001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.security.pacl.permission.PortalServicePermission;
018 import com.liferay.portal.kernel.util.SetUtil;
019 import com.liferay.portal.kernel.util.StringBundler;
020 import com.liferay.portal.kernel.util.StringPool;
021 import com.liferay.portal.kernel.util.StringUtil;
022 import com.liferay.portal.kernel.util.Validator;
023
024 import java.security.Permission;
025
026 import java.util.Collections;
027 import java.util.HashMap;
028 import java.util.Map;
029 import java.util.Properties;
030 import java.util.Set;
031
032 import sun.reflect.Reflection;
033
034
038 public class PortalServiceChecker extends BaseChecker {
039
040 public void afterPropertiesSet() {
041 initServices();
042 }
043
044 @Override
045 public AuthorizationProperty generateAuthorizationProperty(
046 Object... arguments) {
047
048 if ((arguments == null) || (arguments.length != 1) ||
049 !(arguments[0] instanceof Permission)) {
050
051 return null;
052 }
053
054 AuthorizationProperty authorizationProperty =
055 new AuthorizationProperty();
056
057 StringBundler sb = new StringBundler(4);
058
059 sb.append("security-manager-services");
060 sb.append(StringPool.OPEN_BRACKET);
061
062 PortalServicePermission portalServicePermission =
063 (PortalServicePermission)arguments[0];
064
065 sb.append(portalServicePermission.getServletContextName());
066
067 sb.append(StringPool.CLOSE_BRACKET);
068
069 authorizationProperty.setKey(sb.toString());
070
071 authorizationProperty.setValue(
072 portalServicePermission.getClassName() + StringPool.POUND +
073 portalServicePermission.getMethodName());
074
075 return authorizationProperty;
076 }
077
078 public boolean implies(Permission permission) {
079 PortalServicePermission portalServicePermission =
080 (PortalServicePermission)permission;
081
082 String name = portalServicePermission.getShortName();
083
084 if (name.equals(PORTAL_SERVICE_PERMISSION_SERVICE)) {
085 if (!hasService(
086 portalServicePermission.getServletContextName(),
087 portalServicePermission.getClassName(),
088 portalServicePermission.getMethodName(), permission)) {
089
090 return false;
091 }
092 }
093
094 return true;
095 }
096
097 protected Set<String> getServices(String servletContextName) {
098 Set<String> services = null;
099
100 if (servletContextName.equals("portal")) {
101 services = _portalServices;
102 }
103 else {
104 services = _pluginServices.get(servletContextName);
105
106 if (services == null) {
107 return Collections.emptySet();
108 }
109 }
110
111 return services;
112 }
113
114 protected boolean hasService(
115 String servletContextName, String className, String methodName,
116 Permission permission) {
117
118 int stackIndex = getStackIndex(15, 14);
119
120 Class<?> callerClass = Reflection.getCallerClass(stackIndex);
121
122 if (isTrustedCaller(callerClass, permission)) {
123 callerClass = Reflection.getCallerClass(stackIndex + 1);
124
125 if (isTrustedCaller(callerClass, permission)) {
126 return true;
127 }
128 }
129
130 Set<String> services = getServices(servletContextName);
131
132 if (services.contains(className)) {
133 return true;
134 }
135
136 if (Validator.isNull(methodName)) {
137 return false;
138 }
139
140 if (services.contains(
141 className.concat(StringPool.POUND).concat(methodName))) {
142
143 return true;
144 }
145
146 return false;
147 }
148
149 protected void initServices() {
150 Properties properties = getProperties();
151
152 for (Map.Entry<Object, Object> entry : properties.entrySet()) {
153 String key = (String)entry.getKey();
154 String value = (String)entry.getValue();
155
156 if (!key.startsWith("security-manager-services[")) {
157 continue;
158 }
159
160 int x = key.indexOf("[");
161 int y = key.indexOf("]", x);
162
163 String servicesServletContextName = key.substring(x + 1, y);
164
165 Set<String> services = SetUtil.fromArray(StringUtil.split(value));
166
167 if (servicesServletContextName.equals(
168 _PORTAL_SERVLET_CONTEXT_NAME)) {
169
170 _portalServices = services;
171 }
172 else {
173 _pluginServices.put(servicesServletContextName, services);
174 }
175 }
176 }
177
178 private static final String _PORTAL_SERVLET_CONTEXT_NAME = "portal";
179
180 private Map<String, Set<String>> _pluginServices =
181 new HashMap<String, Set<String>>();
182 private Set<String> _portalServices = Collections.emptySet();
183
184 }