[exo-jcr-commits] exo-jcr SVN: r3236 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl.

Mon Oct 4 10:01:55 EDT 2010

Author: tolusha
Date: 2010-10-04 10:01:54 -0400 (Mon, 04 Oct 2010)
New Revision: 3236

Modified:
   jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/RepositoryServiceImpl.java
Log:
EXOJCR-971: prevent unauthorized access to the methods of RepositoryServiceImpl

Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/RepositoryServiceImpl.java
===================================================================

--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/RepositoryServiceImpl.java	2010-10-04 11:16:53 UTC (rev 3235)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/RepositoryServiceImpl.java	2010-10-04 14:01:54 UTC (rev 3236)
@@ -30,6 +30,7 @@
 import org.exoplatform.services.jcr.config.WorkspaceEntry;
 import org.exoplatform.services.jcr.core.ManageableRepository;
 import org.exoplatform.services.jcr.core.nodetype.ExtendedNodeTypeManager;
+import org.exoplatform.services.jcr.core.security.JCRRuntimePermissions;
 import org.exoplatform.services.jcr.dataflow.persistent.ItemsPersistenceListener;
 import org.exoplatform.services.jcr.impl.core.RepositoryImpl;
 import org.exoplatform.services.jcr.impl.core.SessionRegistry;
@@ -43,8 +44,8 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.StringTokenizer;
-import java.util.Map.Entry;
 
 import javax.jcr.RepositoryException;
 
@@ -120,6 +121,13 @@
    public synchronized void createRepository(RepositoryEntry rEntry) throws RepositoryConfigurationException,
       RepositoryException
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       if (repositoryContainers.containsKey(rEntry.getName()))
       {
          throw new RepositoryConfigurationException("Repository container " + rEntry.getName() + " already started");
@@ -161,6 +169,13 @@
 
    public RepositoryServiceConfiguration getConfig()
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       return config;
    }
 
@@ -207,6 +222,13 @@
 
    public void setCurrentRepositoryName(String repositoryName) throws RepositoryConfigurationException
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       if (!repositoryContainers.containsKey(repositoryName))
          throw new RepositoryConfigurationException("Repository is not configured. Name " + repositoryName);
       currentRepositoryName.set(repositoryName);
@@ -214,6 +236,13 @@
 
    public void start()
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       try
       {
          ExoContainer container = null;
@@ -246,6 +275,13 @@
 
    public void stop()
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       for (Entry<String, RepositoryContainer> entry : repositoryContainers.entrySet())
       {
          entry.getValue().stop();
@@ -351,6 +387,13 @@
     */
    private void removeRepository(String name, boolean allowRemoveDefaultRepository) throws RepositoryException
    {
+      // Need privileges to manage repository.
+      SecurityManager security = System.getSecurityManager();
+      if (security != null)
+      {
+         security.checkPermission(JCRRuntimePermissions.MANAGE_REPOSITORY_PERMISSION);
+      }
+
       if (!canRemoveRepository(name, allowRemoveDefaultRepository))
          throw new RepositoryException("Repository " + name + " in use. If you want to "
             + " remove repository close all open sessions");

