@Override public void checkPermission(String domain, String instance, String action) throws ForbiddenException { throw new ForbiddenException("User is not authorized to perform operation"); }
@Override public Response callback(UriInfo uriInfo, List<String> errorValues) throws ForbiddenException { throw new ForbiddenException("Method is not supported in this implementation of OAuth API"); }
@Override public void checkPermission(String domain, String instance, String action) throws ForbiddenException { throw new ForbiddenException( "User is not authorized to perform " + action + " of " + domain + " with id '" + instance + "'"); }
@Override public Set<OAuthAuthenticatorDescriptor> getRegisteredAuthenticators(UriInfo uriInfo) throws ForbiddenException { throw new ForbiddenException("Method is not supported in this implementation of OAuth API"); } }
@Override public void invalidateToken(String oauthProvider) throws ForbiddenException { throw new ForbiddenException("Method is not supported in this implementation of OAuth API"); }
@Override public void checkPermissions(String id, AccountOperation operation) throws ForbiddenException { // ignore action because user should be able to do anything in his personal account if (!EnvironmentContext.getCurrent().getSubject().getUserId().equals(id)) { throw new ForbiddenException("User is not authorized to use specified account"); } }
@Override public void check(String methodName, Map<String, String> scope) throws ForbiddenException { String workspaceId = scope.get("workspaceId"); if (workspaceId == null) { throw new ForbiddenException("Workspace id must be specified in scope"); } Subject currentSubject = EnvironmentContext.getCurrent().getSubject(); if (!currentSubject.hasPermission(WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.RUN) && !currentSubject.hasPermission( WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.USE)) { throw new ForbiddenException( "The current user doesn't have permissions to listen to the specified workspace events"); } } }
+ "Empty attribute name is not allowed. "); if (name.startsWith("codenvy")) throw new ForbiddenException( "Attribute '" + attribute + "' is not allowed. 'codenvy' prefix is reserved. ");
void checkAccountPermissions(String accountName, AccountOperation operation) throws ForbiddenException, NotFoundException, ServerException { if (accountName == null) { // default namespace will be used return; } final Account account = accountManager.getByName(accountName); AccountPermissionsChecker accountPermissionsChecker = accountTypeToPermissionsChecker.get(account.getType()); if (accountPermissionsChecker == null) { throw new ForbiddenException("User is not authorized to use specified namespace"); } accountPermissionsChecker.checkPermissions(account.getId(), operation); } }
@Override protected void filter(GenericResourceMethod genericMethodResource, Object[] arguments) throws ForbiddenException { if (!(EnvironmentContext.getCurrent().getSubject() instanceof MachineTokenAuthorizedSubject)) { return; } if (!allowedMethodsByPath .get(genericMethodResource.getParentResource().getPathValue().getPath()) .contains(genericMethodResource.getMethod().getName())) { throw new ForbiddenException("This operation cannot be performed using machine token."); } } }
@Override public void check(Permissions permissions) throws ForbiddenException { if (!"*".equals(permissions.getUserId())) { defaultChecker.check(permissions); return; } final Set<String> unsupportedPublicActions = new HashSet<>(permissions.getActions()); unsupportedPublicActions.remove(READ); // public search is supported only for admins if (EnvironmentContext.getCurrent() .getSubject() .hasPermission(SystemDomain.DOMAIN_ID, null, MANAGE_SYSTEM_ACTION)) { unsupportedPublicActions.remove(SEARCH); } else { defaultChecker.check(permissions); } if (!unsupportedPublicActions.isEmpty()) { throw new ForbiddenException( "Following actions are not supported for setting as public:" + getActions() .stream() .filter(a -> !(a.equals(READ) || a.equals(SEARCH))) .collect(toList())); } } }
@Override protected void filter(GenericResourceMethod resource, Object[] args) throws ApiException { switch (resource.getMethod().getName()) { // Public methods case "getInstaller": case "getVersions": case "getInstallers": case "getOrderedInstallers": break; case "add": case "remove": case "update": EnvironmentContext.getCurrent() .getSubject() .checkPermission(SystemDomain.DOMAIN_ID, null, SystemDomain.MANAGE_SYSTEM_ACTION); break; default: throw new ForbiddenException("The user does not have permission to perform this operation"); } } }
DtoFactory.getInstance().createDtoFromJson(str, KeycloakErrorResponse.class); if (responseCode == Response.Status.FORBIDDEN.getStatusCode()) { throw new ForbiddenException(serviceError.getErrorMessage()); } else if (responseCode == Response.Status.NOT_FOUND.getStatusCode()) { throw new NotFoundException(serviceError.getErrorMessage());
if (serviceError.getMessage() != null) { if (responseCode == Response.Status.FORBIDDEN.getStatusCode()) { throw new ForbiddenException(serviceError); } else if (responseCode == Response.Status.NOT_FOUND.getStatusCode()) { throw new NotFoundException(serviceError);
if (serviceError.getMessage() != null) { if (responseCode == Response.Status.FORBIDDEN.getStatusCode()) { throw new ForbiddenException(serviceError); } else if (responseCode == Response.Status.NOT_FOUND.getStatusCode()) { throw new NotFoundException(serviceError);
throw new ForbiddenException("The user does not have permission to perform this operation"); throw new ForbiddenException( "The user does not have permission to " + action + " stack with id '" + stackId + "'");
@Override public void doAccept(String method, Object... params) throws ForbiddenException { String workspaceId; switch (method) { case BOOTSTRAPPER_STATUS_CHANGED_METHOD: workspaceId = ((BootstrapperStatusEvent) params[0]).getRuntimeId().getWorkspaceId(); break; case INSTALLER_LOG_METHOD: workspaceId = ((InstallerLogEvent) params[0]).getRuntimeId().getWorkspaceId(); break; case INSTALLER_STATUS_CHANGED_METHOD: workspaceId = ((InstallerStatusEvent) params[0]).getRuntimeId().getWorkspaceId(); break; default: throw new ForbiddenException("Unknown method is configured to be filtered."); } Subject currentSubject = EnvironmentContext.getCurrent().getSubject(); if (!currentSubject.hasPermission( WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.RUN)) { throw new ForbiddenException( "User doesn't have the required permissions to the specified workspace"); } } }
throw new ForbiddenException("The user does not have permission to perform this operation"); throw new ForbiddenException( "The user does not have permission to " + action