Examples of org.springframework.security.access.AccessDeniedException

• org.springframework.security.access.AccessDeniedException
  Thrown if an {@link org.springframework.security.core.Authentication Authentication} object does not hold arequired authority. @author Ben Alex

  }

  public void checkAccountProfile(Integer accountProfileId) {
    if (accountProfileId == null
        || accountProfileId.compareTo(getAccountProfileIdFromPrincipal()) != 0) {
      throw new AccessDeniedException(null);
    }
  }

  }

  public void checkAccount(Integer accountId) {
    if (accountId == null
        || accountId.compareTo(getAccountFromPrincipal()) != 0) {
      throw new AccessDeniedException(null);
    }
  }

  }

  public void checkAuthToken(String token) {
    if (token == null
        || !token.equals(getAuthToken())) {
      throw new AccessDeniedException(null);
    }
  }

     */
    @RequestMapping(value = "/oauth/token_key", method = RequestMethod.GET)
    @ResponseBody
    public Map<String, String> getKey(Principal principal) {
        if ((principal == null || principal instanceof AnonymousAuthenticationToken) && !converter.isPublic()) {
            throw new AccessDeniedException("You need to authenticate to see a shared key");
        }
        Map<String, String> result = converter.getKey();
        return result;
    }

        }

        if (result == ACCESS_DENIED && throwException) {
          InsufficientScopeException failure = new InsufficientScopeException(
              "Insufficient scope for this resource", client.getScope());
          throw new AccessDeniedException(failure.getMessage(), failure);
        }

        return result;
      }
    }

        }
        if (result == ACCESS_DENIED && throwException) {
          InsufficientScopeException failure = new InsufficientScopeException(
              "Insufficient scope for this resource", Collections.singleton(attribute.getAttribute()
                  .substring(scopePrefix.length())));
          throw new AccessDeniedException(failure.getMessage(), failure);
        }
      }
    }

    return result;

   * @throws InsufficientScopeException if the scope is invalid and we the flag is set to throw the exception
   */
  public boolean throwOnError(boolean decision) {
    if (!decision && !missingScopes.isEmpty()) {
      Throwable failure = new InsufficientScopeException("Insufficient scope for this resource", missingScopes);
      throw new AccessDeniedException(failure.getMessage(), failure);
    }
    return decision;
  }

  @ExceptionHandler(HttpSessionRequiredException.class)
  public ModelAndView handleHttpSessionRequiredException(HttpSessionRequiredException e, ServletWebRequest webRequest)
      throws Exception {
    logger.info("Handling Session required error: " + e.getMessage());
    return handleException(new AccessDeniedException("Could not obtain authorization request from session", e),
        webRequest);
  }

  private MockHttpServletResponse response = new MockHttpServletResponse();

  @Test
  public void testHandleWithJson() throws Exception {
    request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
    handler.handle(request, response, new AccessDeniedException("Bad"));
    assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
    assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
    assertEquals(null, response.getErrorMessage());
  }

  private void checkResourceOwner(String user, Principal principal) {
    if (principal instanceof OAuth2Authentication) {
      OAuth2Authentication authentication = (OAuth2Authentication) principal;
      if (!authentication.isClientOnly() && !user.equals(principal.getName())) {
        throw new AccessDeniedException(String.format("User '%s' cannot obtain tokens for user '%s'",
            principal.getName(), user));
      }
    }
  }