001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020
021 import java.security.Permission;
022
023 import java.util.Locale;
024 import java.util.Set;
025 import java.util.TreeSet;
026
027
030 public class PortalHookChecker extends BaseChecker {
031
032 public void afterPropertiesSet() {
033 initCustomJspDir();
034 initIndexers();
035 initLanguagePropertiesLocales();
036 initPortalPropertiesKeys();
037 initServletFilters();
038 initServices();
039 initStrutsActionPaths();
040 }
041
042 public void checkPermission(Permission permission) {
043 PortalHookPermission portalHookPermission =
044 (PortalHookPermission)permission;
045
046 String name = portalHookPermission.getName();
047 Object subject = portalHookPermission.getSubject();
048
049 if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
050 if (!_customJspDir) {
051 throwSecurityException(_log, "Attempted to set custom jsp dir");
052 }
053 }
054 else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
055 String indexerClassName = (String)subject;
056
057 if (!_indexers.contains(indexerClassName)) {
058 throwSecurityException(
059 _log, "Attempted to add indexer " + indexerClassName);
060 }
061 }
062 else if (name.equals(
063 PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
064
065 Locale locale = (Locale)subject;
066
067 if (!_languagePropertiesLanguageIds.contains(
068 locale.getLanguage()) &&
069 !_languagePropertiesLanguageIds.contains(
070 locale.getLanguage() + "_" + locale.getCountry())) {
071
072 throwSecurityException(
073 _log, "Attempted to override locale " + locale);
074 }
075 }
076 else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
077 String key = (String)subject;
078
079 if (!_portalPropertiesKeys.contains(key)) {
080 throwSecurityException(
081 _log, "Attempted to set portal property " + key);
082 }
083 }
084 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
085 String serviceType = (String)subject;
086
087 if (!_services.contains(serviceType)) {
088 throwSecurityException(
089 _log, "Attempted to override service " + serviceType);
090 }
091 }
092 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
093 if (!_servletFilters) {
094 throwSecurityException(
095 _log, "Attempted to override serlvet filters");
096 }
097 }
098 else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
099 String strutsActionPath = (String)subject;
100
101 if (!_strutsActionPaths.contains(strutsActionPath)) {
102 throwSecurityException(
103 _log,
104 "Attempted to use struts action path " + strutsActionPath);
105 }
106 }
107 }
108
109 protected void initCustomJspDir() {
110 _customJspDir = getPropertyBoolean(
111 "security-manager-hook-custom-jsp-dir-enabled");
112
113 if (_log.isDebugEnabled() && _customJspDir) {
114 _log.debug("Allowing custom JSP dir");
115 }
116 }
117
118 protected void initIndexers() {
119 _indexers = getPropertySet("security-manager-hook-indexers");
120
121 if (_log.isDebugEnabled()) {
122 Set<String> indexers = new TreeSet<String>(_indexers);
123
124 for (String indexer : indexers) {
125 _log.debug("Allowing indexer " + indexer);
126 }
127 }
128 }
129
130 protected void initLanguagePropertiesLocales() {
131 _languagePropertiesLanguageIds = getPropertySet(
132 "security-manager-hook-language-properties-locales");
133
134 if (_log.isDebugEnabled()) {
135 Set<String> languageIds = new TreeSet<String>(
136 _languagePropertiesLanguageIds);
137
138 for (String languageId : languageIds) {
139 _log.debug("Allowing locale " + languageId);
140 }
141 }
142 }
143
144 protected void initPortalPropertiesKeys() {
145 _portalPropertiesKeys = getPropertySet(
146 "security-manager-hook-portal-properties-keys");
147
148 if (_log.isDebugEnabled()) {
149 Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
150
151 for (String key : keys) {
152 _log.debug("Allowing portal.properties key " + key);
153 }
154 }
155 }
156
157 protected void initServices() {
158 _services = getPropertySet("security-manager-hook-services");
159
160 if (_log.isDebugEnabled()) {
161 Set<String> services = new TreeSet<String>(_services);
162
163 for (String service : services) {
164 _log.debug("Allowing service " + service);
165 }
166 }
167 }
168
169 protected void initServletFilters() {
170 _servletFilters = getPropertyBoolean(
171 "security-manager-hook-servlet-filters-enabled");
172
173 if (_log.isDebugEnabled() && _servletFilters) {
174 _log.debug("Allowing servlet filters");
175 }
176 }
177
178 protected void initStrutsActionPaths() {
179 _strutsActionPaths = getPropertySet(
180 "security-manager-hook-struts-action-paths");
181
182 if (_log.isDebugEnabled()) {
183 Set<String> strutsActionPaths = new TreeSet<String>(
184 _strutsActionPaths);
185
186 for (String strutsActionPath : strutsActionPaths) {
187 _log.debug("Allowing Struts action path " + strutsActionPath);
188 }
189 }
190 }
191
192 private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
193
194 private boolean _customJspDir;
195 private Set<String> _indexers;
196 private Set<String> _languagePropertiesLanguageIds;
197 private Set<String> _portalPropertiesKeys;
198 private Set<String> _services;
199 private boolean _servletFilters;
200 private Set<String> _strutsActionPaths;
201
202 }