001
014
015 package com.liferay.portal.security.access.control;
016
017 import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
018 import com.liferay.portal.kernel.security.access.control.AccessControlled;
019 import com.liferay.portal.kernel.security.access.control.BaseAccessControlPolicy;
020 import com.liferay.portal.kernel.security.service.access.policy.ServiceAccessPolicyManager;
021 import com.liferay.portal.kernel.security.service.access.policy.ServiceAccessPolicyManagerUtil;
022 import com.liferay.portal.security.auth.AccessControlContext;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.security.permission.PermissionThreadLocal;
025
026 import java.lang.reflect.Method;
027
028 import java.util.Map;
029
030
036 public class AuthenticatedAccessControlPolicy extends BaseAccessControlPolicy {
037
038 @Override
039 public void onServiceRemoteAccess(
040 Method method, Object[] arguments,
041 AccessControlled accessControlled)
042 throws SecurityException {
043
044 AccessControlContext accessControlContext =
045 AccessControlUtil.getAccessControlContext();
046
047 if (accessControlContext != null) {
048 Map<String, Object> settings = accessControlContext.getSettings();
049
050 int serviceDepth = (Integer)settings.get(
051 AccessControlContext.Settings.SERVICE_DEPTH.toString());
052
053 if (serviceDepth > 1) {
054 return;
055 }
056 }
057
058 PermissionChecker permissionChecker =
059 PermissionThreadLocal.getPermissionChecker();
060
061 ServiceAccessPolicyManager serviceAccessControlProfileManager =
062 ServiceAccessPolicyManagerUtil.getServiceAccessPolicyManager();
063
064 if ((serviceAccessControlProfileManager == null) &&
065 !accessControlled.guestAccessEnabled() &&
066 ((permissionChecker == null) || !permissionChecker.isSignedIn())) {
067
068 throw new SecurityException("Authenticated access required");
069 }
070 }
071
072 }