/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/
package com.liferay.portal.security.pacl.checker;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
import com.liferay.portal.kernel.util.LocaleUtil;
import java.security.Permission;
import java.util.Locale;
import java.util.Set;
import java.util.TreeSet;
/**
* @author Brian Wing Shun Chan
* @author Raymond Augé
*/
public class PortalHookChecker extends BaseChecker {
@Override
public void afterPropertiesSet() {
initCustomJspDir();
initIndexers();
initLanguagePropertiesLocales();
initPortalPropertiesKeys();
initServletFilters();
initServices();
initStrutsActionPaths();
}
@Override
public AuthorizationProperty generateAuthorizationProperty(
Object... arguments) {
if ((arguments == null) || (arguments.length != 1) ||
!(arguments[0] instanceof Permission)) {
return null;
}
PortalHookPermission portalHookPermission =
(PortalHookPermission)arguments[0];
String name = portalHookPermission.getName();
Object subject = portalHookPermission.getSubject();
String key = null;
String value = null;
if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
key = "security-manager-hook-custom-jsp-dir-enabled";
value = "true";
}
else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
key = "security-manager-hook-indexers";
value = (String)subject;
}
else if (name.equals(
PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
key = "security-manager-hook-language-properties-locales";
Locale locale = (Locale)subject;
value = LocaleUtil.toLanguageId(locale);
}
else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
key = "security-manager-hook-portal-properties-keys";
value = (String)subject;
}
else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
key = "security-manager-hook-services";
value = (String)subject;
}
else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
key = "security-manager-hook-servlet-filters-enabled";
value = "true";
}
else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
key = "security-manager-hook-struts-action-paths";
value = (String)subject;
}
else {
return null;
}
AuthorizationProperty authorizationProperty =
new AuthorizationProperty();
authorizationProperty.setKey(key);
authorizationProperty.setValue(value);
return authorizationProperty;
}
@Override
public boolean implies(Permission permission) {
PortalHookPermission portalHookPermission =
(PortalHookPermission)permission;
String name = portalHookPermission.getName();
Object subject = portalHookPermission.getSubject();
if (name.equals(PORTAL_HOOK_PERMISSION_CUSTOM_JSP_DIR)) {
if (!_customJspDir) {
logSecurityException(_log, "Attempted to set custom jsp dir");
return false;
}
}
else if (name.equals(PORTAL_HOOK_PERMISSION_INDEXER)) {
String indexerClassName = (String)subject;
if (!_indexers.contains(indexerClassName)) {
logSecurityException(
_log, "Attempted to add indexer " + indexerClassName);
return false;
}
}
else if (name.equals(
PORTAL_HOOK_PERMISSION_LANGUAGE_PROPERTIES_LOCALE)) {
Locale locale = (Locale)subject;
if (!_languagePropertiesLanguageIds.contains(
locale.getLanguage()) &&
!_languagePropertiesLanguageIds.contains(
locale.getLanguage() + "_" + locale.getCountry())) {
logSecurityException(
_log, "Attempted to override locale " + locale);
return false;
}
}
else if (name.equals(PORTAL_HOOK_PERMISSION_PORTAL_PROPERTIES_KEY)) {
String key = (String)subject;
if (!_portalPropertiesKeys.contains(key)) {
logSecurityException(
_log, "Attempted to set portal property " + key);
return false;
}
}
else if (name.equals(PORTAL_HOOK_PERMISSION_SERVICE)) {
String serviceType = (String)subject;
if (!_services.contains(serviceType)) {
logSecurityException(
_log, "Attempted to override service " + serviceType);
return false;
}
}
else if (name.equals(PORTAL_HOOK_PERMISSION_SERVLET_FILTERS)) {
if (!_servletFilters) {
logSecurityException(
_log, "Attempted to override serlvet filters");
return false;
}
}
else if (name.equals(PORTAL_HOOK_PERMISSION_STRUTS_ACTION_PATH)) {
String strutsActionPath = (String)subject;
if (!_strutsActionPaths.contains(strutsActionPath)) {
logSecurityException(
_log,
"Attempted to use struts action path " + strutsActionPath);
return false;
}
}
return true;
}
protected void initCustomJspDir() {
_customJspDir = getPropertyBoolean(
"security-manager-hook-custom-jsp-dir-enabled");
if (_log.isDebugEnabled() && _customJspDir) {
_log.debug("Allowing custom JSP dir");
}
}
protected void initIndexers() {
_indexers = getPropertySet("security-manager-hook-indexers");
if (_log.isDebugEnabled()) {
Set<String> indexers = new TreeSet<>(_indexers);
for (String indexer : indexers) {
_log.debug("Allowing indexer " + indexer);
}
}
}
protected void initLanguagePropertiesLocales() {
_languagePropertiesLanguageIds = getPropertySet(
"security-manager-hook-language-properties-locales");
if (_log.isDebugEnabled()) {
Set<String> languageIds = new TreeSet<>(
_languagePropertiesLanguageIds);
for (String languageId : languageIds) {
_log.debug("Allowing locale " + languageId);
}
}
}
protected void initPortalPropertiesKeys() {
_portalPropertiesKeys = getPropertySet(
"security-manager-hook-portal-properties-keys");
if (_log.isDebugEnabled()) {
Set<String> keys = new TreeSet<>(_portalPropertiesKeys);
for (String key : keys) {
_log.debug("Allowing portal.properties key " + key);
}
}
}
protected void initServices() {
_services = getPropertySet("security-manager-hook-services");
if (_log.isDebugEnabled()) {
Set<String> services = new TreeSet<>(_services);
for (String service : services) {
_log.debug("Allowing service " + service);
}
}
}
protected void initServletFilters() {
_servletFilters = getPropertyBoolean(
"security-manager-hook-servlet-filters-enabled");
if (_log.isDebugEnabled() && _servletFilters) {
_log.debug("Allowing servlet filters");
}
}
protected void initStrutsActionPaths() {
_strutsActionPaths = getPropertySet(
"security-manager-hook-struts-action-paths");
if (_log.isDebugEnabled()) {
Set<String> strutsActionPaths = new TreeSet<>(_strutsActionPaths);
for (String strutsActionPath : strutsActionPaths) {
_log.debug("Allowing Struts action path " + strutsActionPath);
}
}
}
private static final Log _log = LogFactoryUtil.getLog(
PortalHookChecker.class);
private boolean _customJspDir;
private Set<String> _indexers;
private Set<String> _languagePropertiesLanguageIds;
private Set<String> _portalPropertiesKeys;
private Set<String> _services;
private boolean _servletFilters;
private Set<String> _strutsActionPaths;
}