001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019
020 import java.security.Permission;
021
022 import sun.reflect.Reflection;
023
024
027 public class SecurityChecker extends BaseChecker {
028
029 public void afterPropertiesSet() {
030 }
031
032 public boolean implies(Permission permission) {
033 String name = permission.getName();
034
035 if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
036 if (!hasGetPolicy(permission)) {
037 logSecurityException(_log, "Attempted to get the policy");
038
039 return false;
040 }
041 }
042 else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
043 if (!hasSetPolicy(permission)) {
044 logSecurityException(_log, "Attempted to set the policy");
045
046 return false;
047 }
048 }
049 else {
050 if (_log.isDebugEnabled()) {
051 Thread.dumpStack();
052 }
053
054 logSecurityException(
055 _log,
056 "Attempted to " + permission.getName() + " on " +
057 permission.getActions());
058
059 return false;
060 }
061
062 return true;
063 }
064
065 protected boolean hasGetPolicy(Permission permission) {
066 int stackIndex = getStackIndex(11, 11, 10);
067
068 Class<?> callerClass = Reflection.getCallerClass(stackIndex);
069
070 if (isTrustedCaller(callerClass, permission)) {
071 return true;
072 }
073
074 logSecurityException(_log, "Attempted to get the policy");
075
076 return false;
077 }
078
079 protected boolean hasSetPolicy(Permission permission) {
080 int stackIndex = getStackIndex(11, 11, 10);
081
082 Class<?> callerClass = Reflection.getCallerClass(stackIndex);
083
084 if (isTrustedCaller(callerClass, permission)) {
085 return true;
086 }
087
088 logSecurityException(_log, "Attempted to set the policy");
089
090 return false;
091 }
092
093 private static Log _log = LogFactoryUtil.getLog(SecurityChecker.class);
094
095 }