001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.security.pacl;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020    import com.liferay.portal.service.impl.PortalServiceImpl;
021    import com.liferay.portal.spring.aop.ChainableMethodAdvice;
022    import com.liferay.portal.spring.aop.ServiceBeanAopProxy;
023    
024    import java.lang.reflect.Method;
025    
026    import org.aopalliance.intercept.MethodInvocation;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     */
031    public class PACLAdvice extends ChainableMethodAdvice {
032    
033            @Override
034            public Object invoke(MethodInvocation methodInvocation) throws Throwable {
035                    if (!PortalSecurityManagerThreadLocal.isEnabled()) {
036    
037                            // Proceed so that we do not remove the advice
038    
039                            try {
040                                    return methodInvocation.proceed();
041                            }
042                            catch (Throwable throwable) {
043                                    throw throwable;
044                            }
045                    }
046    
047                    if (!PACLPolicyManager.isActive()) {
048                            ServiceBeanAopProxy.removeMethodInterceptor(methodInvocation, this);
049    
050                            try {
051                                    return methodInvocation.proceed();
052                            }
053                            catch (Throwable throwable) {
054                                    throw throwable;
055                            }
056                    }
057    
058                    Object thisObject = methodInvocation.getThis();
059                    Method method = methodInvocation.getMethod();
060                    Object[] arguments = methodInvocation.getArguments();
061    
062                    boolean debug = false;
063    
064                    if (_log.isDebugEnabled()) {
065                            Class<?> clazz = thisObject.getClass();
066    
067                            String className = clazz.getName();
068    
069                            if (className.equals(PortalServiceImpl.class.getName()) ||
070                                    className.equals(_ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME) ||
071                                    className.equals(_STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME)) {
072    
073                                    debug = true;
074    
075                                    _log.debug(
076                                            "Intercepting " + className + "#" + method.getName());
077                            }
078                    }
079    
080                    if (method.getDeclaringClass() == Object.class) {
081                            String methodName = method.getName();
082    
083                            if (methodName.equals("equals")) {
084                                    if (thisObject == arguments[0]) {
085                                            return true;
086                                    }
087                                    else {
088                                            return false;
089                                    }
090                            }
091                            else if (methodName.equals("toString")) {
092                                    return method.invoke(thisObject, arguments);
093                            }
094                    }
095    
096                    if (!PACLPolicyManager.isActive()) {
097                            return method.invoke(thisObject, arguments);
098                    }
099    
100                    PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
101    
102                    if (debug) {
103                            if (paclPolicy != null) {
104                                    _log.debug(
105                                            "Retrieved PACL policy for " +
106                                                    paclPolicy.getServletContextName());
107                            }
108                    }
109    
110                    if (paclPolicy == null) {
111                            return methodInvocation.proceed();
112                    }
113    
114                    if (!paclPolicy.hasPortalService(thisObject, method, arguments)) {
115                            throw new SecurityException("Attempted to invoke " + method);
116                    }
117    
118                    boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
119    
120                    try {
121                            Class<?> thisObjectClass = thisObject.getClass();
122    
123                            if (paclPolicy.getClassLoader() !=
124                                            PACLClassLoaderUtil.getClassLoader(thisObjectClass)) {
125    
126                                    // Disable the portal security manager so that PACLDataSource
127                                    // does not try to check access to tables that can be accessed
128                                    // since the service is already approved
129    
130                                    PortalSecurityManagerThreadLocal.setCheckSQL(false);
131                            }
132    
133                            return methodInvocation.proceed();
134                    }
135                    finally {
136                            PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
137                    }
138            }
139    
140            private static final String _ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME =
141                    "com.liferay.chat.service.impl.EntryLocalServiceImpl";
142    
143            private static final String _STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME =
144                    "com.liferay.chat.service.impl.StatusLocalServiceImpl";
145    
146            private static Log _log = LogFactoryUtil.getLog(PACLAdvice.class);
147    
148    }