001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020    import com.liferay.portal.kernel.util.LocaleUtil;
021    
022    import java.security.Permission;
023    
024    import java.util.Locale;
025    import java.util.Set;
026    import java.util.TreeSet;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     * @author Raymond Augé
031     */
032    public class PortalHookChecker extends BaseChecker {
033    
034            public void afterPropertiesSet() {
035                    initCustomJspDir();
036                    initIndexers();
037                    initLanguagePropertiesLocales();
038                    initPortalPropertiesKeys();
039                    initServletFilters();
040                    initServices();
041                    initStrutsActionPaths();
042            }
043    
044            public void checkPermission(Permission permission) {
045                    PortalHookPermission portalHookPermission =
046                            (PortalHookPermission)permission;
047    
048                    String name = portalHookPermission.getName();
049                    Object subject = portalHookPermission.getSubject();
050    
051                    if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
052                            if (!_customJspDir) {
053                                    throwSecurityException(_log, "Attempted to set custom jsp dir");
054                            }
055                    }
056                    else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
057                            String indexerClassName = (String)subject;
058    
059                            if (!_indexers.contains(indexerClassName)) {
060                                    throwSecurityException(
061                                            _log, "Attempted to add indexer " + indexerClassName);
062                            }
063                    }
064                    else if (name.equals(
065                                            PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
066    
067                            Locale locale = (Locale)subject;
068    
069                            if (!_languagePropertiesLanguageIds.contains(
070                                            locale.getLanguage()) &&
071                                    !_languagePropertiesLanguageIds.contains(
072                                            locale.getLanguage() + "_" + locale.getCountry())) {
073    
074                                    throwSecurityException(
075                                            _log, "Attempted to override locale " + locale);
076                            }
077                    }
078                    else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
079                            String key = (String)subject;
080    
081                            if (!_portalPropertiesKeys.contains(key)) {
082                                    throwSecurityException(
083                                            _log, "Attempted to set portal property " + key);
084                            }
085                    }
086                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
087                            String serviceType = (String)subject;
088    
089                            if (!_services.contains(serviceType)) {
090                                    throwSecurityException(
091                                            _log, "Attempted to override service " + serviceType);
092                            }
093                    }
094                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
095                            if (!_servletFilters) {
096                                    throwSecurityException(
097                                            _log, "Attempted to override serlvet filters");
098                            }
099                    }
100                    else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
101                            String strutsActionPath = (String)subject;
102    
103                            if (!_strutsActionPaths.contains(strutsActionPath)) {
104                                    throwSecurityException(
105                                            _log,
106                                            "Attempted to use struts action path " + strutsActionPath);
107                            }
108                    }
109    
110            }
111    
112            @Override
113            public AuthorizationProperty generateAuthorizationProperty(
114                    Object... arguments) {
115    
116                    if ((arguments == null) || (arguments.length != 1) ||
117                            !(arguments[0] instanceof Permission)) {
118    
119                            return null;
120                    }
121    
122                    PortalHookPermission portalHookPermission =
123                            (PortalHookPermission)arguments[0];
124    
125                    String name = portalHookPermission.getName();
126                    Object subject = portalHookPermission.getSubject();
127    
128                    String key = null;
129                    String value = null;
130    
131                    if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
132                            key = "security-manager-hook-custom-jsp-dir-enabled";
133                            value = "true";
134                    }
135                    else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
136                            key = "security-manager-hook-indexers";
137                            value = (String)subject;
138                    }
139                    else if (name.equals(
140                                            PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
141    
142                            key = "security-manager-hook-language-properties-locales";
143    
144                            Locale locale = (Locale)subject;
145    
146                            value = LocaleUtil.toLanguageId(locale);
147                    }
148                    else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
149                            key = "security-manager-hook-portal-properties-keys";
150                            value = (String)subject;
151                    }
152                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
153                            key = "security-manager-hook-services";
154                            value = (String)subject;
155                    }
156                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
157                            key = "security-manager-hook-servlet-filters-enabled";
158                            value = "true";
159                    }
160                    else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
161                            key = "security-manager-hook-struts-action-paths";
162                            value = (String)subject;
163                    }
164                    else {
165                            return null;
166                    }
167    
168                    AuthorizationProperty authorizationProperty =
169                            new AuthorizationProperty();
170    
171                    authorizationProperty.setKey(key);
172                    authorizationProperty.setValue(value);
173    
174                    return authorizationProperty;
175            }
176    
177            protected void initCustomJspDir() {
178                    _customJspDir = getPropertyBoolean(
179                            "security-manager-hook-custom-jsp-dir-enabled");
180    
181                    if (_log.isDebugEnabled() && _customJspDir) {
182                            _log.debug("Allowing custom JSP dir");
183                    }
184            }
185    
186            protected void initIndexers() {
187                    _indexers = getPropertySet("security-manager-hook-indexers");
188    
189                    if (_log.isDebugEnabled()) {
190                            Set<String> indexers = new TreeSet<String>(_indexers);
191    
192                            for (String indexer : indexers) {
193                                    _log.debug("Allowing indexer " + indexer);
194                            }
195                    }
196            }
197    
198            protected void initLanguagePropertiesLocales() {
199                    _languagePropertiesLanguageIds = getPropertySet(
200                            "security-manager-hook-language-properties-locales");
201    
202                    if (_log.isDebugEnabled()) {
203                            Set<String> languageIds = new TreeSet<String>(
204                                    _languagePropertiesLanguageIds);
205    
206                            for (String languageId : languageIds) {
207                                    _log.debug("Allowing locale " + languageId);
208                            }
209                    }
210            }
211    
212            protected void initPortalPropertiesKeys() {
213                    _portalPropertiesKeys = getPropertySet(
214                            "security-manager-hook-portal-properties-keys");
215    
216                    if (_log.isDebugEnabled()) {
217                            Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
218    
219                            for (String key : keys) {
220                                    _log.debug("Allowing portal.properties key " + key);
221                            }
222                    }
223            }
224    
225            protected void initServices() {
226                    _services = getPropertySet("security-manager-hook-services");
227    
228                    if (_log.isDebugEnabled()) {
229                            Set<String> services = new TreeSet<String>(_services);
230    
231                            for (String service : services) {
232                                    _log.debug("Allowing service " + service);
233                            }
234                    }
235            }
236    
237            protected void initServletFilters() {
238                    _servletFilters = getPropertyBoolean(
239                            "security-manager-hook-servlet-filters-enabled");
240    
241                    if (_log.isDebugEnabled() && _servletFilters) {
242                            _log.debug("Allowing servlet filters");
243                    }
244            }
245    
246            protected void initStrutsActionPaths() {
247                    _strutsActionPaths = getPropertySet(
248                            "security-manager-hook-struts-action-paths");
249    
250                    if (_log.isDebugEnabled()) {
251                            Set<String> strutsActionPaths = new TreeSet<String>(
252                                    _strutsActionPaths);
253    
254                            for (String strutsActionPath : strutsActionPaths) {
255                                    _log.debug("Allowing Struts action path " + strutsActionPath);
256                            }
257                    }
258            }
259    
260            private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
261    
262            private boolean _customJspDir;
263            private Set<String> _indexers;
264            private Set<String> _languagePropertiesLanguageIds;
265            private Set<String> _portalPropertiesKeys;
266            private Set<String> _services;
267            private boolean _servletFilters;
268            private Set<String> _strutsActionPaths;
269    
270    }