diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/acls')
-rw-r--r-- | base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index bcb0b80a2..c30740260 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -24,9 +24,7 @@ import java.security.Principal; import java.util.Properties; import javax.servlet.ServletContext; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.ext.Provider; @@ -44,6 +42,7 @@ import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.cmscore.realm.PKIPrincipal; @@ -76,7 +75,7 @@ public class ACLInterceptor implements PreProcessInterceptor { public ServerResponse preProcess( HttpRequest request, ResourceMethod resourceMethod - ) throws Failure, WebApplicationException { + ) throws Failure, ForbiddenException { // Get ACL mapping for the method. Method method = resourceMethod.getMethod(); @@ -95,12 +94,12 @@ public class ACLInterceptor implements PreProcessInterceptor { // If unauthenticated, reject request. if (principal == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No user principal provided."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid user principal"); } PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; @@ -108,7 +107,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } try { @@ -124,7 +123,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If invalid mapping, reject request. if (values.length != 2) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid ACL mapping."); } // Check authorization. @@ -137,11 +136,11 @@ public class ACLInterceptor implements PreProcessInterceptor { // If not authorized, reject request. if (authzToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } } catch (EAuthzAccessDenied e) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException(e.toString()); } catch (IOException|EBaseException e) { e.printStackTrace(); |