001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.StringPool;
021
022 import java.net.SocketPermission;
023
024 import java.security.Permission;
025 import java.security.Permissions;
026
027
031 public class SocketChecker extends BaseChecker {
032
033 public void afterPropertiesSet() {
034 initAcceptHostsAndPorts();
035 initConnectHostsAndPorts();
036 initListenPorts();
037 }
038
039 public void checkPermission(Permission permission) {
040 String actions = permission.getActions();
041 String name = permission.getName();
042
043 if (!_permissions.implies(permission)) {
044 throwSecurityException(
045 _log, "Attempted " + actions + " for address " + name);
046 }
047 }
048
049 @Override
050 public AuthorizationProperty generateAuthorizationProperty(
051 Object... arguments) {
052
053 if ((arguments == null) || (arguments.length != 1) ||
054 !(arguments[0] instanceof Permission)) {
055
056 return null;
057 }
058
059 Permission permission = (Permission)arguments[0];
060
061 String actions = permission.getActions();
062
063 if (actions.equals(SOCKET_PERMISSION_RESOLVE)) {
064
065
066
067
068 return null;
069 }
070
071 String name = permission.getName();
072
073 int index = name.indexOf(StringPool.COLON);
074
075 int port = GetterUtil.getInteger(name.substring(index + 1));
076
077 String key = null;
078 String value = null;
079
080 if (actions.contains(SOCKET_PERMISSION_ACCEPT)) {
081 key = "security-manager-sockets-accept";
082 value = name;
083 }
084 else if (actions.contains(SOCKET_PERMISSION_CONNECT)) {
085 key = "security-manager-sockets-connect";
086 value = name;
087 }
088 else if (actions.contains(SOCKET_PERMISSION_LISTEN)) {
089 key = "security-manager-sockets-listen";
090 value = String.valueOf(port);
091 }
092 else {
093 return null;
094 }
095
096 AuthorizationProperty authorizationProperty =
097 new AuthorizationProperty();
098
099 authorizationProperty.setKey(key);
100 authorizationProperty.setValue(value);
101
102 return authorizationProperty;
103 }
104
105 protected void initAcceptHostsAndPorts() {
106 String[] networkParts = getPropertyArray(
107 "security-manager-sockets-accept");
108
109 for (String networkPart : networkParts) {
110 initHostsAndPorts(networkPart, SOCKET_PERMISSION_ACCEPT);
111 }
112 }
113
114 protected void initConnectHostsAndPorts() {
115 String[] networkParts = getPropertyArray(
116 "security-manager-sockets-connect");
117
118 for (String networkPart : networkParts) {
119 initHostsAndPorts(networkPart, SOCKET_PERMISSION_CONNECT);
120 }
121 }
122
123 protected void initHostsAndPorts(String networkPart, String action) {
124 SocketPermission socketPermission = new SocketPermission(
125 networkPart, action);
126
127 _permissions.add(socketPermission);
128 }
129
130 protected void initListenPorts() {
131 String[] listenParts = getPropertyArray(
132 "security-manager-sockets-listen");
133
134 for (String listenPart : listenParts) {
135 initListenPorts(listenPart);
136 }
137 }
138
139 protected void initListenPorts(String listenPart) {
140 initHostsAndPorts("*:" + listenPart, SOCKET_PERMISSION_LISTEN);
141 }
142
143 private static Log _log = LogFactoryUtil.getLog(SocketChecker.class);
144
145 private Permissions _permissions = new Permissions();
146
147 }