June 2010 - exo-jcr-commits - Jboss List Archives

exo-jcr SVN: r2556 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl: core/query/lucene/directory and 1 other directories.

by do-not-reply＠jboss.org

Author: nzamosenchuk Date: 2010-06-11 09:41:42 -0400 (Fri, 11 Jun 2010) New Revision: 2556 Added: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/SecurityHelper.java Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/RedoLog.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/directory/FSDirectoryManager.java Log: EXOJCR-758: Implemented doPriviledged in FSDirectoryManager and RedoLog. Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/RedoLog.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/RedoLog.java 2010-06-11 13:06:51 UTC (rev 2555) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/RedoLog.java 2010-06-11 13:41:42 UTC (rev 2556) @@ -19,6 +19,7 @@ import org.apache.lucene.store.Directory; import org.exoplatform.services.jcr.impl.core.query.lucene.directory.IndexInputStream; import org.exoplatform.services.jcr.impl.core.query.lucene.directory.IndexOutputStream; +import org.exoplatform.services.jcr.impl.util.SecurityHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -30,6 +31,7 @@ import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.Writer; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.List; @@ -143,11 +145,18 @@ * @throws IOException if the node cannot be written to the redo * log. */ - void append(MultiIndex.Action action) throws IOException + void append(final MultiIndex.Action action) throws IOException { - initOut(); - out.write(action.toString() + "\n"); - entryCount++; + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + initOut(); + out.write(action.toString() + "\n"); + entryCount++; + return null; + } + }); } /** @@ -156,10 +165,17 @@ */ void flush() throws IOException { - if (out != null) + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() { - out.flush(); - } + public Object run() throws Exception + { + if (out != null) + { + out.flush(); + } + return null; + } + }); } /** @@ -168,13 +184,20 @@ */ void clear() throws IOException { - if (out != null) + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() { - out.close(); - out = null; - } - dir.deleteFile(REDO_LOG); - entryCount = 0; + public Object run() throws Exception + { + if (out != null) + { + out.close(); + out = null; + } + dir.deleteFile(REDO_LOG); + entryCount = 0; + return null; + } + }); } /** @@ -184,11 +207,18 @@ */ private void initOut() throws IOException { - if (out == null) - { - OutputStream os = new IndexOutputStream(dir.createOutput(REDO_LOG)); - out = new BufferedWriter(new OutputStreamWriter(os)); - } + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + if (out == null) + { + OutputStream os = new IndexOutputStream(dir.createOutput(REDO_LOG)); + out = new BufferedWriter(new OutputStreamWriter(os)); + } + return null; + } + }); } /** @@ -198,43 +228,50 @@ * @throws IOException if an error occurs while reading from the * log file. */ - private void read(ActionCollector collector) throws IOException + private void read(final ActionCollector collector) throws IOException { - if (!dir.fileExists(REDO_LOG)) - { - return; - } - InputStream in = new IndexInputStream(dir.openInput(REDO_LOG)); - try - { - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); - String line; - while ((line = reader.readLine()) != null) + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() { - try + public Object run() throws Exception { - collector.collect(MultiIndex.Action.fromString(line)); - } - catch (IllegalArgumentException e) + if (!dir.fileExists(REDO_LOG)) { - log.warn("Malformed redo entry: " + e.getMessage()); + return null; } - } - } - finally - { - if (in != null) - { + InputStream in = new IndexInputStream(dir.openInput(REDO_LOG)); try { - in.close(); + BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + String line; + while ((line = reader.readLine()) != null) + { + try + { + collector.collect(MultiIndex.Action.fromString(line)); + } + catch (IllegalArgumentException e) + { + log.warn("Malformed redo entry: " + e.getMessage()); + } + } } - catch (IOException e) + finally { - log.warn("Exception while closing redo log: " + e.toString()); + if (in != null) + { + try + { + in.close(); + } + catch (IOException e) + { + log.warn("Exception while closing redo log: " + e.toString()); + } + } } - } - } + return null; + } + }); } //-----------------------< internal >--------------------------------------- Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/directory/FSDirectoryManager.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/directory/FSDirectoryManager.java 2010-06-11 13:06:51 UTC (rev 2555) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/query/lucene/directory/FSDirectoryManager.java 2010-06-11 13:41:42 UTC (rev 2556) @@ -16,110 +16,172 @@ */ package org.exoplatform.services.jcr.impl.core.query.lucene.directory; -import java.io.File; -import java.io.FileFilter; -import java.io.IOException; - import org.apache.lucene.store.Directory; import org.apache.lucene.store.FSDirectory; import org.apache.lucene.store.NativeFSLockFactory; import org.exoplatform.services.jcr.impl.core.query.lucene.SearchIndex; +import org.exoplatform.services.jcr.impl.util.SecurityHelper; +import java.io.File; +import java.io.FileFilter; +import java.io.IOException; +import java.security.PrivilegedExceptionAction; + /** * <code>FSDirectoryManager</code> implements a directory manager for * {@link FSDirectory} instances. */ -public class FSDirectoryManager implements DirectoryManager { +public class FSDirectoryManager implements DirectoryManager +{ - /** - * The base directory. - */ - private File baseDir; + /** + * The base directory. + */ + private File baseDir; - /** - * {@inheritDoc} - */ - public void init(SearchIndex handler) throws IOException { - baseDir = new File(handler.getPath()); - } + /** + * {@inheritDoc} + */ + public void init(final SearchIndex handler) throws IOException + { + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + baseDir = new File(handler.getPath()); + return null; + } + }); + } - /** - * {@inheritDoc} - */ - public boolean hasDirectory(String name) throws IOException { - return new File(baseDir, name).exists(); - } + /** + * {@inheritDoc} + */ + public boolean hasDirectory(final String name) throws IOException + { + return SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Boolean>() + { + public Boolean run() throws Exception + { + return new File(baseDir, name).exists(); - /** - * {@inheritDoc} - */ - public Directory getDirectory(String name) - throws IOException { - File dir; - if (name.equals(".")) { - dir = baseDir; - } else { - dir = new File(baseDir, name); - } - return FSDirectory.getDirectory(dir, new NativeFSLockFactory(dir)); - } + } + }); + } - /** - * {@inheritDoc} - */ - public String[] getDirectoryNames() throws IOException { - File[] dirs = baseDir.listFiles(new FileFilter() { - public boolean accept(File pathname) { - return pathname.isDirectory(); + /** + * {@inheritDoc} + */ + public Directory getDirectory(final String name) throws IOException + { + return SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Directory>() + { + public Directory run() throws Exception + { + File dir; + if (name.equals(".")) + { + dir = baseDir; } - }); - if (dirs != null) { - String[] names = new String[dirs.length]; - for (int i = 0; i < dirs.length; i++) { - names[i] = dirs[i].getName(); + else + { + dir = new File(baseDir, name); } - return names; - } else { - throw new IOException("listFiles for " + baseDir.getPath() + " returned null"); - } - } + return FSDirectory.getDirectory(dir, new NativeFSLockFactory(dir)); + } + }); + } - /** - * {@inheritDoc} - */ - public boolean delete(String name) { - File directory = new File(baseDir, name); - // trivial if it does not exist anymore - if (!directory.exists()) { - return true; - } - // delete files first - File[] files = directory.listFiles(); - if (files != null) { - for (int i = 0; i < files.length; i++) { - if (!files[i].delete()) { - return false; - } + /** + * {@inheritDoc} + */ + public String[] getDirectoryNames() throws IOException + { + return SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<String[]>() + { + public String[] run() throws Exception + { + File[] dirs = baseDir.listFiles(new FileFilter() + { + public boolean accept(File pathname) + { + return pathname.isDirectory(); + } + }); + if (dirs != null) + { + String[] names = new String[dirs.length]; + for (int i = 0; i < dirs.length; i++) + { + names[i] = dirs[i].getName(); + } + return names; } - } else { - return false; - } - // now delete directory itself - return directory.delete(); - } + else + { + throw new IOException("listFiles for " + baseDir.getPath() + " returned null"); + } + } + }); + } - /** - * {@inheritDoc} - */ - public boolean rename(String from, String to) { - File src = new File(baseDir, from); - File dest = new File(baseDir, to); - return src.renameTo(dest); - } + /** + * {@inheritDoc} + */ + public boolean delete(final String name) + { + return SecurityHelper.doPriviledgedAction(new PrivilegedExceptionAction<Boolean>() + { + public Boolean run() throws Exception + { + File directory = new File(baseDir, name); + // trivial if it does not exist anymore + if (!directory.exists()) + { + return true; + } + // delete files first + File[] files = directory.listFiles(); + if (files != null) + { + for (int i = 0; i < files.length; i++) + { + if (!files[i].delete()) + { + return false; + } + } + } + else + { + return false; + } + // now delete directory itself + return directory.delete(); + } + }); + } - /** - * {@inheritDoc} - */ - public void dispose() { - } + /** + * {@inheritDoc} + */ + public boolean rename(final String from, final String to) + { + return SecurityHelper.doPriviledgedAction(new PrivilegedExceptionAction<Boolean>() + { + public Boolean run() throws Exception + { + File src = new File(baseDir, from); + File dest = new File(baseDir, to); + return src.renameTo(dest); + } + }); + } + + /** + * {@inheritDoc} + */ + public void dispose() + { + } } Added: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/SecurityHelper.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/SecurityHelper.java (rev 0) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/SecurityHelper.java 2010-06-11 13:41:42 UTC (rev 2556) @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2010 eXo Platform SAS. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.exoplatform.services.jcr.impl.util; + +import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +/** + * Helps running code in privileged + * + * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a> + * @version $Id: SecurityHelper.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ + * + */ +public class SecurityHelper +{ + + /** + * Launches action in privileged mode. Can throw only IO exception. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedIOExceptionAction(PrivilegedExceptionAction<E> action) throws IOException + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } + + /** + * Launches action in privileged mode. Can throw only runtime exceptions. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedAction(PrivilegedExceptionAction<E> action) + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } +} Property changes on: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/SecurityHelper.java ___________________________________________________________________ Name: svn:mime-type + text/plain

14 years

1
0
0 / 0

exo-jcr SVN: r2555 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services: jcr/impl/util/io and 1 other directories.

by do-not-reply＠jboss.org

Author: tolusha Date: 2010-06-11 09:06:51 -0400 (Fri, 11 Jun 2010) New Revision: 2555 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/FileCleaner.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java Log: EXOJCR-756: fix Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-11 11:48:08 UTC (rev 2554) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-11 13:06:51 UTC (rev 2555) @@ -195,7 +195,8 @@ /** * {@inheritDoc} */ - public void configWorkspace(WorkspaceEntry wsConfig) throws RepositoryConfigurationException, RepositoryException + public void configWorkspace(final WorkspaceEntry wsConfig) throws RepositoryConfigurationException, + RepositoryException { // Need privileges to manage repository. SecurityManager security = System.getSecurityManager(); @@ -212,7 +213,38 @@ try { - repositoryContainer.registerWorkspace(wsConfig); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + repositoryContainer.registerWorkspace(wsConfig); + return null; + } + }; + try + { + AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof RepositoryException) + { + throw (RepositoryException)cause; + } + else if (cause instanceof RepositoryConfigurationException) + { + throw (RepositoryConfigurationException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } } catch (RepositoryConfigurationException e) { Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/FileCleaner.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/FileCleaner.java 2010-06-11 11:48:08 UTC (rev 2554) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/util/io/FileCleaner.java 2010-06-11 13:06:51 UTC (rev 2555) @@ -23,6 +23,8 @@ import org.exoplatform.services.log.Log; import java.io.File; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.HashSet; import java.util.Set; import java.util.concurrent.ConcurrentLinkedQueue; @@ -68,7 +70,16 @@ if (start) start(); - registerShutdownHook(); + PrivilegedAction<Object> action = new PrivilegedAction<Object>() + { + public Object run() + { + registerShutdownHook(); + return null; + } + }; + AccessController.doPrivileged(action); + if (log.isDebugEnabled()) { log.debug("FileCleaner instantiated name= " + getName() + " timeout= " + timeout); @@ -86,6 +97,7 @@ } } + @Override public void halt() { try @@ -105,6 +117,7 @@ /** * @see org.exoplatform.services.jcr.impl.proccess.WorkerThread#callPeriodically() */ + @Override protected void callPeriodically() throws Exception { File file = null; @@ -142,6 +155,7 @@ { Runtime.getRuntime().addShutdownHook(new Thread() { + @Override public void run() { File file = null; Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java 2010-06-11 11:48:08 UTC (rev 2554) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/transaction/jbosscache/GenericTransactionService.java 2010-06-11 13:06:51 UTC (rev 2555) @@ -25,6 +25,10 @@ import org.exoplatform.services.transaction.TransactionService; import org.jboss.cache.transaction.TransactionManagerLookup; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + import javax.transaction.HeuristicMixedException; import javax.transaction.HeuristicRollbackException; import javax.transaction.InvalidTransactionException; @@ -223,7 +227,7 @@ * Created by The eXo Platform SAS * Author : Nicolas Filotto * nicolas.filotto(a)exoplatform.com - * 1 f�vr. 2010 + * 1 f�vr. 2010 */ private static class TransactionManagerTxTimeoutAware implements TransactionManager { @@ -280,7 +284,54 @@ public void commit() throws RollbackException, HeuristicMixedException, HeuristicRollbackException, SecurityException, IllegalStateException, SystemException { - tm.commit(); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + tm.commit(); + return null; + } + }; + try + { + AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof RollbackException) + { + throw (RollbackException)cause; + } + else if (cause instanceof HeuristicMixedException) + { + throw (HeuristicMixedException)cause; + } + else if (cause instanceof HeuristicRollbackException) + { + throw (HeuristicRollbackException)cause; + } + else if (cause instanceof SecurityException) + { + throw (SecurityException)cause; + } + else if (cause instanceof IllegalStateException) + { + throw (IllegalStateException)cause; + } + else if (cause instanceof SystemException) + { + throw (SystemException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } } /**

14 years

1
0
0 / 0

exo-jcr SVN: r2554 - core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security.

by do-not-reply＠jboss.org

Author: nzamosenchuk Date: 2010-06-11 07:48:08 -0400 (Fri, 11 Jun 2010) New Revision: 2554 Modified: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java Log: EXOJCR-777 : added test to cover removeAttribute Modified: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java =================================================================== --- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java 2010-06-11 11:35:31 UTC (rev 2553) +++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java 2010-06-11 11:48:08 UTC (rev 2554) @@ -135,4 +135,50 @@ // it's ok } } + + + /** + * Checks that modification is permitted + */ + public void testStateRemoveAttributeWithPermission() + { + try + { + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + state.removeAttribute("attribute"); + return null; + } + }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be successfull, since it is launched with required permissions."); + } + } + + /** + * Checks that modification is denied if no permission given + */ + public void testStateRemoveAttributeWithNoPermission() + { + try + { + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + state.removeAttribute("attribute"); + return null; + } + }); + fail("Modification should be denied"); + } + catch (Exception e) + { + // it's ok + } + } }

14 years

1
0
0 / 0

exo-jcr SVN: r2553 - in jcr/trunk/exo.jcr.component.core/src: main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations and 2 other directories.

by do-not-reply＠jboss.org

Author: tolusha Date: 2010-06-11 07:35:31 -0400 (Fri, 11 Jun 2010) New Revision: 2553 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/writing/TestUpdate.java Log: EXOJCR-756:fix some bugs Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java 2010-06-11 10:02:18 UTC (rev 2552) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java 2010-06-11 11:35:31 UTC (rev 2553) @@ -188,32 +188,32 @@ { if (file != null) { - return file.length(); + return new Long(file.length()); } else if (tempFile != null) { - return tempFile.length(); + return new Long(tempFile.length()); } else if (stream instanceof FileInputStream) { try { - return ((FileInputStream)stream).getChannel().size(); + return new Long(((FileInputStream)stream).getChannel().size()); } catch (IOException e) { - return -1; + return new Long(-1); } } else { try { - return stream.available(); + return new Long(stream.available()); } catch (IOException e) { - return -1; + return new Long(-1); } } } Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java 2010-06-11 10:02:18 UTC (rev 2552) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java 2010-06-11 11:35:31 UTC (rev 2553) @@ -75,36 +75,61 @@ * @throws IOException * if error */ - protected ValueData readValue(File file, int orderNum, int maxBufferSize) throws IOException + protected ValueData readValue(final File file, final int orderNum, final int maxBufferSize) throws IOException { + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + long fileSize = file.length(); - long fileSize = file.length(); - - if (fileSize > maxBufferSize) + if (fileSize > maxBufferSize) + { + return new FilePersistedValueData(orderNum, file); + } + else + { + FileInputStream is = new FileInputStream(file); + try + { + int buffSize = (int)fileSize; + byte[] res = new byte[buffSize]; + int rpos = 0; + int r = -1; + byte[] buff = new byte[IOBUFFER_SIZE > buffSize ? IOBUFFER_SIZE : buffSize]; + while ((r = is.read(buff)) >= 0) + { + System.arraycopy(buff, 0, res, rpos, r); + rpos += r; + } + return new ByteArrayPersistedValueData(orderNum, res); + } + finally + { + is.close(); + } + } + } + }; + try { - return new FilePersistedValueData(orderNum, file); + return (ValueData)AccessController.doPrivileged(action); } - else + catch (PrivilegedActionException pae) { - FileInputStream is = new FileInputStream(file); - try + Throwable cause = pae.getCause(); + if (cause instanceof IOException) { - int buffSize = (int)fileSize; - byte[] res = new byte[buffSize]; - int rpos = 0; - int r = -1; - byte[] buff = new byte[IOBUFFER_SIZE > buffSize ? IOBUFFER_SIZE : buffSize]; - while ((r = is.read(buff)) >= 0) - { - System.arraycopy(buff, 0, res, rpos, r); - rpos += r; - } - return new ByteArrayPersistedValueData(orderNum, res); + throw (IOException)cause; } - finally + else if (cause instanceof RuntimeException) { - is.close(); + throw (RuntimeException)cause; } + else + { + throw new RuntimeException(cause); + } } } @@ -140,16 +165,44 @@ * @throws IOException * if error occurs */ - protected void writeByteArrayValue(File file, ValueData value) throws IOException + protected void writeByteArrayValue(final File file, final ValueData value) throws IOException { - OutputStream out = new FileOutputStream(file); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + OutputStream out = new FileOutputStream(file); + try + { + out.write(value.getAsByteArray()); + } + finally + { + out.close(); + } + + return null; + } + }; try { - out.write(value.getAsByteArray()); + AccessController.doPrivileged(action); } - finally + catch (PrivilegedActionException pae) { - out.close(); + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } } Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-11 10:02:18 UTC (rev 2552) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-11 11:35:31 UTC (rev 2553) @@ -395,7 +395,13 @@ protected File createBLOBTempFile(int sizeInKb) throws IOException { - return createBLOBTempFile("exo_jcr_test_temp_file_", sizeInKb); + System.setSecurityManager(null); + + File file = createBLOBTempFile("exo_jcr_test_temp_file_", sizeInKb); + + System.setSecurityManager(new SecurityManager()); + + return file; } protected File createBLOBTempFile(String prefix, int sizeInKb) throws IOException Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/writing/TestUpdate.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/writing/TestUpdate.java 2010-06-11 10:02:18 UTC (rev 2552) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/writing/TestUpdate.java 2010-06-11 11:35:31 UTC (rev 2553) @@ -61,7 +61,6 @@ Node corrNode = (Node)ws1session.getItem(ws1node.getPath()); File propData = createBLOBTempFile(1024); - propData.deleteOnExit(); InputStream pds = new FileInputStream(propData); try

14 years

1
0
0 / 0

exo-jcr SVN: r2552 - kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure.

by do-not-reply＠jboss.org

Author: natasha.vakulenko Date: 2010-06-11 06:02:18 -0400 (Fri, 11 Jun 2010) New Revision: 2552 Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureList.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureSet.java Removed: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java Log: EXOJCR-770: renamed classes TestSecureCollectionList -> TestSecureList and TestSecureCollectionSet -> TestSecureSet. Removed unnecessary class TestSecurityManager. Deleted: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java 2010-06-11 09:49:45 UTC (rev 2551) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java 2010-06-11 10:02:18 UTC (rev 2552) @@ -1,201 +0,0 @@ -/* - * Copyright (C) 2003-2010 eXo Platform SAS. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Affero General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see<http://www.gnu.org/licenses/>. - */ -package org.exoplatform.commons.utils.secure; - -import java.security.Permission; -import java.security.PrivilegedExceptionAction; -import java.util.List; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.ListIterator; - -/** - * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> - * @version $Revision$ - */ - -public class TestSecureCollectionsList extends AbstractSecureCollectionsTest -{ - private List<String> list = SecureCollections.secureList(new ArrayList<String>(), MODIFY_PERMISSION); - - /** - * establishment of protected list prior to each test - */ - protected void setUp() - { - list = SecureCollections.secureList(new ArrayList<String>(), MODIFY_PERMISSION); - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.add("firstString"); - list.add("secondString"); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - } - } - - /** - * cleaning protected list after each test - */ - - protected void tearDown() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.clear(); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - } - } - - public void testSecureListAddDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.add("string"); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - public void testSecureListAddPermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.add(0, "string"); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureListClearDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.clear(); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - public void testSecureListIteratorPermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - ListIterator<String> it = list.listIterator(); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureListRemoveDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - list.remove(0); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - public void testSecureIteratorPermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - Iterator<String> it = list.iterator(); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } -} Deleted: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java 2010-06-11 09:49:45 UTC (rev 2551) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java 2010-06-11 10:02:18 UTC (rev 2552) @@ -1,199 +0,0 @@ -/* - * Copyright (C) 2003-2010 eXo Platform SAS. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Affero General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see<http://www.gnu.org/licenses/>. - */ -package org.exoplatform.commons.utils.secure; - -import java.security.Permissions; -import java.security.PrivilegedExceptionAction; -import java.util.HashSet; -import java.util.Set; -import java.util.Iterator; - -/** - * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> - * @version $Revision$ - */ - -public class TestSecureCollectionsSet extends AbstractSecureCollectionsTest -{ - private Set<String> set; - - /** - * establishment of protected set prior to each test - */ - protected void setUp() - { - set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION); - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.add("firstString"); - set.add("secondString"); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - } - } - - /** - * cleaning protected set after each test - */ - protected void tearDown() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.clear(); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - } - } - - public void testSecureSetAddPermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.add("string"); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureSetAddDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.add("string"); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - public void testSecureSetRemoveDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.remove(0); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - public void testSecureSetRemovePermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.remove(0); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureSetIteratorPermitted() - { - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - Iterator<String> iterator = set.iterator(); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureSetClearDenied() - { - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.clear(); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } -} Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureList.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureList.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureList.java 2010-06-11 10:02:18 UTC (rev 2552) @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2003-2010 eXo Platform SAS. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see<http://www.gnu.org/licenses/>. + */ +package org.exoplatform.commons.utils.secure; + +import java.security.Permission; +import java.security.PrivilegedExceptionAction; +import java.util.List; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.ListIterator; + +/** + * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> + * @version $Revision$ + */ + +public class TestSecureList extends AbstractSecureCollectionsTest +{ + private List<String> list; + + @Override + protected void setUp() + { + // establishment of protected set prior to each test + list = SecureCollections.secureList(new ArrayList<String>(), MODIFY_PERMISSION); + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add("firstString"); + list.add("secondString"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + @Override + protected void tearDown() + { + // cleaning protected list after each test + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.clear(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + public void testSecureListAddDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add("string"); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureListAddPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add(0, "string"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureListClearDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.clear(); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureListIteratorRemovePermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + ListIterator<String> iterator = list.listIterator(); + iterator.next(); + iterator.remove(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureListRemoveDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.remove(0); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureIteratorPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Iterator<String> it = list.iterator(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureList.java ___________________________________________________________________ Name: svn:eol-style + native Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureSet.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureSet.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureSet.java 2010-06-11 10:02:18 UTC (rev 2552) @@ -0,0 +1,219 @@ +/* + * Copyright (C) 2003-2010 eXo Platform SAS. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see<http://www.gnu.org/licenses/>. + */ +package org.exoplatform.commons.utils.secure; + +import java.security.Permissions; +import java.security.PrivilegedExceptionAction; +import java.util.HashSet; +import java.util.Set; +import java.util.Iterator; + +/** + * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> + * @version $Revision$ + */ + +public class TestSecureSet extends AbstractSecureCollectionsTest +{ + private Set<String> set; + + @Override + protected void setUp() + { + // establishment of protected set prior to each test + set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION); + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("firstString"); + set.add("secondString"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + @Override + protected void tearDown() + { + // cleaning protected set after each test + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.clear(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + public void testSecureSetAddPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("string"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetAddDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("string"); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureSetRemoveDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.remove(0); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureSetRemovePermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.remove(0); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetIteratorPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Iterator<String> iterator = set.iterator(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetIteratorRemovePermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Iterator<String> iterator = set.iterator(); + iterator.next(); + iterator.remove(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetClearDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.clear(); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureSet.java ___________________________________________________________________ Name: svn:eol-style + native Deleted: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java 2010-06-11 09:49:45 UTC (rev 2551) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java 2010-06-11 10:02:18 UTC (rev 2552) @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2003-2010 eXo Platform SAS. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Affero General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see<http://www.gnu.org/licenses/>. - */ -package org.exoplatform.commons.utils.secure; - -import junit.framework.TestCase; - -/** - * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a> - * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ - */ - -public class TestSecutiryManager extends TestCase -{ - - public void testSecurityManagerExists() - { - // check if SM is installed - assertNotNull("Security Manager is not installed", System.getSecurityManager()); - } -}

14 years

1
0
0 / 0

exo-jcr SVN: r2551 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl: dataflow/persistent and 1 other directories.

by do-not-reply＠jboss.org

Author: tolusha Date: 2010-06-11 05:49:45 -0400 (Fri, 11 Jun 2010) New Revision: 2551 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/optimisation/db/GenericCQConnectionFactory.java Log: EXOJCR-756: fixed RepositoryImpl, StreamPersistedValueData, GenericCQConnectionFactory Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-11 09:39:49 UTC (rev 2550) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-11 09:49:45 UTC (rev 2551) @@ -44,6 +44,9 @@ import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -520,8 +523,8 @@ /** * {@inheritDoc} */ - public Session login(Credentials credentials, String workspaceName) throws LoginException, NoSuchWorkspaceException, - RepositoryException + public Session login(final Credentials credentials, String workspaceName) throws LoginException, + NoSuchWorkspaceException, RepositoryException { if (getState() == OFFLINE) @@ -529,13 +532,38 @@ ConversationState state; - if (credentials != null) - state = authenticationPolicy.authenticate(credentials); - else - state = authenticationPolicy.authenticate(); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + if (credentials != null) + return authenticationPolicy.authenticate(credentials); + else + return authenticationPolicy.authenticate(); + } + }; + try + { + state = (ConversationState)AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof LoginException) + { + throw (LoginException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } return internalLogin(state, workspaceName); - } /** Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java 2010-06-11 09:39:49 UTC (rev 2550) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/StreamPersistedValueData.java 2010-06-11 09:49:45 UTC (rev 2551) @@ -27,6 +27,8 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; import javax.jcr.RepositoryException; @@ -180,36 +182,43 @@ @Override public long getLength() { - if (file != null) + PrivilegedAction<Object> action = new PrivilegedAction<Object>() { - return file.length(); - } - else if (tempFile != null) - { - return tempFile.length(); - } - else if (stream instanceof FileInputStream) - { - try + public Object run() { - return ((FileInputStream)stream).getChannel().size(); + if (file != null) + { + return file.length(); + } + else if (tempFile != null) + { + return tempFile.length(); + } + else if (stream instanceof FileInputStream) + { + try + { + return ((FileInputStream)stream).getChannel().size(); + } + catch (IOException e) + { + return -1; + } + } + else + { + try + { + return stream.available(); + } + catch (IOException e) + { + return -1; + } + } } - catch (IOException e) - { - return -1; - } - } - else - { - try - { - return stream.available(); - } - catch (IOException e) - { - return -1; - } - } + }; + return (Long)AccessController.doPrivileged(action); } /** @@ -224,6 +233,7 @@ /** * {@inheritDoc} */ + @Override protected void finalize() throws Throwable { try Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/optimisation/db/GenericCQConnectionFactory.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/optimisation/db/GenericCQConnectionFactory.java 2010-06-11 09:39:49 UTC (rev 2550) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/jdbc/optimisation/db/GenericCQConnectionFactory.java 2010-06-11 09:49:45 UTC (rev 2551) @@ -24,6 +24,9 @@ import org.exoplatform.services.jcr.storage.value.ValueStoragePluginProvider; import java.io.File; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; @@ -155,6 +158,7 @@ /** * {@inheritDoc} */ + @Override public WorkspaceStorageConnection openConnection() throws RepositoryException { return openConnection(false); @@ -163,6 +167,7 @@ /** * {@inheritDoc} */ + @Override public WorkspaceStorageConnection openConnection(boolean readOnly) throws RepositoryException { try @@ -187,21 +192,47 @@ /** * {@inheritDoc} */ + @Override public Connection getJdbcConnection(boolean readOnly) throws RepositoryException { try { - final Connection conn = - dbDataSource != null ? dbDataSource.getConnection() : (dbUserName != null ? DriverManager.getConnection( - dbUrl, dbUserName, dbPassword) : DriverManager.getConnection(dbUrl)); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + return dbDataSource != null ? dbDataSource.getConnection() : (dbUserName != null ? DriverManager + .getConnection(dbUrl, dbUserName, dbPassword) : DriverManager.getConnection(dbUrl)); + } + }; + try + { + final Connection conn = (Connection)AccessController.doPrivileged(action); - if (readOnly) - { - // set this feature only if it asked - conn.setReadOnly(readOnly); + if (readOnly) + { + // set this feature only if it asked + conn.setReadOnly(readOnly); + } + + return conn; } - - return conn; + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof SQLException) + { + throw (SQLException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } } catch (SQLException e) { @@ -215,6 +246,7 @@ /** * {@inheritDoc} */ + @Override public Connection getJdbcConnection() throws RepositoryException { return getJdbcConnection(false);

14 years

1
0
0 / 0

exo-jcr SVN: r2550 - core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security.

by do-not-reply＠jboss.org

Author: nzamosenchuk Date: 2010-06-11 05:39:49 -0400 (Fri, 11 Jun 2010) New Revision: 2550 Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java Log: EXOJCR-777: getAttributesNames() return unmodifiable set now. Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java =================================================================== --- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-11 08:59:52 UTC (rev 2549) +++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-11 09:39:49 UTC (rev 2550) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.security; +import java.util.Collections; import java.util.HashMap; import java.util.Set; @@ -106,11 +107,13 @@ } /** + * Returns unmodifiable set of attribute names. + * * @return all attribute names */ public Set<String> getAttributeNames() { - return attributes.keySet(); + return Collections.unmodifiableSet(attributes.keySet()); } /**

14 years

1
0
0 / 0

exo-jcr SVN: r2549 - kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure.

by do-not-reply＠jboss.org

Author: natasha.vakulenko Date: 2010-06-11 04:59:52 -0400 (Fri, 11 Jun 2010) New Revision: 2549 Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/AbstractSecureCollectionsTest.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java Removed: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java Log: EXOJCR-770: Tests were added to the popular methods of list and set in the files TestSecureCollectionList.java and TestSecureCollectionSet.java. File TestSecureCollection.java was replaced by AbstractSecureCollectionsTest, which contains abstract parent class for previous tests. Test testSecurityManagerExists moved from file TestSecureCollection.java to file SecurityManagerTest.java. Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/AbstractSecureCollectionsTest.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/AbstractSecureCollectionsTest.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/AbstractSecureCollectionsTest.java 2010-06-11 08:59:52 UTC (rev 2549) @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2010 eXo Platform SAS. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.exoplatform.commons.utils.secure; + +import junit.framework.TestCase; + +import java.net.URL; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.CodeSource; +import java.security.Permission; +import java.security.Permissions; +import java.security.PrivilegedExceptionAction; +import java.security.ProtectionDomain; + +/** + * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a> + * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ + */ + +public abstract class AbstractSecureCollectionsTest extends TestCase +{ + // permission for testing purposes + public static final Permission MODIFY_PERMISSION = new RuntimePermission("modifyPermisssion"); + + /** + * Run privileged action with given privileges. + */ + protected <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) + throws Exception + { + Permissions allPermissions = new Permissions(); + for (Permission permission : permissions) + { + if (permission != null) + { + allPermissions.add(permission); + } + } + ProtectionDomain[] protectionDomains = + new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), + (java.security.cert.Certificate[])null), allPermissions)}; + return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); + } + + protected URL getCodeSource() + { + return getClass().getProtectionDomain().getCodeSource().getLocation(); + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/AbstractSecureCollectionsTest.java ___________________________________________________________________ Name: svn:eol-style + native Deleted: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java 2010-06-11 08:50:27 UTC (rev 2548) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java 2010-06-11 08:59:52 UTC (rev 2549) @@ -1,116 +0,0 @@ -/* - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.exoplatform.commons.utils.secure; - -import junit.framework.TestCase; - -import java.net.URL; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.CodeSource; -import java.security.Permission; -import java.security.Permissions; -import java.security.PrivilegedExceptionAction; -import java.security.ProtectionDomain; -import java.util.HashSet; -import java.util.Set; - -/** - * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a> - * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ - * - */ -public class TestSecureCollections extends TestCase -{ - // permission for testing purposes - public static final Permission MODIFY_PERMISSION = new RuntimePermission("modifyPermisssion"); - - public void testSecurityManagerExists() - { - // check if SM is installed - assertNotNull("Security Manager is not installed", System.getSecurityManager()); - } - - public void testSecureSetAddPermitted() - { - final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION); - try - { - // giving MODIFY_PERMISSION - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.add("string"); - return null; - } - }, MODIFY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be permitted."); - } - } - - public void testSecureSetAddDenied() - { - final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION); - try - { - // giving no permissions - doActionWithPermissions(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - set.add("string"); - return null; - } - }); - fail("Modification should be denied."); - } - catch (Exception e) - { - } - } - - /** - * Run privileged action with given privileges. - */ - private <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) - throws Exception - { - Permissions allPermissions = new Permissions(); - for (Permission permission : permissions) - { - if (permission != null) - { - allPermissions.add(permission); - } - } - ProtectionDomain[] protectionDomains = - new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), - (java.security.cert.Certificate[])null), allPermissions)}; - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - - private URL getCodeSource() - { - return getClass().getProtectionDomain().getCodeSource().getLocation(); - } -} Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java 2010-06-11 08:59:52 UTC (rev 2549) @@ -0,0 +1,201 @@ +/* + * Copyright (C) 2003-2010 eXo Platform SAS. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see<http://www.gnu.org/licenses/>. + */ +package org.exoplatform.commons.utils.secure; + +import java.security.Permission; +import java.security.PrivilegedExceptionAction; +import java.util.List; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.ListIterator; + +/** + * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> + * @version $Revision$ + */ + +public class TestSecureCollectionsList extends AbstractSecureCollectionsTest +{ + private List<String> list = SecureCollections.secureList(new ArrayList<String>(), MODIFY_PERMISSION); + + /** + * establishment of protected list prior to each test + */ + protected void setUp() + { + list = SecureCollections.secureList(new ArrayList<String>(), MODIFY_PERMISSION); + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add("firstString"); + list.add("secondString"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + /** + * cleaning protected list after each test + */ + + protected void tearDown() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.clear(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + public void testSecureListAddDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add("string"); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureListAddPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.add(0, "string"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureListClearDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.clear(); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureListIteratorPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + ListIterator<String> it = list.listIterator(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureListRemoveDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + list.remove(0); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureIteratorPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Iterator<String> it = list.iterator(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsList.java ___________________________________________________________________ Name: svn:eol-style + native Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java 2010-06-11 08:59:52 UTC (rev 2549) @@ -0,0 +1,199 @@ +/* + * Copyright (C) 2003-2010 eXo Platform SAS. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see<http://www.gnu.org/licenses/>. + */ +package org.exoplatform.commons.utils.secure; + +import java.security.Permissions; +import java.security.PrivilegedExceptionAction; +import java.util.HashSet; +import java.util.Set; +import java.util.Iterator; + +/** + * @author <a href="mailto:natasha.vakulenko@gmail.com">Natasha Vakulenko</a> + * @version $Revision$ + */ + +public class TestSecureCollectionsSet extends AbstractSecureCollectionsTest +{ + private Set<String> set; + + /** + * establishment of protected set prior to each test + */ + protected void setUp() + { + set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION); + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("firstString"); + set.add("secondString"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + /** + * cleaning protected set after each test + */ + protected void tearDown() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.clear(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + } + } + + public void testSecureSetAddPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("string"); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetAddDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.add("string"); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureSetRemoveDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.remove(0); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } + + public void testSecureSetRemovePermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.remove(0); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetIteratorPermitted() + { + try + { + // giving MODIFY_PERMISSION + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Iterator<String> iterator = set.iterator(); + return null; + } + }, MODIFY_PERMISSION); + } + catch (Exception e) + { + fail("Modification should be permitted."); + } + } + + public void testSecureSetClearDenied() + { + try + { + // giving no permissions + doActionWithPermissions(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + set.clear(); + return null; + } + }); + fail("Modification should be denied."); + } + catch (Exception e) + { + } + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollectionsSet.java ___________________________________________________________________ Name: svn:eol-style + native Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java (rev 0) +++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java 2010-06-11 08:59:52 UTC (rev 2549) @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2003-2010 eXo Platform SAS. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Affero General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see<http://www.gnu.org/licenses/>. + */ +package org.exoplatform.commons.utils.secure; + +import junit.framework.TestCase; + +/** + * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a> + * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ + */ + +public class TestSecutiryManager extends TestCase +{ + + public void testSecurityManagerExists() + { + // check if SM is installed + assertNotNull("Security Manager is not installed", System.getSecurityManager()); + } +} Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecutiryManager.java ___________________________________________________________________ Name: svn:eol-style + native

14 years

1
0
0 / 0

exo-jcr SVN: r2548 - in jcr/trunk/exo.jcr.component.core/src: test/java/org/exoplatform/services/jcr and 1 other directory.

by do-not-reply＠jboss.org

Author: tolusha Date: 2010-06-11 04:50:27 -0400 (Fri, 11 Jun 2010) New Revision: 2548 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/FilePersistedValueData.java jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java Log: EXOJCR-756:remove securityManager before BaseStandalone.tearDown(), fix FilePersistedValueData Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/FilePersistedValueData.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/FilePersistedValueData.java 2010-06-11 08:35:52 UTC (rev 2547) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/dataflow/persistent/FilePersistedValueData.java 2010-06-11 08:50:27 UTC (rev 2548) @@ -36,6 +36,9 @@ import java.nio.channels.Channels; import java.nio.channels.FileChannel; import java.nio.channels.WritableByteChannel; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.jcr.RepositoryException; @@ -86,7 +89,33 @@ */ public InputStream getAsStream() throws IOException { - return new FileInputStream(file); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + return new FileInputStream(file); + } + }; + try + { + return (InputStream)AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } } /** Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-11 08:35:52 UTC (rev 2547) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-11 08:50:27 UTC (rev 2548) @@ -172,6 +172,8 @@ @Override protected void tearDown() throws Exception { + System.setSecurityManager(null); + if (session != null) { try

14 years

1
0
0 / 0

exo-jcr SVN: r2547 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs: operations and 1 other directory.

by do-not-reply＠jboss.org

Author: tolusha Date: 2010-06-11 04:35:52 -0400 (Fri, 11 Jun 2010) New Revision: 2547 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFile.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/WriteValue.java Log: EXOJCR-756: doPrivileged TreeFile, ValueFileIOHelper, WriteValue Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFile.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFile.java 2010-06-11 07:49:26 UTC (rev 2546) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFile.java 2010-06-11 08:35:52 UTC (rev 2547) @@ -23,6 +23,8 @@ import org.exoplatform.services.log.Log; import java.io.File; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * Created by The eXo Platform SAS @@ -54,11 +56,18 @@ @Override public boolean delete() { - boolean res = super.delete(); - if (res) - deleteParent(new File(getParent())); + PrivilegedAction<Object> action = new PrivilegedAction<Object>() + { + public Object run() + { + boolean res = deleteFromSuper(); + if (res) + deleteParent(new File(getParent())); - return res; + return res; + } + }; + return (Boolean)AccessController.doPrivileged(action); } protected boolean deleteParent(File fp) @@ -87,4 +96,9 @@ fLog.warn("Parent can not be a file but found " + fp.getAbsolutePath()); return res; } + + private boolean deleteFromSuper() + { + return super.delete(); + } } Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java 2010-06-11 07:49:26 UTC (rev 2546) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileIOHelper.java 2010-06-11 08:35:52 UTC (rev 2547) @@ -36,6 +36,9 @@ import java.nio.channels.FileChannel; import java.nio.channels.ReadableByteChannel; import java.nio.channels.WritableByteChannel; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; /** * Created by The eXo Platform SAS. @@ -160,52 +163,81 @@ * @throws IOException * if error occurs */ - protected void writeStreamedValue(File file, ValueData value) throws IOException + protected void writeStreamedValue(final File file, final ValueData value) throws IOException { - // stream Value - if (value instanceof StreamPersistedValueData) + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() { - StreamPersistedValueData streamed = (StreamPersistedValueData)value; - - if (streamed.isPersisted()) + public Object run() throws Exception { - // already persisted in another Value, copy it to this Value - copyClose(streamed.getAsStream(), new FileOutputStream(file)); - } - else - { - // the Value not yet persisted, i.e. or in client stream or spooled to a temp file - File tempFile; - if ((tempFile = streamed.getTempFile()) != null) + // do what you want + // stream Value + if (value instanceof StreamPersistedValueData) { - // it's spooled Value, try move its file to VS - if (!tempFile.renameTo(file)) + StreamPersistedValueData streamed = (StreamPersistedValueData)value; + + if (streamed.isPersisted()) { - // not succeeded - copy bytes, temp file will be deleted by transient ValueData - if (LOG.isDebugEnabled()) + // already persisted in another Value, copy it to this Value + copyClose(streamed.getAsStream(), new FileOutputStream(file)); + } + else + { + // the Value not yet persisted, i.e. or in client stream or spooled to a temp file + File tempFile; + if ((tempFile = streamed.getTempFile()) != null) { - LOG - .debug("Value spool file move (rename) to Values Storage is not succeeded. Trying bytes copy. Spool file: " - + tempFile.getAbsolutePath() + ". Destination: " + file.getAbsolutePath()); + // it's spooled Value, try move its file to VS + if (!tempFile.renameTo(file)) + { + // not succeeded - copy bytes, temp file will be deleted by transient ValueData + if (LOG.isDebugEnabled()) + { + LOG + .debug("Value spool file move (rename) to Values Storage is not succeeded. Trying bytes copy. Spool file: " + + tempFile.getAbsolutePath() + ". Destination: " + file.getAbsolutePath()); + } + + copyClose(new FileInputStream(tempFile), new FileOutputStream(file)); + } } + else + { + // not spooled, use client InputStream + copyClose(streamed.getStream(), new FileOutputStream(file)); + } - copyClose(new FileInputStream(tempFile), new FileOutputStream(file)); + // link this Value to file in VS + streamed.setPersistedFile(file); } } else { - // not spooled, use client InputStream - copyClose(streamed.getStream(), new FileOutputStream(file)); + // copy from Value stream to the file, e.g. from FilePersistedValueData to this Value + copyClose(value.getAsStream(), new FileOutputStream(file)); } - // link this Value to file in VS - streamed.setPersistedFile(file); + return null; } + }; + try + { + AccessController.doPrivileged(action); } - else + catch (PrivilegedActionException pae) { - // copy from Value stream to the file, e.g. from FilePersistedValueData to this Value - copyClose(value.getAsStream(), new FileOutputStream(file)); + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } } Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/WriteValue.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/WriteValue.java 2010-06-11 07:49:26 UTC (rev 2546) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/WriteValue.java 2010-06-11 08:35:52 UTC (rev 2547) @@ -24,6 +24,9 @@ import java.io.File; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; /** * Created by The eXo Platform SAS. @@ -97,9 +100,37 @@ if (fileLock != null) try { - // be sure the destination dir exists (case for Tree-style storage) - file.getParentFile().mkdirs(); + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + // be sure the destination dir exists (case for Tree-style storage) + file.getParentFile().mkdirs(); + return null; + } + }; + try + { + AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + // write value to the file writeValue(file, value); }

14 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

exo-jcr-commits June 2010