001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.dao.jdbc.pacl;
016    
017    import com.liferay.portal.kernel.util.ProxyUtil;
018    import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
019    import com.liferay.portal.security.pacl.PACLPolicy;
020    
021    import java.lang.Object;
022    import java.lang.reflect.InvocationHandler;
023    import java.lang.reflect.InvocationTargetException;
024    import java.lang.reflect.Method;
025    
026    import java.sql.CallableStatement;
027    import java.sql.Connection;
028    import java.sql.PreparedStatement;
029    import java.sql.Statement;
030    
031    import java.util.ArrayList;
032    import java.util.List;
033    
034    /**
035     * @author Brian Wing Shun Chan
036     */
037    public class PACLConnectionHandler implements InvocationHandler {
038    
039            public PACLConnectionHandler(Connection connection, PACLPolicy paclPolicy) {
040                    _connection = connection;
041                    _paclPolicy = paclPolicy;
042            }
043    
044            public Object invoke(Object proxy, Method method, Object[] arguments)
045                    throws Throwable {
046    
047                    try {
048                            String methodName = method.getName();
049    
050                            if (methodName.equals("equals")) {
051                                    if (proxy == arguments[0]) {
052                                            return true;
053                                    }
054                                    else {
055                                            return false;
056                                    }
057                            }
058                            else if (methodName.equals("hashCode")) {
059                                    return System.identityHashCode(proxy);
060                            }
061                            else if (methodName.equals("prepareCall") ||
062                                             methodName.equals("prepareStatement")) {
063    
064                                    String sql = (String)arguments[0];
065    
066                                    if (!_paclPolicy.hasSQL(sql)) {
067                                            throw new SecurityException(
068                                                    "Attempted to execute unapproved SQL " + sql);
069                                    }
070                            }
071    
072                            boolean enabled = PortalSecurityManagerThreadLocal.isEnabled();
073    
074                            Object returnValue = null;
075    
076                            try {
077                                    PortalSecurityManagerThreadLocal.setEnabled(false);
078    
079                                    returnValue = method.invoke(_connection, arguments);
080                            }
081                            finally {
082                                    PortalSecurityManagerThreadLocal.setEnabled(enabled);
083                            }
084    
085                            if (methodName.equals("createStatement") ||
086                                    methodName.equals("prepareCall") ||
087                                    methodName.equals("prepareStatement")) {
088    
089                                    Statement statement = (Statement)returnValue;
090    
091                                    return ProxyUtil.newProxyInstance(
092                                            _paclPolicy.getClassLoader(),
093                                            getInterfaces(returnValue.getClass()),
094                                            new PACLStatementHandler(statement, _paclPolicy));
095                            }
096    
097                            return returnValue;
098                    }
099                    catch (InvocationTargetException ite) {
100                            throw ite.getTargetException();
101                    }
102            }
103    
104            protected Class<?>[] getInterfaces(Class<?> returnType) {
105                    List<Class<?>> interfaceClasses = new ArrayList<Class<?>>();
106    
107                    interfaceClasses.add(Statement.class);
108    
109                    if (!CallableStatement.class.isAssignableFrom(returnType)) {
110                            interfaceClasses.add(CallableStatement.class);
111                    }
112                    else if (!PreparedStatement.class.isAssignableFrom(returnType)) {
113                            interfaceClasses.add(PreparedStatement.class);
114                    }
115    
116                    return interfaceClasses.toArray(new Class<?>[interfaceClasses.size()]);
117            }
118    
119            private Connection _connection;
120            private PACLPolicy _paclPolicy;
121    
122    }