/** * Gets {@link ErrorExtEnum} of specified exception. * * @param ex the exception * @return InternalErrorEnum */ public static ErrorExtEnum getError(Throwable ex) { if (ex instanceof IntegrationException) { return ((IntegrationException) ex).getError(); } else if (ex instanceof ValidationException) { return InternalErrorEnum.E102; } else if (ex instanceof IOException || ex instanceof WebServiceIOException) { return InternalErrorEnum.E103; } else if (ex instanceof CamelAuthorizationException || ex instanceof AccessDeniedException) { return InternalErrorEnum.E117; } else { return InternalErrorEnum.E100; } }
private void authorizeUser(Subject currentUser, Exchange exchange) throws CamelAuthorizationException { boolean authorized = false; if (!policy.getPermissionsList().isEmpty()) { if (policy.isAllPermissionsRequired()) { authorized = currentUser.isPermittedAll(policy.getPermissionsList()); } else { for (Permission permission : policy.getPermissionsList()) { if (currentUser.isPermitted(permission)) { authorized = true; break; } } } } else if (!policy.getRolesList().isEmpty()) { if (policy.isAllRolesRequired()) { authorized = currentUser.hasAllRoles(policy.getRolesList()); } else { for (String role : policy.getRolesList()) { if (currentUser.hasRole(role)) { authorized = true; break; } } } } else { LOG.trace("Valid Permissions or Roles List not specified for ShiroSecurityPolicy. " + "No authorization checks will be performed for current user."); authorized = true; } if (!authorized) { throw new CamelAuthorizationException("Authorization Failed. Subject's role set does " + "not have the necessary roles or permissions to perform further processing.", exchange); } LOG.debug("Current user {} is successfully authorized.", currentUser.getPrincipal()); }
@Test public void testAuthorizationFailed() throws Exception { MockEndpoint end = getMockEndpoint("mock:end"); end.expectedMessageCount(0); try { sendMessageWithAuthentication("bob", "bobspassword", "ROLE_USER"); fail("we should get the access deny exception here"); } catch (Exception exception) { // the exception should be caused by CamelAuthorizationException assertTrue("Expect CamelAuthorizationException here", exception.getCause() instanceof CamelAuthorizationException); } end.assertIsSatisfied(); }
@Test public void testAuthenticationFailed() throws Exception { MockEndpoint end = getMockEndpoint("mock:end"); end.expectedMessageCount(0); try { sendMessageWithAuthentication("bob", "jimspassword"); fail("we should get the access deny exception here"); } catch (Exception exception) { // the exception should be caused by CamelAuthorizationException assertTrue("Expect CamelAuthorizationException here", exception.getCause() instanceof CamelAuthorizationException); assertEquals("admin", ((CamelAuthorizationException) exception.getCause()).getPolicyId()); } end.assertIsSatisfied(); }
@Test public void testAdminOnly() throws Exception { getMockEndpoint("mock:secure").expectedBodiesReceived("Davs Claus!"); getMockEndpoint("mock:unsecure").expectedBodiesReceived("Davs Claus!", "Hello Jon!"); sendMessageWithAuth("direct:start", "Davs Claus!", "claus", "secret"); try { sendMessageWithAuth("direct:start", "Hello Jon!", "jon", "secret"); } catch (CamelExecutionException e) { assertIsInstanceOf(CamelAuthorizationException.class, e.getCause()); } assertMockEndpointsSatisfied(); }
@Test public void testBadPassword() { Map<String, Object> headers = new HashMap<String, Object>(); headers.put("username", "jakub"); headers.put("password", "iforgotmypassword"); try { template.sendBodyAndHeaders("direct:in", "foo", headers); fail(); } catch (CamelExecutionException ex) { CamelAuthorizationException cax = (CamelAuthorizationException) ex.getCause(); assertTrue(ExceptionUtils.getRootCause(cax) instanceof BadCredentialsException); } }
@Test public void testNotAuthorized() { Map<String, Object> headers = new HashMap<String, Object>(); headers.put("username", "scott"); headers.put("password", "supersecretpassword2"); try { template.sendBodyAndHeaders("direct:in", "foo", headers); fail(); } catch (CamelExecutionException ex) { assertTrue(ExceptionUtils.getCause(ex) instanceof CamelAuthorizationException); } }
@Test public void testNoAuthenticationHeader() throws Exception { CamelContext camelctx = contextRegistry.getCamelContext("contextA"); ProducerTemplate producer = camelctx.createProducerTemplate(); try { producer.requestBody("direct:start", "Kermit", String.class); Assert.fail("CamelExecutionException expected"); } catch (CamelExecutionException ex) { Throwable cause = ex.getCause(); Assert.assertEquals(CamelAuthorizationException.class, cause.getClass()); Assert.assertTrue(cause.getMessage(), cause.getMessage().startsWith("Cannot find the Authentication instance")); } }
@Test public void testInvalidCredentials() throws Exception { CamelContext camelctx = contextRegistry.getCamelContext("contextA"); ProducerTemplate producer = camelctx.createProducerTemplate(); try { Subject subject = getAuthenticationToken("user-domain", AnnotatedSLSB.USERNAME, "bogus"); producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class); Assert.fail("CamelExecutionException expected"); } catch (CamelExecutionException ex) { Throwable cause = ex.getCause(); Assert.assertEquals(CamelAuthorizationException.class, cause.getClass()); Assert.assertTrue(cause.getMessage(), cause.getMessage().contains("Password invalid/Password required")); } }
@Test public void testInsufficientRoles() throws Exception { CamelContext camelctx = contextRegistry.getCamelContext("contextC"); ProducerTemplate producer = camelctx.createProducerTemplate(); try { Subject subject = getAuthenticationToken("user-domain", AnnotatedSLSB.USERNAME, AnnotatedSLSB.PASSWORD); producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class); Assert.fail("CamelExecutionException expected"); } catch (CamelExecutionException ex) { Throwable cause = ex.getCause(); Assert.assertEquals(CamelAuthorizationException.class, cause.getClass()); Assert.assertTrue(cause.getMessage(), cause.getMessage().contains("User does not have required roles: [Role3]")); } }
public void testExceptionOGNLSimple() throws Exception { exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, "myPolicy"); exchange.setProperty(Exchange.EXCEPTION_CAUGHT, new CamelAuthorizationException("The camel authorization exception", exchange)); assertExpression("${exception.getPolicyId}", "myPolicy"); }
