Examples of org.springframework.security.access.AccessDeniedException

Package org.springframework.security.access

Examples of org.springframework.security.access.AccessDeniedException

org.springframework.security.access.AccessDeniedException
Thrown if an {@link org.springframework.security.core.Authentication Authentication} object does not hold arequired authority. @author Ben Alex

        boolean canEditOthersPosts = permissionService
                .hasBranchPermission(branchId, BranchPermission.EDIT_OTHERS_POSTS);


        if (!(canEditOthersPosts && !comment.isCreatedBy(currentUser))
                && !(canEditOwnPosts && comment.isCreatedBy(currentUser))) {
            throw new AccessDeniedException("No permission to edit review comment");
        }
    }

View Full Code Here

    @Override
    public void checkPermission(long targetId, AclClassName targetClass,
                                JtalksPermission permission) {
        if (!hasPermission(targetId, targetClass, permission)) {
            Authentication authentication = contextFacade.getContext().getAuthentication();
            throw new AccessDeniedException(
                    "Access denied for " + authentication.getName() + ". "
                            + targetClass + ": " + targetId
                            + ", permission - " + permission.getName());
        }
    }

View Full Code Here

        codeReviewService.addComment(123L, 0, null);
    }


    @Test(expectedExceptions = AccessDeniedException.class)
    public void testAddCommentUserHasNoPermission() throws AccessDeniedException, NotFoundException {
        doThrow(new AccessDeniedException(""))
                .when(permissionService).checkPermission(anyLong(), any(AclClassName.class), any(JtalksPermission.class));
        codeReviewService.addComment(CR_ID, 0, null);
    }

View Full Code Here

     */
    private void assertPostingIsAllowed(Topic topic) {
        Authentication auth = securityContextFacade.getContext().getAuthentication();
        if (topic.isClosed() && !permissionEvaluator.hasPermission(
                auth, topic.getBranch().getId(), "BRANCH", "BranchPermission.CLOSE_TOPICS")) { // holy shit...
            throw new AccessDeniedException("Posting is forbidden for closed topics");
        }
    }

View Full Code Here

            "hasPermission(#topic.branch.id, 'BRANCH', 'BranchPermission.EDIT_OWN_POSTS')) or " +
            "(not hasPermission(#topic.id, 'TOPIC', 'GeneralPermission.WRITE') and " +
            "hasPermission(#topic.branch.id, 'BRANCH', 'BranchPermission.EDIT_OTHERS_POSTS'))")
    public void updateTopic(Topic topic, Poll poll) {
        if (topic.getCodeReview() != null) {
            throw new AccessDeniedException("It is not allowed to edit Code Review!");
        }
        Post post = topic.getFirstPost();
        post.updateModificationDate();
        if (poll != null && poll.getEndingDate() != null) {
            topic.getPoll().setEndingDate(poll.getEndingDate());

View Full Code Here

     */
    @PreAuthorize("hasPermission(#topic.branch.id, 'BRANCH', 'BranchPermission.CLOSE_TOPICS')")
    @Override
    public void closeTopic(Topic topic) {
        if (topic.getCodeReview() != null) {
            throw new AccessDeniedException("Close for code review");
        }
        topic.setClosed(true);
        dao.saveOrUpdate(topic);
    }

View Full Code Here

     */
    @RequestMapping(value = "/topics/{topicId}/edit", method = RequestMethod.GET)
    public ModelAndView editTopicPage(@PathVariable(TOPIC_ID) Long topicId) throws NotFoundException {
        Topic topic = topicFetchService.get(topicId);
        if (topic.getCodeReview() != null) {
            throw new AccessDeniedException("Edit page for code review");
        }
        TopicDto topicDto = new TopicDto(topic);


        return new ModelAndView(TOPIC_VIEW)
                .addObject(BRANCH_ID, topic.getBranch().getId())

View Full Code Here

    @Override
    public void securityCheck(Acl acl, int changeType) {
        if ((SecurityContextHolder.getContext() == null)
                || (SecurityContextHolder.getContext().getAuthentication() == null)
                || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
            throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
        }
    }

View Full Code Here

    @Override
    public void updatePost(Post post, String postContent) {
        Topic postTopic = post.getTopic();
        if (postTopic.getCodeReview() != null
                && postTopic.getPosts().get(0).getId() == post.getId()) {
            throw new AccessDeniedException("It is impossible to edit code review!");
        }
        post.setPostContent(postContent);
        post.updateModificationDate();


        this.getDao().saveOrUpdate(post);

View Full Code Here

        JCUser editorUser = getUser();
        user.setId(USER_ID);
        editorUser.setId(USER_ID + 1);


        when(userService.getCurrentUser()).thenReturn(editorUser);
        doThrow(new AccessDeniedException(StringUtils.EMPTY))
                .when(userService).checkPermissionToEditOtherProfiles(editorUser.getId());


        ModelAndView mav = profileController.showUserNotificationSettings(USER_ID);


        assertViewName(mav, "editProfile");

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.access.AccessDeniedException

com.es.app.eliteSystemSOUI

com.gcrm.security.UrlAccessDecisionManager

com.gcrm.util.security.UserUtil

com.iisigroup.cap.mvc.action.PageAction

com.iisigroup.cap.security.vote.ConditionsUnanimousBased

com.infoclinika.mssharing.web.security.RichUser

com.lanyuan.security.MyAccessDecisionManager

com.loc.security.MyAccssDecisionManager

com.narirelays.ems.j2ee.filters.IPRoleAuthenticationFilter

com.pe.pgn.clubpgn.security.MyAccessDecisionManager

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.