[exo-jcr-commits] exo-jcr SVN: r3422 - in jcr/trunk: exo.jcr.component.core and 32 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Wed Nov 10 06:31:03 EST 2010
Author: tolusha
Date: 2010-11-10 06:31:00 -0500 (Wed, 10 Nov 2010)
New Revision: 3422
Added:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/PrivilegedCacheHelper.java
jcr/trunk/exo.jcr.component.ext/src/test/resources/test.policy
jcr/trunk/exo.jcr.component.ftp/src/test/resources/test.policy
jcr/trunk/exo.jcr.component.webdav/src/test/resources/test.policy
jcr/trunk/exo.jcr.framework.command/src/test/resources/test.policy
jcr/trunk/exo.jcr.framework.ftpclient/src/test/resources/
Modified:
jcr/trunk/exo.jcr.component.core/pom.xml
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/config/RepositoryServiceConfiguration.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/JDBCConfigurationPersister.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/RepositoryServiceConfigurationImpl.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/FileSystemLockPersister.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/CacheableLockManagerImpl.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/ControllerCacheLoader.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/nodetype/NodeTypeDataManagerImpl.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexChangesFilter.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexInfos.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexUpdateMonitor.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/JcrStandartAnalyzer.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/DialectDetecter.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/JDBCWorkspaceDataContainer.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/db/GenericConnectionFactory.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileValueStorage.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/DBInitializer.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/jbosscache/ExoJBossCacheFactory.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java
jcr/trunk/exo.jcr.component.ext/pom.xml
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/BackupManagerImpl.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/PendingChangesLog.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RESTRegistryService.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryEntry.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryService.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/UnifiedNodeReference.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/jcr/Handler.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScript2RestLoader.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScriptAddRepoPlugin.java
jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/JcrGroovyCompiler.java
jcr/trunk/exo.jcr.component.ftp/pom.xml
jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/FtpServerImpl.java
jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/data/FtpDataTransiverImpl.java
jcr/trunk/exo.jcr.component.webdav/pom.xml
jcr/trunk/exo.jcr.framework.command/pom.xml
jcr/trunk/exo.jcr.framework.ftpclient/pom.xml
jcr/trunk/pom.xml
Log:
EXOJCR-986: Enable SecurityManager by default
Modified: jcr/trunk/exo.jcr.component.core/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.core/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -49,7 +49,6 @@
<dependency>
<groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.commons.test</artifactId>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
@@ -64,10 +63,6 @@
<artifactId>exo.kernel.component.cache</artifactId>
</dependency>
<dependency>
- <groupId>org.exoplatform.kernel</groupId>
- <artifactId>exo.kernel.component.ext.cache.impl.jboss.v3</artifactId>
- </dependency>
- <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.organization.api</artifactId>
</dependency>
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/config/RepositoryServiceConfiguration.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/config/RepositoryServiceConfiguration.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/config/RepositoryServiceConfiguration.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,12 +18,15 @@
*/
package org.exoplatform.services.jcr.config;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.jibx.runtime.BindingDirectory;
import org.jibx.runtime.IBindingFactory;
import org.jibx.runtime.IUnmarshallingContext;
import org.jibx.runtime.JiBXException;
import java.io.InputStream;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
@@ -44,7 +47,7 @@
{
for (int i = 0; i < getRepositoryConfigurations().size(); i++)
{
- RepositoryEntry conf = (RepositoryEntry)getRepositoryConfigurations().get(i);
+ RepositoryEntry conf = getRepositoryConfigurations().get(i);
if (conf.getName().equals(name))
return conf;
}
@@ -77,7 +80,34 @@
{
try
{
- IBindingFactory factory = BindingDirectory.getFactory(RepositoryServiceConfiguration.class);
+ IBindingFactory factory;
+ try
+ {
+ factory = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<IBindingFactory>()
+ {
+ public IBindingFactory run() throws Exception
+ {
+ return BindingDirectory.getFactory(RepositoryServiceConfiguration.class);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof JiBXException)
+ {
+ throw (JiBXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+
IUnmarshallingContext uctx = factory.createUnmarshallingContext();
RepositoryServiceConfiguration conf = (RepositoryServiceConfiguration)uctx.unmarshalDocument(is, null);
@@ -127,6 +157,7 @@
*
* @return
*/
+ @Override
public boolean isRetainable()
{
return false;
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/JDBCConfigurationPersister.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/JDBCConfigurationPersister.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/JDBCConfigurationPersister.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.impl.config;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.PropertiesParam;
import org.exoplatform.services.jcr.config.ConfigurationPersister;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
@@ -30,6 +31,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
@@ -201,8 +203,14 @@
protected Connection openConnection() throws NamingException, SQLException
{
- DataSource ds = (DataSource)new InitialContext().lookup(sourceName);
- return ds.getConnection();
+ final DataSource ds = (DataSource)new InitialContext().lookup(sourceName);
+ return SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<Connection>()
+ {
+ public Connection run() throws Exception
+ {
+ return ds.getConnection();
+ }
+ });
}
/**
@@ -210,11 +218,18 @@
*
* @param con
*/
- protected boolean isDbInitialized(Connection con)
+ protected boolean isDbInitialized(final Connection con)
{
try
{
- ResultSet trs = con.getMetaData().getTables(null, null, configTableName, null);
+ ResultSet trs = SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<ResultSet>()
+ {
+ public ResultSet run() throws Exception
+ {
+ return con.getMetaData().getTables(null, null, configTableName, null);
+ }
+ });
+
try
{
return trs.next();
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/RepositoryServiceConfigurationImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/RepositoryServiceConfigurationImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/config/RepositoryServiceConfigurationImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,6 +19,7 @@
package org.exoplatform.services.jcr.impl.config;
import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ValueParam;
@@ -40,6 +41,8 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
@@ -179,7 +182,34 @@
saveStream = PrivilegedFileHelper.fileOutputStream(sourceConfig);
}
- IBindingFactory bfact = BindingDirectory.getFactory(RepositoryServiceConfiguration.class);
+ IBindingFactory bfact;
+ try
+ {
+ bfact = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<IBindingFactory>()
+ {
+ public IBindingFactory run() throws Exception
+ {
+ return BindingDirectory.getFactory(RepositoryServiceConfiguration.class);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof JiBXException)
+ {
+ throw (JiBXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+
IMarshallingContext mctx = bfact.createMarshallingContext();
mctx.marshalDocument(this, "ISO-8859-1", null, saveStream);
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -45,7 +45,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
@@ -214,38 +213,7 @@
try
{
- PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- repositoryContainer.registerWorkspace(wsConfig);
- return null;
- }
- };
- try
- {
- AccessController.doPrivileged(action);
- }
- catch (PrivilegedActionException pae)
- {
- Throwable cause = pae.getCause();
- if (cause instanceof RepositoryException)
- {
- throw (RepositoryException)cause;
- }
- else if (cause instanceof RepositoryConfigurationException)
- {
- throw (RepositoryConfigurationException)cause;
- }
- else if (cause instanceof RuntimeException)
- {
- throw (RuntimeException)cause;
- }
- else
- {
- throw new RuntimeException(cause);
- }
- }
+ repositoryContainer.registerWorkspace(wsConfig);
}
catch (RepositoryConfigurationException e)
{
@@ -302,17 +270,8 @@
repositoryContainer.getWorkspaceContainer(workspaceName).getWorkspaceInitializer().initWorkspace();
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
- {
- public Object run()
- {
- wsContainer.start();
- return null;
- }
- };
+ wsContainer.start();
- AccessController.doPrivileged(action);
-
LOG.info("Workspace " + workspaceName + "@" + this.name + " is initialized");
}
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/FileSystemLockPersister.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/FileSystemLockPersister.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/FileSystemLockPersister.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,6 +19,7 @@
package org.exoplatform.services.jcr.impl.core.lock;
import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.config.LockPersisterEntry;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
@@ -42,6 +43,7 @@
import java.io.File;
import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import javax.jcr.RepositoryException;
@@ -119,7 +121,7 @@
public void add(LockData lock) throws LockException
{
log.debug("add event fire");
- File lockFile = new File(rootDir, lock.getNodeIdentifier());
+ final File lockFile = new File(rootDir, lock.getNodeIdentifier());
if (PrivilegedFileHelper.exists(lockFile))
{
@@ -128,7 +130,14 @@
try
{
- lockFile.createNewFile();
+ SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ lockFile.createNewFile();
+ return null;
+ }
+ });
}
catch (IOException e)
{
@@ -294,7 +303,7 @@
rootDir = new File(root);
if (PrivilegedFileHelper.exists(rootDir))
{
- if (!rootDir.isDirectory())
+ if (!PrivilegedFileHelper.isDirectory(rootDir))
{
throw new RepositoryConfigurationException("'" + root + "' is not a directory");
}
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/CacheableLockManagerImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/CacheableLockManagerImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/CacheableLockManagerImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -16,12 +16,12 @@
*/
package org.exoplatform.services.jcr.impl.core.lock.jbosscache;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.management.annotations.Managed;
import org.exoplatform.management.annotations.ManagedDescription;
import org.exoplatform.management.jmx.annotations.NameTemplate;
import org.exoplatform.management.jmx.annotations.Property;
-import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.config.MappedParametrizedObjectEntry;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
import org.exoplatform.services.jcr.config.SimpleParameterEntry;
@@ -51,6 +51,7 @@
import org.exoplatform.services.jcr.impl.storage.JCRInvalidItemStateException;
import org.exoplatform.services.jcr.impl.storage.jdbc.DBConstants;
import org.exoplatform.services.jcr.impl.storage.jdbc.DialectDetecter;
+import org.exoplatform.services.jcr.impl.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.jbosscache.ExoJBossCacheFactory;
import org.exoplatform.services.jcr.jbosscache.ExoJBossCacheFactory.CacheType;
import org.exoplatform.services.jcr.observation.ExtendedEvent;
@@ -75,6 +76,7 @@
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
@@ -1189,13 +1191,19 @@
/**
* Will be created structured node in cache, like /$LOCKS
*/
- private void createStructuredNode(Fqn<String> fqn)
+ private void createStructuredNode(final Fqn<String> fqn)
{
Node<Serializable, Object> node = cache.getRoot().getChild(fqn);
if (node == null)
{
cache.getInvocationContext().getOptionOverrides().setCacheModeLocal(true);
- node = cache.getRoot().addChild(fqn);
+ node = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Node<Serializable, Object>>()
+ {
+ public Node<Serializable, Object> run()
+ {
+ return cache.getRoot().addChild(fqn);
+ }
+ });
}
node.setResident(true);
}
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/ControllerCacheLoader.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/ControllerCacheLoader.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/lock/jbosscache/ControllerCacheLoader.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -232,17 +232,31 @@
/**
* @see org.jboss.cache.loader.CacheLoader#put(java.util.List)
*/
- public void put(List<Modification> modifications) throws Exception
+ public void put(final List<Modification> modifications) throws Exception
{
- cl.put(modifications);
+ SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ cl.put(modifications);
+ return null;
+ }
+ });
}
/**
* @see org.jboss.cache.loader.CacheLoader#put(org.jboss.cache.Fqn, java.util.Map)
*/
- public void put(Fqn name, Map<Object, Object> attributes) throws Exception
+ public void put(final Fqn name, final Map<Object, Object> attributes) throws Exception
{
- cl.put(name, attributes);
+ SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ cl.put(name, attributes);
+ return null;
+ }
+ });
}
/**
@@ -262,25 +276,45 @@
/**
* @see org.jboss.cache.loader.CacheLoader#remove(org.jboss.cache.Fqn)
*/
- public void remove(Fqn fqn) throws Exception
+ public void remove(final Fqn fqn) throws Exception
{
- cl.remove(fqn);
+ SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ cl.remove(fqn);
+ return null;
+ }
+ });
}
/**
* @see org.jboss.cache.loader.CacheLoader#remove(org.jboss.cache.Fqn, java.lang.Object)
*/
- public Object remove(Fqn fqn, Object key) throws Exception
+ public Object remove(final Fqn fqn, final Object key) throws Exception
{
- return cl.remove(fqn, key);
+ return SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ return cl.remove(fqn, key);
+ }
+ });
}
/**
* @see org.jboss.cache.loader.CacheLoader#removeData(org.jboss.cache.Fqn)
*/
- public void removeData(Fqn fqn) throws Exception
+ public void removeData(final Fqn fqn) throws Exception
{
- cl.removeData(fqn);
+ SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ cl.removeData(fqn);
+ return null;
+ }
+ });
}
/**
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/nodetype/NodeTypeDataManagerImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/nodetype/NodeTypeDataManagerImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/nodetype/NodeTypeDataManagerImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.impl.core.nodetype;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.jcr.config.RepositoryEntry;
import org.exoplatform.services.jcr.core.nodetype.ExtendedNodeTypeManager;
import org.exoplatform.services.jcr.core.nodetype.ItemDefinitionData;
@@ -55,6 +56,7 @@
import org.picocontainer.Startable;
import java.io.InputStream;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -745,7 +747,13 @@
// check if default node type saved
if (!nodeTypeRepository.isStorageFilled())
{
- final InputStream xml = NodeTypeManagerImpl.class.getResourceAsStream(NODETYPES_FILE);
+ final InputStream xml = SecurityHelper.doPriviledgedAction(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return NodeTypeManagerImpl.class.getResourceAsStream(NODETYPES_FILE);
+ }
+ });
if (xml != null)
{
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexChangesFilter.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexChangesFilter.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexChangesFilter.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,7 +19,6 @@
package org.exoplatform.services.jcr.impl.core.query.jbosscache;
import org.exoplatform.container.configuration.ConfigurationManager;
-import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.config.QueryHandlerEntry;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
import org.exoplatform.services.jcr.impl.core.query.IndexerChangesFilter;
@@ -28,6 +27,7 @@
import org.exoplatform.services.jcr.impl.core.query.IndexingTree;
import org.exoplatform.services.jcr.impl.core.query.QueryHandler;
import org.exoplatform.services.jcr.impl.core.query.SearchManager;
+import org.exoplatform.services.jcr.impl.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.jbosscache.ExoJBossCacheFactory;
import org.exoplatform.services.jcr.jbosscache.ExoJBossCacheFactory.CacheType;
import org.exoplatform.services.jcr.util.IdGenerator;
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexInfos.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexInfos.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexInfos.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,12 +18,12 @@
*/
package org.exoplatform.services.jcr.impl.core.query.jbosscache;
-import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoMode;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoModeHandler;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoModeListener;
import org.exoplatform.services.jcr.impl.core.query.lucene.IndexInfos;
import org.exoplatform.services.jcr.impl.core.query.lucene.MultiIndex;
+import org.exoplatform.services.jcr.impl.util.PrivilegedCacheHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.jboss.cache.Cache;
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexUpdateMonitor.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexUpdateMonitor.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/jbosscache/JBossCacheIndexUpdateMonitor.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,13 +18,13 @@
*/
package org.exoplatform.services.jcr.impl.core.query.jbosscache;
-import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoMode;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoModeHandler;
import org.exoplatform.services.jcr.impl.core.query.IndexerIoModeListener;
import org.exoplatform.services.jcr.impl.core.query.lucene.IndexInfos;
import org.exoplatform.services.jcr.impl.core.query.lucene.IndexUpdateMonitor;
import org.exoplatform.services.jcr.impl.core.query.lucene.IndexUpdateMonitorListener;
+import org.exoplatform.services.jcr.impl.util.PrivilegedCacheHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.jboss.cache.Cache;
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/JcrStandartAnalyzer.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/JcrStandartAnalyzer.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/JcrStandartAnalyzer.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -16,12 +16,14 @@
*/
package org.exoplatform.services.jcr.impl.core.query.lucene;
-import java.io.Reader;
-
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
+import org.exoplatform.commons.utils.SecurityHelper;
+import java.io.Reader;
+import java.security.PrivilegedAction;
+
/**
* This is the global jackrabbit lucene analyzer. By default, all
* properties are indexed with the <code>StandardAnalyzer(new String[]{})</code>,
@@ -38,7 +40,13 @@
* The default Jackrabbit analyzer if none is configured in <code><SearchIndex></code>
* configuration.
*/
- private Analyzer defaultAnalyzer = new StandardAnalyzer(new String[]{});
+ private Analyzer defaultAnalyzer = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Analyzer>()
+ {
+ public Analyzer run()
+ {
+ return new StandardAnalyzer(new String[]{});
+ }
+ });
/**
* The indexing configuration.
@@ -64,7 +72,8 @@
* Reader. If the fieldName (property) is configured to have a different
* analyzer than the default, this analyzer is used for tokenization
*/
- public TokenStream tokenStream(String fieldName, Reader reader) {
+ @Override
+ public TokenStream tokenStream(String fieldName, Reader reader) {
if (indexingConfig != null) {
Analyzer propertyAnalyzer = indexingConfig.getPropertyAnalyzer(fieldName);
if (propertyAnalyzer != null) {
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/DialectDetecter.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/DialectDetecter.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/DialectDetecter.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,9 @@
*/
package org.exoplatform.services.jcr.impl.storage.jdbc;
+import org.exoplatform.commons.utils.SecurityHelper;
+
+import java.security.PrivilegedExceptionAction;
import java.sql.DatabaseMetaData;
import java.sql.SQLException;
@@ -41,7 +44,14 @@
*/
public static String detect(final DatabaseMetaData metaData) throws SQLException
{
- final String databaseName = metaData.getDatabaseProductName();
+ final String databaseName =
+ SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<String>()
+ {
+ public String run() throws Exception
+ {
+ return metaData.getDatabaseProductName();
+ }
+ });
if ("HSQL Database Engine".equals(databaseName))
{
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/JDBCWorkspaceDataContainer.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/JDBCWorkspaceDataContainer.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/JDBCWorkspaceDataContainer.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -20,6 +20,7 @@
import org.exoplatform.commons.utils.PrivilegedFileHelper;
import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
import org.exoplatform.services.jcr.config.RepositoryEntry;
import org.exoplatform.services.jcr.config.WorkspaceEntry;
@@ -48,6 +49,7 @@
import java.io.File;
import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
@@ -323,13 +325,20 @@
if (pDbDialect == DBConstants.DB_DIALECT_GENERIC)
{
// try to detect via JDBC metadata
- DataSource ds = (DataSource)new InitialContext().lookup(dbSourceName);
+ final DataSource ds = (DataSource)new InitialContext().lookup(dbSourceName);
if (ds != null)
{
Connection jdbcConn = null;
try
{
- jdbcConn = ds.getConnection();
+ jdbcConn = SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<Connection>()
+ {
+ public Connection run() throws Exception
+ {
+ return ds.getConnection();
+ }
+ });
+
this.dbDialect = DialectDetecter.detect(jdbcConn.getMetaData());
}
catch (SQLException e)
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/db/GenericConnectionFactory.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/db/GenericConnectionFactory.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/db/GenericConnectionFactory.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.impl.storage.jdbc.db;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.jcr.impl.util.io.FileCleaner;
import org.exoplatform.services.jcr.storage.WorkspaceStorageConnection;
import org.exoplatform.services.jcr.storage.value.ValueStoragePluginProvider;
@@ -25,6 +26,7 @@
import org.exoplatform.services.log.Log;
import java.io.File;
+import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
@@ -227,9 +229,14 @@
try
{
final Connection conn =
- dbDataSource != null ? dbDataSource.getConnection() : (dbUserName != null ? DriverManager.getConnection(
- dbUrl, dbUserName, dbPassword) : DriverManager.getConnection(dbUrl));
-
+ SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<Connection>()
+ {
+ public Connection run() throws Exception
+ {
+ return dbDataSource != null ? dbDataSource.getConnection() : (dbUserName != null ? DriverManager
+ .getConnection(dbUrl, dbUserName, dbPassword) : DriverManager.getConnection(dbUrl));
+ }
+ });
if (readOnly)
{
// set this feature only if it asked
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileValueStorage.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileValueStorage.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileValueStorage.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -117,10 +117,10 @@
File tempDir = new File(rootDir, TEMP_DIR_NAME);
PrivilegedFileHelper.mkdirs(tempDir);
- if (PrivilegedFileHelper.exists(tempDir) && tempDir.isDirectory())
+ if (PrivilegedFileHelper.exists(tempDir) && PrivilegedFileHelper.isDirectory(tempDir))
{
// care about storage temp dir cleanup
- for (File tmpf : tempDir.listFiles())
+ for (File tmpf : PrivilegedFileHelper.listFiles(tempDir))
if (!PrivilegedFileHelper.delete(tmpf))
log.warn("Storage temporary directory contains un-deletable file "
+ PrivilegedFileHelper.getAbsolutePath(tmpf)
@@ -137,7 +137,7 @@
}
else
{
- if (!rootDir.isDirectory())
+ if (!PrivilegedFileHelper.isDirectory(rootDir))
{
throw new RepositoryConfigurationException("File exists but is not a directory " + rootDirPath);
}
Added: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/PrivilegedCacheHelper.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/PrivilegedCacheHelper.java (rev 0)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/PrivilegedCacheHelper.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -0,0 +1,275 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.jcr.impl.util;
+
+import org.jboss.cache.Cache;
+import org.jboss.cache.CacheException;
+import org.jboss.cache.CacheFactory;
+import org.jboss.cache.DefaultCacheFactory;
+import org.jboss.cache.Fqn;
+import org.jboss.cache.config.ConfigurationException;
+
+import java.io.InputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="anatoliy.bazko at exoplatform.org">Anatoliy Bazko</a>
+ * @version $Id: PrivilegedCacheHelper.java 111 2010-11-11 11:11:11Z tolusha $
+ *
+ */
+public class PrivilegedCacheHelper
+{
+ /**
+ * Start cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void start(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ cache.start();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Stop cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void stop(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ cache.stop();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Create cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void create(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ cache.create();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * End batch in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void endBatch(final Cache<K, V> cache, final boolean successful)
+ {
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ cache.endBatch(successful);
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Create cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> Cache<K, V> createCache(final CacheFactory<K, V> factory, final InputStream is,
+ final boolean start)
+ {
+ PrivilegedExceptionAction<Cache<K, V>> action = new PrivilegedExceptionAction<Cache<K, V>>()
+ {
+ public Cache<K, V> run() throws Exception
+ {
+ return factory.createCache(is, start);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ConfigurationException)
+ {
+ throw (ConfigurationException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Put in cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> V put(final Cache<K, V> cache, final String fqn, final K key, final V value)
+ throws CacheException
+ {
+ PrivilegedExceptionAction<V> action = new PrivilegedExceptionAction<V>()
+ {
+ public V run() throws Exception
+ {
+ return cache.put(fqn, key, value);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Remove fomr cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> boolean removeNode(final Cache<K, V> cache, final Fqn fqn) throws CacheException
+ {
+ PrivilegedExceptionAction<Boolean> action = new PrivilegedExceptionAction<Boolean>()
+ {
+ public Boolean run() throws Exception
+ {
+ return cache.removeNode(fqn);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Put in cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> V put(final Cache<K, V> cache, final Fqn fqn, final K key, final V value) throws CacheException
+ {
+ PrivilegedExceptionAction<V> action = new PrivilegedExceptionAction<V>()
+ {
+ public V run() throws Exception
+ {
+ return cache.put(fqn, key, value);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create cache factory in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> DefaultCacheFactory<K, V> createCacheFactory() throws CacheException
+ {
+ PrivilegedAction<DefaultCacheFactory<K, V>> action = new PrivilegedAction<DefaultCacheFactory<K, V>>()
+ {
+ public DefaultCacheFactory<K, V> run()
+ {
+ return new DefaultCacheFactory<K, V>();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+}
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/DBInitializer.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/DBInitializer.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/jdbc/DBInitializer.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -172,9 +172,16 @@
return string;
}
- protected boolean isTableExists(Connection conn, String tableName) throws SQLException
+ protected boolean isTableExists(final Connection conn, final String tableName) throws SQLException
{
- ResultSet trs = conn.getMetaData().getTables(null, null, tableName, null);
+ ResultSet trs = SecurityHelper.doPriviledgedSQLExceptionAction(new PrivilegedExceptionAction<ResultSet>()
+ {
+ public ResultSet run() throws Exception
+ {
+ return conn.getMetaData().getTables(null, null, tableName, null);
+ }
+ });
+
try
{
boolean res = false;
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/jbosscache/ExoJBossCacheFactory.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/jbosscache/ExoJBossCacheFactory.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/jbosscache/ExoJBossCacheFactory.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.jbosscache;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.configuration.ConfigurationManager;
@@ -74,8 +75,15 @@
* Keep only one instance of the {@link JChannelFactory} to prevent creating several times the
* same multiplexer stack
*/
- private static final JChannelFactory CHANNEL_FACTORY = new JChannelFactory();
-
+ private static final JChannelFactory CHANNEL_FACTORY = SecurityHelper
+ .doPriviledgedAction(new PrivilegedAction<JChannelFactory>()
+ {
+ public JChannelFactory run()
+ {
+ return new JChannelFactory();
+ }
+ });
+
/**
* A Map that contains all the registered JBC instances, ordered by
* {@link ExoContainer} instances, {@link CacheType} and JBC Configuration.
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.transaction.jbosscache;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -25,8 +26,6 @@
import org.exoplatform.services.transaction.TransactionService;
import org.jboss.cache.transaction.TransactionManagerLookup;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -240,7 +239,13 @@
TransactionManager tm;
try
{
- tm = tmLookup.getTransactionManager();
+ tm = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<TransactionManager>()
+ {
+ public TransactionManager run() throws Exception
+ {
+ return tmLookup.getTransactionManager();
+ }
+ });
}
catch (Exception e)
{
@@ -453,7 +458,32 @@
*/
public Transaction getTransaction() throws SystemException
{
- return tm.getTransaction();
+ try
+ {
+ return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Transaction>()
+ {
+ public Transaction run() throws Exception
+ {
+ return tm.getTransaction();
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof SystemException)
+ {
+ throw (SystemException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
/**
Modified: jcr/trunk/exo.jcr.component.ext/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.ext/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -43,6 +43,10 @@
<artifactId>exo.kernel.component.command</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.document</artifactId>
</dependency>
@@ -135,6 +139,7 @@
<scope>test</scope>
</dependency>
</dependencies>
+
<build>
<testResources>
<testResource>
@@ -148,7 +153,6 @@
</includes>
</testResource>
</testResources>
- <pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -165,6 +169,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<includes>
<include>**/actions/*Test.java</include>
<include>**/metadata/*Test.java</include>
@@ -187,7 +192,43 @@
</excludes>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
- </pluginManagement>
</build>
</project>
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/BackupManagerImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/BackupManagerImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/BackupManagerImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,6 +19,9 @@
package org.exoplatform.services.jcr.ext.backup.impl;
import org.apache.commons.collections.map.HashedMap;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.PropertiesParam;
import org.exoplatform.services.jcr.RepositoryService;
@@ -81,6 +84,7 @@
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.PrintWriter;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
@@ -450,7 +454,7 @@
this.repoService = repoService;
this.registryService = registryService;
this.initParams = initParams;
- this.tempDir = new File(System.getProperty("java.io.tmpdir"));
+ this.tempDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
currentBackups = Collections.synchronizedSet(new HashSet<BackupChain>());
@@ -813,7 +817,7 @@
}
// scan for task files
- File[] tasks = this.logsDirectory.listFiles(new TaskFilter());
+ File[] tasks = PrivilegedFileHelper.listFiles(this.logsDirectory, new TaskFilter());
for (File task : tasks)
{
try
@@ -1119,7 +1123,14 @@
private void writeParamsToRegistryService(SessionProvider sessionProvider) throws IOException, SAXException,
ParserConfigurationException, RepositoryException
{
- Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Document doc = SecurityHelper.doPriviledgedParserConfigurationAction(new PrivilegedExceptionAction<Document>()
+ {
+ public Document run() throws Exception
+ {
+ return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ }
+ });
+
Element root = doc.createElement(SERVICE_NAME);
doc.appendChild(root);
@@ -1230,8 +1241,8 @@
throw new RuntimeException(BACKUP_DIR + " not specified");
logsDirectory = new File(backupDir);
- if (!logsDirectory.exists())
- logsDirectory.mkdirs();
+ if (!PrivilegedFileHelper.exists(logsDirectory))
+ PrivilegedFileHelper.mkdirs(logsDirectory);
if (defIncrPeriod == null)
throw new RuntimeException(DEFAULT_INCREMENTAL_JOB_PERIOD + " not specified");
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/PendingChangesLog.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/PendingChangesLog.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/backup/impl/PendingChangesLog.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.ext.backup.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.services.jcr.dataflow.ItemState;
import org.exoplatform.services.jcr.dataflow.TransactionChangesLog;
import org.exoplatform.services.jcr.dataflow.persistent.PersistedPropertyData;
@@ -156,7 +157,7 @@
listFile = new ArrayList<File>();
identifier = IdGenerator.generate();
this.fileCleaner = fileCleaner;
- this.tempDir = new File(System.getProperty("java.io.tmpdir"));
+ this.tempDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
}
/**
@@ -184,7 +185,7 @@
this.identifier = identifier;
containerType = type;
this.fileCleaner = fileCleaner;
- this.tempDir = new File(System.getProperty("java.io.tmpdir"));
+ this.tempDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
}
/**
@@ -199,7 +200,7 @@
{
this.identifier = identifier;
data = new byte[dataLength];
- this.tempDir = new File(System.getProperty("java.io.tmpdir"));
+ this.tempDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
}
/**
@@ -221,7 +222,7 @@
this.listFixupStream = listFixupStreams;
this.listFile = listFiles;
this.fileCleaner = fileCleaner;
- this.tempDir = new File(System.getProperty("java.io.tmpdir"));
+ this.tempDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
}
/**
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RESTRegistryService.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RESTRegistryService.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RESTRegistryService.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,8 +18,20 @@
*/
package org.exoplatform.services.jcr.ext.registry;
+import org.exoplatform.commons.utils.SecurityHelper;
+import org.exoplatform.services.jcr.ext.app.ThreadLocalSessionProviderService;
+import org.exoplatform.services.jcr.ext.common.SessionProvider;
+import org.exoplatform.services.jcr.ext.registry.Registry.RegistryNode;
+import org.exoplatform.services.log.ExoLogger;
+import org.exoplatform.services.log.Log;
+import org.exoplatform.services.rest.ext.util.XlinkHref;
+import org.exoplatform.services.rest.resource.ResourceContainer;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
import java.io.InputStream;
import java.net.URI;
+import java.security.PrivilegedExceptionAction;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
@@ -41,16 +53,6 @@
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.dom.DOMSource;
-import org.exoplatform.services.jcr.ext.app.ThreadLocalSessionProviderService;
-import org.exoplatform.services.jcr.ext.common.SessionProvider;
-import org.exoplatform.services.jcr.ext.registry.Registry.RegistryNode;
-import org.exoplatform.services.log.ExoLogger;
-import org.exoplatform.services.log.Log;
-import org.exoplatform.services.rest.ext.util.XlinkHref;
-import org.exoplatform.services.rest.resource.ResourceContainer;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
/**
* @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
* @version $Id: $
@@ -192,7 +194,14 @@
{
Node registryNode = registryEntry.getNode();
NodeIterator registryIterator = registryNode.getNodes();
- Document entry = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Document entry = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Document>()
+ {
+ public Document run() throws Exception
+ {
+ return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ }
+ });
+
String fullURI = uriInfo.getRequestUri().toString();
XlinkHref xlinkHref = new XlinkHref(fullURI);
Element root = entry.createElement(REGISTRY);
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryEntry.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryEntry.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryEntry.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.ext.registry;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -26,6 +27,8 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -69,7 +72,14 @@
*/
public RegistryEntry(String rootName) throws IOException, SAXException, ParserConfigurationException
{
- DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder db =
+ SecurityHelper.doPriviledgedParserConfigurationAction(new PrivilegedExceptionAction<DocumentBuilder>()
+ {
+ public DocumentBuilder run() throws Exception
+ {
+ return DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ }
+ });
this.document = db.newDocument();
Element nodeElement = document.createElement(rootName);
document.appendChild(nodeElement);
@@ -84,10 +94,43 @@
* @throws SAXException
* @throws ParserConfigurationException
*/
- public static RegistryEntry parse(byte[] bytes) throws IOException, SAXException, ParserConfigurationException
+ public static RegistryEntry parse(final byte[] bytes) throws IOException, SAXException, ParserConfigurationException
{
- return new RegistryEntry(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(
- new ByteArrayInputStream(bytes)));
+ try
+ {
+ return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<RegistryEntry>()
+ {
+ public RegistryEntry run() throws Exception
+ {
+ return new RegistryEntry(DocumentBuilderFactory.newInstance().newDocumentBuilder()
+ .parse(new ByteArrayInputStream(bytes)));
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ParserConfigurationException)
+ {
+ throw (ParserConfigurationException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof SAXException)
+ {
+ throw (SAXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
/**
@@ -98,9 +141,43 @@
* @throws SAXException
* @throws ParserConfigurationException
*/
- public static RegistryEntry parse(InputStream in) throws IOException, SAXException, ParserConfigurationException
+ public static RegistryEntry parse(final InputStream in) throws IOException, SAXException,
+ ParserConfigurationException
{
- return new RegistryEntry(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(in));
+ try
+ {
+ return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<RegistryEntry>()
+ {
+ public RegistryEntry run() throws Exception
+ {
+ return new RegistryEntry(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(in));
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ParserConfigurationException)
+ {
+ throw (ParserConfigurationException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof SAXException)
+ {
+ throw (SAXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
/**
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryService.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryService.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/registry/RegistryService.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -20,6 +20,7 @@
import static javax.jcr.ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.PropertiesParam;
@@ -41,6 +42,9 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -133,6 +137,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public RegistryEntry getEntry(final SessionProvider sessionProvider, final String entryPath)
throws PathNotFoundException, RepositoryException
{
@@ -162,6 +167,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public void createEntry(final SessionProvider sessionProvider, final String groupPath, final RegistryEntry entry)
throws RepositoryException
{
@@ -190,6 +196,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public void removeEntry(final SessionProvider sessionProvider, final String entryPath) throws RepositoryException
{
@@ -203,6 +210,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public void recreateEntry(final SessionProvider sessionProvider, final String groupPath, final RegistryEntry entry)
throws RepositoryException
{
@@ -287,6 +295,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public RegistryNode getRegistry(final SessionProvider sessionProvider) throws RepositoryException
{
@@ -335,7 +344,14 @@
wsName = repConfiguration.getDefaultWorkspaceName();
}
addRegistryLocation(repName, wsName);
- InputStream xml = getClass().getResourceAsStream(NT_FILE);
+ InputStream xml = SecurityHelper.doPriviledgedAction(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return getClass().getResourceAsStream(NT_FILE);
+ }
+ });
+
try
{
repositoryService.getRepository(repName).getNodeTypeManager().registerNodeTypes(xml,
@@ -389,7 +405,7 @@
{
String repName = repConfiguration.getName();
ManageableRepository rep = repositoryService.getRepository(repName);
- Session sysSession = rep.getSystemSession(regWorkspaces.get(repName));
+ final Session sysSession = rep.getSystemSession(regWorkspaces.get(repName));
if (sysSession.getRootNode().hasNode(EXO_REGISTRY) && replace)
sysSession.getRootNode().getNode(EXO_REGISTRY).remove();
@@ -406,32 +422,50 @@
final String fullPath = "/" + EXO_REGISTRY + "/" + entryLocation;
for (String appName : appNames)
{
- String xml = appConfigurations.get(appName);
+ final String xml = appConfigurations.get(appName);
try
{
- DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- ByteArrayInputStream stream = new ByteArrayInputStream(xml.getBytes());
- Document document = builder.parse(stream);
- RegistryEntry entry = new RegistryEntry(document);
- sysSession.importXML(fullPath, entry.getAsInputStream(), IMPORT_UUID_CREATE_NEW);
+ SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ ByteArrayInputStream stream = new ByteArrayInputStream(xml.getBytes());
+ Document document = builder.parse(stream);
+ RegistryEntry entry = new RegistryEntry(document);
+ sysSession.importXML(fullPath, entry.getAsInputStream(), IMPORT_UUID_CREATE_NEW);
+ return null;
+ }
+ });
}
- catch (ParserConfigurationException e)
+ catch (PrivilegedActionException pae)
{
- e.printStackTrace();
+ Throwable cause = pae.getCause();
+ if (cause instanceof ParserConfigurationException)
+ {
+ cause.printStackTrace();
+ }
+ else if (cause instanceof IOException)
+ {
+ cause.printStackTrace();
+ }
+ else if (cause instanceof SAXException)
+ {
+ cause.printStackTrace();
+ }
+ else if (cause instanceof TransformerException)
+ {
+ cause.printStackTrace();
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
- catch (IOException e)
- {
- e.printStackTrace();
- }
- catch (SAXException e)
- {
- e.printStackTrace();
- }
- catch (TransformerException e)
- {
- e.printStackTrace();
- }
-
}
sysSession.save();
}
@@ -513,7 +547,7 @@
*/
private List<RepositoryEntry> repConfigurations()
{
- return (List<RepositoryEntry>)repositoryService.getConfig().getRepositoryConfigurations();
+ return repositoryService.getConfig().getRepositoryConfigurations();
}
/**
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/UnifiedNodeReference.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/UnifiedNodeReference.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/UnifiedNodeReference.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.ext.resource;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.services.jcr.datamodel.Identifier;
import java.net.MalformedURLException;
@@ -252,7 +253,7 @@
// Usually this job must be done by java.net.URL, but it does
// not work in web container. Under tomcat class of handler can't be found in
// $CATALINA_HOME/lib/*.jar. Probably the same problem can be under AS.
- String packagePrefixList = System.getProperty("java.protocol.handler.pkgs");
+ String packagePrefixList = PrivilegedSystemHelper.getProperty("java.protocol.handler.pkgs");
if (packagePrefixList == null)
return null;
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/jcr/Handler.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/jcr/Handler.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/resource/jcr/Handler.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.ext.resource.jcr;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.services.jcr.RepositoryService;
import org.exoplatform.services.jcr.core.ManageableRepository;
import org.exoplatform.services.jcr.ext.app.ThreadLocalSessionProviderService;
@@ -150,11 +151,12 @@
*/
public void start()
{
- String existingProtocolPathPkgs = System.getProperty("java.protocol.handler.pkgs");
+ String existingProtocolPathPkgs = PrivilegedSystemHelper.getProperty("java.protocol.handler.pkgs");
if (existingProtocolPathPkgs == null)
- System.setProperty("java.protocol.handler.pkgs", protocolPathPkg);
+ PrivilegedSystemHelper.setProperty("java.protocol.handler.pkgs", protocolPathPkg);
else if (existingProtocolPathPkgs.indexOf(protocolPathPkg) == -1)
- System.setProperty("java.protocol.handler.pkgs", existingProtocolPathPkgs + "|" + protocolPathPkg);
+ PrivilegedSystemHelper.setProperty("java.protocol.handler.pkgs", existingProtocolPathPkgs + "|"
+ + protocolPathPkg);
}
/**
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScript2RestLoader.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScript2RestLoader.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScript2RestLoader.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -21,6 +21,7 @@
import groovy.lang.GroovyClassLoader;
import org.apache.commons.fileupload.FileItem;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.container.xml.InitParams;
@@ -51,6 +52,7 @@
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
@@ -635,7 +637,14 @@
LOG.debug(">>> Save init parametrs in registry service.");
}
- Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Document doc = SecurityHelper.doPriviledgedParserConfigurationAction(new PrivilegedExceptionAction<Document>()
+ {
+ public Document run() throws Exception
+ {
+ return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ }
+ });
+
Element root = doc.createElement(SERVICE_NAME);
doc.appendChild(root);
@@ -780,10 +789,10 @@
@POST
@Consumes({"script/groovy"})
@Path("validate{name:.*}")
- public Response validateScript(@PathParam("name") String name, InputStream script)
+ public Response validateScript(@PathParam("name") String name, final InputStream script)
{
- GroovyClassLoader groovyClassLoader = groovyPublisher.getGroovyClassLoader();
+ final GroovyClassLoader groovyClassLoader = groovyPublisher.getGroovyClassLoader();
if (name == null || name.length() == 0)
{
name = groovyClassLoader.generateScriptName();
@@ -795,7 +804,16 @@
try
{
- groovyClassLoader.parseClass(script, name);
+ final String fName = name;
+ SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ groovyClassLoader.parseClass(script, fName);
+ return null;
+ }
+ });
+
return Response.status(Response.Status.OK).build();
}
catch (Exception e)
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScriptAddRepoPlugin.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScriptAddRepoPlugin.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/GroovyScriptAddRepoPlugin.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,6 +19,7 @@
package org.exoplatform.services.jcr.ext.script.groovy;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.component.BaseComponentPlugin;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.PropertiesParam;
@@ -28,6 +29,7 @@
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
@@ -57,17 +59,24 @@
if (params == null)
return Collections.emptyList();
- Set<URL> repos = new HashSet<URL>();
+ final Set<URL> repos = new HashSet<URL>();
Iterator<PropertiesParam> iterator = params.getPropertiesParamIterator();
while (iterator.hasNext())
{
PropertiesParam p = iterator.next();
- String repository = p.getProperty("repository");
- String workspace = p.getProperty("workspace");
- String path = p.getProperty("path");
+ final String repository = p.getProperty("repository");
+ final String workspace = p.getProperty("workspace");
+ final String path = p.getProperty("path");
try
{
- repos.add(new UnifiedNodeReference(repository, workspace, path).getURL());
+ SecurityHelper.doPriviledgedMalformedURLExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ repos.add(new UnifiedNodeReference(repository, workspace, path).getURL());
+ return null;
+ }
+ });
}
catch (MalformedURLException e)
{
Modified: jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/JcrGroovyCompiler.java
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/JcrGroovyCompiler.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/script/groovy/JcrGroovyCompiler.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -22,12 +22,17 @@
import groovy.lang.GroovyClassLoader;
import groovy.lang.GroovyCodeSource;
+import org.codehaus.groovy.control.CompilationFailedException;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.jcr.ext.resource.JcrURLConnection;
import org.exoplatform.services.jcr.ext.resource.UnifiedNodeReference;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
* JcrGroovyCompiler can load source code of groovy script from JCR and parse it
@@ -42,8 +47,13 @@
public JcrGroovyCompiler()
{
- ClassLoader cl = getClass().getClassLoader();
- this.gcl = new GroovyClassLoader(cl);
+ this.gcl = SecurityHelper.doPriviledgedAction(new PrivilegedAction<GroovyClassLoader>()
+ {
+ public GroovyClassLoader run()
+ {
+ return new GroovyClassLoader(getClass().getClassLoader());
+ }
+ });
}
/**
@@ -69,16 +79,48 @@
public Class<?>[] compile(UnifiedNodeReference... sourceReferences) throws IOException
{
- GroovyClassLoader cl = gcl;
+ final GroovyClassLoader cl = gcl;
Class<?>[] classes = new Class<?>[sourceReferences.length];
for (int i = 0; i < sourceReferences.length; i++)
{
JcrURLConnection conn = null;
try
{
- URL url = sourceReferences[i].getURL();
+ final URL url = sourceReferences[i].getURL();
conn = (JcrURLConnection)url.openConnection();
- Class<?> clazz = cl.parseClass(createCodeSource(conn.getInputStream(), url.toString()));
+
+ final JcrURLConnection fConn = conn;
+ Class<?> clazz;
+ try
+ {
+ clazz = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws Exception
+ {
+ return cl.parseClass(createCodeSource(fConn.getInputStream(), url.toString()));
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof CompilationFailedException)
+ {
+ throw (CompilationFailedException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
classes[i] = clazz;
}
finally
@@ -102,9 +144,16 @@
* @return GroovyCodeSource
*/
// Override this method if need other behavior.
- protected GroovyCodeSource createCodeSource(InputStream in, String name)
+ protected GroovyCodeSource createCodeSource(final InputStream in, final String name)
{
- GroovyCodeSource gcs = new GroovyCodeSource(in, name, "/groovy/script");
+ GroovyCodeSource gcs = SecurityHelper.doPriviledgedAction(new PrivilegedAction<GroovyCodeSource>()
+ {
+ public GroovyCodeSource run()
+ {
+ return new GroovyCodeSource(in, name, "/groovy/script");
+ }
+ });
+
gcs.setCachable(false);
return gcs;
}
Added: jcr/trunk/exo.jcr.component.ext/src/test/resources/test.policy
===================================================================
--- jcr/trunk/exo.jcr.component.ext/src/test/resources/test.policy (rev 0)
+++ jcr/trunk/exo.jcr.component.ext/src/test/resources/test.policy 2010-11-10 11:31:00 UTC (rev 3422)
@@ -0,0 +1,20 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "createSystemSession";
+ permission java.lang.RuntimePermission "manageRepository";
+ permission java.lang.RuntimePermission "invokeInternalAPI";
+ permission java.lang.RuntimePermission "modifyConversationState";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.core/-"{
+ permission java.security.AllPermission;
+};
+
+
Modified: jcr/trunk/exo.jcr.component.ftp/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.ftp/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ftp/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -46,6 +46,10 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.security.core</artifactId>
<version>${org.exoplatform.core.version}</version>
@@ -82,20 +86,62 @@
</dependency>
</dependencies>
<build>
- <pluginManagement>
- <plugins>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <manifest>
+ <addClasspath>true</addClasspath>
+ </manifest>
+ </archive>
+ </configuration>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
+ <artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <archive>
- <manifest>
- <addClasspath>true</addClasspath>
- </manifest>
- </archive>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
</configuration>
</plugin>
- </plugins>
- </pluginManagement>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
Modified: jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/FtpServerImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/FtpServerImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/FtpServerImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -19,6 +19,8 @@
package org.exoplatform.services.ftp;
import org.apache.commons.chain.Catalog;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.command.impl.CommandService;
import org.exoplatform.services.ftp.client.FtpClientSession;
import org.exoplatform.services.ftp.client.FtpClientSessionImpl;
@@ -37,6 +39,8 @@
import java.net.BindException;
import java.net.ServerSocket;
import java.net.Socket;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import javax.jcr.RepositoryException;
@@ -72,7 +76,13 @@
this.configuration = configuration;
this.repositoryService = repositoryService;
- InputStream commandStream = getClass().getResourceAsStream(COMMAND_PATH);
+ InputStream commandStream = SecurityHelper.doPriviledgedAction(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return getClass().getResourceAsStream(COMMAND_PATH);
+ }
+ });
commandService.putCatalog(commandStream);
commandCatalog = commandService.getCatalog(FtpConst.FTP_COMMAND_CATALOG);
@@ -84,13 +94,13 @@
File cacheFolder = new File(cacheFolderName);
- if (!cacheFolder.exists())
+ if (!PrivilegedFileHelper.exists(cacheFolder))
{
log.info("Cache folder not exist. Try to create it...");
- cacheFolder.mkdir();
+ PrivilegedFileHelper.mkdirs(cacheFolder);
}
- String[] cacheFiles = cacheFolder.list();
+ String[] cacheFiles = PrivilegedFileHelper.list(cacheFolder);
if (cacheFiles == null)
{
log.info("No cache file in cache folder!");
@@ -102,7 +112,7 @@
if (cacheFile.endsWith(FtpConst.FTP_CACHEFILEEXTENTION))
{
File file = new File(cacheFolderName + "/" + cacheFile);
- file.delete();
+ PrivilegedFileHelper.delete(file);
}
}
@@ -216,6 +226,7 @@
enable = false;
}
+ @Override
public void run()
{
while (enable)
@@ -223,7 +234,14 @@
Socket incoming = null;
try
{
- incoming = serverSocket.accept();
+ incoming = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Socket>()
+ {
+ public Socket run() throws Exception
+ {
+ return serverSocket.accept();
+ }
+ });
+
FtpClientSession clientSession = new FtpClientSessionImpl(ftpServer, incoming);
clients.add(clientSession);
Modified: jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/data/FtpDataTransiverImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/data/FtpDataTransiverImpl.java 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.ftp/src/main/java/org/exoplatform/services/ftp/data/FtpDataTransiverImpl.java 2010-11-10 11:31:00 UTC (rev 3422)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.ftp.data;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.ftp.FtpConst;
import org.exoplatform.services.ftp.client.FtpClientSession;
import org.exoplatform.services.ftp.config.FtpConfig;
@@ -31,6 +32,7 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketAddress;
+import java.security.PrivilegedExceptionAction;
/**
* Created by The eXo Platform SAS Author : Vitaly Guly <gavrik-vetal at ukr.net/mail.ru>
@@ -209,11 +211,19 @@
protected Log acceptLog = ExoLogger.getLogger("jcr.AcceptDataConnect");
+ @Override
public void run()
{
try
{
- dataSocket = serverSocket.accept();
+ dataSocket = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Socket>()
+ {
+ public Socket run() throws Exception
+ {
+ return serverSocket.accept();
+ }
+ });
+
serverSocket.close();
}
catch (Exception exc)
@@ -229,6 +239,7 @@
protected Log connectLog = ExoLogger.getLogger("jcr.ConnectDataPort");
+ @Override
public void run()
{
try
Added: jcr/trunk/exo.jcr.component.ftp/src/test/resources/test.policy
===================================================================
--- jcr/trunk/exo.jcr.component.ftp/src/test/resources/test.policy (rev 0)
+++ jcr/trunk/exo.jcr.component.ftp/src/test/resources/test.policy 2010-11-10 11:31:00 UTC (rev 3422)
@@ -0,0 +1,24 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "createSystemSession";
+ permission java.lang.RuntimePermission "manageRepository";
+ permission java.lang.RuntimePermission "invokeInternalAPI";
+ permission java.lang.RuntimePermission "modifyConversationState";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.core/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.ext/-"{
+ permission java.security.AllPermission;
+};
+
+
Modified: jcr/trunk/exo.jcr.component.webdav/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.component.webdav/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -39,6 +39,10 @@
<artifactId>exo.kernel.commons</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.security.core</artifactId>
</dependency>
@@ -101,23 +105,59 @@
</dependency>
</dependencies>
<build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/TestUtils.java</exclude>
- <exclude>**/OrderPatchTest.java</exclude>
- <!-- Related issue: http://jira.exoplatform.org/browse/JCR-1149 -->
- <exclude>**/TestEncoding.java</exclude>
- <exclude>**/TestPropFindContent.java</exclude>
- <exclude>**/TestPropPatchContent.java</exclude>
- </excludes>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <excludes>
+ <exclude>**/TestUtils.java</exclude>
+ <exclude>**/OrderPatchTest.java</exclude>
+ <!-- Related issue: http://jira.exoplatform.org/browse/JCR-1149 -->
+ <exclude>**/TestEncoding.java</exclude>
+ <exclude>**/TestPropFindContent.java</exclude>
+ <exclude>**/TestPropPatchContent.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
Added: jcr/trunk/exo.jcr.component.webdav/src/test/resources/test.policy
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/test/resources/test.policy (rev 0)
+++ jcr/trunk/exo.jcr.component.webdav/src/test/resources/test.policy 2010-11-10 11:31:00 UTC (rev 3422)
@@ -0,0 +1,24 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "createSystemSession";
+ permission java.lang.RuntimePermission "manageRepository";
+ permission java.lang.RuntimePermission "invokeInternalAPI";
+ permission java.lang.RuntimePermission "modifyConversationState";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.core/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.ext/-"{
+ permission java.security.AllPermission;
+};
+
+
Modified: jcr/trunk/exo.jcr.framework.command/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.framework.command/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.framework.command/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -28,6 +28,10 @@
<version>${org.exoplatform.kernel.version}</version>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.jcr</groupId>
<artifactId>exo.jcr.component.core</artifactId>
</dependency>
@@ -78,4 +82,52 @@
<scope>test</scope>
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
</project>
Added: jcr/trunk/exo.jcr.framework.command/src/test/resources/test.policy
===================================================================
--- jcr/trunk/exo.jcr.framework.command/src/test/resources/test.policy (rev 0)
+++ jcr/trunk/exo.jcr.framework.command/src/test/resources/test.policy 2010-11-10 11:31:00 UTC (rev 3422)
@@ -0,0 +1,24 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "createSystemSession";
+ permission java.lang.RuntimePermission "manageRepository";
+ permission java.lang.RuntimePermission "invokeInternalAPI";
+ permission java.lang.RuntimePermission "modifyConversationState";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.core/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.jcr.component.ext/-"{
+ permission java.security.AllPermission;
+};
+
+
Modified: jcr/trunk/exo.jcr.framework.ftpclient/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.framework.ftpclient/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/exo.jcr.framework.ftpclient/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -37,9 +37,12 @@
<groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.commons</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ </dependency>
</dependencies>
<build>
- <pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -56,6 +59,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<skipTests>true</skipTests>
<includes>
<include>**/*.java</include>
@@ -65,7 +69,43 @@
</excludes>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
- </pluginManagement>
</build>
</project>
Modified: jcr/trunk/pom.xml
===================================================================
--- jcr/trunk/pom.xml 2010-11-10 10:59:48 UTC (rev 3421)
+++ jcr/trunk/pom.xml 2010-11-10 11:31:00 UTC (rev 3422)
@@ -59,6 +59,7 @@
<groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.commons.test</artifactId>
<version>${org.exoplatform.kernel.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
@@ -81,11 +82,6 @@
<version>${org.exoplatform.kernel.version}</version>
</dependency>
<dependency>
- <groupId>org.exoplatform.kernel</groupId>
- <artifactId>exo.kernel.component.ext.cache.impl.jboss.v3</artifactId>
- <version>${org.exoplatform.kernel.version}</version>
- </dependency>
- <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.document</artifactId>
<version>${org.exoplatform.core.version}</version>
More information about the exo-jcr-commits
mailing list