don't eat some of the authorization exceptions and don't mask them wi…

…th general 500 error
korpling · Oct 9, 2014 · a92628e · a92628e
1 parent cc2d120
commit a92628e
Showing 1 changed file with 20 additions and 48 deletions.
diff --git a/annis-service/src/main/java/annis/service/internal/QueryServiceImpl.java b/annis-service/src/main/java/annis/service/internal/QueryServiceImpl.java
@@ -84,7 +84,6 @@
 import javax.ws.rs.core.UriInfo;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.subject.Subject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -391,6 +390,8 @@ public SaltProject subgraph(
     @DefaultValue("all") @QueryParam("filter") String filterRaw)
   {
 
+    Subject user = SecurityUtils.getSubject();
+
     // some robustness stuff
     if (matches == null)
     {
@@ -420,7 +421,6 @@ public SaltProject subgraph(
       }
     }
 
-    Subject user = SecurityUtils.getSubject();
     for (String c : corpusNames)
     {
       user.checkPermission("query:subgraph:" + c);
@@ -430,7 +430,7 @@ public SaltProject subgraph(
 
     if(data.getCorpusList() == null || data.getCorpusList().isEmpty())
     {
-      throw new WebApplicationException(400);
+      throw new WebApplicationException(Response.Status.BAD_REQUEST.getStatusCode());
     }
 
     long start = new Date().getTime();
@@ -476,7 +476,7 @@ public SaltProject graph(@PathParam("top") String toplevelCorpusName,
     {
       log.error("error when accessing graph " + toplevelCorpusName + "/"
         + documentName, ex);
-      throw new WebApplicationException(ex);
+      throw new WebApplicationException(ex, 500);
     }
   }
 
@@ -583,26 +583,22 @@ public List<AnnisCorpus> singleCorpus(@PathParam("top") String toplevelName)
   @Produces("application/xml")
   public CorpusConfig corpusConfig(@PathParam("top") String toplevelName)
   {
+    Subject user = SecurityUtils.getSubject();
+    user.checkPermission("query:config:" + toplevelName);
+
     try
     {
-      Subject user = SecurityUtils.getSubject();
-      user.checkPermission("query:config:" + toplevelName);
       Properties tmp = annisDao.getCorpusConfigurationSave(toplevelName);
 
       CorpusConfig corpusConfig = new CorpusConfig();
       corpusConfig.setConfig(tmp);
 
       return corpusConfig;
     }
-    catch (AuthorizationException ex)
-    {
-      log.error("authorization error", ex);
-      throw new WebApplicationException(401);
-    }
     catch (Exception ex)
     {
       log.error("problems with reading config", ex);
-      throw new WebApplicationException(500);
+      throw new WebApplicationException(ex, 500);
     }
   }
 
@@ -614,23 +610,16 @@ public List<AnnisAttribute> annotations(
     @DefaultValue("false") @QueryParam("fetchvalues") String fetchValues,
     @DefaultValue("false") @QueryParam("onlymostfrequentvalues") String onlyMostFrequentValues) throws WebApplicationException
   {
-    try
-    {
-      Subject user = SecurityUtils.getSubject();
-      user.checkPermission("query:annotations:" + toplevelCorpus);
+    Subject user = SecurityUtils.getSubject();
+    user.checkPermission("query:annotations:" + toplevelCorpus);
 
-      List<Long> corpusList = new ArrayList<>();
-      corpusList.add(annisDao.mapCorpusNameToId(toplevelCorpus));
+    List<Long> corpusList = new ArrayList<>();
+    corpusList.add(annisDao.mapCorpusNameToId(toplevelCorpus));
+
+    return annisDao.listAnnotations(corpusList,
+      Boolean.parseBoolean(fetchValues), Boolean.parseBoolean(
+      onlyMostFrequentValues));
 
-      return annisDao.listAnnotations(corpusList,
-        Boolean.parseBoolean(fetchValues), Boolean.parseBoolean(
-        onlyMostFrequentValues));
-    }
-    catch (Exception ex)
-    {
-      log.error("could not get annotations for {}", toplevelCorpus, ex);
-      throw new WebApplicationException(500);
-    }
   }
 
   @GET
@@ -864,6 +853,8 @@ public List<ExampleQuery> getExampleQueries(
     @QueryParam("corpora") String rawCorpusNames) throws WebApplicationException
   {
 
+    Subject user = SecurityUtils.getSubject();
+
     try
     {
       String[] corpusNames;
@@ -884,7 +875,6 @@ public List<ExampleQuery> getExampleQueries(
       List<String> allowedCorpora = new ArrayList<>();
 
       // filter by which corpora the user is allowed to access
-      Subject user = SecurityUtils.getSubject();
       for (String c : corpusNames)
       {
         if (user.isPermitted("query:*:" + c))
@@ -898,29 +888,11 @@ public List<ExampleQuery> getExampleQueries(
     }
     catch (Exception ex)
     {
-      throw new WebApplicationException(400);
+      log.error("Problem accessing example queries", ex);
+      throw new WebApplicationException(ex, 500);
     }
   }
 
-  private String createAnnotateLogParameters(int left, int right, int offset,
-    int limit)
-  {
-    StringBuilder sb = new StringBuilder();
-    sb.append("left: ");
-    sb.append(left);
-    sb.append(", ");
-    sb.append("right: ");
-    sb.append(right);
-    sb.append(", ");
-    sb.append("offset: ");
-    sb.append(offset);
-    sb.append(", ");
-    sb.append("limit: ");
-    sb.append(limit);
-    String logParameters = sb.toString();
-    return logParameters;
-  }
-
   private void logQuery(String queryFunction, String toplevelCorpus,
     String documentName, long runtime)
   {