@Override public boolean needsPostProcessing() { throw new NotAuthorizedException("User has not yet logged in"); } }
private synchronized void writeObject(final ObjectOutputStream out) throws IOException { final Principal thisPrincipal = this.principal; if (!isSerializable(thisPrincipal)) { this.principal = null; } final Object resolvedObj = getResolvedObj(); NamingException namingException = null; if (!isSerializable(resolvedObj)) { namingException = (NamingException) getCause(); namingException.setResolvedObj(null); } try { out.defaultWriteObject(); } finally { this.principal = thisPrincipal; if (namingException != null) { namingException.setResolvedObj(resolvedObj); } } } }
@Test public void serializesWithNonSerializablePrincipal() { NotAuthorizedException instance = new NotAuthorizedException(message, nonSerializablePrincipal); assertThat(instance.getPrincipal()).isNotNull(); NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); assertThat(cloned).hasMessage(message); assertThat(cloned.getPrincipal()).isNull(); }
.createGemFireUnAuthorizedErrorResult("Unauthorized. Reason : " + e.getMessage()); } catch (Exception e) { shell.logSevere(e.getMessage(), e);
@Override public void authorize(ResourcePermission permission) { throw new NotAuthorizedException("User has not yet logged in"); }
@Test public void serializesWithSerializablePrincipal() { NotAuthorizedException instance = new NotAuthorizedException(message, serializablePrincipal); NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); assertThat(cloned).hasMessage(message); assertThat(cloned.getPrincipal()).isNotNull().isEqualTo(serializablePrincipal); }
@Override public Object postProcess(String regionPath, Object key, Object value) { throw new NotAuthorizedException("User has not yet logged in"); }
@Override public void authorizeMethodInvocation(Method method, Object target) { if (!isAcceptlisted(method)) { throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName()); } authorizeRegionAccess(securityService, target); }
private void checkForInternalRegion(Region<?, ?> r) { if (r == null) { return; } InternalRegion ir = (InternalRegion) r; if (ir.isInternalRegion() && !r.getName().equals(DynamicRegionFactory.DYNAMIC_REGION_LIST_NAME) && !r.getName().equals(ClientHealthMonitoringRegion.ADMIN_REGION_NAME)) { throw new NotAuthorizedException("The region " + r.getName() + " is an internal region that a client is never allowed to access"); } }
public void containsKeyAuthorize(String regionName, Object key) throws NotAuthorizedException { ContainsKeyOperationContext containsKeyContext = new ContainsKeyOperationContext(key); if (!this.authzCallback.authorizeOperation(regionName, containsKeyContext)) { String errStr = String.format("Not authorized to perform CONTAINS_KEY operation on region %s", regionName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform CONTAINS_KEY operation on region [" + regionName + ']'); } } }
public void createRegionAuthorize(String regionName) throws NotAuthorizedException { RegionCreateOperationContext regionCreateContext = new RegionCreateOperationContext(false); if (!this.authzCallback.authorizeOperation(regionName, regionCreateContext)) { String errStr = String.format("Not authorized to perform CREATE_REGION operation for the region %s", regionName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform REGION_CREATE operation of region [" + regionName + ']'); } } }
public KeySetOperationContext keySetAuthorize(String regionName) throws NotAuthorizedException { KeySetOperationContext keySetContext = new KeySetOperationContext(false); if (!this.authzCallback.authorizeOperation(regionName, keySetContext)) { String errStr = String.format("Not authorized to perform KEY_SET operation on region %s", regionName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform KEY_SET operation on region [" + regionName + ']'); } } return keySetContext; }
public QueryOperationContext queryAuthorize(String queryString, Set regionNames, Object[] queryParams) throws NotAuthorizedException { if (regionNames == null) { regionNames = new HashSet(); } QueryOperationContext queryContext = new QueryOperationContext(queryString, regionNames, false, queryParams); if (!this.authzCallback.authorizeOperation(null, queryContext)) { String errStr = String.format("Not authorized to perfom QUERY operation [%s] on the cache", queryString); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest( toString() + ": Authorized to perform QUERY operation [" + queryString + "] on cache"); } } return queryContext; }
public void stopCQAuthorize(String cqName, String queryString, Set regionNames) throws NotAuthorizedException { StopCQOperationContext stopCQContext = new StopCQOperationContext(cqName, queryString, regionNames); if (!this.authzCallback.authorizeOperation(null, stopCQContext)) { String errStr = String.format("Not authorized to perfom STOP_CQ operation [%s] on the cache", cqName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform STOP_CQ operation [" + cqName + ',' + queryString + "] on cache"); } } }
public ExecuteCQOperationContext executeCQAuthorize(String cqName, String queryString, Set regionNames) throws NotAuthorizedException { if (regionNames == null) { regionNames = new HashSet(); } ExecuteCQOperationContext executeCQContext = new ExecuteCQOperationContext(cqName, queryString, regionNames, false); if (!this.authzCallback.authorizeOperation(null, executeCQContext)) { String errStr = String.format("Not authorized to perfom EXECUTE_CQ operation [%s] on the cache", queryString); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform EXECUTE_CQ operation [" + queryString + "] on cache"); } } return executeCQContext; }
public void closeCQAuthorize(String cqName, String queryString, Set regionNames) throws NotAuthorizedException { CloseCQOperationContext closeCQContext = new CloseCQOperationContext(cqName, queryString, regionNames); if (!this.authzCallback.authorizeOperation(null, closeCQContext)) { String errStr = String.format("Not authorized to perfom CLOSE_CQ operation [%s] on the cache", cqName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest(toString() + ": Authorized to perform CLOSE_CQ operation [" + cqName + ',' + queryString + "] on cache"); } } }
public void getDurableCQsAuthorize() throws NotAuthorizedException { GetDurableCQsOperationContext getDurableCQsContext = new GetDurableCQsOperationContext(); if (!this.authzCallback.authorizeOperation(null, getDurableCQsContext)) { String errStr = "Not authorized to perform GET_DURABLE_CQS operation on cache"; this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger .finest(toString() + ": Authorized to perform GET_DURABLE_CQS operation on cache"); } } }
public RegisterInterestOperationContext registerInterestListAuthorize(String regionName, List keys, InterestResultPolicy policy) throws NotAuthorizedException { RegisterInterestOperationContext registerInterestListContext; registerInterestListContext = new RegisterInterestOperationContext(keys, InterestType.LIST, policy); if (!this.authzCallback.authorizeOperation(regionName, registerInterestListContext)) { String errStr = String.format("Not authorized to perform REGISTER_INTEREST_LIST operation for region %s", regionName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest( toString() + ": Authorized to perform REGISTER_INTEREST_LIST operation for region [" + regionName + ']'); } } return registerInterestListContext; }
public UnregisterInterestOperationContext unregisterInterestListAuthorize(String regionName, List keys) throws NotAuthorizedException { UnregisterInterestOperationContext unregisterInterestListContext; unregisterInterestListContext = new UnregisterInterestOperationContext(keys, InterestType.LIST); if (!this.authzCallback.authorizeOperation(regionName, unregisterInterestListContext)) { String errStr = String.format( "Not authorized to perform UNREGISTER_INTEREST_LIST operation for region %s", regionName); this.logger.warning(String.format("%s : %s", new Object[] {this, errStr})); if (this.isPrincipalSerializable) { throw new NotAuthorizedException(errStr, this.principal); } else { throw new NotAuthorizedException(errStr); } } else { if (this.logger.finestEnabled()) { this.logger.finest( toString() + ": Authorized to perform UNREGISTER_INTEREST_LIST operation for region [" + regionName + ']'); } } return unregisterInterestListContext; }
@Override public void authorize(ResourcePermission context, Subject currentUser) { if (context == null) { return; } if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) { return; } try { currentUser.checkPermission(context); } catch (ShiroException e) { String msg = currentUser.getPrincipal() + " not authorized for " + context; logger.info("NotAuthorizedException: {}", msg); throw new NotAuthorizedException(msg, e); } }