/portal-impl/src/com/liferay/portal/security/pacl/checker/SecurityChecker.java

https://github.com/christine-huang/liferay-portal · Java · 95 lines · 54 code · 25 blank · 16 comment · 9 complexity · 99b8d82108d2744e2e38e7f20cd4e1ff MD5 · raw file

  1. /**
  2. * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
  3. *
  4. * This library is free software; you can redistribute it and/or modify it under
  5. * the terms of the GNU Lesser General Public License as published by the Free
  6. * Software Foundation; either version 2.1 of the License, or (at your option)
  7. * any later version.
  8. *
  9. * This library is distributed in the hope that it will be useful, but WITHOUT
  10. * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
  12. * details.
  13. */
  14. package com.liferay.portal.security.pacl.checker;
  15. import com.liferay.portal.kernel.log.Log;
  16. import com.liferay.portal.kernel.log.LogFactoryUtil;
  17. import java.security.Permission;
  18. import sun.reflect.Reflection;
  19. /**
  20. * @author Brian Wing Shun Chan
  21. */
  22. public class SecurityChecker extends BaseChecker {
  23. public void afterPropertiesSet() {
  24. }
  25. public boolean implies(Permission permission) {
  26. String name = permission.getName();
  27. if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
  28. if (!hasGetPolicy(permission)) {
  29. logSecurityException(_log, "Attempted to get the policy");
  30. return false;
  31. }
  32. }
  33. else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
  34. if (!hasSetPolicy(permission)) {
  35. logSecurityException(_log, "Attempted to set the policy");
  36. return false;
  37. }
  38. }
  39. else {
  40. if (_log.isDebugEnabled()) {
  41. Thread.dumpStack();
  42. }
  43. logSecurityException(
  44. _log,
  45. "Attempted to " + permission.getName() + " on " +
  46. permission.getActions());
  47. return false;
  48. }
  49. return true;
  50. }
  51. protected boolean hasGetPolicy(Permission permission) {
  52. int stackIndex = getStackIndex(11, 11, 10);
  53. Class<?> callerClass = Reflection.getCallerClass(stackIndex);
  54. if (isTrustedCaller(callerClass, permission)) {
  55. return true;
  56. }
  57. logSecurityException(_log, "Attempted to get the policy");
  58. return false;
  59. }
  60. protected boolean hasSetPolicy(Permission permission) {
  61. int stackIndex = getStackIndex(11, 11, 10);
  62. Class<?> callerClass = Reflection.getCallerClass(stackIndex);
  63. if (isTrustedCaller(callerClass, permission)) {
  64. return true;
  65. }
  66. logSecurityException(_log, "Attempted to set the policy");
  67. return false;
  68. }
  69. private static Log _log = LogFactoryUtil.getLog(SecurityChecker.class);
  70. }