[exo-jcr-commits] exo-jcr SVN: r2540 - in kernel/trunk/exo.kernel.commons: src/main/java/org/exoplatform/commons/utils and 4 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Jun 10 06:05:25 EDT 2010
Author: nzamosenchuk
Date: 2010-06-10 06:05:24 -0400 (Thu, 10 Jun 2010)
New Revision: 2540
Added:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/
kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
Modified:
kernel/trunk/exo.kernel.commons/pom.xml
Log:
EXOJCR-770 : extracting SecureSet class into KERNEL project. Added SecureList and test for secure collections.
Modified: kernel/trunk/exo.kernel.commons/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.commons/pom.xml 2010-06-10 10:00:28 UTC (rev 2539)
+++ kernel/trunk/exo.kernel.commons/pom.xml 2010-06-10 10:05:24 UTC (rev 2540)
@@ -1,25 +1,17 @@
-<!--
- Copyright (C) 2009 eXo Platform SAS.
+ <!--
- This is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as
- published by the Free Software Foundation; either version 2.1 of
- the License, or (at your option) any later version.
+ Copyright (C) 2009 eXo Platform SAS. This is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version. This software is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU
+ Lesser General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51
+ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- This software is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this software; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -57,4 +49,26 @@
<scope>compile</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>-Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ </plugins>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/test.policy</include>
+ </includes>
+ </testResource>
+ </testResources>
+ </build>
+
</project>
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.Permission;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:nikolazius at gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureCollections.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureCollections
+{
+ /**
+ * Creates {@link SecureSet}, which will require given {@link Permission} for it's modification
+ *
+ * @param <E>
+ * @param set
+ * Base List instance
+ * @param permission
+ * Required permission
+ * @return
+ */
+ public static <E> Set<E> secureSet(Set<E> set, Permission permission)
+ {
+ return new SecureSet<E>(set, permission);
+ }
+
+ /**
+ * Creates {@link SecureList}, which will require given {@link Permission} for it's modification
+ *
+ * @param <E>
+ * @param list
+ * Base list instance
+ * @param permission
+ * Required permission
+ * @return
+ */
+ public static <E> List<E> secureList(List<E> list, Permission permission)
+ {
+ return new SecureList<E>(list, permission);
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,286 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.AllPermission;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ListIterator;
+
+/**
+ * SecureList is a wrapper over given List instance providing additional security check.
+ * To be able to modify this list, invoking code must have permission given in SecureList's
+ * constructor or {@link AllPermission}.
+ *
+ * @author <a href="mailto:nikolazius at gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureList.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureList<E> implements List<E>
+{
+
+ // base list
+ private final List<E> list;
+
+ // required permission
+ private final Permission permission;
+
+ public SecureList(Permission permission)
+ {
+ super();
+ this.list = new ArrayList<E>();
+ this.permission = permission;
+ }
+
+ public SecureList(List<E> list, Permission permission)
+ {
+ super();
+ this.list = list;
+ this.permission = permission;
+ }
+
+ public void add(int index, E pd)
+ {
+ checkPermissions();
+ list.add(index, pd);
+ }
+
+ public boolean add(E pd)
+ {
+ checkPermissions();
+ return list.add(pd);
+ }
+
+ public boolean addAll(Collection<? extends E> pds)
+ {
+ checkPermissions();
+ return list.addAll(pds);
+ }
+
+ public boolean addAll(int index, Collection<? extends E> pds)
+ {
+ checkPermissions();
+ return list.addAll(index, pds);
+ }
+
+ public void clear()
+ {
+ checkPermissions();
+ list.clear();
+ }
+
+ public boolean contains(Object o)
+ {
+ return list.contains(o);
+ }
+
+ public boolean containsAll(Collection<?> coll)
+ {
+ return list.containsAll(coll);
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ return o == this || list.equals(o);
+ }
+
+ public E get(int index)
+ {
+ return list.get(index);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return list.hashCode();
+ }
+
+ public int indexOf(Object o)
+ {
+ return list.indexOf(o);
+ }
+
+ public boolean isEmpty()
+ {
+ return list.isEmpty();
+ }
+
+ public Iterator<E> iterator()
+ {
+ return new Iterator<E>()
+ {
+ Iterator<? extends E> i = list.iterator();
+
+ public boolean hasNext()
+ {
+ return i.hasNext();
+ }
+
+ public E next()
+ {
+ return i.next();
+ }
+
+ public void remove()
+ {
+ checkPermissions();
+ i.remove();
+ }
+ };
+ }
+
+ public int lastIndexOf(Object o)
+ {
+ return list.lastIndexOf(o);
+ }
+
+ public ListIterator<E> listIterator()
+ {
+ return listIterator(0);
+ }
+
+ public ListIterator<E> listIterator(final int index)
+ {
+ return new ListIterator<E>()
+ {
+ ListIterator<E> li = list.listIterator(index);
+
+ public void add(E pd)
+ {
+ checkPermissions();
+ li.add(pd);
+ }
+
+ public boolean hasNext()
+ {
+ return li.hasNext();
+ }
+
+ public boolean hasPrevious()
+ {
+ return li.hasPrevious();
+ }
+
+ public E next()
+ {
+ return li.next();
+ }
+
+ public int nextIndex()
+ {
+ return li.nextIndex();
+ }
+
+ public E previous()
+ {
+ return li.previous();
+ }
+
+ public int previousIndex()
+ {
+ return li.previousIndex();
+ }
+
+ public void remove()
+ {
+ checkPermissions();
+ li.remove();
+ }
+
+ public void set(E pd)
+ {
+ checkPermissions();
+ li.set(pd);
+ }
+ };
+ }
+
+ public E remove(int index)
+ {
+ checkPermissions();
+ return list.remove(index);
+ }
+
+ public boolean remove(Object o)
+ {
+ checkPermissions();
+ return list.remove(o);
+ }
+
+ public boolean removeAll(Collection<?> pds)
+ {
+ checkPermissions();
+ return list.removeAll(pds);
+ }
+
+ public boolean retainAll(Collection<?> pds)
+ {
+ checkPermissions();
+ return list.retainAll(pds);
+ }
+
+ public E set(int index, E pd)
+ {
+ checkPermissions();
+ return list.set(index, pd);
+ }
+
+ public int size()
+ {
+ return list.size();
+ }
+
+ public List<E> subList(int fromIndex, int toIndex)
+ {
+ return new SecureList<E>(list.subList(fromIndex, toIndex), permission);
+ }
+
+ public Object[] toArray()
+ {
+ return list.toArray();
+ }
+
+ public <T> T[] toArray(T[] a)
+ {
+ return list.toArray(a);
+ }
+
+ @Override
+ public String toString()
+ {
+ return list.toString();
+ }
+
+ /**
+ * Checks if code has a permission
+ */
+ private void checkPermissions()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission(permission);
+ }
+ }
+
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.AllPermission;
+import java.security.Permission;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * SecureSet is a wrapper over given Set instance providing additional security check.
+ * To be able to modify set, invoking code must have the same permission as given in SecureSet's
+ * constructor or {@link AllPermission}.
+ *
+ * @author <a href="mailto:nikolazius at gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureSet<E> implements Set<E>
+{
+
+ // base set
+ private final Set<E> set;
+
+ // required permission
+ private final Permission permission;
+
+ /**
+ * Constructs a SecureSet using new {@link HashSet} inside.
+ * @param permission
+ * Permission that will be required for modificaiton.
+ */
+ public SecureSet(Permission permission)
+ {
+ super();
+ this.set = new HashSet<E>();
+ this.permission = permission;
+ }
+
+ /**
+ * Constructs a SecureSet using new given {@link Set} instance.
+ * @param set
+ * Set, to be based on
+ * @param permission
+ * Permission that will be required for modificaiton.
+ */
+ public SecureSet(Set<E> set, Permission permission)
+ {
+ super();
+ this.set = set;
+ this.permission = permission;
+ }
+
+ public boolean add(E e)
+ {
+ checkPermission();
+ return set.add(e);
+ }
+
+ public boolean addAll(Collection<? extends E> elements)
+ {
+ checkPermission();
+ return set.addAll(elements);
+ }
+
+ public void clear()
+ {
+ checkPermission();
+ set.clear();
+ }
+
+ public boolean contains(Object o)
+ {
+ return set.contains(o);
+ }
+
+ public boolean containsAll(Collection<?> coll)
+ {
+ return set.containsAll(coll);
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ return o == this || set.equals(o);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return set.hashCode();
+ }
+
+ public boolean isEmpty()
+ {
+ return set.isEmpty();
+ }
+
+ public Iterator<E> iterator()
+ {
+ return new Iterator<E>()
+ {
+ Iterator<? extends E> i = set.iterator();
+
+ public boolean hasNext()
+ {
+ return i.hasNext();
+ }
+
+ public E next()
+ {
+ return i.next();
+ }
+
+ public void remove()
+ {
+ checkPermission();
+ i.remove();
+ }
+ };
+ }
+
+ public boolean remove(Object o)
+ {
+ checkPermission();
+ return set.remove(o);
+ }
+
+ public boolean removeAll(Collection<?> pds)
+ {
+ checkPermission();
+ return set.removeAll(pds);
+ }
+
+ public boolean retainAll(Collection<?> pds)
+ {
+ checkPermission();
+ return set.retainAll(pds);
+ }
+
+ public int size()
+ {
+ return set.size();
+ }
+
+ public Object[] toArray()
+ {
+ return set.toArray();
+ }
+
+ public <T> T[] toArray(T[] a)
+ {
+ return set.toArray(a);
+ }
+
+ @Override
+ public String toString()
+ {
+ return set.toString();
+ }
+
+ /**
+ * Checks if code has a permission
+ */
+ private void checkPermission()
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(permission);
+ }
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import junit.framework.TestCase;
+
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:nikolazius at gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class TestSecureCollections extends TestCase
+{
+ // permission for testing purposes
+ public static final Permission MODIFY_PERMISSION = new RuntimePermission("modifyPermisssion");
+
+ public void testSecurityManagerExists()
+ {
+ // check if SM is installed
+ assertNotNull("Security Manager is not installed", System.getSecurityManager());
+ }
+
+ public void testSecureSetAddPermitted()
+ {
+ final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION);
+ try
+ {
+ // giving MODIFY_PERMISSION
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ set.add("string");
+ return null;
+ }
+ }, MODIFY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be permitted.");
+ }
+ }
+
+ public void testSecureSetAddDenied()
+ {
+ final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION);
+ try
+ {
+ // giving no permissions
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ set.add("string");
+ return null;
+ }
+ });
+ fail("Modification should be denied.");
+ }
+ catch (Exception e)
+ {
+ }
+ }
+
+ /**
+ * Run privileged action with given privileges.
+ */
+ private <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions)
+ throws Exception
+ {
+ Permissions allPermissions = new Permissions();
+ for (Permission permission : permissions)
+ {
+ if (permission != null)
+ {
+ allPermissions.add(permission);
+ }
+ }
+ ProtectionDomain[] protectionDomains =
+ new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
+ (java.security.cert.Certificate[])null), allPermissions)};
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+
+ private URL getCodeSource()
+ {
+ return getClass().getProtectionDomain().getCodeSource().getLocation();
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.commons/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/test/resources/test.policy 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,5 @@
+// configure static permissions here
+grant {
+ permission java.security.AllPermission;
+};
+
\ No newline at end of file
More information about the exo-jcr-commits
mailing list