org.apache.shiro.config.ConfigurationException Java Examples
The following examples show how to use
org.apache.shiro.config.ConfigurationException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ShiroIniConverter.java From attic-aurora with Apache License 2.0 | 6 votes |
|
@Override
public Ini convert(String raw) {
Ini ini;
try {
ini = Ini.fromResourcePath(raw);
} catch (ConfigurationException e) {
throw new ParameterException(getErrorString(raw, e.getMessage()), e);
}
Set<String> presentSections = ImmutableSortedSet.copyOf(ini.getSectionNames());
if (presentSections.isEmpty()) {
throw new MissingSectionsException();
}
Set<String> extraSections = Sets.difference(presentSections, ALLOWED_SECTION_NAMES);
if (!extraSections.isEmpty()) {
throw new ExtraSectionsException(extraSections);
}
return ini;
}
Example #2
| Source File: AbstractSearchPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@VisibleForTesting
public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
List<SearchModelAuthorizable> result = Lists.newArrayList();
System.err.println("privilege = " + string);
for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
// XXX this ugly hack is because action is not an authorizable
if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
if(authorizable == null) {
String msg = "No authorizable found for " + section;
throw new ConfigurationException(msg);
}
result.add(authorizable);
}
}
return result;
}
Example #3
| Source File: ShiroConfig.java From supplierShop with MIT License | 6 votes |
|
/**
* 返回配置文件流 避免ehcache配置文件一直被占用,无法完全销毁项目重新部署
*/
protected InputStream getCacheManagerConfigFileInputStream()
{
String configFile = "classpath:ehcache/ehcache-shiro.xml";
InputStream inputStream = null;
try
{
inputStream = ResourceUtils.getInputStreamForPath(configFile);
byte[] b = IOUtils.toByteArray(inputStream);
InputStream in = new ByteArrayInputStream(b);
return in;
}
catch (IOException e)
{
throw new ConfigurationException(
"Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
}
finally
{
IOUtils.closeQuietly(inputStream);
}
}
Example #4
| Source File: ShiroConfig.java From LuckyFrameWeb with GNU Affero General Public License v3.0 | 6 votes |
|
/**
* 返回配置文件流 避免ehcache配置文件一直被占用,无法完全销毁项目重新部署
*/
protected InputStream getCacheManagerConfigFileInputStream()
{
String configFile = "classpath:ehcache/ehcache-shiro.xml";
InputStream inputStream = null;
try
{
inputStream = ResourceUtils.getInputStreamForPath(configFile);
byte[] b = IOUtils.toByteArray(inputStream);
return new ByteArrayInputStream(b);
}
catch (IOException e)
{
throw new ConfigurationException(
"Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
}
finally
{
IOUtils.closeQuietly(inputStream);
}
}
Example #5
| Source File: ServerNameRequiredMatch.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Override
public void validate(PrivilegeValidatorContext context)
throws ConfigurationException {
Iterable<SqoopAuthorizable> authorizables = parsePrivilege(context.getPrivilege());
boolean match = false;
for (SqoopAuthorizable authorizable : authorizables) {
if (authorizable instanceof Server && authorizable.getName().equalsIgnoreCase(sqoopServerName)) {
match = true;
break;
}
}
if (!match) {
String msg = "server=[name] in " + context.getPrivilege()
+ " is required. The name is expected " + sqoopServerName;
throw new ConfigurationException(msg);
}
}
Example #6
| Source File: AbstractIndexerPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@VisibleForTesting
public static Iterable<IndexerModelAuthorizable> parsePrivilege(String string) {
List<IndexerModelAuthorizable> result = Lists.newArrayList();
for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
// XXX this ugly hack is because action is not an authorizable
if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
IndexerModelAuthorizable authorizable = IndexerModelAuthorizables.from(section);
if(authorizable == null) {
String msg = "No authorizable found for " + section;
throw new ConfigurationException(msg);
}
result.add(authorizable);
}
}
return result;
}
Example #7
| Source File: DatabaseMustMatch.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Override
public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
String database = context.getDatabase();
String privilege = context.getPrivilege();
/*
* Rule only applies to rules in per database policy file
*/
if(database != null) {
Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
for(DBModelAuthorizable authorizable : authorizables) {
if(authorizable instanceof Database &&
!database.equalsIgnoreCase(authorizable.getName())) {
String msg = "Privilege " + privilege + " references db " +
authorizable.getName() + ", but is only allowed to reference "
+ database;
throw new ConfigurationException(msg);
}
}
}
}
Example #8
| Source File: KafkaModelAuthorizables.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
public static KafkaAuthorizable from(AuthorizableType type, String name) throws ConfigurationException {
switch (type) {
case HOST:
return new Host(name);
case CLUSTER: {
if (!name.equals(Cluster.NAME)) {
throw new ConfigurationException("Kafka's cluster resource can only have name " + Cluster.NAME);
}
return new Cluster();
}
case TOPIC:
return new Topic(name);
case CONSUMERGROUP:
return new ConsumerGroup(name);
default:
return null;
}
}
Example #9
| Source File: AbstractDBPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@VisibleForTesting
public static Iterable<DBModelAuthorizable> parsePrivilege(String string) {
List<DBModelAuthorizable> result = Lists.newArrayList();
for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
// XXX this ugly hack is because action is not an authorizeable
if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
DBModelAuthorizable authorizable = DBModelAuthorizables.from(section);
if(authorizable == null) {
String msg = "No authorizable found for " + section;
throw new ConfigurationException(msg);
}
result.add(authorizable);
}
}
return result;
}
Example #10
| Source File: TestServerNameRequiredMatch.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testServerNameMatch() throws Exception {
ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1");
try {
serverNameMatch.validate(new PrivilegeValidatorContext("server=server1->connector=c1->action=read"));
} catch (ConfigurationException ex) {
Assert.fail("Not expected ConfigurationException");
}
}
Example #11
| Source File: ServerNameRequiredMatch.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
private Iterable<SqoopAuthorizable> parsePrivilege(String string) {
List<SqoopAuthorizable> result = Lists.newArrayList();
for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
SqoopAuthorizable authorizable = SqoopModelAuthorizables.from(section);
if(authorizable == null) {
String msg = "No authorizable found for " + section;
throw new ConfigurationException(msg);
}
result.add(authorizable);
}
}
return result;
}
Example #12
| Source File: KafkaModelAuthorizables.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
public static KafkaAuthorizable from(KeyValue keyValue) throws ConfigurationException {
String prefix = keyValue.getKey().toLowerCase();
String name = keyValue.getValue();
for (AuthorizableType type : AuthorizableType.values()) {
if (prefix.equalsIgnoreCase(type.name())) {
return from(type, name);
}
}
return null;
}
Example #13
| Source File: TestKafkaModelAuthorizables.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testClusterResourceNameIsRestricted() throws Exception {
try {
KafkaModelAuthorizables.from("Cluster=cluster1");
fail("Cluster with name other than " + Cluster.NAME + " must not have been created.");
} catch (ConfigurationException cex) {
assertEquals("Exception message is not as expected.", "Kafka's cluster resource can only have name " + Cluster.NAME, cex.getMessage());
} catch (Exception ex) {
fail("Configuration exception was expected for invalid Cluster name.");
}
}
Example #14
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testOnlyHostResource() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1"));
} catch (ConfigurationException ex) {
Assert.assertEquals(KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #15
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
private void testHostResourceIsChecked(KafkaPrivilegeValidator kafkaPrivilegeValidator, String privilege) {
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext(privilege));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException ex) {
Assert.assertEquals("Kafka privilege must begin with host authorizable.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #16
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testInvalidHostResource() throws Exception {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("hhost=host1->cluster=kafka-cluster->action=read"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException ex) {
}
}
Example #17
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testInvalidClusterResource() throws Exception {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->clluster=kafka-cluster->action=read"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException ex) {
}
}
Example #18
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testInvalidTopicResource() throws Exception {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->ttopic=t1->action=read"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException ex) {
}
}
Example #19
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testInvalidConsumerGroupResource() throws Exception {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->coonsumergroup=g1->action=read"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException ex) {
}
}
Example #20
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testPrivilegeMustHaveExcatlyOneHost() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->host=host2->action=read"));
Assert.fail("Multiple Host resources are not allowed within a Kafka privilege.");
} catch (ConfigurationException ex) {
Assert.assertEquals("Host authorizable can be specified just once in a Kafka privilege.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #21
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testPrivilegeCanNotStartWithAction() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("action=write->host=host1->topic=t1"));
Assert.fail("Kafka privilege can not start with an action.");
} catch (ConfigurationException ex) {
Assert.assertEquals("Kafka privilege can not start with an action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #22
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testPrivilegeWithMoreParts() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->consumergroup=cg1->action=read"));
Assert.fail("Kafka privilege can have one Host authorizable, at most one non Host authorizable and one action.");
} catch (ConfigurationException ex) {
Assert.assertEquals(KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #23
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testPrivilegeNotEndingWithAction() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->consumergroup=cg1"));
Assert.fail("Kafka privilege must end with a valid action.");
} catch (ConfigurationException ex) {
Assert.assertEquals("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #24
| Source File: TestKafkaPrivilegeValidator.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testPrivilegeNotEndingWithValidAction() {
KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
try {
kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->action=bla"));
Assert.fail("Kafka privilege must end with a valid action.");
} catch (ConfigurationException ex) {
Assert.assertEquals("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
}
}
Example #25
| Source File: PortFilter.java From tapestry-security with Apache License 2.0 | 5 votes |
|
protected int toPort(Object mappedValue) {
String[] ports = (String[]) mappedValue;
if (ports == null || ports.length == 0) {
return getPort();
}
if (ports.length > 1) {
throw new ConfigurationException("PortFilter can only be configured with a single port. You have " +
"configured " + ports.length + ": " + StringUtils.toString(ports));
}
return Integer.parseInt(ports[0]);
}
Example #26
| Source File: AuthConfig.java From v-mock with MIT License | 5 votes |
|
/**
* 返回配置文件流 避免ehcache配置文件一直被占用,无法完全销毁项目重新部署
*/
protected InputStream getCacheManagerConfigFileInputStream() {
String configFile = "classpath:ehcache/ehcache-shiro.xml";
try {
@Cleanup InputStream inputStream = ResourceUtils.getInputStreamForPath(configFile);
byte[] readBytes = IoUtil.readBytes(inputStream);
InputStream in = new ByteArrayInputStream(readBytes);
return in;
} catch (IOException e) {
throw new ConfigurationException(
"Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
}
}
Example #27
| Source File: SecurityModule.java From arcusplatform with Apache License 2.0 | 5 votes |
|
@Override
protected void bindSecurityManager(AnnotatedBindingBuilder<? super SecurityManager> bind) {
try {
bind.toConstructor(DefaultSecurityManager.class.getConstructor(Collection.class)).asEagerSingleton();
} catch (NoSuchMethodException e) {
throw new ConfigurationException("This really shouldn't happen. Either something has changed in Shiro, or there's a bug in " + ShiroModule.class.getSimpleName(), e);
}
}
Example #28
| Source File: ReplayProperties.java From super-cloudops with Apache License 2.0 | 5 votes |
|
@Override
public void afterPropertiesSet() throws Exception {
// Remove duplicate.
if (!isEmpty(excludeValidUriPatterns)) {
Collections2.disDupCollection(excludeValidUriPatterns);
}
// Check algorithm.
try {
DigestUtils2.getDigest(getSignatureAlg());
} catch (Exception e) {
if (e instanceof NoSuchAlgorithmException)
throw new ConfigurationException("Replay attacks protect config error.", e);
else
throw e;
}
// Check termTimeMs.
if (getTermTimeMs() < DEFAULT_REPLAY_TOKEN_TERM_TIME) {
log.warn("Term time: {} of replay attack token signature is too short, It is recommended to set is > {}ms",
getTermTimeMs(), DEFAULT_REPLAY_TOKEN_TERM_TIME);
}
// Check header name with cors allowed.
corsConfig.assertCorsHeaders(singletonList(getReplayTokenHeaderName()));
}
Example #29
| Source File: ShiroConfig.java From RuoYi with Apache License 2.0 | 5 votes |
|
/**
* 返回配置文件流 避免ehcache配置文件一直被占用,无法完全销毁项目重新部署
*/
private InputStream getCacheManagerConfigFileInputStream(){
String configFile = "classpath:ehcache/ehcache-shiro.xml";
try(InputStream inputStream = ResourceUtils.getInputStreamForPath(configFile)){
byte[] b = IOUtils.toByteArray(inputStream);
return new ByteArrayInputStream(b);
}catch (IOException e){
throw new ConfigurationException(
"Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
}
}
Example #30
| Source File: WebSecurityModule.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
/**
* @return Public constructor with given parameterTypes; wraps checked exceptions
*/
private static <T> Constructor<T> ctor(final Class<T> clazz, final Class<?>... parameterTypes) {
try {
return clazz.getConstructor(parameterTypes);
}
catch (Exception e) {
Throwables.throwIfUnchecked(e);
throw new ConfigurationException(e);
}
}
