Examples of org.apache.shiro.authz.UnauthenticatedException

• org.apache.shiro.authz.UnauthenticatedException
  Exception thrown when attempting to execute an authorization action when a successful authentication hasn't yet occurred.

  Authorizations can only be performed after a successful authentication because authorization data (roles, permissions, etc) must always be associated with a known identity. Such a known identity can only be obtained upon a successful log-in. @author Les Hazlewood @since 0.1

    private void handleRequiresGuest( Subject subject )
    {
        if ( requiresGuest != null ) {
            LOGGER.debug( "SecurityConcern::RequiresGuest" );
            if ( subject.getPrincipal() != null ) {
                throw new UnauthenticatedException(
                        "Attempting to perform a guest-only operation. The current Subject is "
                        + "not a guest (they have been authenticated or remembered from a previous login).  Access "
                        + "denied." );

            }

    private void handleRequiresUser( Subject subject )
    {
        if ( requiresUser != null ) {
            LOGGER.debug( "SecurityConcern::RequiresUser" );
            if ( subject.getPrincipal() == null ) {
                throw new UnauthenticatedException(
                        "Attempting to perform a user-only operation. The current Subject is "
                        + "not a user (they haven't been authenticated or remembered from a previous login).  "
                        + "Access denied." );
            }
        } else {

    private void handleRequiresAuthentication( Subject subject )
    {
        if ( requiresAuthentication != null ) {
            LOGGER.debug( "SecurityConcern::RequiresAuthentication" );
            if ( !subject.isAuthenticated() ) {
                throw new UnauthenticatedException( "The current Subject is not authenticated.  Access denied." );
            }
        } else {
            LOGGER.debug( "SecurityConcern::RequiresAuthentication: not concerned" );
        }
    }

  }

  @Override
    public void assertAuthorized() throws AuthorizationException {
    if (!getSubject().isAuthenticated() ) {
            throw new UnauthenticatedException( "The current Subject is not authenticated.  Access denied." );
        }
  }

  }

  @Override
    public void assertAuthorized() throws AuthorizationException {
    if (getSubject().getPrincipal() == null) {
            throw new UnauthenticatedException("Attempting to perform a user-only operation.  The current Subject is " +
                    "not a user (they haven't been authenticated or remembered from a previous login).  " +
                    "Access denied.");
        }
  }

  }

  @Override
    public void assertAuthorized() throws AuthorizationException {
     if (getSubject().getPrincipal() != null) {
              throw new UnauthenticatedException("Attempting to perform a guest-only operation.  The current Subject is " +
                      "not a guest (they have been authenticated or remembered from a previous login).  Access " +
                      "denied.");
          }
  }

     * @throws org.apache.shiro.authz.AuthorizationException
     *          if the calling <code>Subject</code> is not a &quot;guest&quot;.
     */
    public void assertAuthorized(Annotation a) throws AuthorizationException {
        if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) {
            throw new UnauthenticatedException("Attempting to perform a guest-only operation.  The current Subject is " +
                    "not a guest (they have been authenticated or remembered from a previous login).  Access " +
                    "denied.");
        }
    }

     * @throws org.apache.shiro.authz.UnauthenticatedException if the calling <code>Subject</code> has not yet
     * authenticated.
     */
    public void assertAuthorized(Annotation a) throws UnauthenticatedException {
        if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) {
            throw new UnauthenticatedException( "The current Subject is not authenticated.  Access denied." );
        }
    }

     * @throws org.apache.shiro.authz.AuthorizationException
     *         if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services.
     */
    public void assertAuthorized(Annotation a) throws AuthorizationException {
        if (a instanceof RequiresUser && getSubject().getPrincipal() == null) {
            throw new UnauthenticatedException("Attempting to perform a user-only operation.  The current Subject is " +
                    "not a user (they haven't been authenticated or remembered from a previous login).  " +
                    "Access denied.");
        }
    }

                    "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " +
                    "functionality is enabled by the SecurityManager.  This exception can also occur when a " +
                    "previously logged-in Subject has logged out which " +
                    "makes it anonymous again.  Because an identity is currently not known due to any of these " +
                    "conditions, authorization is denied.";
            throw new UnauthenticatedException(msg);
        }
    }