Examples of org.exist.security.PermissionDeniedException

• org.exist.security.PermissionDeniedException
  Description of the Class @author Wolfgang Meier @since 24. Juni 2002

            broker = pool.get(user);
            collection = broker.openCollection(name, Lock.READ_LOCK);
            if (collection == null)
                {throw new EXistException("Collection " + name + " not found");}
            if (!collection.getPermissionsNoLock().validate(user, Permission.READ))
                {throw new PermissionDeniedException(
                        "not allowed to read collection " + name);}
            final EntityPermissions[] result = new EntityPermissions[collection.getChildCollectionCount(broker)];
            XmldbURI child, path;
            Collection childColl;
            Permission perm;

            broker = pool.get(user);
            collection = broker.openCollection(name, Lock.READ_LOCK);
            if (collection == null)
                {throw new EXistException("Collection " + name + " not found");}
            if (!collection.getPermissionsNoLock().validate(user, Permission.READ))
                {throw new PermissionDeniedException(
                        "not allowed to read collection " + name);}
            final EntityPermissions[] result = new EntityPermissions[collection.getDocumentCount(broker)];
            DocumentImpl doc;
            Permission perm;
            int cnt = 0;

            throw new ConfigurationException("OAuth realm can not create primary group 'OAuth'.");

        } catch (PermissionDeniedException e) {
          throw e;
        } catch (ConfigurationException e) {
          throw new PermissionDeniedException(e);
        } catch (EXistException e) {
          throw new PermissionDeniedException(e);
        }
    }
    return primaryGroup;
  }

            throw new IOException(e);

        } catch (LockException e) {
            LOG.error(e);
            txnManager.abort(txn);
            throw new PermissionDeniedException(xmldbUri + "");

        } catch (IOException | PermissionDeniedException e) {
            LOG.error(e);
            txnManager.abort(txn);
            throw e;

                    && !userLock.getName().equals(subject.getName())
                    && !subject.hasDbaRole() ) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Resource is locked by user %s.", userLock.getName()));
                }
                throw new PermissionDeniedException(userLock.getName());
            }

            // Check for request for shared lock. @@TODO
            if (inputToken.getScope() == LockToken.LOCK_SCOPE_SHARED) {
                if (LOG.isDebugEnabled()) {

            }

            // Check if Resource is from subject
            if (!lock.getName().equals(subject.getName()) && !subject.hasDbaRole() ) {
                LOG.debug(String.format("Resource lock is from user %s", lock.getName()));
                throw new PermissionDeniedException(lock.getName());
            }

            // Update document
            document.setUserLock(null);
            document.getMetadata().setLockToken(null);

            if (userLock.getName() != null && !userLock.getName().equals(subject.getName())
                    && !subject.hasDbaRole()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Resource is locked by %s", userLock.getName()));
                }
                throw new PermissionDeniedException(userLock.getName());
            }

            LockToken lockToken = document.getMetadata().getLockToken();

            if (!token.equals(lockToken.getOpaqueLockToken())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Token does not match");
                }
                throw new PermissionDeniedException(String.format("Token %s does not match %s", token, lockToken.getOpaqueLockToken()));
            }

            lockToken.setTimeOut(LockToken.LOCK_TIMEOUT_INFINITE);

            // Make token persistant

        final int UPDATE_METADATA = 2;

        final Subject invokingUser = getSecurityManager().getCurrentSubject();

        if(!invokingUser.hasDbaRole() && invokingUser.getId() != account.getId()) {
            throw new PermissionDeniedException("You do not have permission to modify the account");
        }

        try {
            final LdapContext ctx = getContext(invokingUser);
            final SearchResult ldapUser = findAccountByAccountName(ctx, account.getName());

                    continue;
                }
                final DocumentImpl  doc = (DocumentImpl)node.getOwnerDocument();
                doc.getMetadata().setIndexListener(listener);
                if (!doc.getPermissions().validate(broker.getSubject(), Permission.WRITE)) {
                     throw new PermissionDeniedException("User '" + broker.getSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
                }
                switch (node.getNodeType()) {
                    case Node.ELEMENT_NODE:
                        if (modifications == 0) {modifications = 1;}
                        ((ElementImpl) node).update(transaction, children);

      for (int i = 0; i < ql.length; i++) {
        final StoredNode node = ql[i];
                final DocumentImpl doc = (DocumentImpl)node.getOwnerDocument();
        if (!doc.getPermissions().validate(broker.getSubject(),
            Permission.WRITE)) {
                    throw new PermissionDeniedException("User '" + broker.getSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
                                }
        doc.getMetadata().setIndexListener(listener);
        parent = (NodeImpl) node.getParentNode();
                if (parent == null || parent.getNodeType() != Node.ELEMENT_NODE) {
          throw new EXistException(