Package org.apache.shiro.authz

Examples of org.apache.shiro.authz.UnauthorizedException

538
539
540
541
542
543
544
545
    }

    protected void checkPermission(Permission permission, AuthorizationInfo info) {
        if (!isPermitted(permission, info)) {
            String msg = "User is not permitted [" + permission + "]";
            throw new UnauthorizedException(msg);
        }
    }
View Full Code Here
620
621
622
623
624
625
626
627
    }

    protected void checkRole(String role, AuthorizationInfo info) {
        if (!hasRole(role, info)) {
            String msg = "User does not have role [" + role + "]";
            throw new UnauthorizedException(msg);
        }
    }
View Full Code Here
112
113
114
115
116
117
118
119
120
121
122
        Subject currentUser = SecurityUtils.getSubject();
        if(currentUser.isAuthenticated()){
          if(currentUser.isPermitted(ADMIN_ROLE)){
            System.out.println(getClass()+": "+value);
          }else{
            throw new UnauthorizedException();
          }
        }else{
          throw new UnauthenticatedException();
        }
      }else{
View Full Code Here
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
            String[] roles = roleId.split( "," );
            if ( roles.length == 1 ) {
                if ( !subject.hasRole( roles[ 0] ) ) {
                    String msg = "Calling Subject does not have required role [" + roleId + "].  "
                                 + "MethodInvocation denied.";
                    throw new UnauthorizedException( msg );
                }
            } else {
                Set<String> rolesSet = new LinkedHashSet<String>( Arrays.asList( roles ) );
                if ( !subject.hasAllRoles( rolesSet ) ) {
                    String msg = "Calling Subject does not have required roles [" + roleId + "].  "
                                 + "MethodInvocation denied.";
                    throw new UnauthorizedException( msg );
                }
            }
        } else {
            LOGGER.debug( "SecurityConcern::RequiresRoles: not concerned" );
        }
View Full Code Here
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
            Set<String> permissions = PermissionUtils.toPermissionStrings( permsString );
            if ( permissions.size() == 1 ) {
                if ( !subject.isPermitted( permissions.iterator().next() ) ) {
                    String msg = "Calling Subject does not have required permission [" + permsString + "].  "
                                 + "Method invocation denied.";
                    throw new UnauthorizedException( msg );
                }
            } else {
                String[] permStrings = new String[ permissions.size() ];
                permStrings = permissions.toArray( permStrings );
                if ( !subject.isPermittedAll( permStrings ) ) {
                    String msg = "Calling Subject does not have required permissions [" + permsString + "].  "
                                 + "Method invocation denied.";
                    throw new UnauthorizedException( msg );
                }

            }
        } else {
            LOGGER.debug( "SecurityConcern::RequiresPermissions: not concerned" );
View Full Code Here
110
111
112
113
114
115
116
117
        String resourcePermission = resourcePermissions.get(permission);
        if (resourcePermission == null) {
            resourcePermission = this.resourceIdentity + ":" + permission;
        }
        if (!SecurityUtils.getSubject().isPermitted(resourcePermission)) {
            throw new UnauthorizedException(MessageUtils.message(errorCode, resourcePermission));
        }
    }
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
        if (StringUtils.isEmpty(errorCode)) {
            errorCode = getDefaultErrorCode();
        }

        if (permissions == null || permissions.length == 0) {
            throw new UnauthorizedException(MessageUtils.message(errorCode, resourceIdentity + ":" + Arrays.toString(permissions)));
        }

        Subject subject = SecurityUtils.getSubject();

        for (String permission : permissions) {
            String resourcePermission = resourcePermissions.get(permission);
            if (resourcePermission == null) {
                resourcePermission = this.resourceIdentity + ":" + permission;
            }
            if (!subject.isPermitted(resourcePermission)) {
                throw new UnauthorizedException(MessageUtils.message(errorCode, resourceIdentity + ":" + Arrays.toString(permissions)));
            }
        }

    }
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
    public void assertHasAnyPermission(String[] permissions, String errorCode) {
        if (StringUtils.isEmpty(errorCode)) {
            errorCode = getDefaultErrorCode();
        }
        if (permissions == null || permissions.length == 0) {
            throw new UnauthorizedException(MessageUtils.message(errorCode, resourceIdentity + ":" + Arrays.toString(permissions)));
        }

        Subject subject = SecurityUtils.getSubject();

        for (String permission : permissions) {
            String resourcePermission = resourcePermissions.get(permission);
            if (resourcePermission == null) {
                resourcePermission = this.resourceIdentity + ":" + permission;
            }
            if (subject.isPermitted(resourcePermission)) {
                return;
            }
        }

        throw new UnauthorizedException(MessageUtils.message(errorCode, resourceIdentity + ":" + Arrays.toString(permissions)));
    }
View Full Code Here
37
38
39
40
41
42
43
44
45

    @Override
    public String list(Searchable searchable, Model model) {
        if (!SecurityUtils.getSubject().isPermitted("sys:userOnline:view or monitor:userOnline:view")) {
            throw new UnauthorizedException(MessageUtils.message("no.view.permission", "sys:userOnline:view或monitor:userOnline:view"));
        }
        return super.list(searchable, model);
    }
View Full Code Here
46
47
48
49
50
51
52
53
54
55
56
    @RequestMapping("/forceLogout")
    public String forceLogout(@RequestParam(value = "ids") String[] ids) {

        if (!SecurityUtils.getSubject().isPermitted("sys:userOnline or monitor:userOnline")) {
            throw new UnauthorizedException(MessageUtils.message("no.view.permission", "sys:userOnline或monitor:userOnline"));
        }

        for (String id : ids) {
            UserOnline online = baseService.findOne(id);
            if (online == null) {
View Full Code Here
TOP

Related Classes of org.apache.shiro.authz.UnauthorizedException

  • com.ketayao.ketacustom.spring.DataControlInterceptor
  • com.sishuok.es.common.web.controller.permission.PermissionList
  • com.sishuok.es.sys.user.web.controller.UserOnlineController
  • com.tododev.shiro.GuiceAopTest$NoAop
  • fiftyfive.wicket.shiro.ShiroWicketPluginTest
  • org.apache.activemq.shiro.authz.AuthorizationFilter
  • org.apache.shiro.grails.annotations.LegacyPermissionAnnotationHandler
  • org.apache.shiro.grails.annotations.LegacyRoleAnnotationHandler
  • org.apache.shiro.realm.AuthorizingRealm
  • org.qi4j.library.shiro.concerns.SecurityConcern
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.