Package org.springframework.security.access

Examples of org.springframework.security.access.AccessDeniedException

110
111
112
113
114
115
116
117
118
119
120
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setServletPath("/secure/page.html");

        // Setup the FilterChain to thrown an access denied exception
        FilterChain fc = mock(FilterChain.class);
        doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));

        // Setup SecurityContextHolder, as filter needs to check if user is
        // anonymous
        SecurityContextHolder.clearContext();
View Full Code Here
92
93
94
95
96
97
98
99
100
    @Test
    public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
        DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);

        doThrow(new AccessDeniedException("")).when(adm).decide(any(Authentication.class), anyObject(), anyList());

        assertFalse(wipe.isAllowed("/foo/index.jsp", token));
    }
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
    }

    @SuppressWarnings("unchecked")
    @Test
    public void callbackIsNotInvokedWhenPermissionDenied() throws Exception {
        doThrow(new AccessDeniedException("denied")).when(adm).decide(any(Authentication.class), any(), any(Collection.class));

        SecurityContextHolder.getContext().setAuthentication(token);
        try {
            interceptor.invoke(joinPoint, aspectJCallback);
            fail("Expected AccessDeniedException");
View Full Code Here
96
97
98
99
100
101
102
103
104
        Object object = new TargetObject();
        final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
        MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
        mipe.setSecurityInterceptor(interceptor);
        when(mds.getAttributes(mi)).thenReturn(role);
        doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);

        assertFalse(mipe.isAllowed(mi, token));
    }
View Full Code Here
109
110
111
112
113
114
115
116
117
                new Class[] {String.class}, new Object[] {"helloWorld"});

        MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
        mipe.setSecurityInterceptor(interceptor);
        when(mds.getAttributes(mi)).thenReturn(role);
        doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);

        assertFalse(mipe.isAllowed(mi, token));
    }
View Full Code Here
231
232
233
234
235
236
237
238
239
240
241
        SecurityContextHolder.getContext().setAuthentication(token);
        // Use mocked target to make sure invocation doesn't happen (not in expectations so test would fail)
        createTarget(true);
        mdsReturnsUserRole();
        when(authman.authenticate(token)).thenReturn(token);
        doThrow(new AccessDeniedException("rejected")).when(adm).decide(any(Authentication.class), any(MethodInvocation.class), any(List.class));

        try {
            advisedTarget.makeUpperCase("HELLO");
            fail();
        } catch (AccessDeniedException expected) {
View Full Code Here
109
110
111
112
113
114
115
116
117
    }

    @Test(expected = AccessDeniedException.class)
    public void preSendDeny() throws Exception {
        when(source.getAttributes(message)).thenReturn(attrs);
        doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(any(Authentication.class), eq(message), eq(attrs));

        interceptor.preSend(message, channel);
    }
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
        }

        // Validate user access (if logged in)
        String remoteUser = request.getRemoteUser();
        if (remoteUser != null && !username.equals(remoteUser)) {
            throw new AccessDeniedException("You do not have permission to modify other users password.");
        }


        // Ensure new password is not empty
        if (StringUtils.isEmpty(newPassword)) {
View Full Code Here
53
54
55
56
57
58
59
60
61
62
63
//                          break;
//                      }
//                  }
                  if(!shouldAllow) {
                      // fail the request
                      throw new AccessDeniedException("Access has been denied for your IP address: "+req.getRemoteAddr());
                  }
              }
         } else {
             logger.warn("The IPRoleAuthenticationFilter should be placed after the user has been authenticated in the filter chain.");
         }
View Full Code Here
63
64
65
66
67
68
69
70
71
72
73
            chain.doFilter(request, response);
            return;
        }
       
    //process ZkAccessDeniedHandler iframe in errorTemplate
        final AccessDeniedException accessDeniedException =
          (AccessDeniedExceptionsess.getAttribute(WebAttributes.ACCESS_DENIED_403);
       
        if (accessDeniedException != null) {
            //FireFox will fire iframe src request twice.
            //1st on Executions.createComponents, 2nd on doHighlighted (see ZkAccessDeniedHandler)
View Full Code Here
TOP

Related Classes of org.springframework.security.access.AccessDeniedException

  • com.es.app.eliteSystemSOUI
  • com.gcrm.security.UrlAccessDecisionManager
  • com.gcrm.util.security.UserUtil
  • com.iisigroup.cap.mvc.action.PageAction
  • com.iisigroup.cap.security.vote.ConditionsUnanimousBased
  • com.infoclinika.mssharing.web.security.RichUser
  • com.lanyuan.security.MyAccessDecisionManager
  • com.loc.security.MyAccssDecisionManager
  • com.narirelays.ems.j2ee.filters.IPRoleAuthenticationFilter
  • com.pe.pgn.clubpgn.security.MyAccessDecisionManager
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.