Examples of org.jivesoftware.openfire.auth.UnauthorizedException

• org.jivesoftware.openfire.auth.UnauthorizedException
  Thrown if a user does not have permission to access a particular method. @author Iain Shigeoka

    private IQ login(String username, Element iq, IQ packet, String password, LocalClientSession session, String digest)
            throws UnauthorizedException, UserNotFoundException, ConnectionException, InternalUnauthenticatedException {
      // Verify the validity of the username
      if (username == null || username.trim().length() == 0) {
        throw new UnauthorizedException("Invalid username (empty or null).");
      }
      try {
        Stringprep.nodeprep(username);
      } catch (StringprepException e) {
            throw new UnauthorizedException("Invalid username: " + username, e);
    }

      // Verify that specified resource is not violating any string prep rule
        String resource = iq.elementText("resource");
        if (resource != null) {
            try {
                resource = JID.resourceprep(resource);
            }
            catch (StringprepException e) {
                throw new UnauthorizedException("Invalid resource: " + resource, e);
            }
        }
        else {
            // Answer a not_acceptable error since a resource was not supplied
            IQ response = IQ.createResultIQ(packet);
            response.setChildElement(packet.getChildElement().createCopy());
            response.setError(PacketError.Condition.not_acceptable);
            return response;
        }
        if (! JiveGlobals.getBooleanProperty("xmpp.auth.iqauth",true)) {
            throw new UnauthorizedException();
        }
        username = username.toLowerCase();
        // Verify that supplied username and password are correct (i.e. user authentication was successful)
        AuthToken token = null;
        if (password != null && AuthFactory.isPlainSupported()) {
            token = AuthFactory.authenticate(username, password);
        }
        else if (digest != null && AuthFactory.isDigestSupported()) {
            token = AuthFactory.authenticate(username, session.getStreamID().toString(),
                    digest);
        }
        if (token == null) {
            throw new UnauthorizedException();
        }
        // Verify if there is a resource conflict between new resource and existing one.
        // Check if a session already exists with the requested full JID and verify if
        // we should kick it off or refuse the new connection
        ClientSession oldSession = routingTable.getClientRoute(new JID(username, serverName, resource, true));

            throws UnauthorizedException
    {
        IQ response;
        // Check if users can change their passwords and a password was specified
        if (!registerHandler.canChangePassword() || password == null || password.length() == 0) {
            throw new UnauthorizedException();
        }
        else {
            try {
                userManager.getUser(username).setPassword(password);
                response = IQ.createResultIQ(packet);
                List<String> params = new ArrayList<String>();
                params.add(username);
                params.add(session.toString());
                Log.info(LocaleUtils.getLocalizedString("admin.password.update", params));
            }
            catch (UserNotFoundException e) {
                throw new UnauthorizedException();
            }
        }
        return response;
    }

            RegistrationRequiredException, ConflictException, ServiceUnavailableException,
            NotAcceptableException {
        if (((MultiUserChatServiceImpl)mucService).getMUCDelegate() != null) {
            if (!((MultiUserChatServiceImpl)mucService).getMUCDelegate().joiningRoom(this, user.getAddress())) {
                // Delegate said no, reject join.
                throw new UnauthorizedException();
            }
        }
        LocalMUCRole joinRole = null;
        lock.writeLock().lock();
        try {
            // If the room has a limit of max user then check if the limit has been reached
            if (isDestroyed || (getMaxUsers() > 0 && getOccupantsCount() >= getMaxUsers())) {
                throw new ServiceUnavailableException();
            }
            boolean isOwner = owners.contains(user.getAddress().toBareJID());
            // If the room is locked and this user is not an owner raise a RoomLocked exception
            if (isLocked()) {
                if (!isOwner) {
                    throw new RoomLockedException();
                }
            }
            // Check if the nickname is already used in the room
            if (occupants.containsKey(nickname.toLowerCase())) {
                if (occupants.get(nickname.toLowerCase()).getUserAddress().toBareJID().equals(user.getAddress().toBareJID())) {
                    // Nickname exists in room, and belongs to this user, pretend to kick the previous instance.
                    // The previous instance will see that they are disconnected, and the new instance will
                    // "take over" the previous role.  Participants in the room shouldn't notice anything
                    // has occurred.
                    String reason = "Your account signed into this chatroom with the same nickname from another location.";
                    Presence updatedPresence = new Presence(Presence.Type.unavailable);
                    updatedPresence.setFrom(occupants.get(nickname.toLowerCase()).getRoleAddress());
                    updatedPresence.setTo(occupants.get(nickname.toLowerCase()).getUserAddress());
                    Element frag = updatedPresence.addChildElement(
                            "x", "http://jabber.org/protocol/muc#user");

                    // Set the person who performed the kick ("you" effectively)
                    frag.addElement("item").addElement("actor").setText(user.getAddress().toString());
                    // Add the reason why the user was kicked
                    frag.element("item").addElement("reason").setText(reason);
                    // Add the status code 307 that indicates that the user was kicked
                    frag.addElement("status").addAttribute("code", "307");

                    router.route(updatedPresence);
                }
                else {
                    // Nickname is already used, and not by the same JID
                    throw new UserAlreadyExistsException();
                }
            }
            // If the room is password protected and the provided password is incorrect raise a
            // Unauthorized exception
            if (isPasswordProtected()) {
                if (password == null || !password.equals(getPassword())) {
                    throw new UnauthorizedException();
                }
            }
            // If another user attempts to join the room with a nickname reserved by the first user
            // raise a ConflictException
            if (members.containsValue(nickname)) {

    }

    public HttpSession createClientHttpSession(long rid, InetAddress address, StreamID id, HttpConnection connection)
            throws UnauthorizedException {
        if (serverName == null) {
            throw new UnauthorizedException("Server not initialized");
        }
        PacketDeliverer backupDeliverer = server.getPacketDeliverer();
        HttpSession session = new HttpSession(backupDeliverer, serverName, address, id, rid, connection);
        Connection conn = session.getConnection();
        conn.init(session);

     * @throws UnauthorizedException if the local server has not been initialized yet.
     */
    public LocalIncomingServerSession createIncomingServerSession(Connection conn, StreamID id)
            throws UnauthorizedException {
        if (serverName == null) {
            throw new UnauthorizedException("Server not initialized");
        }
        LocalIncomingServerSession session = new LocalIncomingServerSession(serverName, conn, id);
        conn.init(session);
        // Register to receive close notification on this session so we can
        // remove its route from the sessions set

        return false;
    }

    public void authenticate(String username, String password) throws UnauthorizedException {
        if (username == null || password == null || "".equals(password.trim())) {
            throw new UnauthorizedException();
        }

        if (username.contains("@")) {
            // Check that the specified domain matches the server's domain
            int index = username.indexOf("@");
            String domain = username.substring(index + 1);
            if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                username = username.substring(0, index);
            } else {
                // Unknown domain. Return authentication failed.
                throw new UnauthorizedException();
            }
        }

        // Un-escape username.
        username = JID.unescapeNode(username);

        // If cache is enabled, see if the auth is in cache.
        if (authCache != null && authCache.containsKey(username)) {
            String hash = authCache.get(username);
            if (StringUtils.hash(password).equals(hash)) {
                return;
            }
        }

        String userDN;
        try {
            // The username by itself won't help us much with LDAP since we
            // need a fully qualified dn. We could make the assumption that
            // the baseDN would always be the location of user profiles. For
            // example if the baseDN was set to "ou=People, o=jivesoftare, o=com"
            // then we would be able to directly load users from that node
            // of the LDAP tree. However, it's a poor assumption that only a
            // flat structure will be used. Therefore, we search all sub-trees
            // of the baseDN for the username (assuming the user has not disabled
            // sub-tree searching). So, if the baseDN is set to
            // "o=jivesoftware, o=com" then a search will include the "People"
            // node as well all the others under the base.
            userDN = manager.findUserDN(username);

            // See if the user authenticates.
            if (!manager.checkAuthentication(userDN, password)) {
                throw new UnauthorizedException("Username and password don't match");
            }
        }
        catch (CommunicationException e) {
            // Log error here since it will be wrapped with an UnauthorizedException that
            // is never logged
            Log.error("Error connecting to LDAP server", e);
            throw new UnauthorizedException(e);
        }
        catch (Exception e) {
            throw new UnauthorizedException(e);
        }

        // If cache is enabled, add the item to cache.
        if (authCache != null) {
            authCache.put(username, StringUtils.hash(password));

    final EntityManager em = OswPlugin.getEmFactory().createEntityManager();
    em.getTransaction().begin();
    PersistentActivityEntry oldEntry=em.find(PersistentActivityEntry.class, entry.getId());

    if ((oldEntry==null) || (!oldEntry.getActor().getUri().equalsIgnoreCase(userJID)))
      throw new UnauthorizedException();


    Date published=oldEntry.getPublished();
    entry.setPublished(published);
    entry.setUpdated(Calendar.getInstance().getTime());

    em.getTransaction().begin();

    PersistentActivityEntry activity= em.find(PersistentActivityEntry.class, activityId);

    if ((activity==null) || (!activity.getActor().getUri().equalsIgnoreCase(fromJID)))
      throw new UnauthorizedException();

    em.remove(activity);

    em.getTransaction().commit();
    em.close();