PropertyChecker.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;

import java.security.Permission;
import java.security.Permissions;

import java.util.PropertyPermission;
import java.util.Set;

/**
 * @author Raymond Augé
 */
public class PropertyChecker extends BaseChecker {

	@Override
	public void afterPropertiesSet() {
		initProperties();
	}

	@Override
	public AuthorizationProperty generateAuthorizationProperty(
		Object... arguments) {

		if ((arguments != null) && (arguments.length == 1) &&
			!(arguments[0] instanceof Permission)) {

			return null;
		}

		Permission permission = (Permission)arguments[0];

		String actions = permission.getActions();

		AuthorizationProperty authorizationProperty =
			new AuthorizationProperty();

		if (actions.equals(PROPERTY_PERMISSION_WRITE)) {
			authorizationProperty.setKey("security-manager-properties-write");
		}
		else {
			authorizationProperty.setKey("security-manager-properties-read");
		}

		authorizationProperty.setValue(permission.getName());

		return authorizationProperty;
	}

	@Override
	public boolean implies(Permission permission) {
		if (_permissions.implies(permission)) {
			return true;
		}

		String name = permission.getName();
		String action = permission.getActions();

		logSecurityException(
			_log, "Attempted to " + action + " system property " + name);

		return false;
	}

	protected void initProperties() {
		Set<String> names = getPropertySet("security-manager-properties-read");

		for (String name : names) {
			Permission permission = new PropertyPermission(
				name, PROPERTY_PERMISSION_READ);

			_permissions.add(permission);
		}

		names = getPropertySet("security-manager-properties-write");

		for (String name : names) {
			Permission permission = new PropertyPermission(
				name, PROPERTY_PERMISSION_WRITE);

			_permissions.add(permission);
		}
	}

	private static final Log _log = LogFactoryUtil.getLog(
		PropertyChecker.class);

	private final Permissions _permissions = new Permissions();

}