001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020    import com.liferay.portal.service.persistence.GroupPersistenceImpl;
021    import com.liferay.portal.service.persistence.UserPersistenceImpl;
022    import com.liferay.portal.util.ClassLoaderUtil;
023    
024    import java.lang.reflect.InvocationHandler;
025    import java.lang.reflect.InvocationTargetException;
026    import java.lang.reflect.Method;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     */
031    public class PACLBeanHandler implements InvocationHandler {
032    
033            public PACLBeanHandler(Object bean) {
034                    if (_log.isDebugEnabled()) {
035                            _log.debug("Creating handler for " + bean);
036                    }
037    
038                    _bean = bean;
039            }
040    
041            public Object getBean() {
042                    return _bean;
043            }
044    
045            public Object invoke(Object proxy, Method method, Object[] arguments)
046                    throws Throwable {
047    
048                    try {
049                            return doInvoke(proxy, method, arguments);
050                    }
051                    catch (InvocationTargetException ite) {
052                            throw ite.getTargetException();
053                    }
054            }
055    
056            protected Object doInvoke(Object proxy, Method method, Object[] arguments)
057                    throws Throwable {
058    
059                    boolean debug = false;
060    
061                    if (_log.isDebugEnabled()) {
062                            Class<?> clazz = _bean.getClass();
063    
064                            String className = clazz.getName();
065    
066                            if (className.equals(GroupPersistenceImpl.class.getName()) ||
067                                    className.equals(UserPersistenceImpl.class.getName())) {
068    
069                                    debug = true;
070    
071                                    _log.debug(
072                                            "Intercepting " + className + "#" + method.getName());
073                            }
074                    }
075    
076                    if (method.getDeclaringClass() == Object.class) {
077                            String methodName = method.getName();
078    
079                            if (methodName.equals("equals")) {
080                                    if (proxy == arguments[0]) {
081                                            return true;
082                                    }
083                                    else {
084                                            return false;
085                                    }
086                            }
087                            else if (methodName.equals("toString")) {
088                                    return method.invoke(_bean, arguments);
089                            }
090                    }
091    
092                    if (!PACLPolicyManager.isActive()) {
093                            return method.invoke(_bean, arguments);
094                    }
095    
096                    PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
097    
098                    if (debug) {
099                            if (paclPolicy != null) {
100                                    _log.debug(
101                                            "Retrieved PACL policy for " +
102                                                    paclPolicy.getServletContextName());
103                            }
104                    }
105    
106                    if (paclPolicy == null) {
107                            return method.invoke(_bean, arguments);
108                    }
109    
110                    if (!paclPolicy.hasPortalService(_bean, method, arguments)) {
111                            throw new SecurityException("Attempted to invoke " + method);
112                    }
113    
114                    boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
115    
116                    try {
117                            Class<?> beanClass = _bean.getClass();
118    
119                            if (paclPolicy.getClassLoader() !=
120                                            ClassLoaderUtil.getClassLoader(beanClass)) {
121    
122                                    // Disable the portal security manager so that PACLDataSource
123                                    // does not try to check access to tables that can be accessed
124                                    // since the service is already approved
125    
126                                    PortalSecurityManagerThreadLocal.setCheckSQL(false);
127                            }
128    
129                            return method.invoke(_bean, arguments);
130                    }
131                    finally {
132                            PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
133                    }
134            }
135    
136            private static Log _log = LogFactoryUtil.getLog(PACLBeanHandler.class);
137    
138            private Object _bean;
139    
140    }