Rename class name from UnauthorizedException to ForbiddenException

Update clear output rest api doc response code

docs/rest-api/rest-notebook.md

@@ -991,8 +991,16 @@ If you work with Apache Zeppelin and find a need for an additional REST API, ple
       <td>200</td>
     </tr>
     <tr>
-      <td> Fail code</td>
-      <td> 500 </td>
+      <td>Forbidden code</td>
+      <td>401</td>
+    </tr>
+    <tr>
+      <td>Not Found code</td>
+      <td>404</td>
+    </tr>
+    <tr>
+      <td>Fail code</td>
+      <td>500</td>
     </tr>
     <tr>
       <td>sample JSON response</td>

zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java

@@ -43,7 +43,7 @@ import org.apache.zeppelin.notebook.Notebook;
 import org.apache.zeppelin.notebook.NotebookAuthorization;
 import org.apache.zeppelin.notebook.Paragraph;
 import org.apache.zeppelin.rest.exception.NotFoundException;
-import org.apache.zeppelin.rest.exception.UnauthorizedException;
+import org.apache.zeppelin.rest.exception.ForbiddenException;
 import org.apache.zeppelin.rest.message.CronRequest;
 import org.apache.zeppelin.rest.message.NewNoteRequest;
 import org.apache.zeppelin.rest.message.NewParagraphRequest;
@@ -124,7 +124,7 @@ public class NotebookRestApi {
     userAndRoles.add(SecurityUtils.getPrincipal());
     userAndRoles.addAll(SecurityUtils.getRoles());
     if (!notebookAuthorization.isOwner(userAndRoles, noteId)) {
-      throw new UnauthorizedException(errorMsg);
+      throw new ForbiddenException(errorMsg);
     }
   }
   
@@ -136,7 +136,7 @@ public class NotebookRestApi {
     userAndRoles.add(SecurityUtils.getPrincipal());
     userAndRoles.addAll(SecurityUtils.getRoles());
     if (!notebookAuthorization.hasWriteAuthorization(userAndRoles, noteId)) {
-      throw new UnauthorizedException(errorMsg);
+      throw new ForbiddenException(errorMsg);
     }
   }
   
@@ -148,7 +148,7 @@ public class NotebookRestApi {
     userAndRoles.add(SecurityUtils.getPrincipal());
     userAndRoles.addAll(SecurityUtils.getRoles());
     if (!notebookAuthorization.hasReadAuthorization(userAndRoles, noteId)) {
-      throw new UnauthorizedException(errorMsg);
+      throw new ForbiddenException(errorMsg);
     }
   }
   

zeppelin-server/src/main/java/org/apache/zeppelin/rest/exception/ForbiddenException.java

@@ -17,6 +17,7 @@
 package org.apache.zeppelin.rest.exception;
 
 import static javax.ws.rs.core.Response.Status.FORBIDDEN;
+import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;
 
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
@@ -27,24 +28,24 @@ import org.apache.zeppelin.utils.ExceptionUtils;
  * UnauthorizedException handler for WebApplicationException.
  * 
  */
-public class UnauthorizedException extends WebApplicationException {
+public class ForbiddenException extends WebApplicationException {
   private static final long serialVersionUID = 4394749068760407567L;
-  private static final String UNAUTHORIZED_MSG = "Authorization required";
+  private static final String FORBIDDEN_MSG = "Not allowed to access";
 
-  public UnauthorizedException() {
-    super(unauthorizedJson(UNAUTHORIZED_MSG));
+  public ForbiddenException() {
+    super(forbiddenJson(FORBIDDEN_MSG));
   }
 
-  private static Response unauthorizedJson(String message) {
+  private static Response forbiddenJson(String message) {
     return ExceptionUtils.jsonResponseContent(FORBIDDEN, message);
   }
   
-  public UnauthorizedException(Throwable cause, String message) {
-    super(cause, unauthorizedJson(message));
+  public ForbiddenException(Throwable cause, String message) {
+    super(cause, forbiddenJson(message));
   }
   
-  public UnauthorizedException(String message) {
-    super(unauthorizedJson(message));
+  public ForbiddenException(String message) {
+    super(forbiddenJson(message));
   }
 
 }

zeppelin-server/src/test/java/org/apache/zeppelin/rest/AbstractTestRestApi.java

@@ -539,7 +539,7 @@ public abstract class AbstractTestRestApi {
 
 
   /** Status code matcher */
-  protected Matcher<? super HttpMethodBase> isForbiden() { return responsesWith(403); }
+  protected Matcher<? super HttpMethodBase> isForbidden() { return responsesWith(403); }
 
   protected Matcher<? super HttpMethodBase> isAllowed() {
     return responsesWith(200);

zeppelin-server/src/test/java/org/apache/zeppelin/rest/NotebookSecurityRestApiTest.java

@@ -82,10 +82,10 @@ public class NotebookSecurityRestApiTest extends AbstractTestRestApi {
     //set permission
     String payload = "{ \"owners\": [\"admin\"], \"readers\": [\"user2\"], \"writers\": [\"user2\"] }";
     PutMethod put = httpPut("/notebook/" + noteId + "/permissions", payload , "admin", "password1");
-    assertThat("test set note premission method:", put, isAllowed());
+    assertThat("test set note permission method:", put, isAllowed());
     put.releaseConnection();
     
-    userTryGetNote(noteId, "user1", "password2", isForbiden());
+    userTryGetNote(noteId, "user1", "password2", isForbidden());
     
     userTryGetNote(noteId, "user2", "password3", isAllowed());
     
@@ -99,10 +99,10 @@ public class NotebookSecurityRestApiTest extends AbstractTestRestApi {
     //set permission
     String payload = "{ \"owners\": [\"admin\", \"user1\"], \"readers\": [\"user2\"], \"writers\": [\"user2\"] }";
     PutMethod put = httpPut("/notebook/" + noteId + "/permissions", payload , "admin", "password1");
-    assertThat("test set note premission method:", put, isAllowed());
+    assertThat("test set note permission method:", put, isAllowed());
     put.releaseConnection();
     
-    userTryRemoveNote(noteId, "user2", "password3", isForbiden());
+    userTryRemoveNote(noteId, "user2", "password3", isForbidden());
     userTryRemoveNote(noteId, "user1", "password2", isAllowed());
     
     Note deletedNote = ZeppelinServer.notebook.getNote(noteId);