Examples of javax.ws.rs.NotAuthorizedException

• javax.ws.rs.NotAuthorizedException
  A runtime exception indicating request authorization failure caused by one of the following scenarios:

  • a client did not send the required authorization credentials to access the requested resource, i.e. {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION Authorization} HTTP header is missingin the request,
  • or - in case the request already contains the HTTP {@code Authorization} header - thenthe exception indicates that authorization has been refused for the credentials contained in the request header.

  @author Marek Potociar @since 2.0

        try {
            LOG.debug("Checking authorization for user {}, needs permissions {}", subject, annotation.value());
            new ContextAwarePermissionAnnotationHandler(context).assertAuthorized(annotation);
        } catch (AuthorizationException e) {
            LOG.info("User not authorized.", e);
            throw new NotAuthorizedException(e, "Basic realm=\"Graylog2 Server\"");
        }
    }

                LOG.trace("Logging in {}", context.getSubject());
                context.loginSubject();

            } catch (LockedAccountException e) {
                LOG.debug("Unable to authenticate user, account is locked.", e);
                throw new NotAuthorizedException(e, "Basic realm=\"Graylog2 Server\"");
            } catch (AuthenticationException e) {
                LOG.debug("Unable to authenticate user.", e);
                throw new NotAuthorizedException(e, "Basic realm=\"Graylog2 Server\"");
            }
        }
    }

        return new NotFoundException(checkResponse(response, 404), cause);
    }

    public static NotAuthorizedException toNotAuthorizedException(Throwable cause, Response response) {

        return new NotAuthorizedException(checkResponse(response, 401), cause);
    }

        return new NotFoundException(checkResponse(response, 404), cause);
    }

    public static NotAuthorizedException toNotAuthorizedException(Throwable cause, Response response) {

        return new NotAuthorizedException(checkResponse(response, 401), cause);
    }

        List<String> authHeaders = messageContext.getHttpHeaders()
            .getRequestHeader(HttpHeaders.AUTHORIZATION);
        if (authHeaders.size() != 1) {
            LOG.fine("No Authorization header is available");
            throw new NotAuthorizedException(getFaultResponse());
        }
        String[] authPair = authHeaders.get(0).split(" ");
        if (authPair.length != 2 || !NEGOTIATE_SCHEME.equalsIgnoreCase(authPair[0])) {
            LOG.fine("Negotiate Authorization scheme is expected");
            throw new NotAuthorizedException(getFaultResponse());
        }

        byte[] serviceTicket = getServiceTicket(authPair[1]);

        try {
            Subject serviceSubject = loginAndGetSubject();

            GSSContext gssContext = createGSSContext();

            Subject.doAs(serviceSubject, new ValidateServiceTicketAction(gssContext, serviceTicket));

            GSSName srcName = gssContext.getSrcName();
            if (srcName == null) {
                throw new NotAuthorizedException(getFaultResponse());
            }

            String complexUserName = srcName.toString();

            String simpleUserName = complexUserName;
            int index = simpleUserName.lastIndexOf('@');
            if (index > 0) {
                simpleUserName = simpleUserName.substring(0, index);
            }
            if (!gssContext.getCredDelegState()) {
                gssContext.dispose();
                gssContext = null;
            }

            m.put(SecurityContext.class,
                new KerberosSecurityContext(new KerberosPrincipal(simpleUserName,
                                                                  complexUserName),
                                            gssContext));

        } catch (LoginException e) {
            LOG.fine("Unsuccessful JAAS login for the service principal");
            throw new NotAuthorizedException(getFaultResponse());
        } catch (GSSException e) {
            LOG.fine("GSS API exception: " + e.getMessage());
            throw new NotAuthorizedException(getFaultResponse());
        } catch (PrivilegedActionException e) {
            LOG.fine("PrivilegedActionException: " + e.getMessage());
            throw new NotAuthorizedException(getFaultResponse());
        }

        return null;
    }

    private byte[] getServiceTicket(String encodedServiceTicket) {
        try {
            return Base64Utility.decode(encodedServiceTicket);
        } catch (Base64Exception ex) {
            throw new NotAuthorizedException(getFaultResponse());
        }
    }

                client = getAndValidateClient(authInfo[0], authInfo[1]);
            }
        }

        if (client == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

        reportInvalidClient(new OAuthError(OAuthConstants.INVALID_CLIENT));
    }

    protected void reportInvalidClient(OAuthError error) {
        ResponseBuilder rb = Response.status(401);
        throw new NotAuthorizedException(rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
    }

            } else switch (status) {
                case BAD_REQUEST:
                    webAppException = new BadRequestException(response);
                    break;
                case UNAUTHORIZED:
                    webAppException = new NotAuthorizedException(response);
                    break;
                case FORBIDDEN:
                    webAppException = new ForbiddenException(response);
                    break;
                case NOT_FOUND: