001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020 import com.liferay.portal.kernel.util.LocaleUtil;
021
022 import java.security.Permission;
023
024 import java.util.Locale;
025 import java.util.Set;
026 import java.util.TreeSet;
027
028
032 public class PortalHookChecker extends BaseChecker {
033
034 public void afterPropertiesSet() {
035 initCustomJspDir();
036 initIndexers();
037 initLanguagePropertiesLocales();
038 initPortalPropertiesKeys();
039 initServletFilters();
040 initServices();
041 initStrutsActionPaths();
042 }
043
044 @Override
045 public AuthorizationProperty generateAuthorizationProperty(
046 Object... arguments) {
047
048 if ((arguments == null) || (arguments.length != 1) ||
049 !(arguments[0] instanceof Permission)) {
050
051 return null;
052 }
053
054 PortalHookPermission portalHookPermission =
055 (PortalHookPermission)arguments[0];
056
057 String name = portalHookPermission.getName();
058 Object subject = portalHookPermission.getSubject();
059
060 String key = null;
061 String value = null;
062
063 if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
064 key = "security-manager-hook-custom-jsp-dir-enabled";
065 value = "true";
066 }
067 else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
068 key = "security-manager-hook-indexers";
069 value = (String)subject;
070 }
071 else if (name.equals(
072 PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
073
074 key = "security-manager-hook-language-properties-locales";
075
076 Locale locale = (Locale)subject;
077
078 value = LocaleUtil.toLanguageId(locale);
079 }
080 else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
081 key = "security-manager-hook-portal-properties-keys";
082 value = (String)subject;
083 }
084 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
085 key = "security-manager-hook-services";
086 value = (String)subject;
087 }
088 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
089 key = "security-manager-hook-servlet-filters-enabled";
090 value = "true";
091 }
092 else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
093 key = "security-manager-hook-struts-action-paths";
094 value = (String)subject;
095 }
096 else {
097 return null;
098 }
099
100 AuthorizationProperty authorizationProperty =
101 new AuthorizationProperty();
102
103 authorizationProperty.setKey(key);
104 authorizationProperty.setValue(value);
105
106 return authorizationProperty;
107 }
108
109 public boolean implies(Permission permission) {
110 PortalHookPermission portalHookPermission =
111 (PortalHookPermission)permission;
112
113 String name = portalHookPermission.getName();
114 Object subject = portalHookPermission.getSubject();
115
116 if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
117 if (!_customJspDir) {
118 logSecurityException(_log, "Attempted to set custom jsp dir");
119
120 return false;
121 }
122 }
123 else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
124 String indexerClassName = (String)subject;
125
126 if (!_indexers.contains(indexerClassName)) {
127 logSecurityException(
128 _log, "Attempted to add indexer " + indexerClassName);
129
130 return false;
131 }
132 }
133 else if (name.equals(
134 PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
135
136 Locale locale = (Locale)subject;
137
138 if (!_languagePropertiesLanguageIds.contains(
139 locale.getLanguage()) &&
140 !_languagePropertiesLanguageIds.contains(
141 locale.getLanguage() + "_" + locale.getCountry())) {
142
143 logSecurityException(
144 _log, "Attempted to override locale " + locale);
145
146 return false;
147 }
148 }
149 else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
150 String key = (String)subject;
151
152 if (!_portalPropertiesKeys.contains(key)) {
153 logSecurityException(
154 _log, "Attempted to set portal property " + key);
155
156 return false;
157 }
158 }
159 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
160 String serviceType = (String)subject;
161
162 if (!_services.contains(serviceType)) {
163 logSecurityException(
164 _log, "Attempted to override service " + serviceType);
165
166 return false;
167 }
168 }
169 else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
170 if (!_servletFilters) {
171 logSecurityException(
172 _log, "Attempted to override serlvet filters");
173
174 return false;
175 }
176 }
177 else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
178 String strutsActionPath = (String)subject;
179
180 if (!_strutsActionPaths.contains(strutsActionPath)) {
181 logSecurityException(
182 _log,
183 "Attempted to use struts action path " + strutsActionPath);
184
185 return false;
186 }
187 }
188
189 return true;
190 }
191
192 protected void initCustomJspDir() {
193 _customJspDir = getPropertyBoolean(
194 "security-manager-hook-custom-jsp-dir-enabled");
195
196 if (_log.isDebugEnabled() && _customJspDir) {
197 _log.debug("Allowing custom JSP dir");
198 }
199 }
200
201 protected void initIndexers() {
202 _indexers = getPropertySet("security-manager-hook-indexers");
203
204 if (_log.isDebugEnabled()) {
205 Set<String> indexers = new TreeSet<String>(_indexers);
206
207 for (String indexer : indexers) {
208 _log.debug("Allowing indexer " + indexer);
209 }
210 }
211 }
212
213 protected void initLanguagePropertiesLocales() {
214 _languagePropertiesLanguageIds = getPropertySet(
215 "security-manager-hook-language-properties-locales");
216
217 if (_log.isDebugEnabled()) {
218 Set<String> languageIds = new TreeSet<String>(
219 _languagePropertiesLanguageIds);
220
221 for (String languageId : languageIds) {
222 _log.debug("Allowing locale " + languageId);
223 }
224 }
225 }
226
227 protected void initPortalPropertiesKeys() {
228 _portalPropertiesKeys = getPropertySet(
229 "security-manager-hook-portal-properties-keys");
230
231 if (_log.isDebugEnabled()) {
232 Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
233
234 for (String key : keys) {
235 _log.debug("Allowing portal.properties key " + key);
236 }
237 }
238 }
239
240 protected void initServices() {
241 _services = getPropertySet("security-manager-hook-services");
242
243 if (_log.isDebugEnabled()) {
244 Set<String> services = new TreeSet<String>(_services);
245
246 for (String service : services) {
247 _log.debug("Allowing service " + service);
248 }
249 }
250 }
251
252 protected void initServletFilters() {
253 _servletFilters = getPropertyBoolean(
254 "security-manager-hook-servlet-filters-enabled");
255
256 if (_log.isDebugEnabled() && _servletFilters) {
257 _log.debug("Allowing servlet filters");
258 }
259 }
260
261 protected void initStrutsActionPaths() {
262 _strutsActionPaths = getPropertySet(
263 "security-manager-hook-struts-action-paths");
264
265 if (_log.isDebugEnabled()) {
266 Set<String> strutsActionPaths = new TreeSet<String>(
267 _strutsActionPaths);
268
269 for (String strutsActionPath : strutsActionPaths) {
270 _log.debug("Allowing Struts action path " + strutsActionPath);
271 }
272 }
273 }
274
275 private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
276
277 private boolean _customJspDir;
278 private Set<String> _indexers;
279 private Set<String> _languagePropertiesLanguageIds;
280 private Set<String> _portalPropertiesKeys;
281 private Set<String> _services;
282 private boolean _servletFilters;
283 private Set<String> _strutsActionPaths;
284
285 }