001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020    
021    import java.security.Permission;
022    
023    import java.util.Locale;
024    import java.util.Set;
025    import java.util.TreeSet;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     */
030    public class PortalHookChecker extends BaseChecker {
031    
032            public void afterPropertiesSet() {
033                    initCustomJspDir();
034                    initIndexers();
035                    initLanguagePropertiesLocales();
036                    initPortalPropertiesKeys();
037                    initServletFilters();
038                    initServices();
039                    initStrutsActionPaths();
040            }
041    
042            public void checkPermission(Permission permission) {
043                    PortalHookPermission portalHookPermission =
044                            (PortalHookPermission)permission;
045    
046                    String name = portalHookPermission.getName();
047                    Object subject = portalHookPermission.getSubject();
048    
049                    if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
050                            if (!_customJspDir) {
051                                    throwSecurityException(_log, "Attempted to set custom jsp dir");
052                            }
053                    }
054                    else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
055                            String indexerClassName = (String)subject;
056    
057                            if (!_indexers.contains(indexerClassName)) {
058                                    throwSecurityException(
059                                            _log, "Attempted to add indexer " + indexerClassName);
060                            }
061                    }
062                    else if (name.equals(
063                                            PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
064    
065                            Locale locale = (Locale)subject;
066    
067                            if (!_languagePropertiesLanguageIds.contains(
068                                            locale.getLanguage()) &&
069                                    !_languagePropertiesLanguageIds.contains(
070                                            locale.getLanguage() + "_" + locale.getCountry())) {
071    
072                                    throwSecurityException(
073                                            _log, "Attempted to override locale " + locale);
074                            }
075                    }
076                    else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
077                            String key = (String)subject;
078    
079                            if (!_portalPropertiesKeys.contains(key)) {
080                                    throwSecurityException(
081                                            _log, "Attempted to set portal property " + key);
082                            }
083                    }
084                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
085                            String serviceType = (String)subject;
086    
087                            if (!_services.contains(serviceType)) {
088                                    throwSecurityException(
089                                            _log, "Attempted to override service " + serviceType);
090                            }
091                    }
092                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
093                            if (!_servletFilters) {
094                                    throwSecurityException(
095                                            _log, "Attempted to override serlvet filters");
096                            }
097                    }
098                    else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
099                            String strutsActionPath = (String)subject;
100    
101                            if (!_strutsActionPaths.contains(strutsActionPath)) {
102                                    throwSecurityException(
103                                            _log,
104                                            "Attempted to use struts action path " + strutsActionPath);
105                            }
106                    }
107            }
108    
109            protected void initCustomJspDir() {
110                    _customJspDir = getPropertyBoolean(
111                            "security-manager-hook-custom-jsp-dir-enabled");
112    
113                    if (_log.isDebugEnabled() && _customJspDir) {
114                            _log.debug("Allowing custom JSP dir");
115                    }
116            }
117    
118            protected void initIndexers() {
119                    _indexers = getPropertySet("security-manager-hook-indexers");
120    
121                    if (_log.isDebugEnabled()) {
122                            Set<String> indexers = new TreeSet<String>(_indexers);
123    
124                            for (String indexer : indexers) {
125                                    _log.debug("Allowing indexer " + indexer);
126                            }
127                    }
128            }
129    
130            protected void initLanguagePropertiesLocales() {
131                    _languagePropertiesLanguageIds = getPropertySet(
132                            "security-manager-hook-language-properties-locales");
133    
134                    if (_log.isDebugEnabled()) {
135                            Set<String> languageIds = new TreeSet<String>(
136                                    _languagePropertiesLanguageIds);
137    
138                            for (String languageId : languageIds) {
139                                    _log.debug("Allowing locale " + languageId);
140                            }
141                    }
142            }
143    
144            protected void initPortalPropertiesKeys() {
145                    _portalPropertiesKeys = getPropertySet(
146                            "security-manager-hook-portal-properties-keys");
147    
148                    if (_log.isDebugEnabled()) {
149                            Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
150    
151                            for (String key : keys) {
152                                    _log.debug("Allowing portal.properties key " + key);
153                            }
154                    }
155            }
156    
157            protected void initServices() {
158                    _services = getPropertySet("security-manager-hook-services");
159    
160                    if (_log.isDebugEnabled()) {
161                            Set<String> services = new TreeSet<String>(_services);
162    
163                            for (String service : services) {
164                                    _log.debug("Allowing service " + service);
165                            }
166                    }
167            }
168    
169            protected void initServletFilters() {
170                    _servletFilters = getPropertyBoolean(
171                            "security-manager-hook-servlet-filters-enabled");
172    
173                    if (_log.isDebugEnabled() && _servletFilters) {
174                            _log.debug("Allowing servlet filters");
175                    }
176            }
177    
178            protected void initStrutsActionPaths() {
179                    _strutsActionPaths = getPropertySet(
180                            "security-manager-hook-struts-action-paths");
181    
182                    if (_log.isDebugEnabled()) {
183                            Set<String> strutsActionPaths = new TreeSet<String>(
184                                    _strutsActionPaths);
185    
186                            for (String strutsActionPath : strutsActionPaths) {
187                                    _log.debug("Allowing Struts action path " + strutsActionPath);
188                            }
189                    }
190            }
191    
192            private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
193    
194            private boolean _customJspDir;
195            private Set<String> _indexers;
196            private Set<String> _languagePropertiesLanguageIds;
197            private Set<String> _portalPropertiesKeys;
198            private Set<String> _services;
199            private boolean _servletFilters;
200            private Set<String> _strutsActionPaths;
201    
202    }