Package com.cloud.bridge.service.exception

Examples of com.cloud.bridge.service.exception.PermissionDeniedException

480
481
482
483
484
485
486
487
488
489
490
    }
   
    // [B] The owner may want to restrict the IP address at which this can be performed
    String client = UserContext.current().getCanonicalUserId();
    if (!client.equals( sbucket.getOwnerCanonicalId()))
        throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

    S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
      if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
             response.setStatus(403);
             return;
View Full Code Here
705
706
707
708
709
710
711
712
713
714
715
      SBucketDao bucketDao = new SBucketDao();
      SBucket sbucket = bucketDao.getByName( bucketName );
   
      String client = UserContext.current().getCanonicalUserId();
      if (!client.equals( sbucket.getOwnerCanonicalId()))
          throw new PermissionDeniedException( "Access Denied - only the owner can turn on versioing on a bucket" );
   
      S3PolicyContext context = new S3PolicyContext( PolicyActions.PutBucketVersioning, bucketName );
        if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
               response.setStatus(403);
               return;
View Full Code Here
118
119
120
121
122
123
124
    if (null == principals) { errors++;  value.append( " missing Prinicipal," ); }
    if (null == actions && PolicyActions.UnknownAction == notAction)
                            { errors++;  value.append( " missing an Action (or NotAction)," )}
    if (null == resource  ) { errors++; value.append( " missing Resource" );   }
   
    if (0 < errors) throw new PermissionDeniedException( value.toString());
  }
View Full Code Here
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
       if (ignoreCase.startsWith( "x-amz-" ))
         auth.addAmazonHeader( headerName + ":" + headers[i].getValue());
    }
   
    UserInfo info = ServiceProvider.getInstance().getUserInfo(AWSAccessKey);
    if (info == null) throw new PermissionDeniedException("Unable to authenticate access key: " + AWSAccessKey);
   
      try {
      if (auth.verifySignature( request.getMethod(), info.getSecretKey(), signature )) {
        UserContext.current().initContext(AWSAccessKey, info.getSecretKey(), AWSAccessKey, info.getDescription(), request);
        return;
      }
   
      // -> turn off auth - just for testing
      //UserContext.current().initContext("Mark", "123", "Mark", "testing", request);
            //return;
      
    } catch (SignatureException e) {
      throw new PermissionDeniedException(e);
     
    } catch (UnsupportedEncodingException e) {
        throw new PermissionDeniedException(e);
    }
    throw new PermissionDeniedException("Invalid signature");
    }
View Full Code Here
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
                auth.addAmazonHeader(headerName + ":" + headers[i].getValue());
        }

        UserInfo info = ServiceProvider.getInstance().getUserInfo(AWSAccessKey);
        if (info == null)
            throw new PermissionDeniedException("Unable to authenticate access key: " + AWSAccessKey);

        try {
            if (auth.verifySignature(request.getMethod(), info.getSecretKey(), signature)) {
                UserContext.current().initContext(AWSAccessKey, info.getSecretKey(), AWSAccessKey, info.getDescription(), request);
                return;
            }

        } catch (SignatureException e) {
            throw new PermissionDeniedException(e);

        } catch (UnsupportedEncodingException e) {
            throw new PermissionDeniedException(e);
        }
        throw new PermissionDeniedException("Invalid signature");
    }
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
    S3PolicyContext context = new S3PolicyContext( PolicyActions.PutObject, destinationBucketName );
    context.setKeyName( destinationKeyName );
    context.setEvalParam( ConditionKeys.MetaData, request.getDirective().toString());
    context.setEvalParam( ConditionKeys.CopySource, "/" + request.getSourceBucketName() + "/" + request.getSourceKey());
    if (PolicyAccess.DENY == verifyPolicy( context ))
            throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );
           
      S3GetObjectResponse originalObject = handleRequest(getRequest);  
      int resultCode = originalObject.getResultCode();
      if (200 != resultCode) {
        response.setResultCode( resultCode );
View Full Code Here
196
197
198
199
200
201
202
203
204
205
206
    verifyBucketName( bucketName, false );
  
    S3PolicyContext context = new S3PolicyContext( PolicyActions.CreateBucket,  bucketName );
    context.setEvalParam( ConditionKeys.Acl, cannedAccessPolicy );
    if (PolicyAccess.DENY == verifyPolicy( context ))
            throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );
        OrderedPair<SHostVO, String> shost_storagelocation_pair = null;
        boolean success = false;
        try {
            txn = Transaction.open(Transaction.AWSAPI_DB);
View Full Code Here
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
                // The bucket policy can give users permission to delete a
                // bucket whereas ACLs cannot
                break;

            case DENY:
                throw new PermissionDeniedException(
                        "Access Denied - bucket policy DENY result");

            case DEFAULT_DENY:
            default:
                // Irrespective of what the ACLs say, only the owner can delete
                // a bucket
                String client = UserContext.current().getCanonicalUserId();
                if (!client.equals(sbucket.getOwnerCanonicalId())) {
                    throw new PermissionDeniedException(
                            "Access Denied - only the owner can delete a bucket");
                }
                break;
            }
       
View Full Code Here
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
    switch( verifyPolicy( context ) ) {
        case ALLOW:   // overrides ACLs (?)
             return;

        case DENY:
             throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );
            
        case DEFAULT_DENY:
        default:
             accessAllowed( target, targetId, requestedPermission );
             break;
View Full Code Here
1757
1758
1759
1760
1761
1762
1763
         if (hasPermission( saclDao.listGrants( target, targetId, userId ), requestedPermission )) return;
         // Or alternatively is there is any principal authenticated ACL set for this <target, targetId>?
         if (hasPermission( saclDao.listGrants( target, targetId, "*" ), requestedPermission )) return;
        }
        // No privileges implies that no access is allowed  in the case of an anonymous user
        throw new PermissionDeniedException( "Access Denied - ACLs do not give user the required permission" );
  }
View Full Code Here
TOP

Related Classes of com.cloud.bridge.service.exception.PermissionDeniedException

  • com.cloud.bridge.service.controller.s3.S3BucketAction
  • com.cloud.bridge.service.core.s3.S3Engine
  • com.cloud.bridge.service.core.s3.S3PolicyArnCondition
  • com.cloud.bridge.service.core.s3.S3PolicyBoolCondition
  • com.cloud.bridge.service.core.s3.S3PolicyConditionBlock
  • com.cloud.bridge.service.core.s3.S3PolicyDateCondition
  • com.cloud.bridge.service.core.s3.S3PolicyIPAddressCondition
  • com.cloud.bridge.service.core.s3.S3PolicyNumericCondition
  • com.cloud.bridge.service.core.s3.S3PolicyStatement
  • com.cloud.bridge.service.core.s3.S3PolicyStringCondition
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.