Examples of com.dotcms.rest.exception.SecurityException

• com.dotcms.rest.exception.SecurityException

    if(UtilMethods.isSet(requiredPortlet)) {

      try {
        if(!APILocator.getLayoutAPI().doesUserHaveAccessToPortlet(requiredPortlet, user)){
          throw new SecurityException("User does not have access to required Portlet", Response.Status.UNAUTHORIZED);
        }
      } catch (DotDataException e) {
        throw new SecurityException("User does not have access to required Portlet", Response.Status.UNAUTHORIZED);
      }

    }

    initData.setParamsMap(paramsMap);

                        : (user = getFrontEndUserFromRequest(request))
                        : (user = getFrontEndUserFromRequest(request)) != null ? user : null;


    if(user==null && (Config.getBooleanProperty("REST_API_REJECT_WITH_NO_USER", false) || rejectWhenNoUser) ) {
      throw new SecurityException("Invalid User", Response.Status.UNAUTHORIZED);
    } else if(user==null) {
      try {
        user =APILocator.getUserAPI().getAnonymousUser();
      } catch (DotDataException e) {
        Logger.debug(getClass(), "Could not get Anonymous User. ");

    if(UtilMethods.isSet(authentication) && authentication.startsWith("Basic ")) {
      authentication = authentication.substring("Basic ".length());
      String[] values = new String(Base64.base64Decode(authentication)).split(":");
      if (values.length < 2) {
        // "Invalid syntax for username and password"
        throw new SecurityException("Invalid syntax for username and password", Response.Status.BAD_REQUEST);
      }
      String username = values[0];
      String password = values[1];

      return authenticateUser(username, password, request);

    if(UtilMethods.isSet(authentication)) {
      String[] values = new String(Base64.base64Decode(authentication)).split(":");
      if (values.length < 2) {
        // "Invalid syntax for username and password"
        throw new SecurityException("Invalid syntax for username and password", Response.Status.BAD_REQUEST);
      }
      String username = values[0];
      String password = values[1];

      return authenticateUser(username, password, request);

          }
        } else { // doLogin returning false

          Logger.warn(this.getClass(), "Request IP: " + ip + ". Can't authenticate user. Username: " + username);
          SecurityLogger.logDebug(this.getClass(), "Request IP: " + ip + ". Can't authenticate user. Username: " + username);
          throw new SecurityException("Invalid credentials", Response.Status.UNAUTHORIZED);
        }

      }  catch(SecurityException e) {
        throw e;
      } catch (Exception e) {  // doLogin throwing Exception

        Logger.warn(this.getClass(), "Request IP: " + ip + ". Can't authenticate user. Username: " + username);
        SecurityLogger.logDebug(this.getClass(), "Request IP: " + ip + ". Can't authenticate user. Username: " + username);
        throw new SecurityException("Authentication credentials are required", Response.Status.UNAUTHORIZED);
      }

    } else if(UtilMethods.isSet(username) || UtilMethods.isSet(password)){ // providing login or password

      Logger.warn(this.getClass(), "Request IP: " + ip + ". Can't authenticate user.");
      SecurityLogger.logDebug(this.getClass(), "Request IP: " + ip + ". Can't authenticate user.");
      throw new SecurityException("Authentication credentials are required", Response.Status.UNAUTHORIZED);
    }

    return user;
  }

  }


  private void checkForceSSL(HttpServletRequest request) {
    if(Config.getBooleanProperty("FORCE_SSL_ON_RESP_API", false) && UtilMethods.isSet(request) && !request.isSecure())
      throw new SecurityException("SSL Required.", Response.Status.FORBIDDEN);

  }