSpecificNameAndFormat() throws Exception { doTestClaims("claimWithSpecificNameAndFormat", createClaim("http://cxf/roles", "http://claims", "admin", "user"), createClaim("http://authentication", "http://claims", "password")); try { doTestClaims("claimWithSpecificNameAndFormat", createDefaultClaim("admin", "user"), createClaim("http://authentication", "http://claims", "password")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #15
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testClaimLaxMode() throws Exception { doTestClaims("claimLaxMode", createClaim("http://authentication", "http://claims", "password")); doTestClaims("claimLaxMode"); try { doTestClaims("claimLaxMode", createClaim("http://authentication", "http://claims", "smartcard")); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #16
Source File: ClaimsAuthorizingInterceptorTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testUserInRoleAndClaims() throws Exception { SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor(); in.setAnnotationClassName(SecureRole.class.getName()); in.setSecuredObject(new TestService2()); Message m = prepareMessage(TestService2.class, "test", createDefaultClaim("admin"), createClaim("a", "b", "c")); in.handleMessage(m); ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor(); SAMLClaim claim = new SAMLClaim(); claim.setNameFormat("a"); claim.setName("b"); claim.addValue("c"); in2.setClaims(Collections.singletonMap("test", Collections.singletonList( new ClaimBean(claim, "a", null, false)))); in2.handleMessage(m); try { in.handleMessage(prepareMessage(TestService2.class, "test", createDefaultClaim("user"))); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
Example #17
Source File: ClaimsAuthorizingFilter.java From cxf with Apache License 2.0 | 5 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); try { interceptor.handleMessage(message); } catch (AccessDeniedException ex) { context.abortWith(Response.status(Response.Status.FORBIDDEN).build()); } }
Example #18
Source File: SimpleAuthorizingFilter.java From cxf with Apache License 2.0 | 5 votes |
@Override public void filter(ContainerRequestContext context) { try { interceptor.handleMessage(JAXRSUtils.getCurrentMessage()); } catch (AccessDeniedException ex) { context.abortWith(Response.status(Response.Status.FORBIDDEN).build()); } }
Example #19
Source File: AbstractXACMLAuthorizingInterceptor.java From cxf with Apache License 2.0 | 5 votes |
public void handleMessage(Message message) throws Fault { SecurityContext sc = message.get(SecurityContext.class); if (sc instanceof LoginSecurityContext) { Principal principal = sc.getUserPrincipal(); String principalName = null; if (principal != null) { principalName = principal.getName(); } LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc; Set<Principal> principalRoles = loginSecurityContext.getUserRoles(); List<String> roles = new ArrayList<>(); if (principalRoles != null) { for (Principal p : principalRoles) { if (p != null && p.getName() != null && !p.getName().equals(principalName)) { roles.add(p.getName()); } } } try { if (authorize(principal, roles, message)) { return; } } catch (Exception e) { LOG.log(Level.FINE, "Unauthorized: " + e.getMessage(), e); throw new AccessDeniedException("Unauthorized"); } } else { LOG.log( Level.FINE, "The SecurityContext was not an instance of LoginSecurityContext. No authorization " + "is possible as a result" ); } throw new AccessDeniedException("Unauthorized"); }
Example #20
Source File: StratosAuthorizingHandler.java From product-private-paas with Apache License 2.0 | 5 votes |
/** * Here we are getting the target invocation method. The method get set as a property in the * message by the {@link org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor} * * @param message incoming message * @return */ protected Method getTargetMethod(Message message) { BindingOperationInfo bop = message.getExchange().get(BindingOperationInfo.class); if (bop != null) { MethodDispatcher md = (MethodDispatcher) message.getExchange().get(Service.class) .get(MethodDispatcher.class.getName()); return md.getMethod(bop); } Method method = (Method) message.get("org.apache.cxf.resource.method"); if (method != null) { return method; } log.error("The requested resource is not found. Please check the resource path etc.."); throw new AccessDeniedException("Method is not available : Unauthorized"); }
Example #21
Source File: FedizExceptionMapper.java From cxf-fediz with Apache License 2.0 | 4 votes |
public Response toResponse(AccessDeniedException exception) { return Response.status(Response.Status.FORBIDDEN).build(); }