001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalMessageBusPermission;
020
021 import java.security.Permission;
022
023 import java.util.Set;
024 import java.util.TreeSet;
025
026
030 public class PortalMessageBusChecker extends BaseChecker {
031
032 public void afterPropertiesSet() {
033 initListenDestinationNames();
034 initSendDestinationNames();
035 }
036
037 public void checkPermission(Permission permission) {
038 PortalMessageBusPermission portalMessageBusPermission =
039 (PortalMessageBusPermission)permission;
040
041 String name = portalMessageBusPermission.getName();
042 String destinationName =
043 portalMessageBusPermission.getDestinationName();
044
045 if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
046 if (!_listenDestinationNames.contains(destinationName)) {
047 throwSecurityException(
048 _log,
049 "Attempted to listen on destination " + destinationName);
050 }
051 }
052 else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
053 if (!_sendDestinationNames.contains(destinationName)) {
054 throwSecurityException(
055 _log, "Attempted to send to " + destinationName);
056 }
057 }
058
059 }
060
061 @Override
062 public AuthorizationProperty generateAuthorizationProperty(
063 Object... arguments) {
064
065 if ((arguments == null) || (arguments.length != 1) ||
066 !(arguments[0] instanceof Permission)) {
067
068 return null;
069 }
070
071 PortalMessageBusPermission portalMessageBusPermission =
072 (PortalMessageBusPermission)arguments[0];
073
074 String name = portalMessageBusPermission.getName();
075
076 String key = null;
077
078 if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
079 key = "security-manager-message-bus-listen";
080 }
081 else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
082 key = "security-manager-message-bus-send";
083 }
084 else {
085 return null;
086 }
087
088 AuthorizationProperty authorizationProperty =
089 new AuthorizationProperty();
090
091 authorizationProperty.setKey(key);
092 authorizationProperty.setValue(
093 portalMessageBusPermission.getDestinationName());
094
095 return authorizationProperty;
096 }
097
098 protected void initListenDestinationNames() {
099 _listenDestinationNames = getPropertySet(
100 "security-manager-message-bus-listen");
101
102 if (_log.isDebugEnabled()) {
103 Set<String> destinationNames = new TreeSet<String>(
104 _listenDestinationNames);
105
106 for (String destinationName : destinationNames) {
107 _log.debug(
108 "Allowing message listeners to listen on destination " +
109 destinationName);
110 }
111 }
112 }
113
114 protected void initSendDestinationNames() {
115 _sendDestinationNames = getPropertySet(
116 "security-manager-message-bus-send");
117
118 if (_log.isDebugEnabled()) {
119 Set<String> destinationNames = new TreeSet<String>(
120 _sendDestinationNames);
121
122 for (String destinationName : destinationNames) {
123 _log.debug(
124 "Allowing the message bus to send to destination " +
125 destinationName);
126 }
127 }
128 }
129
130 private static Log _log = LogFactoryUtil.getLog(
131 PortalMessageBusChecker.class);
132
133 private Set<String> _listenDestinationNames;
134 private Set<String> _sendDestinationNames;
135
136 }