[exo-jcr-commits] exo-jcr SVN: r3360 - in kernel/trunk: exo.kernel.commons/src/main/java/org/exoplatform/commons and 40 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Oct 28 08:56:48 EDT 2010
Author: tolusha
Date: 2010-10-28 08:56:43 -0400 (Thu, 28 Oct 2010)
New Revision: 3360
Added:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java
kernel/trunk/exo.kernel.component.cache/src/test/resources/test.policy
kernel/trunk/exo.kernel.component.command/src/test/resources/
kernel/trunk/exo.kernel.component.command/src/test/resources/test.policy
kernel/trunk/exo.kernel.component.common/src/test/resources/test.policy
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/test/resources/test.policy
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractExoMBeanTest.java
kernel/trunk/exo.kernel.container/src/test/resources/test.policy
kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/src/test/resources/
kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/src/test/resources/test.policy
Removed:
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractTestExoMBean.java
Modified:
kernel/trunk/exo.kernel.commons.test/pom.xml
kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java
kernel/trunk/exo.kernel.commons/pom.xml
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/Environment.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/reflect/AnnotationIntrospector.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/ExceptionUtil.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PropertyManager.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/Log4JConfigurator.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SLF4JExoLogFactory.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SimpleExoLogConfigurator.java
kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
kernel/trunk/exo.kernel.component.cache/pom.xml
kernel/trunk/exo.kernel.component.command/pom.xml
kernel/trunk/exo.kernel.component.common/pom.xml
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/compress/CompressData.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/mail/impl/MailServiceImpl.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextBinder.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextInitializer.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/net/impl/NetServiceImpl.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/rpc/impl/RPCServiceImpl.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/scheduler/impl/QuartzSheduler.java
kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/transaction/impl/jotm/TransactionServiceJotmImpl.java
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/AbstractExoCache.java
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/ExoCacheFactoryImpl.java
kernel/trunk/exo.kernel.container/pom.xml
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/PortalContainer.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/RootContainer.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/UnifiedClassLoader.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManager.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationUnmarshaller.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/EntityResolverImpl.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/definition/PortalContainerConfig.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/J2EEServerInfo.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/JVMRuntimeInfoImpl.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/util/ContainerUtil.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/xml/Deserializer.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/management/jmx/impl/JMXManagementProvider.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLCollection.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLObject.java
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/TestUnifiedClassLoader.java
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBean.java
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanAttribute.java
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanOperation.java
kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/support/ContainerBuilder.java
kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml
Log:
EXOJCR-986: Enable SecurityManager by default
Modified: kernel/trunk/exo.kernel.commons/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.commons/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -47,18 +47,14 @@
<artifactId>log4j</artifactId>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <argLine>-Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
- </configuration>
- </plugin>
- </plugins>
<testResources>
<testResource>
<directory>src/test/resources</directory>
@@ -68,6 +64,51 @@
</includes>
</testResource>
</testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
-
</project>
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/Environment.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/Environment.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/Environment.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.commons;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+
public class Environment
{
@@ -41,12 +43,12 @@
private Environment()
{
- String catalinaHome = System.getProperty("catalina.home");
- String jbossHome = System.getProperty("jboss.home.dir");
- String jettyHome = System.getProperty("jetty.home");
- String websphereHome = System.getProperty("was.install.root");
- String weblogicHome = System.getProperty("weblogic.Name");
- String standAlone = System.getProperty("maven.exoplatform.dir");
+ String catalinaHome = PrivilegedSystemHelper.getProperty("catalina.home");
+ String jbossHome = PrivilegedSystemHelper.getProperty("jboss.home.dir");
+ String jettyHome = PrivilegedSystemHelper.getProperty("jetty.home");
+ String websphereHome = PrivilegedSystemHelper.getProperty("was.install.root");
+ String weblogicHome = PrivilegedSystemHelper.getProperty("weblogic.Name");
+ String standAlone = PrivilegedSystemHelper.getProperty("maven.exoplatform.dir");
if (jbossHome != null)
{
platform_ = JBOSS_PLATFORM;
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/reflect/AnnotationIntrospector.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/reflect/AnnotationIntrospector.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/reflect/AnnotationIntrospector.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,8 +18,11 @@
*/
package org.exoplatform.commons.reflect;
+import org.exoplatform.commons.utils.SecurityHelper;
+
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -84,7 +87,7 @@
return tpl;
}
- public static <A extends Annotation> Map<Method, A> resolveMethodAnnotations(Class<?> clazz,
+ public static <A extends Annotation> Map<Method, A> resolveMethodAnnotations(final Class<?> clazz,
Class<A> methodAnnotation)
{
if (clazz == null)
@@ -100,8 +103,16 @@
Map<Method, A> methods = new HashMap<Method, A>();
//
- for (Method method : clazz.getDeclaredMethods())
+ PrivilegedAction<Method[]> action = new PrivilegedAction<Method[]>()
{
+ public Method[] run()
+ {
+ return clazz.getDeclaredMethods();
+ }
+ };
+
+ for (Method method : SecurityHelper.doPriviledgedAction(action))
+ {
A annotation = method.getAnnotation(methodAnnotation);
if (annotation != null)
{
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/ExceptionUtil.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/ExceptionUtil.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/ExceptionUtil.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -27,7 +27,7 @@
*/
public class ExceptionUtil
{
- private static String LINE_SEPARATOR = System.getProperty("line.separator");
+ private static String LINE_SEPARATOR = PrivilegedSystemHelper.getProperty("line.separator");
static public String getExoStackTrace(Throwable t)
{
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,591 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="anatoliy.bazko at exoplatform.org">Anatoliy Bazko</a>
+ * @version $Id: SecurityFileHelper.java 111 2010-11-11 11:11:11Z tolusha $
+ *
+ * Class helper need for perform privileged file operations.
+ */
+public class PrivilegedFileHelper
+{
+
+ /**
+ * Create FileOutputStream in privileged mode.
+ *
+ * @param file
+ * @return
+ * @throws FileNotFoundException
+ */
+ public static FileOutputStream fileOutputStream(final File file) throws FileNotFoundException
+ {
+ PrivilegedExceptionAction<FileOutputStream> action = new PrivilegedExceptionAction<FileOutputStream>()
+ {
+ public FileOutputStream run() throws Exception
+ {
+ return new FileOutputStream(file);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create FileOutputStream in privileged mode.
+ *
+ * @param name
+ * @return
+ * @throws FileNotFoundException
+ */
+ public static FileOutputStream fileOutputStream(final String name) throws FileNotFoundException
+ {
+ PrivilegedExceptionAction<FileOutputStream> action = new PrivilegedExceptionAction<FileOutputStream>()
+ {
+ public FileOutputStream run() throws Exception
+ {
+ return new FileOutputStream(name);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create FileOutputStream in privileged mode.
+ *
+ * @param file
+ * @param append
+ * @return
+ * @throws FileNotFoundException
+ */
+ public static FileOutputStream fileOutputStream(final File file, final boolean append) throws FileNotFoundException
+ {
+ PrivilegedExceptionAction<FileOutputStream> action = new PrivilegedExceptionAction<FileOutputStream>()
+ {
+ public FileOutputStream run() throws Exception
+ {
+ return new FileOutputStream(file, append);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create FileInputStream in privileged mode.
+ *
+ * @param file
+ * @return
+ * @throws FileNotFoundException
+ */
+ public static FileInputStream fileInputStream(final File file) throws FileNotFoundException
+ {
+ PrivilegedExceptionAction<FileInputStream> action = new PrivilegedExceptionAction<FileInputStream>()
+ {
+ public FileInputStream run() throws Exception
+ {
+ return new FileInputStream(file);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create FileInputStream in privileged mode.
+ *
+ * @param name
+ * @return
+ * @throws FileNotFoundException
+ */
+ public static FileInputStream fileInputStream(final String name) throws FileNotFoundException
+ {
+ PrivilegedExceptionAction<FileInputStream> action = new PrivilegedExceptionAction<FileInputStream>()
+ {
+ public FileInputStream run() throws Exception
+ {
+ return new FileInputStream(name);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create temporary file in privileged mode.
+ *
+ * @param prefix
+ * @param suffix
+ * @param directory
+ * @return
+ * @throws IllegalArgumentException
+ * @throws IOException
+ */
+ public static File createTempFile(final String prefix, final String suffix, final File directory)
+ throws IllegalArgumentException, IOException
+ {
+ PrivilegedExceptionAction<File> action = new PrivilegedExceptionAction<File>()
+ {
+ public File run() throws Exception
+ {
+ return File.createTempFile(prefix, suffix, directory);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalArgumentException)
+ {
+ throw (IllegalArgumentException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create teamporary file in privileged mode.
+ *
+ *
+ * @param prefix
+ * @param suffix
+ * @return
+ * @throws IllegalArgumentException
+ * @throws IOException
+ */
+ public static File createTempFile(final String prefix, final String suffix) throws IllegalArgumentException,
+ IOException
+ {
+ PrivilegedExceptionAction<File> action = new PrivilegedExceptionAction<File>()
+ {
+ public File run() throws Exception
+ {
+ return File.createTempFile(prefix, suffix);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalArgumentException)
+ {
+ throw (IllegalArgumentException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create RandomAccessFile in privileged mode.
+ *
+ * @param file
+ * @param mode
+ * @return
+ * @throws IllegalArgumentException
+ * @throws IOException
+ */
+ public static RandomAccessFile randomAccessFile(final File file, final String mode) throws IllegalArgumentException,
+ IOException
+ {
+ PrivilegedExceptionAction<RandomAccessFile> action = new PrivilegedExceptionAction<RandomAccessFile>()
+ {
+ public RandomAccessFile run() throws Exception
+ {
+ return new RandomAccessFile(file, mode);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalArgumentException)
+ {
+ throw (IllegalArgumentException)cause;
+ }
+ else if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Get file length in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static long length(final File file)
+ {
+ PrivilegedAction<Long> action = new PrivilegedAction<Long>()
+ {
+ public Long run()
+ {
+ return new Long(file.length());
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Requests in privileged mode that the file or directory denoted by this abstract
+ * pathname be deleted when the virtual machine terminates.
+ *
+ * @param file
+ */
+ public static void deleteOnExit(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ file.deleteOnExit();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get file absolute path in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static String getAbsolutePath(final File file)
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return file.getAbsolutePath();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Delete file in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static boolean delete(final File file)
+ {
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return file.delete();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Tests in privileged mode whether the file denoted by this abstract pathname is a
+ * directory.
+ *
+ * @param file
+ * @return
+ */
+ public static boolean isDirectory(final File file)
+ {
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return file.isDirectory();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Tests in privileged mode whether the file or directory denoted by this abstract pathname
+ * exists.
+ *
+ * @param file
+ * @return
+ */
+ public static boolean exists(final File file)
+ {
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return file.exists();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Creates the directory in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static boolean mkdirs(final File file)
+ {
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return file.mkdirs();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Rename File in privileged mode.
+ *
+ * @param srcFile
+ * @param dstfile
+ * @return
+ */
+ public static boolean renameTo(final File srcFile, final File dstfile)
+ {
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return new Boolean(srcFile.renameTo(dstfile));
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get file's list in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static String[] list(final File file)
+ {
+ PrivilegedAction<String[]> action = new PrivilegedAction<String[]>()
+ {
+ public String[] run()
+ {
+ return file.list();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get file's list in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static String[] list(final File file, final FilenameFilter filter)
+ {
+ PrivilegedAction<String[]> action = new PrivilegedAction<String[]>()
+ {
+ public String[] run()
+ {
+ return file.list(filter);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get file's list in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static File[] listFiles(final File file)
+ {
+ PrivilegedAction<File[]> action = new PrivilegedAction<File[]>()
+ {
+ public File[] run()
+ {
+ return file.listFiles();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get file's list in privileged mode.
+ *
+ * @param file
+ * @return
+ */
+ public static File[] listFiles(final File file, final FileFilter filter)
+ {
+ PrivilegedAction<File[]> action = new PrivilegedAction<File[]>()
+ {
+ public File[] run()
+ {
+ return file.listFiles(filter);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+}
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Properties;
+
+/**
+ * @author <a href="anatoliy.bazko at exoplatform.org">Anatoliy Bazko</a>
+ * @version $Id: PrivilegedSystemHelper.java 111 2010-11-11 11:11:11Z tolusha $
+ *
+ */
+public class PrivilegedSystemHelper
+{
+
+ /**
+ * Gets system property in privileged mode.
+ *
+ * @param key
+ * @return
+ */
+ public static String getProperty(final String key)
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Gets system properties in privileged mode.
+ *
+ * @param key
+ * @return
+ */
+ public static Properties getProperties()
+ {
+ PrivilegedAction<Properties> action = new PrivilegedAction<Properties>()
+ {
+ public Properties run()
+ {
+ return System.getProperties();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Gets system property in privileged mode.
+ *
+ * @param key
+ * @return
+ */
+ public static void setProperty(final String key, final String value)
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ System.setProperty(key, value);
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Gets system property in privileged mode.
+ *
+ * @param key
+ * @param def
+ * @return
+ */
+ public static String getProperty(final String key, final String def)
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, def);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+}
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PropertyManager.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PropertyManager.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PropertyManager.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -76,7 +76,7 @@
String propertyValue = cache.get(propertyName);
if (propertyValue == null)
{
- propertyValue = System.getProperty(propertyName);
+ propertyValue = PrivilegedSystemHelper.getProperty(propertyName);
if (propertyValue != null)
{
cache.put(propertyName, propertyValue);
@@ -87,7 +87,7 @@
}
else
{
- return System.getProperty(propertyName);
+ return PrivilegedSystemHelper.getProperty(propertyName);
}
}
@@ -110,7 +110,7 @@
private static boolean internalIsDevelopping()
{
- return "true".equals(System.getProperty(DEVELOPING, "false"));
+ return "true".equals(PrivilegedSystemHelper.getProperty(DEVELOPING, "false"));
}
/**
@@ -121,7 +121,7 @@
*/
public synchronized static void setProperty(String propertyName, String propertyValue)
{
- System.setProperty(propertyName, propertyValue);
+ PrivilegedSystemHelper.setProperty(propertyName, propertyValue);
// Remove instead of put to avoid concurrent race
cache.remove(propertyName);
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils;
+
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.sql.SQLException;
+
+/**
+ * Helps running code in privileged
+ *
+ * @author <a href="mailto:nikolazius at gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecurityHelper.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecurityHelper
+{
+
+ /**
+ * Launches action in privileged mode. Can throw only IO exception.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ * @throws IOException
+ */
+ public static <E> E doPriviledgedIOExceptionAction(PrivilegedExceptionAction<E> action) throws IOException
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Launches action in privileged mode. Can throw only IO exception.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ * @throws IOException
+ */
+ public static <E> E doPriviledgedSQLExceptionAction(PrivilegedExceptionAction<E> action) throws SQLException
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof SQLException)
+ {
+ throw (SQLException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Launches action in privileged mode. Can throw only runtime exceptions.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ */
+ public static <E> E doPriviledgedAction(PrivilegedAction<E> action)
+ {
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Launches action in privileged mode.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ */
+ public static <E> E doPriviledgedExceptionAction(PrivilegedExceptionAction<E> action)
+ throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(action);
+ }
+
+}
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/Log4JConfigurator.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/Log4JConfigurator.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/Log4JConfigurator.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,8 +19,10 @@
package org.exoplatform.services.log.impl;
import org.apache.log4j.PropertyConfigurator;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.log.AbstractLogConfigurator;
+import java.security.PrivilegedAction;
import java.util.Properties;
/**
@@ -33,11 +35,16 @@
*/
public class Log4JConfigurator extends AbstractLogConfigurator
{
-
- public void configure(Properties properties)
+ public void configure(final Properties properties)
{
- PropertyConfigurator.configure(properties);
+ SecurityHelper.doPriviledgedAction(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ PropertyConfigurator.configure(properties);
+ return null;
+ }
+ });
this.properties = properties;
}
-
}
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SLF4JExoLogFactory.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SLF4JExoLogFactory.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SLF4JExoLogFactory.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,11 +18,14 @@
*/
package org.exoplatform.services.log.impl;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.log.Log;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.spi.LocationAwareLogger;
+import java.security.PrivilegedAction;
+
/**
* A factory for {@link org.exoplatform.services.log.impl.LocationAwareSLF4JExoLog} and
* {@link org.exoplatform.services.log.impl.SLF4JExoLog} based on the type of the logger
@@ -37,9 +40,17 @@
/**
* {@inheritDoc}
*/
- protected Log getLogger(String name)
+ @Override
+ protected Log getLogger(final String name)
{
- Logger slf4jlogger = LoggerFactory.getLogger(name);
+ Logger slf4jlogger = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Logger>()
+ {
+ public Logger run()
+ {
+ return LoggerFactory.getLogger(name);
+ }
+ });
+
if (slf4jlogger instanceof LocationAwareLogger)
{
return new LocationAwareSLF4JExoLog((LocationAwareLogger)slf4jlogger);
Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SimpleExoLogConfigurator.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SimpleExoLogConfigurator.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/services/log/impl/SimpleExoLogConfigurator.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.log.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.services.log.AbstractLogConfigurator;
import java.util.Iterator;
@@ -44,7 +45,7 @@
for (Iterator it = properties.entrySet().iterator(); it.hasNext();)
{
Map.Entry entry = (Map.Entry)it.next();
- System.setProperty((String)entry.getKey(), (String)entry.getValue());
+ PrivilegedSystemHelper.setProperty((String)entry.getKey(), (String)entry.getValue());
}
this.properties = properties;
Modified: kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.commons/src/test/resources/test.policy 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -1,5 +1,15 @@
-// configure static permissions here
-grant {
+grant codeBase "@MAVEN_REPO at -"{
permission java.security.AllPermission;
};
-
\ No newline at end of file
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "modifyPermisssion";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
Modified: kernel/trunk/exo.kernel.commons.test/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.commons.test/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons.test/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -24,20 +24,4 @@
<name>eXo Kernel :: Commons :: Test Util</name>
<description>eXo Commons Test Util</description>
- <dependencies>
- <dependency>
- <groupId>org.exoplatform.kernel</groupId>
- <artifactId>exo.kernel.commons</artifactId>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- </plugin>
- </plugins>
- </build>
-
</project>
Modified: kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java
===================================================================
--- kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,9 +18,6 @@
*/
package org.exoplatform.commons.test;
-import org.exoplatform.services.log.ExoLogger;
-import org.exoplatform.services.log.Log;
-
import java.security.Permission;
/**
@@ -32,11 +29,6 @@
{
/**
- * The logger
- */
- private static final Log LOG = ExoLogger.getLogger("org.exoplatform.commons.test.TestSecurityManager");
-
- /**
* {@inheritDoc}
*/
@Override
@@ -75,9 +67,11 @@
return;
}
+ // known tests classes
if (fileName.startsWith("Test") || fileName.endsWith("Test.java")
- || fileName.endsWith("TestBase.java") || fileName.equals("Probe.java")
- || fileName.equals("ExportBase.java"))
+ || fileName.endsWith("TestBase.java") || fileName.endsWith("TestCase.java")
+ || fileName.equals("Probe.java") || fileName.equals("ExportBase.java")
+ || fileName.equals("AbstractTestContainer.java") || fileName.equals("ContainerBuilder.java"))
{
testCode = true;
}
@@ -99,11 +93,6 @@
testCode = true;
}
}
- else if (className.startsWith("org.slf4j.impl.Log4jLoggerFactory")
- || className.startsWith("com.arjuna.ats.jta.logging.jtaLogger"))
- {
- return;
- }
}
e = e.getCause();
@@ -116,7 +105,7 @@
}
// Only for test purpose
- // LOG.error("Check permission failed", se);
+ // se.printStackTrace();
throw se;
}
}
Modified: kernel/trunk/exo.kernel.component.cache/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.component.cache/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.cache/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -47,8 +47,62 @@
<artifactId>exo.kernel.commons</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
\ No newline at end of file
Added: kernel/trunk/exo.kernel.component.cache/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.component.cache/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.component.cache/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,22 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.container/-"{
+ permission java.security.AllPermission;
+};
Modified: kernel/trunk/exo.kernel.component.command/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.component.command/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.command/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -43,6 +43,11 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>commons-chain</groupId>
<artifactId>commons-chain</artifactId>
<exclusions>
@@ -67,12 +72,50 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<excludes>
<exclude>**/CommandServiceTest.java</exclude>
<exclude>**/MultiConfigServiceTest.java</exclude>
</excludes>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
</project>
Added: kernel/trunk/exo.kernel.component.command/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.component.command/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.component.command/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,26 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.container/-"{
+ permission java.security.AllPermission;
+};
+
+
+
+
Modified: kernel/trunk/exo.kernel.component.common/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.component.common/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -47,6 +47,11 @@
<artifactId>exo.kernel.commons</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
</dependency>
@@ -104,9 +109,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<systemProperties>
<!-- We add this system property due to some incompatibility between IPv6 and
- some JVM of Linux distributions such as Ubuntu and Fedora-->
+ some JVM of Linux distributions such as Ubuntu and Fedora-->
<property>
<name>java.net.preferIPv4Stack</name>
<value>true</value>
@@ -126,6 +132,43 @@
</excludes>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
</project>
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/compress/CompressData.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/compress/CompressData.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/compress/CompressData.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.services.compress;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -68,7 +70,7 @@
{
try
{
- InputStream is = new FileInputStream(file);
+ InputStream is = PrivilegedFileHelper.fileInputStream(file);
datas_.add(new InputStreamDataInstance(entryName, is));
}
catch (FileNotFoundException e)
@@ -98,7 +100,7 @@
public void createZipFile(String fileName) throws Exception
{
File fileZip = new File(fileName + ".zip");
- FileOutputStream out = new FileOutputStream(fileZip);
+ FileOutputStream out = PrivilegedFileHelper.fileOutputStream(fileZip);
ZipOutputStream zos = new ZipOutputStream(out);
int size = datas_.size();
byte InputData[] = new byte[BUFFER];
@@ -170,7 +172,7 @@
public void createJarFile(String fileName) throws Exception
{
File fileZip = new File(fileName + ".jar");
- FileOutputStream out = new FileOutputStream(fileZip);
+ FileOutputStream out = PrivilegedFileHelper.fileOutputStream(fileZip);
JarOutputStream jos = new JarOutputStream(out);
int size = datas_.size();
if (size < 0)
@@ -289,6 +291,7 @@
file_ = file;
}
+ @Override
public InputStream getInputStream()
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -332,6 +335,7 @@
return is;
}
+ @Override
public void getJarOut(boolean containParent, JarOutputStream jos) throws Exception
{
String path = file_.getAbsolutePath();
@@ -355,7 +359,7 @@
}
if (f.isFile())
{
- bufInput = new FileInputStream(f);
+ bufInput = PrivilegedFileHelper.fileInputStream(f);
}
else
filePath += "/";
@@ -417,6 +421,7 @@
return jarOutput;
}
+ @Override
public void getZipOut(boolean containParent, ZipOutputStream zos) throws Exception
{
String path = file_.getAbsolutePath();
@@ -460,16 +465,19 @@
is_ = is;
}
+ @Override
public InputStream getInputStream()
{
return is_;
}
+ @Override
public void getJarOut(boolean containParent, JarOutputStream jos) throws Exception
{
}
+ @Override
public void getZipOut(boolean containParent, ZipOutputStream zos) throws Exception
{
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/mail/impl/MailServiceImpl.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/mail/impl/MailServiceImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/mail/impl/MailServiceImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,12 +18,15 @@
*/
package org.exoplatform.services.mail.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.services.mail.Attachment;
import org.exoplatform.services.mail.MailService;
import org.exoplatform.services.mail.Message;
import java.io.InputStream;
+import java.security.PrivilegedAction;
import java.util.Date;
import java.util.List;
import java.util.Properties;
@@ -52,18 +55,30 @@
public MailServiceImpl(InitParams params) throws Exception
{
- props_ = new Properties(System.getProperties());
+ props_ = new Properties(PrivilegedSystemHelper.getProperties());
props_.putAll(params.getPropertiesParam("config").getProperties());
if ("true".equals(props_.getProperty("mail.smtp.auth")))
{
String username = props_.getProperty("mail.smtp.auth.username");
String password = props_.getProperty("mail.smtp.auth.password");
- ExoAuthenticator auth = new ExoAuthenticator(username, password);
- mailSession_ = Session.getInstance(props_, auth);
+ final ExoAuthenticator auth = new ExoAuthenticator(username, password);
+ mailSession_ = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Session>()
+ {
+ public Session run()
+ {
+ return Session.getInstance(props_, auth);
+ }
+ });
}
else
{
- mailSession_ = Session.getInstance(props_, null);
+ mailSession_ = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Session>()
+ {
+ public Session run()
+ {
+ return Session.getInstance(props_, null);
+ }
+ });
}
}
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextBinder.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextBinder.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextBinder.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,10 +18,10 @@
*/
package org.exoplatform.services.naming;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+
import java.io.File;
-import java.io.FileInputStream;
import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@@ -102,7 +102,7 @@
this.bindings = new ConcurrentHashMap<String, Reference>();
this.bindingsStorePath = bindingsStorePath;
- if (new File(bindingsStorePath).exists())
+ if (PrivilegedFileHelper.exists(new File(bindingsStorePath)))
{
Map<String, Reference> importedRefs = readBindings();
for (Entry<String, Reference> entry : importedRefs.entrySet())
@@ -179,7 +179,8 @@
protected synchronized void saveBindings() throws FileNotFoundException, XMLStreamException
{
XMLOutputFactory outputFactory = XMLOutputFactory.newInstance();
- XMLStreamWriter writer = outputFactory.createXMLStreamWriter(new FileOutputStream(bindingsStorePath), "UTF-8");
+ XMLStreamWriter writer =
+ outputFactory.createXMLStreamWriter(PrivilegedFileHelper.fileOutputStream(bindingsStorePath), "UTF-8");
writer.writeStartDocument("UTF-8", "1.0");
writer.writeStartElement(BIND_REFERENCES_ELEMENT);
@@ -236,7 +237,8 @@
Map<String, Reference> importedRefs = new HashMap<String, Reference>();
XMLInputFactory factory = XMLInputFactory.newInstance();
- XMLEventReader reader = factory.createXMLEventReader(new FileInputStream(bindingsStorePath), "UTF-8");
+ XMLEventReader reader =
+ factory.createXMLEventReader(PrivilegedFileHelper.fileInputStream(bindingsStorePath), "UTF-8");
while (reader.hasNext())
{
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextInitializer.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextInitializer.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/naming/InitialContextInitializer.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.naming;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.configuration.ConfigurationException;
import org.exoplatform.container.xml.InitParams;
@@ -59,8 +60,8 @@
final public static String BINDINGS_STORE_PATH = "bindings-store-path";
- final public static String DEFAULT_BINDING_STORE_PATH = System.getProperty("java.io.tmpdir") + File.separator
- + "bind-references.xml";
+ final public static String DEFAULT_BINDING_STORE_PATH = PrivilegedSystemHelper.getProperty("java.io.tmpdir")
+ + File.separator + "bind-references.xml";
private static Log LOG = ExoLogger.getLogger("exo.kernel.component.common.InitialContextInitializer");
@@ -93,7 +94,7 @@
Property prop = (Property)props.next();
String propName = prop.getName();
String propValue = prop.getValue();
- String existedProp = System.getProperty(propName);
+ String existedProp = PrivilegedSystemHelper.getProperty(propName);
if (isMandatory)
{
setSystemProperty(propName, propValue, propParam.getName());
@@ -130,21 +131,21 @@
private void setSystemProperty(String propName, String propValue, String propParamName)
{
- System.setProperty(propName, propValue);
+ PrivilegedSystemHelper.setProperty(propName, propValue);
if (propName.equals(Context.INITIAL_CONTEXT_FACTORY))
{
defaultContextFactory = propValue;
}
- LOG.info("Using mandatory system property: " + propName + " = " + System.getProperty(propName));
+ LOG.info("Using mandatory system property: " + propName + " = " + PrivilegedSystemHelper.getProperty(propName));
}
// for out-of-container testing
private InitialContextInitializer(String name, Reference reference) throws NamingException, FileNotFoundException,
XMLStreamException
{
- if (System.getProperty(Context.INITIAL_CONTEXT_FACTORY) == null)
+ if (PrivilegedSystemHelper.getProperty(Context.INITIAL_CONTEXT_FACTORY) == null)
{
- System.setProperty(Context.INITIAL_CONTEXT_FACTORY, defaultContextFactory);
+ PrivilegedSystemHelper.setProperty(Context.INITIAL_CONTEXT_FACTORY, defaultContextFactory);
}
initialContext = new InitialContext();
initialContext.rebind(name, reference);
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/net/impl/NetServiceImpl.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/net/impl/NetServiceImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/net/impl/NetServiceImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,9 +18,11 @@
*/
package org.exoplatform.services.net.impl;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.net.NetService;
import java.net.Socket;
+import java.security.PrivilegedExceptionAction;
/**
* Created by The eXo Platform SAS Author : HoaPham phamvuxuanhoa at yahoo.com Jan
@@ -29,14 +31,20 @@
public class NetServiceImpl implements NetService
{
- public long ping(String host, int port) throws Exception
+ public long ping(final String host, final int port) throws Exception
{
long startTime = 0;
long endTime = 0;
try
{
startTime = System.currentTimeMillis();
- Socket socket = new Socket(host, port);
+ Socket socket = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Socket>()
+ {
+ public Socket run() throws Exception
+ {
+ return new Socket(host, port);
+ }
+ });
endTime = System.currentTimeMillis();
}
catch (Exception e)
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/rpc/impl/RPCServiceImpl.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/rpc/impl/RPCServiceImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/rpc/impl/RPCServiceImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,6 +19,7 @@
package org.exoplatform.services.rpc.impl;
import org.exoplatform.commons.utils.PropertyManager;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.configuration.ConfigurationManager;
@@ -215,19 +216,39 @@
{
throw new IllegalArgumentException("The RPCServiceImpl requires some parameters");
}
- URL properties = getProperties(params, configManager);
+ final URL properties = getProperties(params, configManager);
if (LOG.isInfoEnabled())
{
LOG.info("The JGroups configuration used for the RPCServiceImpl will be loaded from " + properties);
}
+
try
{
- this.configurator = ConfiguratorFactory.getStackConfigurator(properties);
+ this.configurator = AccessController.doPrivileged(new PrivilegedExceptionAction<ProtocolStackConfigurator>()
+ {
+ public ProtocolStackConfigurator run() throws Exception
+ {
+ return ConfiguratorFactory.getStackConfigurator(properties);
+ }
+ });
}
- catch (ChannelException e)
+ catch (PrivilegedActionException pae)
{
- throw new RuntimeException("Cannot load the JGroups configuration from " + properties, e);
+ Throwable cause = pae.getCause();
+ if (cause instanceof ChannelException)
+ {
+ throw new RuntimeException("Cannot load the JGroups configuration from " + properties, cause);
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
+
this.clusterName = getClusterName(ctx, params);
if (LOG.isDebugEnabled())
{
@@ -670,23 +691,36 @@
{
security.checkPermission(RPCService.ACCESS_RPC_SERVICE_PERMISSION);
}
+
try
{
- this.channel = new JChannel(configurator);
- channel.setOpt(Channel.AUTO_RECONNECT, true);
- this.dispatcher = new MessageDispatcher(channel, null, this, this);
- doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>()
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>()
{
public Void run() throws Exception
{
+ channel = new JChannel(configurator);
+ channel.setOpt(Channel.AUTO_RECONNECT, true);
+ dispatcher = new MessageDispatcher(channel, null, RPCServiceImpl.this, RPCServiceImpl.this);
channel.connect(clusterName);
return null;
}
});
}
- catch (ChannelException e)
+ catch (PrivilegedActionException pae)
{
- throw new RuntimeException("Cannot initialize the Channel needed for the RPCServiceImpl", e);
+ Throwable cause = pae.getCause();
+ if (cause instanceof ChannelException)
+ {
+ throw new RuntimeException("Cannot initialize the Channel needed for the RPCServiceImpl", cause);
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
finally
{
@@ -705,6 +739,7 @@
{
security.checkPermission(RPCService.ACCESS_RPC_SERVICE_PERMISSION);
}
+
this.state = State.STOPPED;
this.isCoordinator = false;
if (channel != null && channel.isOpen())
@@ -719,7 +754,15 @@
return null;
}
});
- channel.close();
+
+ SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ channel.close();
+ return null;
+ }
+ });
channel = null;
}
if (dispatcher != null)
@@ -835,33 +878,6 @@
}
/**
- * Execute a privilege action
- */
- private static <E> E doPriviledgedExceptionAction(PrivilegedExceptionAction<E> action) throws ChannelException
- {
- try
- {
- return AccessController.doPrivileged(action);
- }
- catch (PrivilegedActionException pae)
- {
- Throwable cause = pae.getCause();
- if (cause instanceof ChannelException)
- {
- throw (ChannelException)cause;
- }
- else if (cause instanceof RuntimeException)
- {
- throw (RuntimeException)cause;
- }
- else
- {
- throw new RuntimeException(cause);
- }
- }
- }
-
- /**
* This intern class will be used to
*/
public static class MessageBody implements Externalizable
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/scheduler/impl/QuartzSheduler.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/scheduler/impl/QuartzSheduler.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/scheduler/impl/QuartzSheduler.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -25,9 +25,14 @@
import org.exoplatform.services.log.Log;
import org.picocontainer.Startable;
import org.quartz.Scheduler;
+import org.quartz.SchedulerException;
import org.quartz.SchedulerFactory;
import org.quartz.impl.StdSchedulerFactory;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
/**
* Created by The eXo Platform SAS Author : Tuan Nguyen
* tuan08 at users.sourceforge.net Dec 13, 2005
@@ -42,8 +47,35 @@
public QuartzSheduler(ExoContainerContext ctx) throws Exception
{
- SchedulerFactory sf = new StdSchedulerFactory();
- scheduler_ = sf.getScheduler();
+ final SchedulerFactory sf = new StdSchedulerFactory();
+
+ try
+ {
+ scheduler_ = AccessController.doPrivileged(new PrivilegedExceptionAction<Scheduler>()
+ {
+ public Scheduler run() throws Exception
+ {
+ return sf.getScheduler();
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof SchedulerException)
+ {
+ throw (SchedulerException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+
// If the scheduler has already been started, it is necessary to put the scheduler
// in standby mode to ensure that the jobs of the ExoContainer won't launched too early
scheduler_.standby();
Modified: kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/transaction/impl/jotm/TransactionServiceJotmImpl.java
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/transaction/impl/jotm/TransactionServiceJotmImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.common/src/main/java/org/exoplatform/services/transaction/impl/jotm/TransactionServiceJotmImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.transaction.impl.jotm;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -30,6 +31,8 @@
import org.objectweb.jotm.XidImpl;
import java.rmi.RemoteException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.transaction.RollbackException;
@@ -64,9 +67,36 @@
current = Current.getCurrent();
if (current == null)
{
- TransactionFactory tm = new TransactionFactoryImpl();
- current = new Current(tm);
+ try
+ {
+ SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ TransactionFactory tm = new TransactionFactoryImpl();
+ current = new Current(tm);
+ return null;
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof RemoteException)
+ {
+ throw (RemoteException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+
// Change the timeout only if JOTM is not initialized yet
if (params != null)
{
Added: kernel/trunk/exo.kernel.component.common/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.component.common/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.component.common/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,27 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+ permission java.lang.RuntimePermission "accessRPCService";
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.container/-"{
+ permission java.security.AllPermission;
+};
+
+
+
+
Modified: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -39,6 +39,11 @@
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
@@ -54,15 +59,18 @@
<artifactId>slf4j-log4j12</artifactId>
</dependency>
</dependencies>
+
+
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<systemProperties>
<!-- We add this system property due to some incompatibility between IPv6 and
- some JVM of Linux distributions such as Ubuntu and Fedora-->
+ some JVM of Linux distributions such as Ubuntu and Fedora-->
<property>
<name>java.net.preferIPv4Stack</name>
<value>true</value>
@@ -83,6 +91,43 @@
</systemProperties>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
</project>
Modified: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/AbstractExoCache.java
===================================================================
--- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/AbstractExoCache.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/AbstractExoCache.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -25,6 +25,7 @@
import org.exoplatform.services.cache.ExoCache;
import org.exoplatform.services.cache.ExoCacheConfig;
import org.exoplatform.services.cache.ObjectCacheInfo;
+import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.jboss.cache.Cache;
@@ -248,7 +249,7 @@
*/
protected V putOnly(K key, V value)
{
- return cache.put(getFqn(key), key, value);
+ return PrivilegedCacheHelper.put(cache, getFqn(key), key, value);
}
/**
@@ -280,7 +281,7 @@
total++;
}
}
- cache.endBatch(true);
+ PrivilegedCacheHelper.endBatch(cache, true);
// End transaction
for (Map.Entry<? extends K, ? extends V> entry : objs.entrySet())
{
@@ -312,7 +313,7 @@
if (node != null)
{
result = node.getDirect((K)name);
- if (cache.removeNode(fqn))
+ if (PrivilegedCacheHelper.removeNode(cache, fqn))
{
onRemove((K)name, result);
}
Modified: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/ExoCacheFactoryImpl.java
===================================================================
--- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/ExoCacheFactoryImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/ExoCacheFactoryImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -26,15 +26,15 @@
import org.exoplatform.services.cache.ExoCacheFactory;
import org.exoplatform.services.cache.ExoCacheInitException;
import org.exoplatform.services.cache.impl.jboss.fifo.FIFOExoCacheCreator;
+import org.exoplatform.services.cache.impl.jboss.util.PrivilegedCacheHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.jboss.cache.Cache;
import org.jboss.cache.CacheFactory;
-import org.jboss.cache.DefaultCacheFactory;
import org.jboss.cache.config.Configuration;
+import org.jboss.cache.config.Configuration.CacheMode;
import org.jboss.cache.config.EvictionConfig;
import org.jboss.cache.config.EvictionRegionConfig;
-import org.jboss.cache.config.Configuration.CacheMode;
import java.io.Serializable;
import java.net.URL;
@@ -143,7 +143,8 @@
final String region = config.getName();
final String customConfig = mappingCacheNameConfig.get(region);
Cache<Serializable, Object> cache;
- final CacheFactory<Serializable, Object> factory = new DefaultCacheFactory<Serializable, Object>();
+
+ final CacheFactory<Serializable, Object> factory = PrivilegedCacheHelper.createCacheFactory();
final ExoCache<Serializable, Object> eXoCache;
try
{
@@ -152,14 +153,16 @@
// A custom configuration has been set
if (LOG.isInfoEnabled())
LOG.info("A custom configuration has been set for the cache '" + region + "'.");
- cache = factory.createCache(configManager.getInputStream(customConfig), false);
+ cache = PrivilegedCacheHelper.createCache(factory, configManager.getInputStream(customConfig), false);
}
else
{
// No custom configuration has been found, a configuration template will be used
if (LOG.isInfoEnabled())
LOG.info("The configuration template will be used for the the cache '" + region + "'.");
- cache = factory.createCache(configManager.getInputStream(cacheConfigTemplate), false);
+
+ cache =
+ PrivilegedCacheHelper.createCache(factory, configManager.getInputStream(cacheConfigTemplate), false);
if (!config.isDistributed())
{
// The cache is local
@@ -174,9 +177,9 @@
// Create the cache
eXoCache = creator.create(config, cache);
// Create the cache
- cache.create();
+ PrivilegedCacheHelper.create(cache);
// Start the cache
- cache.start();
+ PrivilegedCacheHelper.start(cache);
}
catch (Exception e)
{
Added: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java
===================================================================
--- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java (rev 0)
+++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,275 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.cache.impl.jboss.util;
+
+import org.jboss.cache.Cache;
+import org.jboss.cache.CacheException;
+import org.jboss.cache.CacheFactory;
+import org.jboss.cache.DefaultCacheFactory;
+import org.jboss.cache.Fqn;
+import org.jboss.cache.config.ConfigurationException;
+
+import java.io.InputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="anatoliy.bazko at exoplatform.org">Anatoliy Bazko</a>
+ * @version $Id: PrivilegedCacheHelper.java 111 2010-11-11 11:11:11Z tolusha $
+ *
+ */
+public class PrivilegedCacheHelper
+{
+ /**
+ * Start cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void start(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ cache.start();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Stop cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void stop(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ cache.stop();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Create cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void create(final Cache<K, V> cache)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ cache.create();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * End batch in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> void endBatch(final Cache<K, V> cache, final boolean successful)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ cache.endBatch(successful);
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Create cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> Cache<K, V> createCache(final CacheFactory<K, V> factory, final InputStream is,
+ final boolean start)
+ {
+ PrivilegedExceptionAction<Cache<K, V>> action = new PrivilegedExceptionAction<Cache<K, V>>()
+ {
+ public Cache<K, V> run() throws Exception
+ {
+ return factory.createCache(is, start);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ConfigurationException)
+ {
+ throw (ConfigurationException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Put in cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> V put(final Cache<K, V> cache, final String fqn, final K key, final V value)
+ throws CacheException
+ {
+ PrivilegedExceptionAction<V> action = new PrivilegedExceptionAction<V>()
+ {
+ public V run() throws Exception
+ {
+ return cache.put(fqn, key, value);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Remove fomr cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> boolean removeNode(final Cache<K, V> cache, final Fqn fqn) throws CacheException
+ {
+ PrivilegedExceptionAction<Boolean> action = new PrivilegedExceptionAction<Boolean>()
+ {
+ public Boolean run() throws Exception
+ {
+ return cache.removeNode(fqn);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Put in cache in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> V put(final Cache<K, V> cache, final Fqn fqn, final K key, final V value) throws CacheException
+ {
+ PrivilegedExceptionAction<V> action = new PrivilegedExceptionAction<V>()
+ {
+ public V run() throws Exception
+ {
+ return cache.put(fqn, key, value);
+ }
+ };
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IllegalStateException)
+ {
+ throw (IllegalStateException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Create cache factory in privileged mode.
+ *
+ * @param cache
+ */
+ public static <K, V> DefaultCacheFactory<K, V> createCacheFactory() throws CacheException
+ {
+ PrivilegedAction<DefaultCacheFactory<K, V>> action = new PrivilegedAction<DefaultCacheFactory<K, V>>()
+ {
+ public DefaultCacheFactory<K, V> run()
+ {
+ return new DefaultCacheFactory<K, V>();
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+}
Added: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,26 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.container/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.component.cache/-"{
+ permission java.security.AllPermission;
+};
Modified: kernel/trunk/exo.kernel.container/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.container/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -23,6 +23,11 @@
<artifactId>exo.kernel.commons</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.tool</groupId>
<artifactId>exo.tool.framework.junit</artifactId>
</dependency>
@@ -75,6 +80,13 @@
<build>
<plugins>
<plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>org.jibx</groupId>
<artifactId>maven-jibx-plugin</artifactId>
<configuration>
@@ -91,10 +103,43 @@
</execution>
</executions>
</plugin>
- <!--
- <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>apt-maven-plugin</artifactId> <configuration>
- <factory>org.exoplatform.management.apt.ManagementAPF</factory> </configuration> </plugin>
- -->
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/PortalContainer.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/PortalContainer.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/PortalContainer.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,6 +19,7 @@
package org.exoplatform.container;
import org.exoplatform.commons.utils.PropertyManager;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.RootContainer.PortalContainerInitTask;
import org.exoplatform.container.definition.PortalContainerConfig;
import org.exoplatform.container.jmx.MX4JComponentAdapterFactory;
@@ -31,6 +32,7 @@
import org.exoplatform.management.jmx.annotations.Property;
import org.exoplatform.management.rest.annotations.RESTEndpoint;
+import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
@@ -161,7 +163,13 @@
this.webAppContexts = Collections.singleton(new WebAppInitContext(portalContext));
this.portalContext = portalContext;
this.portalMergedContext = new PortalContainerContext(this);
- this.portalMergedClassLoader = new PortalContainerClassLoader(this);
+ this.portalMergedClassLoader = SecurityHelper.doPriviledgedAction(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return new PortalContainerClassLoader(PortalContainer.this);
+ }
+ });
this.webAppClassLoaders = Collections.unmodifiableMap(Collections.singletonMap(name, portalMergedClassLoader));
}
@@ -195,8 +203,8 @@
if (cl == null)
{
cl =
- new UnifiedClassLoader(new ClassLoader[]{Thread.currentThread().getContextClassLoader(),
- portalMergedClassLoader});
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ Thread.currentThread().getContextClassLoader(), portalMergedClassLoader});
Map<String, ClassLoader> cls = new HashMap<String, ClassLoader>(webAppClassLoaders);
cls.put(contextName, cl);
this.webAppClassLoaders = Collections.unmodifiableMap(cls);
@@ -615,12 +623,14 @@
return started_;
}
+ @Override
public void start()
{
super.start();
started_ = true;
}
+ @Override
public void stop()
{
super.stop();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/RootContainer.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/RootContainer.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/RootContainer.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,7 +18,10 @@
*/
package org.exoplatform.container;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.commons.utils.PropertyManager;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.container.configuration.ConfigurationManagerImpl;
import org.exoplatform.container.configuration.MockConfigurationManagerImpl;
@@ -38,6 +41,7 @@
import org.exoplatform.test.mocks.servlet.MockServletContext;
import java.io.File;
+import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashSet;
@@ -110,7 +114,14 @@
log.info("Active profiles " + profiles);
//
- Runtime.getRuntime().addShutdownHook(new ShutdownThread(this));
+ SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ Runtime.getRuntime().addShutdownHook(new ShutdownThread(RootContainer.this));
+ return null;
+ }
+ });
this.profiles = profiles;
this.registerComponentInstance(J2EEServerInfo.class, serverenv_);
}
@@ -409,14 +420,14 @@
RootContainer rootContainer = new RootContainer();
ConfigurationManagerImpl service = new ConfigurationManagerImpl(rootContainer.profiles);
service.addConfiguration(ContainerUtil.getConfigurationURL("conf/configuration.xml"));
- if (System.getProperty("maven.exoplatform.dir") != null)
+ if (PrivilegedSystemHelper.getProperty("maven.exoplatform.dir") != null)
{
service.addConfiguration(ContainerUtil.getConfigurationURL("conf/test-configuration.xml"));
}
String confDir = rootContainer.getServerEnvironment().getExoConfigurationDirectory();
String overrideConf = confDir + "/configuration.xml";
File file = new File(overrideConf);
- if (file.exists())
+ if (PrivilegedFileHelper.exists(file))
{
service.addConfiguration("file:" + overrideConf);
}
@@ -644,12 +655,14 @@
container_ = container;
}
+ @Override
public void run()
{
container_.stop();
}
}
+ @Override
public void stop()
{
super.stop();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.configuration.ConfigurationException;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.container.configuration.ConfigurationManagerImpl;
@@ -143,7 +144,7 @@
if (components != null)
container.registerArray(components);
container.start();
- System.setProperty("exo.standalone-container", StandaloneContainer.class.getName());
+ PrivilegedSystemHelper.setProperty("exo.standalone-container", StandaloneContainer.class.getName());
System.out.println("StandaloneContainer initialized using: " + configurationURL);
}
return container;
@@ -285,6 +286,7 @@
/**
* {@inheritDoc}
*/
+ @Override
public void stop()
{
super.stop();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/UnifiedClassLoader.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/UnifiedClassLoader.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/UnifiedClassLoader.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,8 +18,11 @@
*/
package org.exoplatform.container;
+import org.exoplatform.commons.utils.SecurityHelper;
+
import java.io.IOException;
import java.net.URL;
+import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedHashSet;
@@ -55,6 +58,7 @@
UnifiedClassLoader(ClassLoader... cls)
{
super(Thread.currentThread().getContextClassLoader());
+
if (cls == null || cls.length == 0)
{
throw new IllegalArgumentException("The array of ClassLoader cannot be empty");
@@ -109,4 +113,15 @@
}
return Collections.enumeration(urls);
}
+
+ static protected UnifiedClassLoader createUnifiedClassLoaderInPrivilegedMode(final ClassLoader... cls)
+ {
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<UnifiedClassLoader>()
+ {
+ public UnifiedClassLoader run()
+ {
+ return new UnifiedClassLoader(cls);
+ }
+ });
+ }
}
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManager.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManager.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManager.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container.configuration;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.xml.Component;
import org.exoplatform.container.xml.Configuration;
@@ -44,7 +45,7 @@
* Constant that indicates whether the logger of the configuration
* must be in debug more or not.
*/
- public static final boolean LOG_DEBUG = System.getProperty(LOG_DEBUG_PROPERTY) != null;
+ public static final boolean LOG_DEBUG = PrivilegedSystemHelper.getProperty(LOG_DEBUG_PROPERTY) != null;
public Configuration getConfiguration();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationUnmarshaller.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationUnmarshaller.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationUnmarshaller.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,23 +19,29 @@
package org.exoplatform.container.configuration;
import org.exoplatform.commons.utils.PropertyManager;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.Configuration;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.jibx.runtime.BindingDirectory;
import org.jibx.runtime.IBindingFactory;
import org.jibx.runtime.IUnmarshallingContext;
+import org.jibx.runtime.JiBXException;
import org.w3c.dom.Document;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import java.io.IOException;
+import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.Set;
@@ -45,6 +51,9 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.sax.SAXResult;
import javax.xml.transform.sax.SAXTransformerFactory;
@@ -66,7 +75,7 @@
* A private copy of the list of kernel namespaces
*/
private static final String[] KERNEL_NAMESPACES = Namespaces.getKernelNamespaces();
-
+
private class Reporter implements ErrorHandler
{
@@ -89,15 +98,14 @@
{
if (exception.getMessage().equals("cvc-elt.1: Cannot find the declaration of element 'configuration'."))
{
- log
- .info("The document "
- + url
- + " does not contain a schema declaration, it should have an "
- + "XML declaration similar to\n"
- + "<configuration\n"
- + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
- + " xsi:schemaLocation=\"http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd\"\n"
- + " xmlns=\"http://www.exoplaform.org/xml/ns/kernel_1_1.xsd\">");
+ log.info("The document "
+ + url
+ + " does not contain a schema declaration, it should have an "
+ + "XML declaration similar to\n"
+ + "<configuration\n"
+ + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+ + " xsi:schemaLocation=\"http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd\"\n"
+ + " xmlns=\"http://www.exoplaform.org/xml/ns/kernel_1_1.xsd\">");
}
else
{
@@ -137,9 +145,9 @@
* @throws IOException any IOException thrown by using the provided URL
* @throws NullPointerException if the provided URL is null
*/
- public boolean isValid(URL url) throws NullPointerException, IOException
+ public boolean isValid(final URL url) throws NullPointerException, IOException
{
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory
.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema");
factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", KERNEL_NAMESPACES);
@@ -148,11 +156,44 @@
try
{
- DocumentBuilder builder = factory.newDocumentBuilder();
+ DocumentBuilder builder = null;
+ try
+ {
+ builder = AccessController.doPrivileged(new PrivilegedExceptionAction<DocumentBuilder>()
+ {
+ public DocumentBuilder run() throws Exception
+ {
+ return factory.newDocumentBuilder();
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ParserConfigurationException)
+ {
+ throw (ParserConfigurationException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+
Reporter reporter = new Reporter(url);
builder.setErrorHandler(reporter);
builder.setEntityResolver(Namespaces.resolver);
- builder.parse(url.openStream());
+ builder.parse(SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<InputStream>()
+ {
+ public InputStream run() throws Exception
+ {
+ return url.openStream();
+ }
+ }));
return reporter.valid;
}
catch (ParserConfigurationException e)
@@ -167,7 +208,7 @@
}
}
- public Configuration unmarshall(URL url) throws Exception
+ public Configuration unmarshall(final URL url) throws Exception
{
if (PropertyManager.isDevelopping())
{
@@ -218,39 +259,95 @@
//
factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.parse(url.openStream());
- // Filter DOM
- ProfileDOMFilter filter = new ProfileDOMFilter(profiles);
- filter.process(doc.getDocumentElement());
+ final DocumentBuilderFactory builderFactory = factory;
+ try
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Configuration>()
+ {
+ public Configuration run() throws Exception
+ {
+ DocumentBuilder builder = builderFactory.newDocumentBuilder();
+ Document doc = builder.parse(url.openStream());
- // SAX event stream -> String
- StringWriter buffer = new StringWriter();
- SAXTransformerFactory tf = (SAXTransformerFactory)SAXTransformerFactory.newInstance();
- TransformerHandler hd = tf.newTransformerHandler();
- StreamResult result = new StreamResult(buffer);
- hd.setResult(result);
- Transformer serializer = tf.newTransformer();
- serializer.setOutputProperty(OutputKeys.ENCODING, "UTF8");
- serializer.setOutputProperty(OutputKeys.INDENT, "yes");
+ // Filter DOM
+ ProfileDOMFilter filter = new ProfileDOMFilter(profiles);
+ filter.process(doc.getDocumentElement());
- // Transform -> SAX event stream
- SAXResult saxResult = new SAXResult(new NoKernelNamespaceSAXFilter(hd));
+ // SAX event stream -> String
+ StringWriter buffer = new StringWriter();
+ SAXTransformerFactory tf = (SAXTransformerFactory)SAXTransformerFactory.newInstance();
+ TransformerHandler hd = tf.newTransformerHandler();
+ StreamResult result = new StreamResult(buffer);
+ hd.setResult(result);
+ Transformer serializer = tf.newTransformer();
+ serializer.setOutputProperty(OutputKeys.ENCODING, "UTF8");
+ serializer.setOutputProperty(OutputKeys.INDENT, "yes");
- // DOM -> Transform
- serializer.transform(new DOMSource(doc), saxResult);
+ // Transform -> SAX event stream
+ SAXResult saxResult = new SAXResult(new NoKernelNamespaceSAXFilter(hd));
- // Reuse the parsed document
- String document = buffer.toString();
+ // DOM -> Transform
+ serializer.transform(new DOMSource(doc), saxResult);
- // Debug
- if (log.isTraceEnabled())
- log.trace("About to parse configuration file " + document);
+ // Reuse the parsed document
+ String document = buffer.toString();
- //
- IBindingFactory bfact = BindingDirectory.getFactory(Configuration.class);
- IUnmarshallingContext uctx = bfact.createUnmarshallingContext();
- return (Configuration)uctx.unmarshalDocument(new StringReader(document), null);
+ // Debug
+ if (log.isTraceEnabled())
+ log.trace("About to parse configuration file " + document);
+
+ //
+ IBindingFactory bfact = BindingDirectory.getFactory(Configuration.class);
+ IUnmarshallingContext uctx = bfact.createUnmarshallingContext();
+
+ return (Configuration)uctx.unmarshalDocument(new StringReader(document), null);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof JiBXException)
+ {
+ throw (JiBXException)cause;
+ }
+ else if (cause instanceof ParserConfigurationException)
+ {
+ throw (ParserConfigurationException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof SAXException)
+ {
+ throw (SAXException)cause;
+ }
+ else if (cause instanceof IllegalArgumentException)
+ {
+ throw (IllegalArgumentException)cause;
+ }
+ else if (cause instanceof TransformerException)
+ {
+ throw (TransformerException)cause;
+ }
+ else if (cause instanceof TransformerConfigurationException)
+ {
+ throw (TransformerConfigurationException)cause;
+ }
+ else if (cause instanceof TransformerFactoryConfigurationError)
+ {
+ throw (TransformerFactoryConfigurationError)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
}
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/EntityResolverImpl.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/EntityResolverImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/EntityResolverImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,6 +19,7 @@
package org.exoplatform.container.configuration;
import org.exoplatform.commons.utils.IOUtil;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
@@ -26,6 +27,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -64,10 +66,17 @@
//
if (data == null)
{
- String path = systemIdToResourcePath.get(systemId);
+ final String path = systemIdToResourcePath.get(systemId);
if (path != null)
{
- InputStream in = loader.getResourceAsStream(path);
+ InputStream in = SecurityHelper.doPriviledgedAction(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return loader.getResourceAsStream(path);
+ }
+ });
+
if (in != null)
{
data = IOUtil.getStreamContentAsBytes(in);
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container.configuration;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.ExoContainer;
import java.net.URL;
@@ -39,9 +40,10 @@
public MockConfigurationManagerImpl(ServletContext context) throws Exception
{
super(context, ExoContainer.getProfiles());
- confDir_ = System.getProperty("mock.portal.dir") + "/WEB-INF";
+ confDir_ = PrivilegedSystemHelper.getProperty("mock.portal.dir") + "/WEB-INF";
}
+ @Override
public URL getURL(String uri) throws Exception
{
if (uri.startsWith("jar:"))
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/definition/PortalContainerConfig.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/definition/PortalContainerConfig.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/definition/PortalContainerConfig.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container.definition;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
import org.exoplatform.commons.utils.PropertyManager;
import org.exoplatform.container.PortalContainer;
import org.exoplatform.container.PropertyConfigurator;
@@ -977,7 +978,7 @@
serverInfo.getExoConfigurationDirectory() + "/portal/" + (isPath4DefaultPCD ? "" : def.getName() + "/")
+ path;
File file = new File(fullPath);
- if (file.exists())
+ if (PrivilegedFileHelper.exists(file))
{
// The file exists so we will use it
url = file.toURI().toURL();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/J2EEServerInfo.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/J2EEServerInfo.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/J2EEServerInfo.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.container.monitor.jvm;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -25,6 +27,8 @@
import java.lang.management.ManagementFactory;
import java.lang.reflect.Method;
import java.net.URI;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import javax.management.MBeanServer;
@@ -67,16 +71,16 @@
public J2EEServerInfo()
{
- String jonasHome = System.getProperty("jonas.base");
- String jbossHome = System.getProperty("jboss.home.dir");
- String jettyHome = System.getProperty("jetty.home");
- String websphereHome = System.getProperty("was.install.root");
- String weblogicHome = System.getProperty("wls.home");
- String catalinaHome = System.getProperty("catalina.home");
- String testHome = System.getProperty("maven.exoplatform.dir");
+ String jonasHome = PrivilegedSystemHelper.getProperty("jonas.base");
+ String jbossHome = PrivilegedSystemHelper.getProperty("jboss.home.dir");
+ String jettyHome = PrivilegedSystemHelper.getProperty("jetty.home");
+ String websphereHome = PrivilegedSystemHelper.getProperty("was.install.root");
+ String weblogicHome = PrivilegedSystemHelper.getProperty("wls.home");
+ String catalinaHome = PrivilegedSystemHelper.getProperty("catalina.home");
+ String testHome = PrivilegedSystemHelper.getProperty("maven.exoplatform.dir");
// The name of the configuration directory
- final String confDirName = System.getProperty(EXO_CONF_DIR_NAME_PARAM, "exo-conf");
+ final String confDirName = PrivilegedSystemHelper.getProperty(EXO_CONF_DIR_NAME_PARAM, "exo-conf");
if (jonasHome != null)
{
serverName_ = "jonas";
@@ -90,7 +94,7 @@
// try find and use jboss.server.config.url
// based on http://www.jboss.org/community/docs/DOC-10730
- String jbossConfigUrl = System.getProperty("jboss.server.config.url");
+ String jbossConfigUrl = PrivilegedSystemHelper.getProperty("jboss.server.config.url");
if (jbossConfigUrl != null)
{
try
@@ -109,8 +113,15 @@
//
try
{
- Class clazz =
- Thread.currentThread().getContextClassLoader().loadClass("org.jboss.mx.util.MBeanServerLocator");
+ Class clazz = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Class>()
+ {
+ public Class run() throws Exception
+ {
+ return Thread.currentThread().getContextClassLoader()
+ .loadClass("org.jboss.mx.util.MBeanServerLocator");
+ }
+ });
+
Method m = clazz.getMethod("locateJBoss");
mbeanServer = (MBeanServer)m.invoke(null);
}
@@ -154,15 +165,21 @@
{
// throw new UnsupportedOperationException("unknown server platform") ;
serverName_ = "standalone";
- serverHome_ = System.getProperty("user.dir");
+ serverHome_ = PrivilegedSystemHelper.getProperty("user.dir");
exoConfDir_ = serverHome_ + "/" + confDirName;
}
if (mbeanServer == null)
{
- mbeanServer = ManagementFactory.getPlatformMBeanServer();
+ mbeanServer = SecurityHelper.doPriviledgedAction(new PrivilegedAction<MBeanServer>()
+ {
+ public MBeanServer run()
+ {
+ return ManagementFactory.getPlatformMBeanServer();
+ }
+ });
}
- String exoConfHome = System.getProperty(EXO_CONF_PARAM);
+ String exoConfHome = PrivilegedSystemHelper.getProperty(EXO_CONF_PARAM);
if (exoConfHome != null && exoConfHome.length() > 0)
{
log.info("Override exo-conf directory '" + exoConfDir_ + "' with location '" + exoConfHome
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/JVMRuntimeInfoImpl.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/JVMRuntimeInfoImpl.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/monitor/jvm/JVMRuntimeInfoImpl.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,12 +19,15 @@
package org.exoplatform.container.monitor.jvm;
import org.exoplatform.commons.utils.ExoProperties;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.PropertiesParam;
import org.picocontainer.Startable;
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
+import java.security.PrivilegedAction;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@@ -51,89 +54,185 @@
while (i.hasNext())
{
Map.Entry entry = (Map.Entry)i.next();
- System.setProperty((String)entry.getKey(), (String)entry.getValue());
+ PrivilegedSystemHelper.setProperty((String)entry.getKey(), (String)entry.getValue());
}
}
}
public String getName()
{
- return mxbean_.getName();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getName();
+ }
+ });
}
public String getSpecName()
{
- return mxbean_.getSpecName();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getSpecName();
+ }
+ });
}
public String getSpecVendor()
{
- return mxbean_.getSpecVendor();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getSpecVendor();
+ }
+ });
}
public String getSpecVersion()
{
- return mxbean_.getSpecVersion();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getSpecVersion();
+ }
+ });
}
public String getManagementSpecVersion()
{
- return mxbean_.getManagementSpecVersion();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getManagementSpecVersion();
+ }
+ });
}
public String getVmName()
{
- return mxbean_.getVmName();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getVmName();
+ }
+ });
}
public String getVmVendor()
{
- return mxbean_.getVmVendor();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getVmVendor();
+ }
+ });
}
public String getVmVersion()
{
- return mxbean_.getVmVersion();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getVmVersion();
+ }
+ });
}
public List getInputArguments()
{
- return mxbean_.getInputArguments();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<List>()
+ {
+ public List run()
+ {
+ return mxbean_.getInputArguments();
+ }
+ });
}
public Map getSystemProperties()
{
- return mxbean_.getSystemProperties();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<Map>()
+ {
+ public Map run()
+ {
+ return mxbean_.getSystemProperties();
+ }
+ });
}
public boolean getBootClassPathSupported()
{
- return mxbean_.isBootClassPathSupported();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return mxbean_.isBootClassPathSupported();
+ }
+ });
}
public String getBootClassPath()
{
- return mxbean_.getBootClassPath();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getBootClassPath();
+ }
+ });
}
public String getClassPath()
{
- return mxbean_.getClassPath();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getClassPath();
+ }
+ });
}
public String getLibraryPath()
{
- return mxbean_.getLibraryPath();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return mxbean_.getLibraryPath();
+ }
+ });
}
public long getStartTime()
{
- return mxbean_.getStartTime();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<Long>()
+ {
+ public Long run()
+ {
+ return mxbean_.getStartTime();
+ }
+ });
}
public long getUptime()
{
- return mxbean_.getUptime();
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<Long>()
+ {
+ public Long run()
+ {
+ return mxbean_.getUptime();
+ }
+ });
}
public boolean isManagementSupported()
@@ -144,7 +243,7 @@
public String getSystemPropertiesAsText()
{
StringBuffer b = new StringBuffer();
- Iterator i = System.getProperties().entrySet().iterator();
+ Iterator i = PrivilegedSystemHelper.getProperties().entrySet().iterator();
while (i.hasNext())
{
Map.Entry entry = (Map.Entry)i.next();
@@ -161,6 +260,7 @@
{
}
+ @Override
public String toString()
{
StringBuilder b = new StringBuilder();
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/util/ContainerUtil.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/util/ContainerUtil.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/util/ContainerUtil.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,6 +19,7 @@
package org.exoplatform.container.util;
import org.exoplatform.commons.utils.PropertiesLoader;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.commons.utils.Tools;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.configuration.ConfigurationManager;
@@ -34,6 +35,7 @@
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.net.URL;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -70,10 +72,18 @@
return constructors;
}
- static public Collection<URL> getConfigurationURL(String configuration) throws Exception
+ static public Collection<URL> getConfigurationURL(final String configuration) throws Exception
{
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
- Collection c = Collections.list(cl.getResources(configuration));
+ final ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+ Collection c = SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Collection>()
+ {
+ public Collection run() throws IOException
+ {
+ return Collections.list(cl.getResources(configuration));
+ }
+ });
+
Map<String, URL> map = new HashMap<String, URL>();
Iterator i = c.iterator();
while (i.hasNext())
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/xml/Deserializer.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/xml/Deserializer.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/xml/Deserializer.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container.xml;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.PortalContainer;
@@ -265,7 +266,7 @@
{
// No value could be found so far, thus we try to get it from the
// system properties
- value = System.getProperty(key);
+ value = PrivilegedSystemHelper.getProperty(key);
}
}
if (value != null)
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/management/jmx/impl/JMXManagementProvider.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/management/jmx/impl/JMXManagementProvider.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/management/jmx/impl/JMXManagementProvider.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,12 +18,16 @@
*/
package org.exoplatform.management.jmx.impl;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.management.jmx.annotations.NameTemplate;
import org.exoplatform.management.spi.ManagedResource;
import org.exoplatform.management.spi.ManagementProvider;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
@@ -139,7 +143,7 @@
return null;
}
- private void attemptToRegister(ObjectName name, Object mbean)
+ private void attemptToRegister(final ObjectName name, final Object mbean)
{
synchronized (server)
{
@@ -151,7 +155,14 @@
}
try
{
- server.unregisterMBean(name);
+ SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ server.unregisterMBean(name);
+ return null;
+ }
+ });
}
catch (Exception e)
{
@@ -160,7 +171,14 @@
}
try
{
- server.registerMBean(mbean, name);
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ server.registerMBean(mbean, name);
+ return null;
+ }
+ });
}
catch (Exception e)
{
@@ -171,10 +189,40 @@
public void unmanage(Object key)
{
- ObjectName name = (ObjectName)key;
+ final ObjectName name = (ObjectName)key;
try
{
- server.unregisterMBean(name);
+ try
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ server.unregisterMBean(name);
+ return null;
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof InstanceNotFoundException)
+ {
+ throw (InstanceNotFoundException)cause;
+ }
+ else if (cause instanceof MBeanRegistrationException)
+ {
+ throw (MBeanRegistrationException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
catch (InstanceNotFoundException e)
{
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLCollection.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLCollection.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLCollection.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,7 +18,6 @@
*/
package org.exoplatform.xml.object;
-import org.jibx.runtime.BindingDirectory;
import org.jibx.runtime.IBindingFactory;
import org.jibx.runtime.IMarshallingContext;
import org.jibx.runtime.IUnmarshallingContext;
@@ -93,7 +92,7 @@
public byte[] toByteArray(String encoding) throws Exception
{
- IBindingFactory bfact = BindingDirectory.getFactory(XMLObject.class);
+ IBindingFactory bfact = XMLObject.getBindingFactoryInPriviledgedMode(XMLObject.class);
IMarshallingContext mctx = bfact.createMarshallingContext();
mctx.setIndent(2);
ByteArrayOutputStream os = new ByteArrayOutputStream();
@@ -103,7 +102,7 @@
static public XMLCollection getXMLCollection(InputStream is) throws Exception
{
- IBindingFactory bfact = BindingDirectory.getFactory(XMLObject.class);
+ IBindingFactory bfact = XMLObject.getBindingFactoryInPriviledgedMode(XMLObject.class);
IUnmarshallingContext uctx = bfact.createUnmarshallingContext();
return (XMLCollection)uctx.unmarshalDocument(is, null);
}
Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLObject.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLObject.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/xml/object/XMLObject.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -18,15 +18,21 @@
*/
package org.exoplatform.xml.object;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.jibx.runtime.BindingDirectory;
import org.jibx.runtime.IBindingFactory;
import org.jibx.runtime.IMarshallingContext;
import org.jibx.runtime.IUnmarshallingContext;
+import org.jibx.runtime.JiBXException;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
@@ -143,6 +149,7 @@
addField(new XMLField(name, fieldType, obj));
}
+ @Override
public String toString()
{
StringBuffer b = new StringBuffer();
@@ -197,7 +204,7 @@
public byte[] toByteArray(String encoding) throws Exception
{
- IBindingFactory bfact = BindingDirectory.getFactory(XMLObject.class);
+ IBindingFactory bfact = getBindingFactoryInPriviledgedMode(XMLObject.class);
IMarshallingContext mctx = bfact.createMarshallingContext();
mctx.setIndent(2);
ByteArrayOutputStream os = new ByteArrayOutputStream();
@@ -207,7 +214,7 @@
static public XMLObject getXMLObject(InputStream is) throws Exception
{
- IBindingFactory bfact = BindingDirectory.getFactory(XMLObject.class);
+ IBindingFactory bfact = getBindingFactoryInPriviledgedMode(XMLObject.class);
IUnmarshallingContext uctx = bfact.createUnmarshallingContext();
XMLObject xmlobject = (XMLObject)uctx.unmarshalDocument(is, "UTF-8");
return xmlobject;
@@ -243,8 +250,49 @@
int modifier = field[i].getModifiers();
if (Modifier.isStatic(modifier) || Modifier.isTransient(modifier))
continue;
- field[i].setAccessible(true);
+
+ final Field fld = field[i];
+
+ SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+ fld.setAccessible(true);
+ return null;
+ }
+ });
+
fields.put(field[i].getName(), field[i]);
}
}
+
+ static protected IBindingFactory getBindingFactoryInPriviledgedMode(final Class clazz) throws JiBXException
+ {
+ try
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<IBindingFactory>()
+ {
+ public IBindingFactory run() throws Exception
+ {
+ return BindingDirectory.getFactory(clazz);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof JiBXException)
+ {
+ throw (JiBXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
}
Modified: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/TestUnifiedClassLoader.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/TestUnifiedClassLoader.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/TestUnifiedClassLoader.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -39,7 +39,7 @@
{
try
{
- new UnifiedClassLoader();
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode();
fail("An IllegalArgumentException is expected");
}
catch (IllegalArgumentException e)
@@ -47,7 +47,7 @@
}
try
{
- new UnifiedClassLoader(new ClassLoader[0]);
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[0]);
fail("An IllegalArgumentException is expected");
}
catch (IllegalArgumentException e)
@@ -57,61 +57,95 @@
public void testGetResource() throws Exception
{
- UnifiedClassLoader mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, null), new MockClassLoader(null, null)});
+ UnifiedClassLoader mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{new MockClassLoader(null, null),
+ new MockClassLoader(null, null)});
assertNull(mcl.getResource(null));
URL result = new URL("file:///foo");
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, null), new MockClassLoader(result, null)});
- assertEquals(result, mcl.getResource(null));
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(result, null), new MockClassLoader(null, null)});
- assertEquals(result, mcl.getResource(null));
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(new URL("file:///foo2"), null), new MockClassLoader(result, null)});
- assertEquals(result, mcl.getResource(null));
+
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{new MockClassLoader(null, null),
+ new MockClassLoader(result, null)});
+ assertEquals(result, mcl.getResource(null));
+
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{new MockClassLoader(result, null),
+ new MockClassLoader(null, null)});
+ assertEquals(result, mcl.getResource(null));
+
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(new URL("file:///foo2"), null), new MockClassLoader(result, null)});
+ assertEquals(result, mcl.getResource(null));
}
public void testGetResources() throws Exception
{
- UnifiedClassLoader mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>())), new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>()))});
+ UnifiedClassLoader mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>())),
+ new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>()))});
Enumeration<URL> eResult = mcl.getResources(null);
assertNotNull(eResult);
assertFalse(eResult.hasMoreElements());
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, null), new MockClassLoader(null, null)});
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{new MockClassLoader(null, null),
+ new MockClassLoader(null, null)});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertFalse(eResult.hasMoreElements());
- URL result = new URL("file:///foo");
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))), new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>()))});
+ final URL result = new URL("file:///foo");
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))),
+ new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>()))});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
assertEquals(result, eResult.nextElement());
assertFalse(eResult.hasMoreElements());
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))), new MockClassLoader(null, null)});
+ mcl =
+ UnifiedClassLoader
+ .createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))),
+ new MockClassLoader(null, null)});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
assertEquals(result, eResult.nextElement());
assertFalse(eResult.hasMoreElements());
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>())), new MockClassLoader(null, Collections.enumeration(Arrays.asList(result)))});
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(new ArrayList<URL>())),
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result)))});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
assertEquals(result, eResult.nextElement());
assertFalse(eResult.hasMoreElements());
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, null), new MockClassLoader(null, Collections.enumeration(Arrays.asList(result)))});
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{new MockClassLoader(null, null),
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result)))});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
assertEquals(result, eResult.nextElement());
assertFalse(eResult.hasMoreElements());
- URL result1 = new URL("file:///foo");
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))), new MockClassLoader(null, Collections.enumeration(Arrays.asList(result1)))});
+ final URL result1 = new URL("file:///foo");
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))),
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result1)))});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
assertEquals(result, eResult.nextElement());
assertFalse(eResult.hasMoreElements());
- URL result2 = new URL("file:///foo2");
- mcl = new UnifiedClassLoader(new ClassLoader[]{new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))), new MockClassLoader(null, Collections.enumeration(Arrays.asList(result2)))});
+ final URL result2 = new URL("file:///foo2");
+ mcl =
+ UnifiedClassLoader.createUnifiedClassLoaderInPrivilegedMode(new ClassLoader[]{
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result))),
+ new MockClassLoader(null, Collections.enumeration(Arrays.asList(result2)))});
eResult = mcl.getResources(null);
assertNotNull(eResult);
assertTrue(eResult.hasMoreElements());
@@ -134,11 +168,13 @@
this.getResourcesResult = getResourcesResult;
}
+ @Override
public URL getResource(String name)
{
return getResourceResult;
}
+ @Override
public Enumeration<URL> getResources(String name)
{
return getResourcesResult;
Copied: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractExoMBeanTest.java (from rev 3344, kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractTestExoMBean.java)
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractExoMBeanTest.java (rev 0)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractExoMBeanTest.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.container.jmx;
+
+import junit.framework.TestCase;
+import org.exoplatform.management.jmx.impl.ExoMBeanInfoBuilder;
+
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
+import javax.management.ObjectName;
+import javax.management.modelmbean.ModelMBeanInfo;
+import javax.management.modelmbean.RequiredModelMBean;
+
+/**
+ * @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
+ * @version $Revision$
+ */
+public abstract class AbstractExoMBeanTest extends TestCase
+{
+
+ protected MBeanServer server;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ server = MBeanServerFactory.createMBeanServer();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ MBeanServerFactory.releaseMBeanServer(server);
+ }
+
+ protected void assertNotBuildable(Class clazz)
+ {
+ try
+ {
+ new ExoMBeanInfoBuilder(clazz).build();
+ fail();
+ }
+ catch (Exception ignore)
+ {
+ }
+ }
+
+ protected Bean register(String name, Class clazz)
+ {
+ try
+ {
+ ObjectName objectName = ObjectName.getInstance(name);
+ ModelMBeanInfo info = new ExoMBeanInfoBuilder(clazz).build();
+ RequiredModelMBean mbean = new RequiredModelMBean(info);
+ mbean.setManagedResource(clazz.newInstance(), "ObjectReference");
+ server.registerMBean(mbean, objectName);
+ return new Bean(objectName, (ModelMBeanInfo)server.getMBeanInfo(objectName));
+ }
+ catch (Exception e)
+ {
+ throw new AssertionError(e);
+ }
+ }
+
+ public static class Bean
+ {
+
+ final ObjectName name;
+
+ final ModelMBeanInfo info;
+
+ public Bean(ObjectName name, ModelMBeanInfo info)
+ {
+ this.name = name;
+ this.info = info;
+ }
+ }
+}
\ No newline at end of file
Deleted: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractTestExoMBean.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractTestExoMBean.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/AbstractTestExoMBean.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.exoplatform.container.jmx;
-
-import junit.framework.TestCase;
-import org.exoplatform.management.jmx.impl.ExoMBeanInfoBuilder;
-
-import javax.management.MBeanServer;
-import javax.management.MBeanServerFactory;
-import javax.management.ObjectName;
-import javax.management.modelmbean.ModelMBeanInfo;
-import javax.management.modelmbean.RequiredModelMBean;
-
-/**
- * @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
- * @version $Revision$
- */
-public abstract class AbstractTestExoMBean extends TestCase
-{
-
- protected MBeanServer server;
-
- @Override
- protected void setUp() throws Exception
- {
- server = MBeanServerFactory.createMBeanServer();
- }
-
- @Override
- protected void tearDown() throws Exception
- {
- MBeanServerFactory.releaseMBeanServer(server);
- }
-
- protected void assertNotBuildable(Class clazz)
- {
- try
- {
- new ExoMBeanInfoBuilder(clazz).build();
- fail();
- }
- catch (Exception ignore)
- {
- }
- }
-
- protected Bean register(String name, Class clazz)
- {
- try
- {
- ObjectName objectName = ObjectName.getInstance(name);
- ModelMBeanInfo info = new ExoMBeanInfoBuilder(clazz).build();
- RequiredModelMBean mbean = new RequiredModelMBean(info);
- mbean.setManagedResource(clazz.newInstance(), "ObjectReference");
- server.registerMBean(mbean, objectName);
- return new Bean(objectName, (ModelMBeanInfo)server.getMBeanInfo(objectName));
- }
- catch (Exception e)
- {
- throw new AssertionError(e);
- }
- }
-
- public static class Bean
- {
-
- final ObjectName name;
-
- final ModelMBeanInfo info;
-
- public Bean(ObjectName name, ModelMBeanInfo info)
- {
- this.name = name;
- this.info = info;
- }
- }
-}
\ No newline at end of file
Modified: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBean.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBean.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBean.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -28,7 +28,7 @@
* @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
* @version $Revision$
*/
-public class TestExoMBean extends AbstractTestExoMBean
+public class TestExoMBean extends AbstractExoMBeanTest
{
public void test1() throws Exception
Modified: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanAttribute.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanAttribute.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanAttribute.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -31,7 +31,7 @@
* @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
* @version $Revision$
*/
-public class TestExoMBeanAttribute extends AbstractTestExoMBean
+public class TestExoMBeanAttribute extends AbstractExoMBeanTest
{
public void test1() throws Exception
Modified: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanOperation.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanOperation.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/jmx/TestExoMBeanOperation.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -32,7 +32,7 @@
* @author <a href="mailto:julien.viet at exoplatform.com">Julien Viet</a>
* @version $Revision$
*/
-public class TestExoMBeanOperation extends AbstractTestExoMBean
+public class TestExoMBeanOperation extends AbstractExoMBeanTest
{
public void test1() throws Exception
Modified: kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/support/ContainerBuilder.java
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/support/ContainerBuilder.java 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.container/src/test/java/org/exoplatform/container/support/ContainerBuilder.java 2010-10-28 12:56:43 UTC (rev 3360)
@@ -19,6 +19,7 @@
package org.exoplatform.container.support;
import junit.framework.AssertionFailedError;
+
import org.exoplatform.commons.utils.PropertyManager;
import org.exoplatform.commons.utils.Tools;
import org.exoplatform.container.ExoContainerContext;
@@ -30,11 +31,9 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
-import java.util.Map;
import java.util.Set;
/**
@@ -120,7 +119,7 @@
return this;
}
- public ContainerBuilder profiledBy(String ... profiles)
+ public ContainerBuilder profiledBy(String... profiles)
{
this.profiles = Tools.set(profiles);
return this;
Added: kernel/trunk/exo.kernel.container/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.container/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.container/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,21 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.commons/-"{
+ permission java.security.AllPermission;
+};
+
+
+
Modified: kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml 2010-10-27 09:05:21 UTC (rev 3359)
+++ kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml 2010-10-28 12:56:43 UTC (rev 3360)
@@ -26,6 +26,11 @@
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.mc-int-demo</artifactId>
</dependency>
</dependencies>
@@ -51,9 +56,47 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<skip>true</skip>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}" property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}" overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
@@ -68,6 +111,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<excludes>
<exclude>**/it/Test*.java</exclude>
</excludes>
@@ -196,6 +240,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<excludes>
<exclude>**/it/Test*.java</exclude>
</excludes>
@@ -319,6 +364,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
+ <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<excludes>
<exclude>**/it/Test*.java</exclude>
</excludes>
Added: kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/src/test/resources/test.policy 2010-10-28 12:56:43 UTC (rev 3360)
@@ -0,0 +1,23 @@
+grant codeBase "@MAVEN_REPO at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at -"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES at -"{
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../../exo.kernel.commons.test/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../../exo.kernel.container/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES at ../../../exo.kernel.mc-int-demo/-"{
+ permission java.security.AllPermission;
+};
+
More information about the exo-jcr-commits
mailing list