Author: tolusha
Date: 2010-06-11 10:42:21 -0400 (Fri, 11 Jun 2010)
New Revision: 2557
Added:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/PrivilegedFileHelper.java
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionFactory.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/TransientValueData.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileDigestOutputStream.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/CASableWriteValue.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/SpoolFile.java
Log:
EXOJCR-756: add PrivilegedFileHelper
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionFactory.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionFactory.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionFactory.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -27,6 +27,9 @@
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.transaction.TransactionService;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
@@ -59,44 +62,52 @@
*/
public SessionFactory(TransactionService tService, WorkspaceEntry config,
ExoContainerContext containerContext)
{
-
this.container = containerContext.getContainer();
this.workspaceName = config.getName();
this.tService = tService;
this.txResourceManager = new TransactionableResourceManager();
- boolean tracking =
"true".equalsIgnoreCase(System.getProperty("exo.jcr.session.tracking.active",
"false"));
- if (tracking)
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
{
- long maxAgeMillis = 0;
-
- String maxagevalue =
System.getProperty("exo.jcr.jcr.session.tracking.maxage");
- if (maxagevalue != null)
+ public Object run()
{
- try
+ boolean tracking =
"true".equalsIgnoreCase(System.getProperty("exo.jcr.session.tracking.active",
"false"));
+ if (tracking)
{
- maxAgeMillis = Long.parseLong(maxagevalue) * 1000;
- }
- catch (NumberFormatException e)
- {
+ long maxAgeMillis = 0;
+
+ String maxagevalue =
System.getProperty("exo.jcr.jcr.session.tracking.maxage");
+ if (maxagevalue != null)
+ {
+ try
+ {
+ maxAgeMillis = Long.parseLong(maxagevalue) * 1000;
+ }
+ catch (NumberFormatException e)
+ {
+ //
+ }
+ }
+ if (maxAgeMillis <= 0)
+ {
+ maxAgeMillis = 1000 * 60 * 2; // 2 mns
+ }
+
//
+ try
+ {
+ SessionReference.start(maxAgeMillis);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ }
}
- }
- if (maxAgeMillis <= 0)
- {
- maxAgeMillis = 1000 * 60 * 2; // 2 mns
- }
- //
- try
- {
- SessionReference.start(maxAgeMillis);
+ return null;
}
- catch (Exception e)
- {
- e.printStackTrace();
- }
- }
+ };
+ AccessController.doPrivileged(action);
}
/**
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/TransientValueData.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/TransientValueData.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/TransientValueData.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -27,6 +27,7 @@
import org.exoplatform.services.jcr.impl.dataflow.persistent.FilePersistedValueData;
import org.exoplatform.services.jcr.impl.util.JCRDateFormat;
import org.exoplatform.services.jcr.impl.util.io.FileCleaner;
+import org.exoplatform.services.jcr.impl.util.io.PrivilegedFileHelper;
import org.exoplatform.services.jcr.impl.util.io.SpoolFile;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -211,7 +212,7 @@
{
if (spoolFile != null)
{
- return new FileInputStream(spoolFile); // from spool file
+ return PrivilegedFileHelper.fileInputStream(spoolFile); // from spool
file
}
else
{
@@ -260,7 +261,7 @@
}
else
{
- return spoolFile.length();
+ return PrivilegedFileHelper.length(spoolFile);
}
}
@@ -379,6 +380,7 @@
/**
* {@inheritDoc}
*/
+ @Override
protected void finalize() throws Throwable
{
deleteCurrentSpoolFile();
@@ -568,7 +570,8 @@
sf = SpoolFile.createTempFile("jcrvd", null, tempDirectory);
sf.acquire(this);
- sfout = new FileOutputStream(sf);
+ sfout = PrivilegedFileHelper.fileOutputStream(sf);
+
sfout.write(buffer, 0, len);
sfout.write(tmpBuff, 0, read);
buffer = null;
@@ -691,7 +694,7 @@
if (spoolFile instanceof SpoolFile)
{
- ((SpoolFile)spoolFile).release(this);
+ (spoolFile).release(this);
}
if (deleteSpoolFile && spoolFile.exists())
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileDigestOutputStream.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileDigestOutputStream.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/FileDigestOutputStream.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -18,8 +18,9 @@
*/
package org.exoplatform.services.jcr.impl.storage.value.fs;
+import org.exoplatform.services.jcr.impl.util.io.PrivilegedFileHelper;
+
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
@@ -43,7 +44,7 @@
FileDigestOutputStream(File file, MessageDigest digest) throws IOException
{
- super(new FileOutputStream(file), digest);
+ super(PrivilegedFileHelper.fileOutputStream(file), digest);
this.file = file;
}
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/CASableWriteValue.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/CASableWriteValue.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/CASableWriteValue.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -27,6 +27,7 @@
import org.exoplatform.services.jcr.impl.storage.value.fs.CASableIOSupport;
import org.exoplatform.services.jcr.impl.storage.value.fs.FileDigestOutputStream;
import org.exoplatform.services.jcr.impl.util.io.FileCleaner;
+import org.exoplatform.services.jcr.impl.util.io.PrivilegedFileHelper;
import org.exoplatform.services.jcr.util.IdGenerator;
import java.io.File;
@@ -168,15 +169,15 @@
throw new RecordAlreadyExistsException("Write error: " + e, e);
}
- if (!vcasFile.exists())
+ if (!PrivilegedFileHelper.exists(vcasFile))
{
// it's new CAS Value, we have to move temp to vcas location
// use RENAME only, don't copy - as copy will means that destination
already exists etc.
// make sure parent dir exists
- vcasFile.getParentFile().mkdirs();
+ PrivilegedFileHelper.mkdirs(vcasFile.getParentFile());
// rename propetynamed file to hashnamed one
- if (!tempFile.renameTo(vcasFile))
+ if (!PrivilegedFileHelper.renameTo(tempFile, vcasFile))
{
throw new VCASException("File " + tempFile.getAbsolutePath()
+ " can't be renamed to VCAS-named "
+ vcasFile.getAbsolutePath());
@@ -193,7 +194,7 @@
finally
{
// remove temp file
- tempFile.delete(); // should be ok without file cleaner
+ PrivilegedFileHelper.delete(tempFile); // should be ok without file cleaner
fileLock.unlock();
}
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -22,6 +22,7 @@
import org.exoplatform.services.jcr.impl.storage.value.ValueOperation;
import org.exoplatform.services.jcr.impl.storage.value.fs.FileLockException;
import org.exoplatform.services.jcr.impl.util.io.FileCleaner;
+import org.exoplatform.services.jcr.impl.util.io.PrivilegedFileHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -256,7 +257,7 @@
// lock in JVM (wait for unlock if required)
try
{
- return resources.aquire(file.getAbsolutePath(), new
ValueFileLockHolder(file));
+ return resources.aquire(PrivilegedFileHelper.getAbsolutePath(file), new
ValueFileLockHolder(file));
}
catch (InterruptedException e)
{
@@ -273,7 +274,7 @@
*/
public boolean unlock() throws IOException
{
- return resources.release(file.getAbsolutePath());
+ return resources.release(PrivilegedFileHelper.getAbsolutePath(file));
}
}
Added:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/PrivilegedFileHelper.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/PrivilegedFileHelper.java
(rev 0)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/PrivilegedFileHelper.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.exoplatform.services.jcr.impl.util.io;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="anatoliy.bazko(a)exoplatform.org">Anatoliy
Bazko</a>
+ * @version $Id: SecurityFileHelper.java 111 2010-11-11 11:11:11Z tolusha $
+ *
+ * Class helper need for perform privileged file operations.
+ */
+public class PrivilegedFileHelper
+{
+
+ public static FileOutputStream fileOutputStream(final File file) throws
FileNotFoundException
+ {
+ PrivilegedExceptionAction<Object> action = new
PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ return new FileOutputStream(file);
+ }
+ };
+ try
+ {
+ return (FileOutputStream)AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ public static FileInputStream fileInputStream(final File file) throws
FileNotFoundException
+ {
+ PrivilegedExceptionAction<Object> action = new
PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ return new FileInputStream(file);
+ }
+ };
+ try
+ {
+ return (FileInputStream)AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof FileNotFoundException)
+ {
+ throw (FileNotFoundException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ public static long length(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return new Long(file.length());
+ }
+ };
+ return (Long)AccessController.doPrivileged(action);
+ }
+
+ public static String getAbsolutePath(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return file.getAbsolutePath();
+ }
+ };
+ return (String)AccessController.doPrivileged(action);
+ }
+
+ public static boolean delete(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return file.delete();
+ }
+ };
+ return (Boolean)AccessController.doPrivileged(action);
+ }
+
+ public static boolean exists(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return file.exists();
+ }
+ };
+ return (Boolean)AccessController.doPrivileged(action);
+ }
+
+ public static void mkdirs(final File file)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ file.mkdirs();
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
+ }
+
+ public static boolean renameTo(final File srcFile, final File dstfile)
+ {
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return new Boolean(srcFile.renameTo(dstfile));
+ }
+ };
+ return (Boolean)AccessController.doPrivileged(action);
+ }
+}
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/SpoolFile.java
===================================================================
---
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/SpoolFile.java 2010-06-11
13:41:42 UTC (rev 2556)
+++
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/SpoolFile.java 2010-06-11
14:42:21 UTC (rev 2557)
@@ -24,6 +24,9 @@
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.WeakHashMap;
@@ -65,9 +68,36 @@
super(absPath);
}
- public static SpoolFile createTempFile(String prefix, String suffix, File directory)
throws IOException
+ public static SpoolFile createTempFile(final String prefix, final String suffix, final
File directory)
+ throws IOException
{
- return new SpoolFile(File.createTempFile(prefix, suffix,
directory).getAbsolutePath());
+ PrivilegedExceptionAction<Object> action = new
PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ return new SpoolFile(File.createTempFile(prefix, suffix,
directory).getAbsolutePath());
+ }
+ };
+ try
+ {
+ return (SpoolFile)AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
public synchronized void acquire(Object holder) throws FileNotFoundException