Examples of javax.ws.rs.NotAuthorizedException

• javax.ws.rs.NotAuthorizedException
  A runtime exception indicating request authorization failure caused by one of the following scenarios:

  • a client did not send the required authorization credentials to access the requested resource, i.e. {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION Authorization} HTTP header is missingin the request,
  • or - in case the request already contains the HTTP {@code Authorization} header - thenthe exception indicates that authorization has been refused for the credentials contained in the request header.

  @author Marek Potociar @since 2.0

        }
    }

    protected Element readToken(Message message, String assertion) {
        if (assertion == null) {
            throw new NotAuthorizedException(errorResponse());
        }
        try {
            byte[] deflatedToken = Base64UrlUtility.decode(assertion);
            InputStream is = new ByteArrayInputStream(deflatedToken);
            return readToken(message, is);
        } catch (Base64Exception ex) {
            throw new NotAuthorizedException(errorResponse());
        }
    }

        // This is specific to OAuth2 path
        // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
        Subject subject = SAMLUtils.getSubject(message, wrapper);
        if (subject.getName() == null) {
            throw new NotAuthorizedException(errorResponse());
        }

        if (clientId != null && !clientId.equals(subject.getName())) {
            //TODO:  Attempt to map client_id to subject.getName()
            throw new NotAuthorizedException(errorResponse());
        }
        samlOAuthValidator.validate(message, wrapper);
        message.put(OAuthConstants.CLIENT_ID, subject.getName());
    }

    public static String[] getBasicAuthParts(String data) {
        String authDecoded = null;
        try {
            authDecoded = new String(Base64Utility.decode(data));
        } catch (Exception ex) {
            throw new NotAuthorizedException(ex);
        }
        String authInfo[] = authDecoded.split(":");
        if (authInfo.length == 2) {
            return authInfo;
        }
        throw new NotAuthorizedException(Response.status(401).build());
    }

                sb.append(" realm=\"" + realm + "\"");
            }
            rb.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
        }
        Response r = rb.build();
        throw new NotAuthorizedException(r);
    }

        if (issuer != null) {
            String actualIssuer = getIssuer(wrapper);
            String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer)
                ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer;
            if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) {
                throw new NotAuthorizedException(errorResponse());
            }
        }
        if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) {
            throw new NotAuthorizedException(errorResponse());
        }
    }

                if (absoluteAddress.equals(a.getAudienceURI())) {
                    return;
                }
            }
        }
        throw new NotAuthorizedException(errorResponse());
    }

        if (subjectConfData == null) {
            if (!subjectConfirmationDataRequired
                && cs.getNotOnOrAfter() != null && !cs.getNotOnOrAfter().isBeforeNow()) {
                return;
            }
            throw new NotAuthorizedException(errorResponse());
        }

        // Recipient must match assertion consumer URL
        String recipient = subjectConfData.getRecipient();
        if (recipient == null || !recipient.equals(getAbsoluteTargetAddress(m))) {
            throw new NotAuthorizedException(errorResponse());
        }

        // We must have a NotOnOrAfter timestamp
        if (subjectConfData.getNotOnOrAfter() == null
            || subjectConfData.getNotOnOrAfter().isBeforeNow()) {
            throw new NotAuthorizedException(errorResponse());
        }

        //TODO: replay cache, same as with SAML SSO case

        // Check address
        if (subjectConfData.getAddress() != null
            && (clientAddress == null || !subjectConfData.getAddress().equals(clientAddress))) {
            throw new NotAuthorizedException(errorResponse());
        }


    }

    private SecurityContext getAndValidateSecurityContext() {
        SecurityContext securityContext =
            (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
        if (securityContext == null || securityContext.getUserPrincipal() == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        checkTransportSecurity();
        return securityContext;
    }

     * @throws WebApplicationException with Status 401 if not authenticated
     */
    public static OAuthContext getContext(final MessageContext mc) {
        final OAuthContext oauth = mc.getContent(OAuthContext.class);
        if ((oauth == null) || (oauth.getSubject() == null) || (oauth.getSubject().getLogin() == null)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return oauth;
    }

    protected void throwFault(String error, Exception ex) {
        // TODO: get bundle resource message once this filter is moved
        // to rt/rs/security
        LOG.warning(error);
        Response response = Response.status(401).entity(error).build();
        throw ex != null ? new NotAuthorizedException(response, ex) : new NotAuthorizedException(response);
    }