protected void assertAuthzCheckPossible() throws AuthorizationException { if (!hasPrincipals()) { String msg = "This subject is anonymous - it does not have any identifying principals and " + "authorization operations require an identity to check against. A Subject instance will " + "acquire these identifying principals automatically after a successful login is performed " + "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " + "functionality is enabled by the SecurityManager. This exception can also occur when a " + "previously logged-in Subject has logged out which " + "makes it anonymous again. Because an identity is currently not known due to any of these " + "conditions, authorization is denied."; throw new UnauthenticatedException(msg); } }
/** * Ensures that the calling <code>Subject</code> is authenticated, and if not, throws an * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException} indicating the method is not allowed to be executed. * * @param a the annotation to inspect * @throws org.apache.shiro.authz.UnauthenticatedException if the calling <code>Subject</code> has not yet * authenticated. */ public void assertAuthorized(Annotation a) throws UnauthenticatedException { if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } }
/** * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. * * @param a the annotation to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not a "guest". */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); } } }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
protected void assertAuthzCheckPossible() throws AuthorizationException { if (!hasPrincipals()) { String msg = "This subject is anonymous - it does not have any identifying principals and " + "authorization operations require an identity to check against. A Subject instance will " + "acquire these identifying principals automatically after a successful login is performed " + "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " + "functionality is enabled by the SecurityManager. This exception can also occur when a " + "previously logged-in Subject has logged out which " + "makes it anonymous again. Because an identity is currently not known due to any of these " + "conditions, authorization is denied."; throw new UnauthenticatedException(msg); } }
/** * Ensures that the calling <code>Subject</code> is authenticated, and if not, throws an * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException} indicating the method is not allowed to be executed. * * @param a the annotation to inspect * @throws org.apache.shiro.authz.UnauthenticatedException if the calling <code>Subject</code> has not yet * authenticated. */ public void assertAuthorized(Annotation a) throws UnauthenticatedException { if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
/** * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. * * @param a the annotation to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not a "guest". */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); } } }
private void handleRequiresAuthentication( Subject subject ) { if ( requiresAuthentication != null ) { LOGGER.debug( "SecurityConcern::RequiresAuthentication" ); if ( !subject.isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresAuthentication: not concerned" ); } }
private void handleRequiresAuthentication( Subject subject ) { if ( requiresAuthentication != null ) { LOGGER.debug( "SecurityConcern::RequiresAuthentication" ); if ( !subject.isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresAuthentication: not concerned" ); } }
@Override public void assertAuthorized() throws AuthorizationException { if (getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (subject.getPrincipal() == null) { return; } throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (subject.getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { if (!getSubject().isAuthenticated()) { throw new UnauthenticatedException("The current Subject is not authenticated. Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (subject.getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { if (!getSubject().isAuthenticated()) { throw new UnauthenticatedException("The current Subject is not authenticated. Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { if (getSubject().getPrincipal() != null) { throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (subject.getPrincipal() == null) { return; } throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); }
public RegisterPage(PageParameters params) { super(params); if (!OneDev.getInstance(SettingManager.class).getSecuritySetting().isEnableSelfRegister()) throw new UnauthenticatedException("User self-register is disabled"); if (getLoginUser() != null) throw new IllegalStateException("Can not sign up a user while signed in"); }
@GET public String get(@Auth Subject subject) { if (!subject.isAuthenticated()) throw new UnauthenticatedException(); return Double.toString(Math.random()); } }