001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.security.pacl.permission.PortalMessageBusPermission;
020    
021    import java.security.Permission;
022    
023    import java.util.Set;
024    import java.util.TreeSet;
025    
026    /**
027     * @author Brian Wing Shun Chan
028     * @author Raymond Augé
029     */
030    public class PortalMessageBusChecker extends BaseChecker {
031    
032            public void afterPropertiesSet() {
033                    initListenDestinationNames();
034                    initSendDestinationNames();
035            }
036    
037            @Override
038            public AuthorizationProperty generateAuthorizationProperty(
039                    Object... arguments) {
040    
041                    if ((arguments == null) || (arguments.length != 1) ||
042                            !(arguments[0] instanceof Permission)) {
043    
044                            return null;
045                    }
046    
047                    PortalMessageBusPermission portalMessageBusPermission =
048                            (PortalMessageBusPermission)arguments[0];
049    
050                    String name = portalMessageBusPermission.getName();
051    
052                    String key = null;
053    
054                    if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
055                            key = "security-manager-message-bus-listen";
056                    }
057                    else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
058                            key = "security-manager-message-bus-send";
059                    }
060                    else {
061                            return null;
062                    }
063    
064                    AuthorizationProperty authorizationProperty =
065                            new AuthorizationProperty();
066    
067                    authorizationProperty.setKey(key);
068                    authorizationProperty.setValue(
069                            portalMessageBusPermission.getDestinationName());
070    
071                    return authorizationProperty;
072            }
073    
074            public boolean implies(Permission permission) {
075                    PortalMessageBusPermission portalMessageBusPermission =
076                            (PortalMessageBusPermission)permission;
077    
078                    String name = portalMessageBusPermission.getName();
079                    String destinationName =
080                            portalMessageBusPermission.getDestinationName();
081    
082                    if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
083                            if (!_listenDestinationNames.contains(destinationName)) {
084                                    logSecurityException(
085                                            _log,
086                                            "Attempted to listen on destination " + destinationName);
087    
088                                    return false;
089                            }
090                    }
091                    else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
092                            if (!_sendDestinationNames.contains(destinationName)) {
093                                    logSecurityException(
094                                            _log, "Attempted to send to " + destinationName);
095    
096                                    return false;
097                            }
098                    }
099    
100                    return true;
101            }
102    
103            protected void initListenDestinationNames() {
104                    _listenDestinationNames = getPropertySet(
105                            "security-manager-message-bus-listen");
106    
107                    if (_log.isDebugEnabled()) {
108                            Set<String> destinationNames = new TreeSet<String>(
109                                    _listenDestinationNames);
110    
111                            for (String destinationName : destinationNames) {
112                                    _log.debug(
113                                            "Allowing message listeners to listen on destination " +
114                                                    destinationName);
115                            }
116                    }
117            }
118    
119            protected void initSendDestinationNames() {
120                    _sendDestinationNames = getPropertySet(
121                            "security-manager-message-bus-send");
122    
123                    if (_log.isDebugEnabled()) {
124                            Set<String> destinationNames = new TreeSet<String>(
125                                    _sendDestinationNames);
126    
127                            for (String destinationName : destinationNames) {
128                                    _log.debug(
129                                            "Allowing the message bus to send to destination " +
130                                                    destinationName);
131                            }
132                    }
133            }
134    
135            private static Log _log = LogFactoryUtil.getLog(
136                    PortalMessageBusChecker.class);
137    
138            private Set<String> _listenDestinationNames;
139            private Set<String> _sendDestinationNames;
140    
141    }