Examples of org.springframework.security.access.AccessDeniedException

• org.springframework.security.access.AccessDeniedException
  Thrown if an {@link org.springframework.security.core.Authentication Authentication} object does not hold arequired authority. @author Ben Alex

      @Override
      public Object invoke(Method domainMethod, Object... args) {
        if(FindService.class.equals(domainMethod.getDeclaringClass())) {
          //Entities should only be accessed through secured RequestService methods (do not use find)
          throw new AccessDeniedException("Access is disabled through FindService.find() method");
          //FIXME this exception is not gracefully handled by CustomExceptionHandler, but at least we are safer
        }
        return super.invoke(domainMethod, args);
      }
    });

     */
    @Override
    public User editProfile(final User user) throws Exception {
        final String username = getCurrentUsername();
        if(!username.equals(user.getUsername())) {
            throw new AccessDeniedException("Trying to edit another users profile");
        }
        return userManager.saveUser(user);
    }

            user = userManager.updatePassword(username, null, token, password, RequestUtil.getAppURL(request));

        } else {
            log.debug("Updating Password for username " + username + ", using current password");
            if (!username.equals(getCurrentUser().getUsername())) {
                throw new AccessDeniedException("You do not have permission to modify other users password.");
            }
            user = userManager.updatePassword(username, currentPassword, null, password,
                    RequestUtil.getAppURL(request));
        }

          return;
        }
      }
    }
    //没有权限
    throw new AccessDeniedException(" 没有权限访问！ ");
  }

                UserManager userManager = (UserManager) target;
                User currentUser = getCurrentUser(auth, userManager);

                if (user.getId() != null && !user.getId().equals(currentUser.getId()) && !administrator) {
                    log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to modify '" + user.getUsername() + "'!");
                    throw new AccessDeniedException(ACCESS_DENIED);
                } else if (user.getId() != null && user.getId().equals(currentUser.getId()) && !administrator) {
                    // get the list of roles the user is trying add
                    Set<String> userRoles = new HashSet<String>();
                    if (user.getRoles() != null) {
                        for (Object o : user.getRoles()) {
                            Role role = (Role) o;
                            userRoles.add(role.getName());
                        }
                    }

                    // get the list of roles the user currently has
                    Set<String> authorizedRoles = new HashSet<String>();
                    for (GrantedAuthority role : roles) {
                        authorizedRoles.add(role.getAuthority());
                    }

                    // if they don't match - access denied
                    // regular users aren't allowed to change their roles
                    if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) {
                        log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to change their role(s)!");
                        throw new AccessDeniedException(ACCESS_DENIED);
                    }
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Registering new user '" + user.getUsername() + "'");

        } else if (auth.getPrincipal() instanceof UserDetails) {
            currentUser = (User) auth.getPrincipal();
        } else if (auth.getDetails() instanceof UserDetails) {
            currentUser = (User) auth.getDetails();
        } else {
            throw new AccessDeniedException("User not properly authenticated.");
        }
        return currentUser;
    }

            if (isAdd(request) || request.getParameter("id") != null) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                log.warn("User '" + request.getRemoteUser() + "' is trying to edit user with id '" +
                        request.getParameter("id") + "'");

                throw new AccessDeniedException("You do not have permission to modify other users.");
            }
        }

        if (!isFormSubmission(request)) {
            final String userId = request.getParameter("id");

                    RequestUtil.getAppURL(request));

        } else {
            log.debug("Updating Password for username " + username + ", using current password");
            if (!username.equals(request.getRemoteUser())) {
                throw new AccessDeniedException("You do not have permission to modify other users password.");
            }
            user = getUserManager().updatePassword(username, currentPassword, null, password,
                    RequestUtil.getAppURL(request));
        }

        if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
            if (logger.isDebugEnabled()) {
                logger.debug("PostAuthorize expression rejected access");
            }
            throw new AccessDeniedException("Access is denied");
        }

        return returnedObject;
    }

        Assert.notNull(this.messages, "A message source must be set");
    }

    protected final void checkAllowIfAllAbstainDecisions() {
        if (!this.isAllowIfAllAbstainDecisions()) {
            throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
                    "Access is denied"));
        }
    }