Examples of javax.ws.rs.NotAuthorizedException

• javax.ws.rs.NotAuthorizedException
  A runtime exception indicating request authorization failure caused by one of the following scenarios:

  • a client did not send the required authorization credentials to access the requested resource, i.e. {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION Authorization} HTTP header is missingin the request,
  • or - in case the request already contains the HTTP {@code Authorization} header - thenthe exception indicates that authorization has been refused for the credentials contained in the request header.

  @author Marek Potociar @since 2.0

    private byte[] getServiceTicket(String encodedServiceTicket) {
        try {
            return Base64Utility.decode(encodedServiceTicket);
        } catch (Base64Exception ex) {
            throw new NotAuthorizedException(getFaultResponse());
        }
    }

    protected void throwFault(String error, Exception ex) {
        // TODO: get bundle resource message once this filter is moved
        // to rt/rs/security
        LOG.warning(error);
        Response response = Response.status(401).entity(error).build();
        throw ex != null ? new NotAuthorizedException(response, ex) : new NotAuthorizedException(response);
    }

                client = getAndValidateClient(authInfo[0], authInfo[1]);
            }
        }

        if (client == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

        if (issuer != null) {
            String actualIssuer = getIssuer(wrapper);
            String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer)
                ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer;
            if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) {
                throw new NotAuthorizedException(errorResponse());
            }
        }
        if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) {
            throw new NotAuthorizedException(errorResponse());
        }
    }

                if (absoluteAddress.equals(a.getAudienceURI())) {
                    return;
                }
            }
        }
        throw new NotAuthorizedException(errorResponse());
    }

        if (subjectConfData == null) {
            if (!subjectConfirmationDataRequired
                && cs.getNotOnOrAfter() != null && !cs.getNotOnOrAfter().isBeforeNow()) {
                return;
            }
            throw new NotAuthorizedException(errorResponse());
        }

        // Recipient must match assertion consumer URL
        String recipient = subjectConfData.getRecipient();
        if (recipient == null || !recipient.equals(getAbsoluteTargetAddress(m))) {
            throw new NotAuthorizedException(errorResponse());
        }

        // We must have a NotOnOrAfter timestamp
        if (subjectConfData.getNotOnOrAfter() == null
            || subjectConfData.getNotOnOrAfter().isBeforeNow()) {
            throw new NotAuthorizedException(errorResponse());
        }

        //TODO: replay cache, same as with SAML SSO case

        // Check address
        if (subjectConfData.getAddress() != null
            && (clientAddress == null || !subjectConfData.getAddress().equals(clientAddress))) {
            throw new NotAuthorizedException(errorResponse());
        }


    }