001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalMessageBusPermission;
020
021 import java.security.Permission;
022
023 import java.util.Set;
024 import java.util.TreeSet;
025
026
030 public class PortalMessageBusChecker extends BaseChecker {
031
032 public void afterPropertiesSet() {
033 initListenDestinationNames();
034 initSendDestinationNames();
035 }
036
037 @Override
038 public AuthorizationProperty generateAuthorizationProperty(
039 Object... arguments) {
040
041 if ((arguments == null) || (arguments.length != 1) ||
042 !(arguments[0] instanceof Permission)) {
043
044 return null;
045 }
046
047 PortalMessageBusPermission portalMessageBusPermission =
048 (PortalMessageBusPermission)arguments[0];
049
050 String name = portalMessageBusPermission.getName();
051
052 String key = null;
053
054 if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
055 key = "security-manager-message-bus-listen";
056 }
057 else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
058 key = "security-manager-message-bus-send";
059 }
060 else {
061 return null;
062 }
063
064 AuthorizationProperty authorizationProperty =
065 new AuthorizationProperty();
066
067 authorizationProperty.setKey(key);
068 authorizationProperty.setValue(
069 portalMessageBusPermission.getDestinationName());
070
071 return authorizationProperty;
072 }
073
074 public boolean implies(Permission permission) {
075 PortalMessageBusPermission portalMessageBusPermission =
076 (PortalMessageBusPermission)permission;
077
078 String name = portalMessageBusPermission.getName();
079 String destinationName =
080 portalMessageBusPermission.getDestinationName();
081
082 if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_LISTEN)) {
083 if (!_listenDestinationNames.contains(destinationName)) {
084 logSecurityException(
085 _log,
086 "Attempted to listen on destination " + destinationName);
087
088 return false;
089 }
090 }
091 else if (name.equals(PORTAL_MESSAGE_BUS_PERMISSION_SEND)) {
092 if (!_sendDestinationNames.contains(destinationName)) {
093 logSecurityException(
094 _log, "Attempted to send to " + destinationName);
095
096 return false;
097 }
098 }
099
100 return true;
101 }
102
103 protected void initListenDestinationNames() {
104 _listenDestinationNames = getPropertySet(
105 "security-manager-message-bus-listen");
106
107 if (_log.isDebugEnabled()) {
108 Set<String> destinationNames = new TreeSet<String>(
109 _listenDestinationNames);
110
111 for (String destinationName : destinationNames) {
112 _log.debug(
113 "Allowing message listeners to listen on destination " +
114 destinationName);
115 }
116 }
117 }
118
119 protected void initSendDestinationNames() {
120 _sendDestinationNames = getPropertySet(
121 "security-manager-message-bus-send");
122
123 if (_log.isDebugEnabled()) {
124 Set<String> destinationNames = new TreeSet<String>(
125 _sendDestinationNames);
126
127 for (String destinationName : destinationNames) {
128 _log.debug(
129 "Allowing the message bus to send to destination " +
130 destinationName);
131 }
132 }
133 }
134
135 private static Log _log = LogFactoryUtil.getLog(
136 PortalMessageBusChecker.class);
137
138 private Set<String> _listenDestinationNames;
139 private Set<String> _sendDestinationNames;
140
141 }