Examples of javax.ws.rs.NotAuthorizedException

• javax.ws.rs.NotAuthorizedException
  A runtime exception indicating request authorization failure caused by one of the following scenarios:

  • a client did not send the required authorization credentials to access the requested resource, i.e. {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION Authorization} HTTP header is missingin the request,
  • or - in case the request already contains the HTTP {@code Authorization} header - thenthe exception indicates that authorization has been refused for the credentials contained in the request header.

  @author Marek Potociar @since 2.0

        Form form = readFormData(message);
        String assertionType = form.getData().getFirst(Constants.CLIENT_AUTH_ASSERTION_TYPE);
        String decodedAssertionType = assertionType != null ? HttpUtils.urlDecode(assertionType) : null;
        if (decodedAssertionType == null || !Constants.CLIENT_AUTH_SAML2_BEARER.equals(decodedAssertionType)) {
            throw new NotAuthorizedException(errorResponse());
        }
        String assertion = form.getData().getFirst(Constants.CLIENT_AUTH_ASSERTION_PARAM);

        Element token = readToken(message, assertion);
        String clientId = form.getData().getFirst(OAuthConstants.CLIENT_ID);
        validateToken(message, token, clientId);


        form.getData().remove(OAuthConstants.CLIENT_ID);
        form.getData().remove(Constants.CLIENT_AUTH_ASSERTION_PARAM);
        form.getData().remove(Constants.CLIENT_AUTH_ASSERTION_TYPE);

        // restore input stream
        try {
            FormUtils.restoreForm(provider, form, message);
        } catch (Exception ex) {
            throw new NotAuthorizedException(errorResponse());
        }
        return null;
    }

    private Form readFormData(Message message) {
        try {
            return FormUtils.readForm(provider, message);
        } catch (Exception ex) {
            throw new NotAuthorizedException(errorResponse());
        }
    }

        }
    }

    protected Element readToken(Message message, String assertion) {
        if (assertion == null) {
            throw new NotAuthorizedException(errorResponse());
        }
        try {
            byte[] deflatedToken = Base64UrlUtility.decode(assertion);
            InputStream is = new ByteArrayInputStream(deflatedToken);
            return readToken(message, is);
        } catch (Base64Exception ex) {
            throw new NotAuthorizedException(errorResponse());
        }
    }

        // This is specific to OAuth2 path
        // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
        Subject subject = SAMLUtils.getSubject(message, wrapper);
        if (subject.getName() == null) {
            throw new NotAuthorizedException(errorResponse());
        }

        if (clientId != null && !clientId.equals(subject.getName())) {
            //TODO:  Attempt to map client_id to subject.getName()
            throw new NotAuthorizedException(errorResponse());
        }
        samlOAuthValidator.validate(message, wrapper);
        message.put(OAuthConstants.CLIENT_ID, subject.getName());
    }

    private SecurityContext getAndValidateSecurityContext() {
        SecurityContext securityContext =
            (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
        if (securityContext == null || securityContext.getUserPrincipal() == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        checkTransportSecurity();
        return securityContext;
    }

    protected void throwFault(String error, Exception ex) {
        // TODO: get bundle resource message once this filter is moved
        // to rt/rs/security
        LOG.warning(error);
        Response response = Response.status(401).entity(error).build();
        throw ex != null ? new NotAuthorizedException(response, ex) : new NotAuthorizedException(response);
    }

                client = getAndValidateClient(authInfo[0], authInfo[1]);
            }
        }

        if (client == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

    private void validateRequest() {
        if (diagnosticsKey != null && diagnosticsKey.equals(getRequest().getHeader("X-Diagnostics-Key"))) {
            return;
        }

        throw new NotAuthorizedException("The Authorization header in the request could not be validated.", "X-Diagnostics-Key", (Object[]) null);
    }

            }
            if (getJiveInstance().isValidJiveAuthHeader(jiveAuthHeader)) {
                return;
            }
        } catch (Exception e) {
            throw new NotAuthorizedException("The Authorization header in the request could not be validated.", e, "JiveEXTN", null);
        }
        throw new NotAuthorizedException("The Authorization header in the request could not be validated.", "JiveEXTN", (Object[]) null);
    }