Examples of com.cloud.bridge.service.exception.PermissionDeniedException

• com.cloud.bridge.service.exception.PermissionDeniedException

            if (ignoreCase.startsWith( "x-amz-" ))
                auth.addAmazonHeader( headerName + ":" + headers[i].getValue());
        }

        UserInfo info = ServiceProvider.getInstance().getUserInfo(AWSAccessKey);
        if (info == null) throw new PermissionDeniedException("Unable to authenticate access key: " + AWSAccessKey);

        try {
            if (auth.verifySignature( request.getMethod(), info.getSecretKey(), signature )) {
                UserContext.current().initContext(AWSAccessKey, info.getSecretKey(), AWSAccessKey, info.getDescription(), request);
                return;
            }


        } catch (SignatureException e) {
            throw new PermissionDeniedException(e);

        } catch (UnsupportedEncodingException e) {
            throw new PermissionDeniedException(e);
        }
        throw new PermissionDeniedException("Invalid signature");
            }

            logger.error("Put Bucket Policy failed due to " + e.getMessage(), e);
            throw e;
        }
        catch( ParseException e ) {
            logger.error("Put Bucket Policy failed due to " + e.getMessage(), e);
            throw new PermissionDeniedException( e.toString());
        }
        catch( Exception e ) {
            logger.error("Put Bucket Policy failed due to " + e.getMessage(), e);
            response.setStatus(500);
        }

        }

        // [B] The owner may want to restrict the IP address at which this can be performed
        String client = UserContext.current().getCanonicalUserId();
        if (!client.equals( sbucket.getOwnerCanonicalId()))
            throw new PermissionDeniedException( "Access Denied - only the owner can read bucket versioning" );

        S3PolicyContext context = new S3PolicyContext( PolicyActions.GetBucketVersioning, bucketName );
        if (PolicyAccess.DENY == S3Engine.verifyPolicy( context )) {
            response.setStatus(403);
            return;

            SBucketVO sbucket = bucketDao.getByName(bucketName);

            String client = UserContext.current().getCanonicalUserId();
            if (!client.equals(sbucket.getOwnerCanonicalId()))
                throw new PermissionDeniedException(
                        "Access Denied - only the owner can turn on versioing on a bucket");

            S3PolicyContext context = new S3PolicyContext(
                    PolicyActions.PutBucketVersioning, bucketName);
            if (PolicyAccess.DENY == S3Engine.verifyPolicy(context)) {

        S3PolicyContext context = new S3PolicyContext( PolicyActions.PutObject, destinationBucketName );
        context.setKeyName( destinationKeyName );
        context.setEvalParam( ConditionKeys.MetaData, request.getDirective().toString());
        context.setEvalParam( ConditionKeys.CopySource, "/" + request.getSourceBucketName() + "/" + request.getSourceKey());
        if (PolicyAccess.DENY == verifyPolicy( context ))
            throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );

        S3GetObjectResponse originalObject = handleRequest(getRequest);
        int resultCode = originalObject.getResultCode();
        if (200 != resultCode) {
            response.setResultCode( resultCode );

        verifyBucketName( bucketName, false );

        S3PolicyContext context = new S3PolicyContext( PolicyActions.CreateBucket,  bucketName );
        context.setEvalParam( ConditionKeys.Acl, cannedAccessPolicy );
        if (PolicyAccess.DENY == verifyPolicy( context ))
            throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );
        OrderedPair<SHostVO, String> shost_storagelocation_pair = null;
        boolean success = false;
        try {
            txn = Transaction.open(Transaction.AWSAPI_DB);

                // The bucket policy can give users permission to delete a
                // bucket whereas ACLs cannot
                break;

            case DENY:
                throw new PermissionDeniedException(
                        "Access Denied - bucket policy DENY result");

            case DEFAULT_DENY:
            default:
                // Irrespective of what the ACLs say, only the owner can delete
                // a bucket
                String client = UserContext.current().getCanonicalUserId();
                if (!client.equals(sbucket.getOwnerCanonicalId())) {
                    throw new PermissionDeniedException(
                            "Access Denied - only the owner can delete a bucket");
                }
                break;
            }

        switch( verifyPolicy( context ) ) {
        case ALLOW:   // overrides ACLs (?)
            return;

        case DENY:
            throw new PermissionDeniedException( "Access Denied - bucket policy DENY result" );

        case DEFAULT_DENY:
        default:
            accessAllowed( target, targetId, requestedPermission );
            break;

            if (hasPermission( s_saclDao.listGrants( target, targetId, userId ), requestedPermission )) return;
            // Or alternatively is there is any principal authenticated ACL set for this <target, targetId>?
            if (hasPermission( s_saclDao.listGrants( target, targetId, "*" ), requestedPermission )) return;
        }
        // No privileges implies that no access is allowed  in the case of an anonymous user
        throw new PermissionDeniedException( "Access Denied - ACLs do not give user the required permission" );
    }

        if ( restAuth.verifySignature( request.getMethod(), cloudSecretKey, signature, sigMethod )) {
            UserContext.current().initContext( cloudAccessKey, cloudSecretKey, cloudAccessKey, "REST request", null );
            return true;
        }
        else throw new PermissionDeniedException("Invalid signature");
            }