/** * Verifies whether the user has a specific permission. If not it throws a standard UnauthorizedException. * @throws UnauthorizedException User did not have the permission */ private void verifyPermission(Subject subject, String permission) throws UnauthorizedException { if (!subject.hasPermission(permission)) { throw new UnauthorizedException(); } }
/** * For historical reasons the JSON returned for unauthorized exceptions uses a key called "reason", not "message". */ public String getReason() { return getMessage(); } }
protected RuntimeException convertException(EmoClientException e) { EmoResponse response = e.getResponse(); String exceptionType = response.getFirstHeader("X-BV-Exception"); if (response.getStatus() == Response.Status.BAD_REQUEST.getStatusCode() && IllegalArgumentException.class.getName().equals(exceptionType)) { return new IllegalArgumentException(response.getEntity(String.class), e); } else if (response.getStatus() == Response.Status.NOT_FOUND.getStatusCode() && UnknownMoveException.class.getName().equals(exceptionType)) { return response.getEntity(UnknownMoveException.class); } else if (response.getStatus() == Response.Status.FORBIDDEN.getStatusCode() && UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e); } } else if (response.getStatus() == Response.Status.SERVICE_UNAVAILABLE.getStatusCode() && ServiceUnavailableException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(ServiceUnavailableException.class).initCause(e); } else { return (RuntimeException) new ServiceUnavailableException().initCause(e); } } return e; }
UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
/** * Verifies whether the user has permission to grant all of the provided roles. If not it throws an UnauthorizedException. * @throws UnauthorizedException User did not have the permission to grant at least one role. */ private void verifyPermissionToGrantRoles(Subject subject, Iterable<RoleIdentifier> roleIds) { Set<RoleIdentifier> unauthorizedIds = Sets.newTreeSet(); boolean anyAuthorized = false; for (RoleIdentifier roleId : roleIds) { // Verify the caller has permission to grant this role if (subject.hasPermission(Permissions.grantRole(roleId))) { anyAuthorized = true; } else { unauthorizedIds.add(roleId); } } if (!unauthorizedIds.isEmpty()) { // If the caller was not authorized to assign any of the provided roles raise a generic exception, otherwise // the exception provides insight as to which roles were unauthorized. This provides some helpful feedback // where appropriate without exposing potentially exploitable information about whether the subject's API key // is valid. if (!anyAuthorized) { throw new UnauthorizedException(); } else { throw new UnauthorizedException("Not authorized for roles: " + Joiner.on(", ").join(unauthorizedIds)); } } }
/** * For historical reasons the JSON returned for unauthorized exceptions uses a key called "reason", not "message". */ public String getReason() { return getMessage(); } }
UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
@Override public Response toResponse(AuthenticationException exception) { // AuthenticationException is only used internally to propagate authorization errors. Convert the // exception to the equivalent public-facing exception from the API. UnauthorizedException apiException = new UnauthorizedException(); return _providers.getExceptionMapper(UnauthorizedException.class).toResponse(apiException); } }
UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
@Override public Response toResponse(AuthorizationException exception) { // AuthorizationException is only used internally to propagate authorization errors. Convert the // exception to the equivalent public-facing exception from the API. UnauthorizedException apiException = new UnauthorizedException(); return _providers.getExceptionMapper(UnauthorizedException.class).toResponse(apiException); } }
UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
@PUT @Path ("_table/{table}") @Consumes (MediaType.APPLICATION_JSON) @Timed (name = "bv.emodb.sor.DataStoreResource1.createTable", absolute = true) @ApiOperation (value = "Creates a table", notes = "Returns a SuccessResponse if table is created", response = SuccessResponse.class ) public SuccessResponse createTable(@PathParam ("table") String table, @QueryParam ("options") TableOptionsParam optionParams, Map<String, Object> template, @QueryParam ("audit") AuditParam auditParam, @Context UriInfo uriInfo, @Authenticated Subject subject) { TableOptions options = getRequired(optionParams, "options"); Audit audit = getRequired(auditParam, "audit"); // Check permission for creating this table CreateTableResource resource = new CreateTableResource(table, options.getPlacement(), template); if (!subject.hasPermission(Permissions.createSorTable(resource))) { throw new UnauthorizedException(); } _dataStore.createTable(table, options, template, audit); return SuccessResponse.instance(); }
if (UnauthorizedException.class.getName().equals(exceptionType)) { if (response.hasEntity()) { return (RuntimeException) response.getEntity(UnauthorizedException.class).initCause(e); } else { return (RuntimeException) new UnauthorizedException().initCause(e);
@PUT @Path("_table/{table}") @Consumes(MediaType.APPLICATION_JSON) @Timed(name = "bv.emodb.blob.BlobStoreResource1.createTable", absolute = true) @ApiOperation (value = "Creates a table.", notes = "Returns a SuccessResponse if table is created.", response = SuccessResponse.class ) public SuccessResponse createTable(@PathParam("table") String table, @QueryParam("options") TableOptionsParam optionParams, Map<String, String> attributes, @QueryParam("audit") AuditParam auditParam, @Context UriInfo uriInfo, @Authenticated Subject subject) { TableOptions options = getRequired(optionParams, "options"); Audit audit = getRequired(auditParam, "audit"); // Check permission for creating this table CreateTableResource resource = new CreateTableResource(table, options.getPlacement(), attributes); if (!subject.hasPermission(Permissions.createBlobTable(resource))) { throw new UnauthorizedException(); } _blobStore.createTable(table, options, attributes, audit); return SuccessResponse.instance(); }
/** * Retrieves a list of content items for the specified comma-delimited coordinates. */ @GET @Path ("_multiget") @Timed (name = "bv.emodb.sor.DataStoreResource1.multiGet", absolute = true) @ApiOperation (value = "Retrieves a list of content items for the specified comma-delimited coordinates.", notes = "Retrieves a list of content items for the specified comma-delimited coordinates.", response = Iterator.class ) public Iterator<Map<String, Object>> multiGet(@QueryParam ("id") List<String> coordinates, @QueryParam ("consistency") @DefaultValue ("STRONG") ReadConsistencyParam consistency, @QueryParam ("debug") BooleanParam debug, final @Authenticated Subject subject) { List<Coordinate> coordinateList = parseCoordinates(coordinates); for (Coordinate coordinate : coordinateList) { if (!subject.hasPermission(Permissions.readSorTable(new NamedResource(coordinate.getTable())))) { throw new UnauthorizedException("not authorized to read table " + coordinate.getTable()); } } return streamingIterator(_dataStore.multiGet(coordinateList, consistency.get()), debug); }