001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    
020    import java.security.Permission;
021    
022    import sun.reflect.Reflection;
023    
024    /**
025     * @author Brian Wing Shun Chan
026     */
027    public class NetChecker extends BaseChecker {
028    
029            public void afterPropertiesSet() {
030            }
031    
032            public boolean implies(Permission permission) {
033                    String name = permission.getName();
034    
035                    if (name.equals(NET_PERMISSION_GET_PROXY_SELECTOR)) {
036                            if (!hasGetProxySelector(permission)) {
037                                    logSecurityException(_log, "Attempted to get proxy selector");
038    
039                                    return false;
040                            }
041                    }
042                    else if (name.equals(NET_PERMISSION_SPECIFY_STREAM_HANDLER)) {
043                            if (!hasSpecifyStreamHandler(permission)) {
044                                    logSecurityException(
045                                            _log, "Attempted to specify stream handler");
046    
047                                    return false;
048                            }
049                    }
050                    else {
051                            logSecurityException(
052                                    _log, "Attempted " + name + " network operation");
053    
054                            return false;
055                    }
056    
057                    return true;
058            }
059    
060            protected boolean hasGetProxySelector(Permission permission) {
061                    int stackIndex = getStackIndex(11, 10);
062    
063                    Class<?> callerClass = Reflection.getCallerClass(stackIndex);
064    
065                    if (isTrustedCaller(callerClass, permission)) {
066                            return true;
067                    }
068    
069                    return false;
070            }
071    
072            protected boolean hasSpecifyStreamHandler(Permission permission) {
073                    int stackIndex = getStackIndex(11, 10);
074    
075                    Class<?> callerClass = Reflection.getCallerClass(stackIndex);
076    
077                    if (isTrustedCaller(callerClass, permission)) {
078                            return true;
079                    }
080    
081                    return false;
082            }
083    
084            private static Log _log = LogFactoryUtil.getLog(NetChecker.class);
085    
086    }