001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
020    import com.liferay.portal.kernel.util.LocaleUtil;
021    
022    import java.security.Permission;
023    
024    import java.util.Locale;
025    import java.util.Set;
026    import java.util.TreeSet;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     * @author Raymond Augé
031     */
032    public class PortalHookChecker extends BaseChecker {
033    
034            public void afterPropertiesSet() {
035                    initCustomJspDir();
036                    initIndexers();
037                    initLanguagePropertiesLocales();
038                    initPortalPropertiesKeys();
039                    initServletFilters();
040                    initServices();
041                    initStrutsActionPaths();
042            }
043    
044            @Override
045            public AuthorizationProperty generateAuthorizationProperty(
046                    Object... arguments) {
047    
048                    if ((arguments == null) || (arguments.length != 1) ||
049                            !(arguments[0] instanceof Permission)) {
050    
051                            return null;
052                    }
053    
054                    PortalHookPermission portalHookPermission =
055                            (PortalHookPermission)arguments[0];
056    
057                    String name = portalHookPermission.getName();
058                    Object subject = portalHookPermission.getSubject();
059    
060                    String key = null;
061                    String value = null;
062    
063                    if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
064                            key = "security-manager-hook-custom-jsp-dir-enabled";
065                            value = "true";
066                    }
067                    else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
068                            key = "security-manager-hook-indexers";
069                            value = (String)subject;
070                    }
071                    else if (name.equals(
072                                            PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
073    
074                            key = "security-manager-hook-language-properties-locales";
075    
076                            Locale locale = (Locale)subject;
077    
078                            value = LocaleUtil.toLanguageId(locale);
079                    }
080                    else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
081                            key = "security-manager-hook-portal-properties-keys";
082                            value = (String)subject;
083                    }
084                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
085                            key = "security-manager-hook-services";
086                            value = (String)subject;
087                    }
088                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
089                            key = "security-manager-hook-servlet-filters-enabled";
090                            value = "true";
091                    }
092                    else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
093                            key = "security-manager-hook-struts-action-paths";
094                            value = (String)subject;
095                    }
096                    else {
097                            return null;
098                    }
099    
100                    AuthorizationProperty authorizationProperty =
101                            new AuthorizationProperty();
102    
103                    authorizationProperty.setKey(key);
104                    authorizationProperty.setValue(value);
105    
106                    return authorizationProperty;
107            }
108    
109            public boolean implies(Permission permission) {
110                    PortalHookPermission portalHookPermission =
111                            (PortalHookPermission)permission;
112    
113                    String name = portalHookPermission.getName();
114                    Object subject = portalHookPermission.getSubject();
115    
116                    if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
117                            if (!_customJspDir) {
118                                    logSecurityException(_log, "Attempted to set custom jsp dir");
119    
120                                    return false;
121                            }
122                    }
123                    else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
124                            String indexerClassName = (String)subject;
125    
126                            if (!_indexers.contains(indexerClassName)) {
127                                    logSecurityException(
128                                            _log, "Attempted to add indexer " + indexerClassName);
129    
130                                    return false;
131                            }
132                    }
133                    else if (name.equals(
134                                            PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
135    
136                            Locale locale = (Locale)subject;
137    
138                            if (!_languagePropertiesLanguageIds.contains(
139                                            locale.getLanguage()) &&
140                                    !_languagePropertiesLanguageIds.contains(
141                                            locale.getLanguage() + "_" + locale.getCountry())) {
142    
143                                    logSecurityException(
144                                            _log, "Attempted to override locale " + locale);
145    
146                                    return false;
147                            }
148                    }
149                    else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
150                            String key = (String)subject;
151    
152                            if (!_portalPropertiesKeys.contains(key)) {
153                                    logSecurityException(
154                                            _log, "Attempted to set portal property " + key);
155    
156                                    return false;
157                            }
158                    }
159                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
160                            String serviceType = (String)subject;
161    
162                            if (!_services.contains(serviceType)) {
163                                    logSecurityException(
164                                            _log, "Attempted to override service " + serviceType);
165    
166                                    return false;
167                            }
168                    }
169                    else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
170                            if (!_servletFilters) {
171                                    logSecurityException(
172                                            _log, "Attempted to override serlvet filters");
173    
174                                    return false;
175                            }
176                    }
177                    else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
178                            String strutsActionPath = (String)subject;
179    
180                            if (!_strutsActionPaths.contains(strutsActionPath)) {
181                                    logSecurityException(
182                                            _log,
183                                            "Attempted to use struts action path " + strutsActionPath);
184    
185                                    return false;
186                            }
187                    }
188    
189                    return true;
190            }
191    
192            protected void initCustomJspDir() {
193                    _customJspDir = getPropertyBoolean(
194                            "security-manager-hook-custom-jsp-dir-enabled");
195    
196                    if (_log.isDebugEnabled() && _customJspDir) {
197                            _log.debug("Allowing custom JSP dir");
198                    }
199            }
200    
201            protected void initIndexers() {
202                    _indexers = getPropertySet("security-manager-hook-indexers");
203    
204                    if (_log.isDebugEnabled()) {
205                            Set<String> indexers = new TreeSet<String>(_indexers);
206    
207                            for (String indexer : indexers) {
208                                    _log.debug("Allowing indexer " + indexer);
209                            }
210                    }
211            }
212    
213            protected void initLanguagePropertiesLocales() {
214                    _languagePropertiesLanguageIds = getPropertySet(
215                            "security-manager-hook-language-properties-locales");
216    
217                    if (_log.isDebugEnabled()) {
218                            Set<String> languageIds = new TreeSet<String>(
219                                    _languagePropertiesLanguageIds);
220    
221                            for (String languageId : languageIds) {
222                                    _log.debug("Allowing locale " + languageId);
223                            }
224                    }
225            }
226    
227            protected void initPortalPropertiesKeys() {
228                    _portalPropertiesKeys = getPropertySet(
229                            "security-manager-hook-portal-properties-keys");
230    
231                    if (_log.isDebugEnabled()) {
232                            Set<String> keys = new TreeSet<String>(_portalPropertiesKeys);
233    
234                            for (String key : keys) {
235                                    _log.debug("Allowing portal.properties key " + key);
236                            }
237                    }
238            }
239    
240            protected void initServices() {
241                    _services = getPropertySet("security-manager-hook-services");
242    
243                    if (_log.isDebugEnabled()) {
244                            Set<String> services = new TreeSet<String>(_services);
245    
246                            for (String service : services) {
247                                    _log.debug("Allowing service " + service);
248                            }
249                    }
250            }
251    
252            protected void initServletFilters() {
253                    _servletFilters = getPropertyBoolean(
254                            "security-manager-hook-servlet-filters-enabled");
255    
256                    if (_log.isDebugEnabled() && _servletFilters) {
257                            _log.debug("Allowing servlet filters");
258                    }
259            }
260    
261            protected void initStrutsActionPaths() {
262                    _strutsActionPaths = getPropertySet(
263                            "security-manager-hook-struts-action-paths");
264    
265                    if (_log.isDebugEnabled()) {
266                            Set<String> strutsActionPaths = new TreeSet<String>(
267                                    _strutsActionPaths);
268    
269                            for (String strutsActionPath : strutsActionPaths) {
270                                    _log.debug("Allowing Struts action path " + strutsActionPath);
271                            }
272                    }
273            }
274    
275            private static Log _log = LogFactoryUtil.getLog(PortalHookChecker.class);
276    
277            private boolean _customJspDir;
278            private Set<String> _indexers;
279            private Set<String> _languagePropertiesLanguageIds;
280            private Set<String> _portalPropertiesKeys;
281            private Set<String> _services;
282            private boolean _servletFilters;
283            private Set<String> _strutsActionPaths;
284    
285    }