001
014
015 package com.liferay.portal.security.pacl;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020 import com.liferay.portal.service.impl.PortalServiceImpl;
021 import com.liferay.portal.spring.aop.ChainableMethodAdvice;
022
023 import java.lang.reflect.Method;
024
025 import org.aopalliance.intercept.MethodInvocation;
026
027
030 public class PACLAdvice extends ChainableMethodAdvice {
031
032 @Override
033 public Object invoke(MethodInvocation methodInvocation) throws Throwable {
034 if (!PortalSecurityManagerThreadLocal.isEnabled()) {
035
036
037
038 try {
039 return methodInvocation.proceed();
040 }
041 catch (Throwable throwable) {
042 throw throwable;
043 }
044 }
045
046 if (!PACLPolicyManager.isActive()) {
047 serviceBeanAopCacheManager.removeMethodInterceptor(
048 methodInvocation, this);
049
050 try {
051 return methodInvocation.proceed();
052 }
053 catch (Throwable throwable) {
054 throw throwable;
055 }
056 }
057
058 Object thisObject = methodInvocation.getThis();
059 Method method = methodInvocation.getMethod();
060 Object[] arguments = methodInvocation.getArguments();
061
062 boolean debug = false;
063
064 if (_log.isDebugEnabled()) {
065 Class<?> clazz = thisObject.getClass();
066
067 String className = clazz.getName();
068
069 if (className.equals(PortalServiceImpl.class.getName()) ||
070 className.equals(_ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME) ||
071 className.equals(_STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME)) {
072
073 debug = true;
074
075 _log.debug(
076 "Intercepting " + className + "#" + method.getName());
077 }
078 }
079
080 if (method.getDeclaringClass() == Object.class) {
081 String methodName = method.getName();
082
083 if (methodName.equals("equals")) {
084 if (thisObject == arguments[0]) {
085 return true;
086 }
087 else {
088 return false;
089 }
090 }
091 else if (methodName.equals("toString")) {
092 return method.invoke(thisObject, arguments);
093 }
094 }
095
096 if (!PACLPolicyManager.isActive()) {
097 return method.invoke(thisObject, arguments);
098 }
099
100 PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
101
102 if (debug) {
103 if (paclPolicy != null) {
104 _log.debug(
105 "Retrieved PACL policy for " +
106 paclPolicy.getServletContextName());
107 }
108 }
109
110 if (paclPolicy == null) {
111 return methodInvocation.proceed();
112 }
113
114 if (!paclPolicy.hasPortalService(thisObject, method, arguments)) {
115 throw new SecurityException("Attempted to invoke " + method);
116 }
117
118 boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
119
120 try {
121 Class<?> thisObjectClass = thisObject.getClass();
122
123 if (paclPolicy.getClassLoader() !=
124 PACLClassLoaderUtil.getClassLoader(thisObjectClass)) {
125
126
127
128
129
130 PortalSecurityManagerThreadLocal.setCheckSQL(false);
131 }
132
133 return methodInvocation.proceed();
134 }
135 finally {
136 PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
137 }
138 }
139
140 private static final String _ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME =
141 "com.liferay.chat.service.impl.EntryLocalServiceImpl";
142
143 private static final String _STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME =
144 "com.liferay.chat.service.impl.StatusLocalServiceImpl";
145
146 private static Log _log = LogFactoryUtil.getLog(PACLAdvice.class);
147
148 }