001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020    import com.liferay.portal.service.persistence.GroupPersistenceImpl;
021    import com.liferay.portal.service.persistence.UserPersistenceImpl;
022    
023    import java.lang.reflect.InvocationHandler;
024    import java.lang.reflect.InvocationTargetException;
025    import java.lang.reflect.Method;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     */
030    public class PACLBeanHandler implements InvocationHandler {
031    
032            public PACLBeanHandler(Object bean) {
033                    if (_log.isDebugEnabled()) {
034                            _log.debug("Creating handler for " + bean);
035                    }
036    
037                    _bean = bean;
038            }
039    
040            public Object getBean() {
041                    return _bean;
042            }
043    
044            public Object invoke(Object proxy, Method method, Object[] arguments)
045                    throws Throwable {
046    
047                    try {
048                            return doInvoke(proxy, method, arguments);
049                    }
050                    catch (InvocationTargetException ite) {
051                            throw ite.getTargetException();
052                    }
053            }
054    
055            protected Object doInvoke(Object proxy, Method method, Object[] arguments)
056                    throws Throwable {
057    
058                    boolean debug = false;
059    
060                    if (_log.isDebugEnabled()) {
061                            Class<?> clazz = _bean.getClass();
062    
063                            String className = clazz.getName();
064    
065                            if (className.equals(GroupPersistenceImpl.class.getName()) ||
066                                    className.equals(UserPersistenceImpl.class.getName())) {
067    
068                                    debug = true;
069    
070                                    _log.debug(
071                                            "Intercepting " + className + "#" + method.getName());
072                            }
073                    }
074    
075                    if (method.getDeclaringClass() == Object.class) {
076                            String methodName = method.getName();
077    
078                            if (methodName.equals("equals")) {
079                                    if (proxy == arguments[0]) {
080                                            return true;
081                                    }
082                                    else {
083                                            return false;
084                                    }
085                            }
086                            else if (methodName.equals("toString")) {
087                                    return method.invoke(_bean, arguments);
088                            }
089                    }
090    
091                    if (!PACLPolicyManager.isActive()) {
092                            return method.invoke(_bean, arguments);
093                    }
094    
095                    PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
096    
097                    if (debug) {
098                            if (paclPolicy != null) {
099                                    _log.debug(
100                                            "Retrieved PACL policy for " +
101                                                    paclPolicy.getServletContextName());
102                            }
103                    }
104    
105                    if (paclPolicy == null) {
106                            return method.invoke(_bean, arguments);
107                    }
108    
109                    if (!paclPolicy.hasPortalService(_bean, method, arguments)) {
110                            throw new SecurityException("Attempted to invoke " + method);
111                    }
112    
113                    boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
114    
115                    try {
116                            Class<?> beanClass = _bean.getClass();
117    
118                            if (paclPolicy.getClassLoader() !=
119                                            PACLClassLoaderUtil.getClassLoader(beanClass)) {
120    
121                                    // Disable the portal security manager so that PACLDataSource
122                                    // does not try to check access to tables that can be accessed
123                                    // since the service is already approved
124    
125                                    PortalSecurityManagerThreadLocal.setCheckSQL(false);
126                            }
127    
128                            return method.invoke(_bean, arguments);
129                    }
130                    finally {
131                            PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
132                    }
133            }
134    
135            private static Log _log = LogFactoryUtil.getLog(PACLBeanHandler.class);
136    
137            private Object _bean;
138    
139    }