001
014
015 package com.liferay.portal.security.pacl.dao.jdbc;
016
017 import com.liferay.portal.security.pacl.PACLPolicy;
018
019 import java.lang.reflect.InvocationHandler;
020 import java.lang.reflect.InvocationTargetException;
021 import java.lang.reflect.Method;
022
023 import java.sql.Statement;
024
025
028 public class PACLStatementHandler implements InvocationHandler {
029
030 public PACLStatementHandler(Statement statement, PACLPolicy paclPolicy) {
031 _statement = statement;
032 _paclPolicy = paclPolicy;
033 }
034
035 public Object invoke(Object proxy, Method method, Object[] arguments)
036 throws Throwable {
037
038 try {
039 String methodName = method.getName();
040
041 if (methodName.equals("addBatch") || methodName.equals("execute") ||
042 methodName.equals("executeQuery") ||
043 methodName.equals("executeUpdate")) {
044
045 if ((arguments != null) && (arguments.length > 0)) {
046 String sql = (String)arguments[0];
047
048 if (!_paclPolicy.hasSQL(sql)) {
049 throw new SecurityException(
050 "Attempted to execute unapproved SQL " + sql);
051 }
052 }
053 }
054 else if (methodName.equals("equals")) {
055 if (proxy == arguments[0]) {
056 return true;
057 }
058 else {
059 return false;
060 }
061 }
062 else if (methodName.equals("hashCode")) {
063 return System.identityHashCode(proxy);
064 }
065
066 return method.invoke(_statement, arguments);
067 }
068 catch (InvocationTargetException ite) {
069 throw ite.getTargetException();
070 }
071 }
072
073 private PACLPolicy _paclPolicy;
074 private Statement _statement;
075
076 }