@Path("accounts/{accountId}/") public Item getItem(@PathParam("accountId") String accountId) { // An unauthorized user tries to enter throw new NotAuthorizedException("You Don't Have Permission"); }
throw new NotAuthorizedException("Authorization header must be provided");
@Override public void filter(ContainerRequestContext requestContext) throws IOException { final SecurityContext securityContext = requestContext.getSecurityContext(); if (securityContext instanceof ShiroSecurityContext) { final ShiroSecurityContext context = (ShiroSecurityContext) securityContext; final Subject subject = context.getSubject(); LOG.trace("Authenticating... {}", subject); if (!subject.isAuthenticated()) { try { LOG.trace("Logging in {}", subject); context.loginSubject(); } catch (LockedAccountException e) { LOG.debug("Unable to authenticate user, account is locked.", e); throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\""); } catch (AuthenticationException e) { LOG.debug("Unable to authenticate user.", e); throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\""); } } } else { throw new NotAuthorizedException("Basic realm=\"Graylog Server\""); } } }
public AccessToken finish(final String verifier) { parameters.setVerifier(verifier); final Response response = addProperties(client.target(accessTokenUri).request()).post(null); // accessToken request failed if (response.getStatus() >= 400) { throw new RuntimeException(LocalizationMessages.ERROR_REQUEST_ACCESS_TOKEN(response.getStatus())); } final Form form = response.readEntity(Form.class); final String accessToken = form.asMap().getFirst(OAuth1Parameters.TOKEN); final String accessTokenSecret = form.asMap().getFirst(OAuth1Parameters.TOKEN_SECRET); if (accessToken == null) { throw new NotAuthorizedException(LocalizationMessages.ERROR_REQUEST_ACCESS_TOKEN_NULL()); } parameters.token(accessToken); secrets.tokenSecret(accessTokenSecret); final AccessToken resultToken = new AccessToken(parameters.getToken(), secrets.getTokenSecret()); this.accessToken = resultToken; return resultToken; }
auditEventSender.failure(AuditActor.user(createRequest.username()), SESSION_CREATE, auditEventContext); throw new NotAuthorizedException("Invalid username or password", "Basic realm=\"Graylog Server session\"");
break; case UNAUTHORIZED: webAppException = new NotAuthorizedException(response); break; case FORBIDDEN:
break; case UNAUTHORIZED: webAppException = new NotAuthorizedException(response); break; case FORBIDDEN:
break; case UNAUTHORIZED: webAppException = new NotAuthorizedException(response); break; case FORBIDDEN:
throw new NotAuthorizedException( "Authentication credentials are required", "Missing authentication credentials"); String msg = String.format("Authentication failed for user '%s'", username); throw new NotAuthorizedException(msg, e.getMessage());
return new BadRequestException(response); case UNAUTHORIZED: return new NotAuthorizedException(response); case FORBIDDEN: return new ForbiddenException(response);
throw new BadRequestException(response); case 401 : throw new NotAuthorizedException(response); case 403 : throw new ForbiddenException(response);
private void authorize(String username, String password) { if ("admin".equals(username) == false || password.equals("North2South!") == false) { throw new NotAuthorizedException("ADMIN"); } }
private void authorize(String username, String password) { if ("admin".equals(username) == false || password.equals("North2South!") == false) { throw new NotAuthorizedException("ADMIN"); } }
public static NotAuthorizedException toNotAuthorizedException(Throwable cause, Response response) { return new NotAuthorizedException(checkResponse(response, 401), cause); }
@Override public void assertLoggedIn() { SecurityContext sc = this.getSC(); if ((sc == null) || (sc.getUserPrincipal() == null)) { Response response = Response.status(Response.Status.UNAUTHORIZED).entity("Invalid credentials or session").build(); throw new NotAuthorizedException(response); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { //Do not allow unauthorized to access String auth = requestContext.getHeaderString(HttpHeaderNames.AUTHORIZATION); if (!(auth != null && auth.length() > 5)) { throw new NotAuthorizedException(RestUtils.getResponse(Status.UNAUTHORIZED)); } } }
public static final void assertSC() { if ((SecurityContextUtil.getSC() == null) || (SecurityContextUtil.getSC().getUserPrincipal() == null)) { throw new NotAuthorizedException(Response.status(Status.UNAUTHORIZED).entity("Invalid credentials or session").build()); } }
@Override public void filter(final ContainerRequestContext requestContext) throws IOException { final boolean secure = ofNullable(requestContext.getSecurityContext()).filter(SecurityContext::isSecure) .isPresent(); getCredentials(requestContext) .map(credentials -> authenticate(credentials) .<RuntimeException>orElseThrow(() -> new NotAuthorizedException(challenge))) .ifPresent(principal -> requestContext .setSecurityContext(new BasiAuthSecurityContext(principal, secure))); }
private void checkRealmAdmin() { if (auth == null) { throw new NotAuthorizedException("Bearer"); } else if (auth.getToken().getRealmAccess() == null || !auth.getToken().getRealmAccess().isUserInRole("admin")) { throw new ForbiddenException("Does not have realm admin role"); } }
@Override public Completable intercept(ContainerRequestContext requestContext) { if (requestContext.getHeaders().containsKey("throw")) { throw new NotAuthorizedException("Surprise!"); } return Completable.complete(); } }