Examples of java.security.AccessControlException

• java.security.AccessControlException

  This exception is thrown by the AccessController to indicate that a requested access (to a critical system resource such as the file system or the network) is denied.

  The reason to deny access can vary. For example, the requested permission might be of an incorrect type, contain an invalid value, or request access that is not allowed according to the security policy. Such information should be given whenever possible at the time the exception is thrown. @version 1.14, 11/17/05 @author Li Gong @author Roland Schemers

        if (!type.equals(TYPE)) {
            String[] args = {type, TYPE, this.getClass().getName()};
            String emsg = Globals.getBrokerResources().getKString(
                       BrokerResources.X_ACCESSCONTROL_TYPE_MISMATCH, args);
            logger.log(Logger.ERROR, emsg);
            throw new AccessControlException(emsg);
        }
        authProps = authProperties;

        String authtyp = authProps.getProperty(
                         AccessController.PROP_AUTHENTICATION_TYPE);
        assert ( authtyp != null );
        String rep = authProps.getProperty(
                     AccessController.PROP_AUTHENTICATION_PREFIX+authtyp+
                     AccessController.PROP_USER_REPOSITORY_SUFFIX);
        assert ( rep != null );
        String uprop = AccessController.PROP_USER_REPOSITORY_PREFIX+
                          rep+AccessController.PROP_USER_PRINCIPAL_CLASS_SUFFIX;
        String uclass = authProps.getProperty(uprop);
        String gprop = AccessController.PROP_USER_REPOSITORY_PREFIX+
                          rep+AccessController.PROP_GROUP_PRINCIPAL_CLASS_SUFFIX;
        String gclass = authProps.getProperty(gprop);
        try {
            if (uclass != null) userClass = Class.forName(uclass);
            if (gclass != null) groupClass = Class.forName(gclass);
        } catch (ClassNotFoundException e) {
        logger.log(Logger.ERROR, e.getMessage(), e);
        throw new AccessControlException("ClassNotFoundException: "+e.getMessage());
        }

        load();
    }

                    logger.log(logger.INFO, "FileACL.loaded: "+acs);
                }
            } catch (Exception e) {
                acs = null;
                logger.log(Logger.ERROR, e.getMessage(), e);
                throw new AccessControlException(Globals.getBrokerResources().getKString(
                  BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, aclurl) + " - " + e.getMessage());
            }
            return;
        }

        String acl_loc = authProps.getProperty(
        AccessController.PROP_ACCESSCONTROL_PREFIX
          + PROP_DIRPATH_SUFFIX, Globals.getInstanceEtcDir());
        aclfname = authProps.getProperty(
        AccessController.PROP_ACCESSCONTROL_PREFIX
          + PROP_FILENAME_SUFFIX, DEFAULT_ACL_FILENAME);
        if (aclfname == null) {
            String emsg = Globals.getBrokerResources().getKString(
                      BrokerResources.X_ACCESSCONTROL_NOT_DEFINED, type);
            logger.log(Logger.ERROR, emsg);
            throw new AccessControlException(emsg);
        }
        String aclfile = acl_loc +File.separator + aclfname;
        File file = null;
        long timestamp = 0L;
        FileInputStream  fis = null;
        BufferedInputStream  bis = null;
        try {
            file = new File(aclfile);
            timestamp = file.lastModified();
            if (acs != null && aclfileSave != null && aclfile.equals(aclfileSave)) {
                if (timestamp > 0 && timestamp == acsTimestamp) {
                return;
                }
            }
            if (DEBUG) {
            logger.log(logger.INFO,  "Loading access control "+aclfile + " ...");
            }
            acs = new Properties();
            fis = new FileInputStream(file);
            bis = new BufferedInputStream(fis);
            acs.load(bis);
            bis.close();
            fis.close();
            checkVersion(acs, aclfile, true);
            aclfileSave = aclfile;
            acsTimestamp = timestamp;
        } catch (IOException e) {
        acs = null;
        try {
        if (bis != null) bis.close();
        if (fis != null) fis.close();
        } catch (IOException ioe) {}
        logger.log(Logger.ERROR, e.getMessage(), e);
        throw new AccessControlException(Globals.getBrokerResources().getKString(
          BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, aclfile) + " - " + e.getMessage());
        }
    }

                             VERSION, this.getClass().getName()};
            String emsg = Globals.getBrokerResources().getKString(
                          BrokerResources.X_ACCESSCONTROL_FILE_MISMATCH, args);
            if (throwexp)  {
                logger.log(Logger.ERROR, emsg);
                throw new AccessControlException(emsg);
            } else {
                if (DEBUG) {
                    logger.log(Logger.INFO, emsg);
                }
                return false;

            continue;
            }
        }
        if (exceptionMsg != null) {
            throw new AccessControlException(
                      Globals.getBrokerResources().getKString(
                              BrokerResources.X_FORBIDDEN, exceptionMsg));
        }

        if (!computed) {
            throw new AccessControlException(
            Globals.getBrokerResources().getKString(BrokerResources.X_USER_NOT_DEFINED));
        }
    }

        ubs = getPermission(user, allows, denys);
        gbs = new BitSet(2);
        gbsall = new BitSet(2);
        if (groups != null && groups.size() > 0) {
            if (groups.size() >= Integer.MAX_VALUE) {
                throw new AccessControlException(
                    Globals.getBrokerResources().getString(
                    BrokerResources.X_INTERNAL_EXCEPTION, "too many groups for user " +clientUser));
            }
            allows = getRuleRightHand(rule + ALLOW_SUFFIX + grouptag);
            denys = getRuleRightHand(rule + DENY_SUFFIX + grouptag);
            gbsall = getPermission(ALL, allows, denys);
            Iterator iter = groups.iterator();
            while(iter.hasNext()) {
                group = (Principal)iter.next();
                gbs.or(getPermission(group.getName(), allows, denys));
            }
        }
        if (DEBUG) {
        logger.log(Logger.INFO,  "\t"+clientUser+"["+user+"] computePermission:ubs=" + ubs);
        logger.log(Logger.INFO,  "\t"+clientUser+"["+user+"] computePermission:gbs=" + gbs);
        logger.log(Logger.INFO,  "\t"+clientUser+"["+user+"] computePermission:ubsall=" + ubsall);
        logger.log(Logger.INFO,  "\t"+clientUser+"["+user+"] computePermission:gbsall=" + gbsall);
        }
        overridePermission(gbs, ubs);
        overridePermission(gbsall, ubsall);
        overridePermission(gbsall, gbs);
        if (DEBUG) {
        logger.log(Logger.INFO,  "computed permission:"+rule+":bs=" + gbsall);
        }
        overridePermission(inheritedbs, gbsall);
        if (DEBUG) {
        logger.log(Logger.INFO,  "computed permission:total=" + inheritedbs);
        }

        } //for

        if (inheritedbs.get(ALLOW_BIT) && !inheritedbs.get(DENY_BIT)) {
            return;
        }

        throw new AccessControlException((clientUser.equals(user)) ? (""+clientUser):(clientUser+" ["+user+"]"));
    }

           }
       }
       return list;

       } catch (Exception e) {
         AccessControlException ae = new AccessControlException(
                      e.toString()+(currentkey == null ? "":" - "+currentkey));
         ae.initCause(e);
         throw ae;
       }
    }

        return hp;
    }

    private void validate(String user, Set groups) throws AccessControlException {
        if (user == null) {
        throw new AccessControlException(
        Globals.getBrokerResources().getKString(BrokerResources.X_USER_NOT_DEFINED));
        }
        if (user.equals(ALL)) {
        throw new AccessControlException(
        Globals.getBrokerResources().getKString(BrokerResources.X_USER_NAME_RESERVED,ALL));
        }

        if (groups != null) {
            Principal group;
            Iterator iter = groups.iterator();
            while(iter.hasNext()) {
                group = (Principal)iter.next();
                if (group == null || group.getName() == null) {
                    iter.remove();
                }
                else if (group.getName().equals(ALL)) {
                    throw new AccessControlException(
                    Globals.getBrokerResources().getKString(
                               BrokerResources.X_GROUP_NAME_RESERVED, ALL));
                }
            }
        }

    public synchronized void checkConnectionPermission(String serviceName,
                                          String serviceType)
                                          throws AccessControlException {
        if (!isAuthenticated()) {
            throw new AccessControlException(
                        Globals.getBrokerResources().getKString(
                           BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
        }
        if (!isAccessControlEnabled() && !serviceType.equals("ADMIN")) {
            return;

                                           String operation,
                                           String destination,
                                           String destinationType)
                                           throws AccessControlException {
        if (!isAuthenticated()) {
            throw new AccessControlException(
                        Globals.getBrokerResources().getKString(
                           BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
        }
        if (!isAccessControlEnabled()) {
            return;

    }

    private void loadAccessControlModel() throws AccessControlException {
        String type = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX+"type");
        if (type == null || type.trim().equals("")) {
        throw new AccessControlException(
                Globals.getBrokerResources().getKString(
                    BrokerResources.X_ACCESSCONTROL_TYPE_NOT_DEFINED));
        }
        String cn = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX+type+".class");
        if (cn == null) {
        throw new AccessControlException(
                Globals.getBrokerResources().getKString(
                    BrokerResources.X_ACCESSCONTROL_CLASS_NOT_DEFINED, type));
        }
        try {
        acs = (AccessControlModel)Class.forName(cn).newInstance();
        acs.initialize(type, authProps);
        }
        catch (ClassNotFoundException e) {
            throw new AccessControlException(Globals.getBrokerResources().getString(
               BrokerResources.X_INTERNAL_EXCEPTION,"ClassNotFoundException: "+e.getMessage()));
        }
        catch (InstantiationException e) {
            throw new AccessControlException(Globals.getBrokerResources().getString(
               BrokerResources.X_INTERNAL_EXCEPTION,"InstantiationExcetpion: "+e.getMessage()));
        }
        catch (IllegalAccessException e) {
            throw new AccessControlException(Globals.getBrokerResources().getString(
               BrokerResources.X_INTERNAL_EXCEPTION,"IllegalAccessException: "+e.getMessage()));
        }
        catch (ClassCastException e) {
            throw new AccessControlException(Globals.getBrokerResources().getString(
               BrokerResources.X_INTERNAL_EXCEPTION,"ClassCastException: "+e.getMessage()));
        }
    }