Examples of org.acegisecurity.AccessDeniedException

• org.acegisecurity.AccessDeniedException
  Thrown if an {@link Authentication} object does not hold a required authority. @author Ben Alex @version $Id: AccessDeniedException.java 1496 2006-05-23 13:38:33Z benalex $

                    if (log.isDebugEnabled()) {
                        log.debug("Verifying that '" + currentUser + "' can modify '" + username + "'");
                    }
                    if (!administrator) {
                        log.warn("Access Denied: '" + currentUser + "' tried to modify '" + username + "'!");
                        throw new AccessDeniedException(ACCESS_DENIED);
                    }
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Registering new user '" + username + "'");
                    }
                }
            }

            // fix for http://issues.appfuse.org/browse/APF-96
            // don't allow users with "user" role to upgrade to "admin" role
            else if (username != null && username.equalsIgnoreCase(currentUser) && !administrator) {

                // get the list of roles the user is trying add
                Set userRoles = new HashSet();
                if (user.getRoles() != null) {
                    for (Iterator it = user.getRoles().iterator(); it.hasNext();) {
                        Role role = (Role) it.next();
                        userRoles.add(role.getName());
                    }
                }

                // get the list of roles the user currently has
                Set authorizedRoles = new HashSet();
                for (int i=0; i < roles.length; i++) {
                    authorizedRoles.add(roles[i].getAuthority());
                }

                // if they don't match - access denied
                // users aren't allowed to change their roles
                if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) {
                    log.warn("Access Denied: '" + currentUser + "' tried to change their role(s)!");
                    throw new AccessDeniedException(ACCESS_DENIED);
                }
            }
        }
    }

     */
    public final void process() throws IOException, ServletException {
        if(permission!=null)
            try {
                if(subject==null)
                    throw new AccessDeniedException("No subject");
                subject.checkPermission(permission);
            } catch (AccessDeniedException e) {
                // if the user has hudson-wisde admin permission, all checks are allowed
                // this is to protect Hudson administrator from broken ACL/SecurityRealm implementation/configuration.
                if(!Hudson.getInstance().hasPermission(Hudson.ADMINISTER))

            //check the provided token
            String providedToken = req.getParameter("token");
            if (providedToken != null && providedToken.equals(token.token))
                return;
            if (providedToken != null)
                throw new AccessDeniedException(Messages.BuildAuthorizationToken_InvalidTokenProvided());
        }

        project.checkPermission(AbstractProject.BUILD);
    }

     * Exposes the current user to <tt>/me</tt> URL.
     */
    public User getMe() {
        User u = User.current();
        if (u == null) {
            throw new AccessDeniedException("/me is not available when not logged in");
        }
        return u;
    }