001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    
020    import java.security.Permission;
021    
022    import sun.reflect.Reflection;
023    
024    /**
025     * @author Brian Wing Shun Chan
026     */
027    public class SecurityChecker extends BaseChecker {
028    
029            public void afterPropertiesSet() {
030            }
031    
032            public boolean implies(Permission permission) {
033                    String name = permission.getName();
034    
035                    if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
036                            if (!hasGetPolicy(permission)) {
037                                    logSecurityException(_log, "Attempted to get the policy");
038    
039                                    return false;
040                            }
041                    }
042                    else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
043                            if (!hasSetPolicy(permission)) {
044                                    logSecurityException(_log, "Attempted to set the policy");
045    
046                                    return false;
047                            }
048                    }
049                    else {
050                            if (_log.isDebugEnabled()) {
051                                    Thread.dumpStack();
052                            }
053    
054                            logSecurityException(
055                                    _log,
056                                    "Attempted to " + permission.getName() + " on " +
057                                            permission.getActions());
058    
059                            return false;
060                    }
061    
062                    return true;
063            }
064    
065            protected boolean hasGetPolicy(Permission permission) {
066                    int stackIndex = getStackIndex(11, 11, 10);
067    
068                    Class<?> callerClass = Reflection.getCallerClass(stackIndex);
069    
070                    if (isTrustedCaller(callerClass, permission)) {
071                            return true;
072                    }
073    
074                    logSecurityException(_log, "Attempted to get the policy");
075    
076                    return false;
077            }
078    
079            protected boolean hasSetPolicy(Permission permission) {
080                    int stackIndex = getStackIndex(11, 11, 10);
081    
082                    Class<?> callerClass = Reflection.getCallerClass(stackIndex);
083    
084                    if (isTrustedCaller(callerClass, permission)) {
085                            return true;
086                    }
087    
088                    logSecurityException(_log, "Attempted to set the policy");
089    
090                    return false;
091            }
092    
093            private static Log _log = LogFactoryUtil.getLog(SecurityChecker.class);
094    
095    }