001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020 import com.liferay.portal.kernel.util.LocaleUtil;
021
022 import java.security.Permission;
023
024 import java.util.Locale;
025 import java.util.Set;
026 import java.util.TreeSet;
027
028
032 public class PortalHookChecker extends BaseChecker {
033
034 public void afterPropertiesSet() {
035 initCustomJspDir();
036 initIndexers();
037 initLanguagePropertiesLocales();
038 initPortalPropertiesKeys();
039 initServletFilters();
040 initServices();
041 initStrutsActionPaths();
042 }
043
044 public void checkPermission(Permission permission) {
045 PortalHookPermission portalHookPermission =
046 (PortalHookPermission)permission;
047
048 String name = portalHookPermission.getName();
049 Object subject = portalHookPermission.getSubject();
050
051 if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
052 if (!_customJspDir) {
053 throwSecurityException(_log, "Attempted to set custom jsp dir");
054 }
055 }
056 else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
057 String indexerClassName = (String)subject;
058
059 if (!_indexers.contains(indexerClassName)) {
060 throwSecurityException(
061 _log, "Attempted to add indexer " + indexerClassName);
062 }
063 }
064 else if (name.equals(
065 PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
066
067 Locale locale = (Locale)subject;
068
069 if (!_languagePropertiesLanguageIds.contains(
070 locale.getLanguage()) &&
071 !_languagePropertiesLanguageIds.contains(
072 locale.getLanguage() + "_" + locale.getCountry())) {
073
074 throwSecurityException(
075 _log, "Attempted to override locale " + locale);
076 }
077 }
078 else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
079 String key = (String)subject;
080
081 if (!_portalPropertiesKeys.contains(key)) {
082 throwSecurityException(
083 _log, "Attempted to set portal property " + key);
084 }
085 }
086 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
087 String serviceType = (String)subject;
088
089 if (!_services.contains(serviceType)) {
090 throwSecurityException(
091 _log, "Attempted to override service " + serviceType);
092 }
093 }
094 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
095 if (!_servletFilters) {
096 throwSecurityException(
097 _log, "Attempted to override serlvet filters");
098 }
099 }
100 else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
101 String strutsActionPath = (String)subject;
102
103 if (!_strutsActionPaths.contains(strutsActionPath)) {
104 throwSecurityException(
105 _log,
106 "Attempted to use struts action path " + strutsActionPath);
107 }
108 }
109
110 }
111
112 @Override
113 public AuthorizationProperty generateAuthorizationProperty(
114 Object... arguments) {
115
116 if ((arguments == null) || (arguments.length != 1) ||
117 !(arguments[0] instanceof Permission)) {
118
119 return null;
120 }
121
122 PortalHookPermission portalHookPermission =
123 (PortalHookPermission)arguments[0];
124
125 String name = portalHookPermission.getName();
126 Object subject = portalHookPermission.getSubject();
127
128 String key = null;
129 String value = null;
130
131 if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
132 key = "security-manager-hook-custom-jsp-dir-enabled";
133 value = "true";
134 }
135 else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
136 key = "security-manager-hook-indexers";
137 value = (String)subject;
138 }
139 else if (name.equals(
140 PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
141
142 key = "security-manager-hook-language-properties-locales";
143
144 Locale locale = (Locale)subject;
145
146 value = LocaleUtil.toLanguageId(locale);
147 }
148 else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
149 key = "security-manager-hook-portal-properties-keys";
150 value = (String)subject;
151 }
152 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
153 key = "security-manager-hook-services";
154 value = (String)subject;
155 }
156 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
157 key = "security-manager-hook-servlet-filters-enabled";
158 value = "true";
159 }
160 else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
161 key = "security-manager-hook-struts-action-paths";
162 value = (String)subject;
163 }
164 else {
165 return null;
166 }
167
168 AuthorizationProperty authorizationProperty =
169 new AuthorizationProperty();
170
171 authorizationProperty.setKey(key);
172 authorizationProperty.setValue(value);
173
174 return authorizationProperty;
175 }
176
177 protected void initCustomJspDir() {
178 _customJspDir = getPropertyBoolean(
179 "security-manager-hook-custom-jsp-dir-enabled");
180
181 if (_log.isDebugEnabled() && _customJspDir) {
182 _log.debug("Allowing custom JSP dir");
183 }
184 }
185
186 protected void initIndexers() {
187 _indexers = getPropertySet("security-manager-hook-indexers");
188
189 if (_log.isDebugEnabled()) {
190 Set<String> indexers = new TreeSet<String>(_indexers);
191
192 for (String indexer : indexers) {
193 _log.debug("Allowing indexer " + indexer);
194 }
195 }
196 }
197
198 protected void initLanguagePropertiesLocales() {
199 _languagePropertiesLanguageIds = getPropertySet(
200 "security-manager-hook-language-properties-locales");
201
202 if (_log.isDebugEnabled()) {
203 Set<String> languageIds = new TreeSet<String>(
204 _languagePropertiesLanguageIds);
205
206 for (String languageId : languageIds) {
207 _log.debug("Allowing locale " + languageId);
208 }
209 }
210 }
211
212 protected void initPortalPropertiesKeys() {
213 _portalPropertiesKeys = getPropertySet(
214 "security-manager-hook-portal-properties-keys");
215
216 if (_log.isDebugEnabled()) {
217 Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
218
219 for (String key : keys) {
220 _log.debug("Allowing portal.properties key " + key);
221 }
222 }
223 }
224
225 protected void initServices() {
226 _services = getPropertySet("security-manager-hook-services");
227
228 if (_log.isDebugEnabled()) {
229 Set<String> services = new TreeSet<String>(_services);
230
231 for (String service : services) {
232 _log.debug("Allowing service " + service);
233 }
234 }
235 }
236
237 protected void initServletFilters() {
238 _servletFilters = getPropertyBoolean(
239 "security-manager-hook-servlet-filters-enabled");
240
241 if (_log.isDebugEnabled() && _servletFilters) {
242 _log.debug("Allowing servlet filters");
243 }
244 }
245
246 protected void initStrutsActionPaths() {
247 _strutsActionPaths = getPropertySet(
248 "security-manager-hook-struts-action-paths");
249
250 if (_log.isDebugEnabled()) {
251 Set<String> strutsActionPaths = new TreeSet<String>(
252 _strutsActionPaths);
253
254 for (String strutsActionPath : strutsActionPaths) {
255 _log.debug("Allowing Struts action path " + strutsActionPath);
256 }
257 }
258 }
259
260 private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
261
262 private boolean _customJspDir;
263 private Set<String> _indexers;
264 private Set<String> _languagePropertiesLanguageIds;
265 private Set<String> _portalPropertiesKeys;
266 private Set<String> _services;
267 private boolean _servletFilters;
268 private Set<String> _strutsActionPaths;
269
270 }