001
014
015 package com.liferay.portal.security.pacl.checker;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.StringPool;
021
022 import java.net.SocketPermission;
023
024 import java.security.Permission;
025 import java.security.Permissions;
026
027
031 public class SocketChecker extends BaseChecker {
032
033 public void afterPropertiesSet() {
034 initAcceptHostsAndPorts();
035 initConnectHostsAndPorts();
036 initListenPorts();
037 }
038
039 @Override
040 public AuthorizationProperty generateAuthorizationProperty(
041 Object... arguments) {
042
043 if ((arguments == null) || (arguments.length != 1) ||
044 !(arguments[0] instanceof Permission)) {
045
046 return null;
047 }
048
049 Permission permission = (Permission)arguments[0];
050
051 String actions = permission.getActions();
052
053 if (actions.equals(SOCKET_PERMISSION_RESOLVE)) {
054
055
056
057
058 return null;
059 }
060
061 String name = permission.getName();
062
063 int index = name.indexOf(StringPool.COLON);
064
065 int port = GetterUtil.getInteger(name.substring(index + 1));
066
067 String key = null;
068 String value = null;
069
070 if (actions.contains(SOCKET_PERMISSION_ACCEPT)) {
071 key = "security-manager-sockets-accept";
072 value = name;
073 }
074 else if (actions.contains(SOCKET_PERMISSION_CONNECT)) {
075 key = "security-manager-sockets-connect";
076 value = name;
077 }
078 else if (actions.contains(SOCKET_PERMISSION_LISTEN)) {
079 key = "security-manager-sockets-listen";
080 value = String.valueOf(port);
081 }
082 else {
083 return null;
084 }
085
086 AuthorizationProperty authorizationProperty =
087 new AuthorizationProperty();
088
089 authorizationProperty.setKey(key);
090 authorizationProperty.setValue(value);
091
092 return authorizationProperty;
093 }
094
095 public boolean implies(Permission permission) {
096 String actions = permission.getActions();
097 String name = permission.getName();
098
099 if (!_permissions.implies(permission)) {
100 logSecurityException(
101 _log, "Attempted " + actions + " for address " + name);
102
103 return false;
104 }
105
106 return true;
107 }
108
109 protected void initAcceptHostsAndPorts() {
110 String[] networkParts = getPropertyArray(
111 "security-manager-sockets-accept");
112
113 for (String networkPart : networkParts) {
114 initHostsAndPorts(networkPart, SOCKET_PERMISSION_ACCEPT);
115 }
116 }
117
118 protected void initConnectHostsAndPorts() {
119 String[] networkParts = getPropertyArray(
120 "security-manager-sockets-connect");
121
122 for (String networkPart : networkParts) {
123 initHostsAndPorts(networkPart, SOCKET_PERMISSION_CONNECT);
124 }
125 }
126
127 protected void initHostsAndPorts(String networkPart, String action) {
128 SocketPermission socketPermission = new SocketPermission(
129 networkPart, action);
130
131 _permissions.add(socketPermission);
132 }
133
134 protected void initListenPorts() {
135 String[] listenParts = getPropertyArray(
136 "security-manager-sockets-listen");
137
138 for (String listenPart : listenParts) {
139 initListenPorts(listenPart);
140 }
141 }
142
143 protected void initListenPorts(String listenPart) {
144 initHostsAndPorts("*:" + listenPart, SOCKET_PERMISSION_LISTEN);
145 }
146
147 private static Log _log = LogFactoryUtil.getLog(SocketChecker.class);
148
149 private Permissions _permissions = new Permissions();
150
151 }