org.springframework.security.access.AccessDeniedException.<init>()方法的使用及代码示例
本文整理了Java中org.springframework.security.access.AccessDeniedException.<init>()方法的一些代码示例,展示了AccessDeniedException.<init>()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。AccessDeniedException.<init>()方法的具体详情如下:
包路径:org.springframework.security.access.AccessDeniedException
类名称:AccessDeniedException
方法名:<init>
AccessDeniedException.<init>介绍
[英]Constructs an AccessDeniedException with the specified message.
[中]使用指定的消息构造一个AccessDeniedException。
代码示例
代码示例来源:origin: spring-projects/spring-security
public Object decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes,
Object returnedObject) throws AccessDeniedException {
throw new AccessDeniedException("custom AfterInvocationManager");
}代码示例来源:origin: spring-projects/spring-security
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
throw new AccessDeniedException("Always Denied");
}
public boolean supports(ConfigAttribute attribute) {代码示例来源:origin: spring-projects/spring-security
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
throw new AccessDeniedException("teapot");
}代码示例来源:origin: spring-projects/spring-security-oauth
@ExceptionHandler(HttpSessionRequiredException.class)
public ModelAndView handleHttpSessionRequiredException(HttpSessionRequiredException e, ServletWebRequest webRequest)
throws Exception {
logger.info("Handling Session required error: " + e.getMessage());
return handleException(new AccessDeniedException("Could not obtain authorization request from session", e),
webRequest);
}代码示例来源:origin: geoserver/geoserver
public static RuntimeException unauthorizedAccess() {
// not hide, and not filtering out a list, this
// is an unauthorized direct resource access, complain
Authentication user = user();
if (user == null || user.getAuthorities().size() == 0)
return new InsufficientAuthenticationException(
"Operation unallowed with the current privileges");
else return new AccessDeniedException("Operation unallowed with the current privileges");
}代码示例来源:origin: geoserver/geoserver
public static RuntimeException unauthorizedAccess(String resourceName) {
// not hide, and not filtering out a list, this
// is an unauthorized direct resource access, complain
Authentication user = user();
if (user == null || user.getAuthorities().size() == 0)
return new InsufficientAuthenticationException(
"Cannot access " + resourceName + " as anonymous");
else
return new AccessDeniedException(
"Cannot access " + resourceName + " with the current privileges");
}代码示例来源:origin: spring-projects/spring-security-oauth
/**
* Get the verification key for the token signatures. The principal has to
* be provided only if the key is secret
* (shared not public).
*
* @param principal the currently authenticated user if there is one
* @return the key used to verify tokens
*/
@RequestMapping(value = "/oauth/token_key", method = RequestMethod.GET)
@ResponseBody
public Map<String, String> getKey(Principal principal) {
if ((principal == null || principal instanceof AnonymousAuthenticationToken) && !converter.isPublic()) {
throw new AccessDeniedException("You need to authenticate to see a shared key");
}
Map<String, String> result = converter.getKey();
return result;
}代码示例来源:origin: spring-projects/spring-security
protected final void checkAllowIfAllAbstainDecisions() {
if (!this.isAllowIfAllAbstainDecisions()) {
throw new AccessDeniedException(messages.getMessage(
"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
}
}代码示例来源:origin: ctripcorp/apollo
@DeleteMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}")
public void deleteBranch(@PathVariable String appId,
@PathVariable String env,
@PathVariable String clusterName,
@PathVariable String namespaceName,
@PathVariable String branchName) {
boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
(permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env) &&
releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null);
if (!canDelete) {
throw new AccessDeniedException("Forbidden operation. "
+ "Caused by: 1.you don't have release permission "
+ "or 2. you don't have modification permission "
+ "or 3. you have modification permission but branch has been released");
}
namespaceBranchService.deleteBranch(appId, Env.valueOf(env), clusterName, namespaceName, branchName);
}代码示例来源:origin: org.springframework.security/spring-security-core
protected final void checkAllowIfAllAbstainDecisions() {
if (!this.isAllowIfAllAbstainDecisions()) {
throw new AccessDeniedException(messages.getMessage(
"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
}
}代码示例来源:origin: cloudfoundry/uaa
public void checkIdentityZone(IdentityZone identityZone) {
if (IdentityZone.getUaa().equals(identityZone)) {
throw new AccessDeniedException("Access to UAA is not allowed.");
}
}代码示例来源:origin: cloudfoundry/uaa
private String getCurrentUserId() {
if (!securityContextAccessor.isUser()) {
throw new AccessDeniedException("Approvals can only be managed by a user");
}
return securityContextAccessor.getUserId();
}代码示例来源:origin: ctripcorp/apollo
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@DeleteMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}")
public void deleteBranch(@PathVariable String appId,
@PathVariable String env,
@PathVariable String clusterName,
@PathVariable String namespaceName,
@PathVariable String branchName,
@RequestParam("operator") String operator,
HttpServletRequest request) {
RequestPrecondition.checkArguments(!StringUtils.isContainEmpty(operator),"operator can not be empty");
if (userService.findByUserId(operator) == null) {
throw new BadRequestException("operator " + operator + " not exists");
}
boolean canDelete = consumerPermissionValidator.hasReleaseNamespacePermission(request, appId, namespaceName, env) ||
(consumerPermissionValidator.hasModifyNamespacePermission(request, appId, namespaceName, env) &&
releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null);
if (!canDelete) {
throw new AccessDeniedException("Forbidden operation. "
+ "Caused by: 1.you don't have release permission "
+ "or 2. you don't have modification permission "
+ "or 3. you have modification permission but branch has been released");
}
namespaceBranchService.deleteBranch(appId, Env.valueOf(env.toUpperCase()), clusterName, namespaceName, branchName, operator);
}代码示例来源:origin: spring-projects/spring-security
/**
* Determines if access should be granted for a specific authentication and object
*
* @param authentication the Authentication to check
* @param object the object to check
* @return an empty Mono if authorization is granted or a Mono error if access is
* denied
*/
default Mono<Void> verify(Mono<Authentication> authentication, T object) {
return check(authentication, object)
.filter( d -> d.isGranted())
.switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
.flatMap( d -> Mono.empty() );
}
}代码示例来源:origin: spring-projects/spring-security
@Test(expected = AccessDeniedException.class)
public void preSendDeny() throws Exception {
when(source.getAttributes(message)).thenReturn(attrs);
doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(
any(Authentication.class), eq(message), eq(attrs));
interceptor.preSend(message, channel);
}代码示例来源:origin: spring-projects/spring-security
@SuppressWarnings("unchecked")
@Test
public void callbackIsNotInvokedWhenPermissionDenied() throws Exception {
doThrow(new AccessDeniedException("denied")).when(adm).decide(
any(), any(), any());
SecurityContextHolder.getContext().setAuthentication(token);
try {
interceptor.invoke(joinPoint, aspectJCallback);
fail("Expected AccessDeniedException");
}
catch (AccessDeniedException expected) {
}
verify(aspectJCallback, never()).proceedWithObject();
}代码示例来源:origin: ctripcorp/apollo
@PutMapping(value = "/apps/{appId}/namespaces/{namespaceName}/items", consumes = {"application/json"})
public ResponseEntity<Void> update(@PathVariable String appId, @PathVariable String namespaceName,
@RequestBody NamespaceSyncModel model) {
checkModel(!model.isInvalid());
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName);
Env envNoPermission = null;
// if uses has ModifyNamespace permission then he has permission
if (!hasPermission) {
// else check if user has every env's ModifyNamespace permission
hasPermission = true;
for (NamespaceIdentifier namespaceIdentifier : model.getSyncToNamespaces()) {
// once user has not one of the env's ModifyNamespace permission, then break the loop
hasPermission &= permissionValidator.hasModifyNamespacePermission(namespaceIdentifier.getAppId(), namespaceIdentifier.getNamespaceName(), namespaceIdentifier.getEnv().toString());
if (!hasPermission) {
envNoPermission = namespaceIdentifier.getEnv();
break;
}
}
}
if (hasPermission) {
configService.syncItems(model.getSyncToNamespaces(), model.getSyncItems());
return ResponseEntity.status(HttpStatus.OK).build();
}
else
throw new AccessDeniedException(String.format("您没有修改环境%s的权限", envNoPermission));
}代码示例来源:origin: spring-projects/spring-security
@Test
public void declinesAccessUsingCreate() throws Exception {
Object object = new TargetObject();
final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase",
"foobar");
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
when(mds.getAttributes(mi)).thenReturn(role);
doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
assertThat(mipe.isAllowed(mi, token)).isFalse();
}代码示例来源:origin: spring-projects/spring-security
@Test
public void declinesAccessUsingCreateFromClass() throws Exception {
final MethodInvocation mi = MethodInvocationUtils.createFromClass(
new OtherTargetObject(), ITargetObject.class, "makeLowerCase",
new Class[] { String.class }, new Object[] { "helloWorld" });
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
when(mds.getAttributes(mi)).thenReturn(role);
doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
assertThat(mipe.isAllowed(mi, token)).isFalse();
}
}代码示例来源:origin: ctripcorp/apollo
@PutMapping(path = "/envs/{env}/releases/{releaseId}/rollback")
public void rollback(@PathVariable String env,
@PathVariable long releaseId) {
ReleaseDTO release = releaseService.findReleaseById(Env.valueOf(env), releaseId);
if (release == null) {
throw new NotFoundException("release not found");
}
if (!permissionValidator.hasReleaseNamespacePermission(release.getAppId(), release.getNamespaceName(), env)) {
throw new AccessDeniedException("Access is denied");
}
releaseService.rollback(Env.valueOf(env), releaseId);
ConfigPublishEvent event = ConfigPublishEvent.instance();
event.withAppId(release.getAppId())
.withCluster(release.getClusterName())
.withNamespace(release.getNamespaceName())
.withPreviousReleaseId(releaseId)
.setRollbackEvent(true)
.setEnv(Env.valueOf(env));
publisher.publishEvent(event);
}
}内容来源于网络,如有侵权,请联系作者删除!
