001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.JavaDetector;
020
021 import java.security.Permission;
022
023 import sun.reflect.Reflection;
024
025
028 public class NetChecker extends BaseChecker {
029
030 public void afterPropertiesSet() {
031 }
032
033 public void checkPermission(Permission permission) {
034 String name = permission.getName();
035
036 if (name.equals(NET_PERMISSION_GET_PROXY_SELECTOR)) {
037 if (!hasGetProxySelector()) {
038 throwSecurityException(_log, "Attempted to get proxy selector");
039 }
040 }
041 else if (name.equals(NET_PERMISSION_SPECIFY_STREAM_HANDLER)) {
042
043
044
045 }
046 }
047
048 protected boolean hasGetProxySelector() {
049 if (JavaDetector.isJDK7()) {
050 Class<?> callerClass8 = Reflection.getCallerClass(8);
051
052 String className8 = callerClass8.getName();
053
054 if (className8.startsWith(_CLASS_NAME_SOCKS_SOCKET_IMPL) &&
055 CheckerUtil.isAccessControllerDoPrivileged(9)) {
056
057 logGetProxySelector(callerClass8, 8);
058
059 return true;
060 }
061 }
062 else {
063 Class<?> callerClass7 = Reflection.getCallerClass(7);
064
065 String className7 = callerClass7.getName();
066
067 if (className7.startsWith(_CLASS_NAME_SOCKS_SOCKET_IMPL) &&
068 CheckerUtil.isAccessControllerDoPrivileged(8)) {
069
070 logGetProxySelector(callerClass7, 7);
071
072 return true;
073 }
074 }
075
076 return false;
077 }
078
079 protected void logGetProxySelector(Class<?> callerClass, int frame) {
080 if (_log.isInfoEnabled()) {
081 _log.info(
082 "Allowing frame " + frame + " with caller " + callerClass +
083 " to get the proxy selector");
084 }
085 }
086
087 private static final String _CLASS_NAME_SOCKS_SOCKET_IMPL =
088 "java.net.SocksSocketImpl$";
089
090 private static Log _log = LogFactoryUtil.getLog(NetChecker.class);
091
092 }