001
014
015 package com.liferay.portal.security.pacl;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020 import com.liferay.portal.service.persistence.GroupPersistenceImpl;
021 import com.liferay.portal.service.persistence.UserPersistenceImpl;
022 import com.liferay.portal.util.ClassLoaderUtil;
023
024 import java.lang.reflect.InvocationHandler;
025 import java.lang.reflect.InvocationTargetException;
026 import java.lang.reflect.Method;
027
028
031 public class PACLBeanHandler implements InvocationHandler {
032
033 public PACLBeanHandler(Object bean) {
034 if (_log.isDebugEnabled()) {
035 _log.debug("Creating handler for " + bean);
036 }
037
038 _bean = bean;
039 }
040
041 public Object getBean() {
042 return _bean;
043 }
044
045 public Object invoke(Object proxy, Method method, Object[] arguments)
046 throws Throwable {
047
048 try {
049 return doInvoke(proxy, method, arguments);
050 }
051 catch (InvocationTargetException ite) {
052 throw ite.getTargetException();
053 }
054 }
055
056 protected Object doInvoke(Object proxy, Method method, Object[] arguments)
057 throws Throwable {
058
059 boolean debug = false;
060
061 if (_log.isDebugEnabled()) {
062 Class<?> clazz = _bean.getClass();
063
064 String className = clazz.getName();
065
066 if (className.equals(GroupPersistenceImpl.class.getName()) ||
067 className.equals(UserPersistenceImpl.class.getName())) {
068
069 debug = true;
070
071 _log.debug(
072 "Intercepting " + className + "#" + method.getName());
073 }
074 }
075
076 if (method.getDeclaringClass() == Object.class) {
077 String methodName = method.getName();
078
079 if (methodName.equals("equals")) {
080 if (proxy == arguments[0]) {
081 return true;
082 }
083 else {
084 return false;
085 }
086 }
087 else if (methodName.equals("toString")) {
088 return method.invoke(_bean, arguments);
089 }
090 }
091
092 if (!PACLPolicyManager.isActive()) {
093 return method.invoke(_bean, arguments);
094 }
095
096 PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
097
098 if (debug) {
099 if (paclPolicy != null) {
100 _log.debug(
101 "Retrieved PACL policy for " +
102 paclPolicy.getServletContextName());
103 }
104 }
105
106 if (paclPolicy == null) {
107 return method.invoke(_bean, arguments);
108 }
109
110 if (!paclPolicy.hasPortalService(_bean, method, arguments)) {
111 throw new SecurityException("Attempted to invoke " + method);
112 }
113
114 boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
115
116 try {
117 Class<?> beanClass = _bean.getClass();
118
119 if (paclPolicy.getClassLoader() !=
120 ClassLoaderUtil.getClassLoader(beanClass)) {
121
122
123
124
125
126 PortalSecurityManagerThreadLocal.setCheckSQL(false);
127 }
128
129 return method.invoke(_bean, arguments);
130 }
131 finally {
132 PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
133 }
134 }
135
136 private static Log _log = LogFactoryUtil.getLog(PACLBeanHandler.class);
137
138 private Object _bean;
139
140 }