exo-jcr SVN: r2546 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs: operations and 1 other directory.
by do-not-reply@jboss.org
Author: tolusha
Date: 2010-06-11 03:49:26 -0400 (Fri, 11 Jun 2010)
New Revision: 2546
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java
Log:
EXOJCR-756: doPrivileged TreeFileIOChannel & ValueFileOperation
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java 2010-06-11 07:38:35 UTC (rev 2545)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java 2010-06-11 07:49:26 UTC (rev 2546)
@@ -77,6 +77,10 @@
{
throw (IOException)cause;
}
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
else
{
throw new RuntimeException(cause);
@@ -87,14 +91,40 @@
@Override
protected File[] getFiles(final String propertyId) throws IOException
{
- final File dir = new File(rootDir.getAbsolutePath() + buildPath(propertyId));
- String[] fileNames = dir.list();
- File[] files = new File[fileNames.length];
- for (int i = 0; i < fileNames.length; i++)
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
{
- files[i] = new TreeFile(dir.getAbsolutePath() + File.separator + fileNames[i], cleaner, rootDir);
+ public Object run() throws Exception
+ {
+ final File dir = new File(rootDir.getAbsolutePath() + buildPath(propertyId));
+ String[] fileNames = dir.list();
+ File[] files = new File[fileNames.length];
+ for (int i = 0; i < fileNames.length; i++)
+ {
+ files[i] = new TreeFile(dir.getAbsolutePath() + File.separator + fileNames[i], cleaner, rootDir);
+ }
+ return files;
+ }
+ };
+ try
+ {
+ return (File[])AccessController.doPrivileged(action);
}
- return files;
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
protected String buildPath(String fileName)
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java 2010-06-11 07:38:35 UTC (rev 2545)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/operations/ValueFileOperation.java 2010-06-11 07:49:26 UTC (rev 2546)
@@ -30,6 +30,9 @@
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
* Created by The eXo Platform SAS.
@@ -121,14 +124,40 @@
*/
public void lock() throws IOException
{
- // lock file in temp directory
- lockFile = new File(tempDir, targetFile.getName() + LOCK_FILE_EXTENSION);
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ // lock file in temp directory
+ lockFile = new File(tempDir, targetFile.getName() + LOCK_FILE_EXTENSION);
- FileOutputStream lout = new FileOutputStream(lockFile, true);
- lout.write(operationInfo.getBytes()); // TODO write info
- lout.getChannel().lock(); // wait for unlock (on Windows will wait for this JVM too)
+ FileOutputStream lout = new FileOutputStream(lockFile, true);
+ lout.write(operationInfo.getBytes()); // TODO write info
+ lout.getChannel().lock(); // wait for unlock (on Windows will wait for this JVM too)
- lockFileStream = lout;
+ return lout;
+ }
+ };
+ try
+ {
+ lockFileStream = (FileOutputStream)AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
/**
@@ -151,14 +180,43 @@
*/
public void unlock() throws IOException
{
- if (lockFileStream != null)
- lockFileStream.close();
- if (!lockFile.delete())
- { // TODO don't use FileCleaner, delete should be enough
- LOG.warn("Cannot delete lock file " + lockFile.getAbsolutePath() + ". Add to the FileCleaner");
- cleaner.addFile(lockFile);
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ if (lockFileStream != null)
+ lockFileStream.close();
+
+ if (!lockFile.delete())
+ { // TODO don't use FileCleaner, delete should be enough
+ LOG.warn("Cannot delete lock file " + lockFile.getAbsolutePath() + ". Add to the FileCleaner");
+ cleaner.addFile(lockFile);
+ }
+
+ return null;
+ }
+ };
+ try
+ {
+ AccessController.doPrivileged(action);
}
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
}
14 years
exo-jcr SVN: r2545 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs.
by do-not-reply@jboss.org
Author: tolusha
Date: 2010-06-11 03:38:35 -0400 (Fri, 11 Jun 2010)
New Revision: 2545
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java
Log:
EXOJCR-756: doPrivileged() TreeFileIOChannel
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java 2010-06-11 07:33:56 UTC (rev 2544)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/storage/value/fs/TreeFileIOChannel.java 2010-06-11 07:38:35 UTC (rev 2545)
@@ -23,6 +23,9 @@
import java.io.File;
import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.concurrent.Semaphore;
/**
@@ -52,10 +55,33 @@
@Override
protected File getFile(final String propertyId, final int orderNumber) throws IOException
{
- final TreeFile tfile =
- new TreeFile(rootDir.getAbsolutePath() + makeFilePath(propertyId, orderNumber), cleaner, rootDir);
- mkdirs(tfile.getParentFile()); // make dirs on path
- return tfile;
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ final TreeFile tfile =
+ new TreeFile(rootDir.getAbsolutePath() + makeFilePath(propertyId, orderNumber), cleaner, rootDir);
+ mkdirs(tfile.getParentFile()); // make dirs on path
+
+ return tfile;
+ }
+ };
+ try
+ {
+ return (File)AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
@Override
14 years
exo-jcr SVN: r2544 - core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security.
by do-not-reply@jboss.org
Author: nzamosenchuk
Date: 2010-06-11 03:33:56 -0400 (Fri, 11 Jun 2010)
New Revision: 2544
Modified:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
Log:
EXOJCR-777: added check on attribute remove.
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-11 07:04:44 UTC (rev 2543)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-11 07:33:56 UTC (rev 2544)
@@ -120,6 +120,7 @@
*/
public void removeAttribute(String name)
{
+ checkPermissions();
this.attributes.remove(name);
}
14 years
exo-jcr SVN: r2543 - in jcr/trunk/exo.jcr.component.core: src/main/java/org/exoplatform/services/jcr/impl/core/value and 3 other directories.
by do-not-reply@jboss.org
Author: tolusha
Date: 2010-06-11 03:04:44 -0400 (Fri, 11 Jun 2010)
New Revision: 2543
Modified:
jcr/trunk/exo.jcr.component.core/pom.xml
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/value/ValueFactoryImpl.java
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java
jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy
Log:
EXOJCR-756: set policy
Modified: jcr/trunk/exo.jcr.component.core/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-11 07:04:44 UTC (rev 2543)
@@ -374,7 +374,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <argLine>-Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <argLine>${env.MAVEN_OPTS}</argLine>
<systemProperties>
<property>
<name>jcr.test.configuration.file</name>
@@ -544,7 +544,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <!-- TAKE CARE TO UPDATE ALSO run-all PROFILE -->
+ <!-- TAKE CARE TO UPDATE ALSO run-all PROFILE -->
<argLine>${env.MAVEN_OPTS}</argLine>
<systemProperties>
<property>
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/value/ValueFactoryImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/value/ValueFactoryImpl.java 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/value/ValueFactoryImpl.java 2010-06-11 07:04:44 UTC (rev 2543)
@@ -40,6 +40,8 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Calendar;
import javax.jcr.Node;
@@ -77,7 +79,15 @@
this.locationFactory = locationFactory;
this.fileCleaner = cleanerHolder.getFileCleaner();
- this.tempDirectory = new File(System.getProperty("java.io.tmpdir"));
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ tempDirectory = new File(System.getProperty("java.io.tmpdir"));
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
// TODO we use WorkspaceDataContainer constants but is it ok?
this.maxBufferSize =
@@ -88,8 +98,17 @@
public ValueFactoryImpl(LocationFactory locationFactory)
{
this.locationFactory = locationFactory;
- this.tempDirectory = new File(System.getProperty("java.io.tmpdir"));
this.maxBufferSize = WorkspaceDataContainer.DEF_MAXBUFFERSIZE;
+
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ tempDirectory = new File(System.getProperty("java.io.tmpdir"));
+ return null;
+ }
+ };
+ AccessController.doPrivileged(action);
}
/**
Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/BaseStandaloneTest.java 2010-06-11 07:04:44 UTC (rev 2543)
@@ -19,6 +19,7 @@
package org.exoplatform.services.jcr;
import junit.framework.TestCase;
+import sun.security.provider.PolicyFile;
import org.exoplatform.container.StandaloneContainer;
import org.exoplatform.services.jcr.config.WorkspaceEntry;
@@ -41,6 +42,7 @@
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
+import java.security.Policy;
import java.util.Random;
import javax.jcr.Node;
@@ -101,8 +103,11 @@
}
}
+ @Override
public void setUp() throws Exception
{
+ System.setSecurityManager(null);
+
String configPath = System.getProperty("jcr.test.configuration.file");
if (configPath == null)
{
@@ -157,8 +162,14 @@
(WorkspaceFileCleanerHolder)wsc.getComponent(WorkspaceFileCleanerHolder.class);
fileCleaner = wfcleaner.getFileCleaner();
holder = new ReaderSpoolFileHolder();
+
+ URL url = Thread.currentThread().getContextClassLoader().getResource("test.policy");
+ Policy.setPolicy(new PolicyFile(url));
+
+ System.setSecurityManager(new SecurityManager());
}
+ @Override
protected void tearDown() throws Exception
{
if (session != null)
Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-11 07:04:44 UTC (rev 2543)
@@ -42,13 +42,16 @@
public abstract class BaseSecurityTest extends BaseStandaloneTest
{
+ @Override
public void setUp() throws Exception
{
super.setUp();
+
SecurityManager security = System.getSecurityManager();
assertNotNull("SecurityManager must be ON.", security);
}
+ @Override
public String getRepositoryName()
{
return "db1";
@@ -141,11 +144,13 @@
protected static final PermissionCollection ALL = new PermissionCollection()
{
+ @Override
public boolean implies(Permission permission)
{
return true;
}
+ @Override
public Enumeration<Permission> elements()
{
return new Enumeration<Permission>()
@@ -165,6 +170,7 @@
};
}
+ @Override
public void add(Permission permission)
{
}
Modified: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java 2010-06-11 07:04:44 UTC (rev 2543)
@@ -43,7 +43,6 @@
repository.getSystemSession();
return null;
}
-
};
try
{
@@ -51,6 +50,7 @@
}
catch (AccessControlException ace)
{
+ ace.printStackTrace();
fail("Must be able get system session. We are under static permissions");
}
catch (Throwable t)
@@ -168,6 +168,7 @@
}
catch (AccessControlException ace)
{
+ ace.printStackTrace();
fail("Must be able config workspace. We are under static permissions");
}
catch (Throwable t)
@@ -232,6 +233,7 @@
}
catch (AccessControlException ace)
{
+ ace.printStackTrace();
fail("Must be able create workspace. We are under static permissions");
}
catch (Throwable t)
Modified: jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy 2010-06-10 13:39:04 UTC (rev 2542)
+++ jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy 2010-06-11 07:04:44 UTC (rev 2543)
@@ -1,5 +1,13 @@
-// configure static permissions here
-grant {
- permission java.security.AllPermission;
+grant codeBase "file:/home/tolusha/java/exo-jcr/jcr/trunk/exo.jcr.component.core/target/classes/-"{
+ permission java.security.AllPermission;
};
-
\ No newline at end of file
+
+grant codeBase "file:/home/tolusha/java/exo-dependencies/repository/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:/home/tolusha/java/exo-jcr/jcr/trunk/exo.jcr.component.core/target/test-classes/-"{
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.lang.RuntimePermission "getJCRSystemSession";
+ permission java.lang.RuntimePermission "manageRepository";
+};
14 years
exo-jcr SVN: r2542 - in core/trunk/exo.core.component.security.core: src/main/java/org/exoplatform/services/security and 1 other directories.
by do-not-reply@jboss.org
Author: nzamosenchuk
Date: 2010-06-10 09:39:04 -0400 (Thu, 10 Jun 2010)
New Revision: 2542
Added:
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
Modified:
core/trunk/exo.core.component.security.core/
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
Log:
EXOJCR-770: Removing setSubject permission, only single ModifyIdentity is now present.
EXOJCR-767: Adding the test, adding check for attribute modification.
Property changes on: core/trunk/exo.core.component.security.core
___________________________________________________________________
Name: svn:ignore
+ .project
.classpath
target
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-10 12:48:48 UTC (rev 2541)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -31,8 +31,6 @@
public class ConversationState
{
- private static final RuntimePermission SET_CURRENT_STATE_PERMISSION = new RuntimePermission("setCurrentState");
-
/**
* "subject".
*/
@@ -74,12 +72,7 @@
*/
public static void setCurrent(ConversationState state)
{
- SecurityManager security = System.getSecurityManager();
- if (security != null)
- {
- security.checkPermission(SET_CURRENT_STATE_PERMISSION);
- }
-
+ checkPermissions();
current.set(state);
}
@@ -99,7 +92,7 @@
*/
public void setAttribute(String name, Object value)
{
- // TODO : need check is it allowed to set any attributes
+ checkPermissions();
this.attributes.put(name, value);
}
@@ -130,4 +123,15 @@
this.attributes.remove(name);
}
+ /**
+ * Checks if modification allowed
+ */
+ private static void checkPermissions()
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ }
}
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10 12:48:48 UTC (rev 2541)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -202,7 +202,7 @@
SecurityManager security = System.getSecurityManager();
if (security != null)
{
- security.checkPermission(PermissionConstants.SET_SUBJECT_PERMISSION);
+ security.checkPermission(PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
this.subject = subject;
}
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java 2010-06-10 12:48:48 UTC (rev 2541)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -26,8 +26,15 @@
public class PermissionConstants
{
- public static final RuntimePermission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
-
+ /**
+ * Permission to modify {@link Identity}
+ */
public static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
+ /**
+ * Permission to modify Conversation state
+ */
+ public static final RuntimePermission MODIFY_CONVERSATION_STATE_PERMISSION =
+ new RuntimePermission("modifyConversationState");
+
}
Modified: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java 2010-06-10 12:48:48 UTC (rev 2541)
+++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -37,11 +37,6 @@
*/
public abstract class BaseSecurityTest extends TestCase
{
-
- public static final Permission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
- public static final Permission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
- public static final Permission ALL_PERMISSION = new AllPermission();
-
/**
*
*/
Modified: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java 2010-06-10 12:48:48 UTC (rev 2541)
+++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -41,7 +41,7 @@
}
/**
- * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testModifyRolesWithPermissions()
{
@@ -54,7 +54,7 @@
getIdentity().getRoles().clear();
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -63,7 +63,7 @@
}
/**
- * Check that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testSetRolesWithPermissions()
{
@@ -76,7 +76,7 @@
getIdentity().setRoles(new HashSet<String>());
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -85,7 +85,7 @@
}
/**
- * Check that modification is denied if no permission given
+ * Checks that modification is denied if no permission given
*/
public void testModifyRolesWithNoPermissions()
{
@@ -108,7 +108,7 @@
}
/**
- * Check that setRoles is denied if no permission given
+ * Checks that setRoles is denied if no permission given
*/
public void testSetWithRolesNoPermissions()
{
@@ -131,7 +131,7 @@
}
/**
- * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testModifyMembershipsWithPermissions()
{
@@ -144,7 +144,7 @@
getIdentity().getMemberships().clear();
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -153,7 +153,7 @@
}
/**
- * Check that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given
+ * Checks that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given
*/
public void testSetMembershipsWithPermissions()
{
@@ -167,7 +167,7 @@
getIdentity().setMemberships(new HashSet<MembershipEntry>());
return null;
}
- }, MODIFY_IDENTITY_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -176,7 +176,7 @@
}
/**
- * Check that modification is denied if no permission given
+ * Checks that modification is denied if no permission given
*/
public void testModifyMembershipsWithNoPermissions()
{
@@ -199,7 +199,7 @@
}
/**
- * Check that setMemberships is denied if no permission given
+ * Checks that setMemberships is denied if no permission given
*/
public void testSetWithMembershipsNoPermissions()
{
@@ -223,7 +223,7 @@
}
/**
- * Check setSubject is permitted with "setSubject" permission
+ * Checks setSubject is permitted with "setSubject" permission
*/
public void testSubjectWithSetSubjectPermissions()
{
@@ -236,7 +236,7 @@
getIdentity().setSubject(new Subject());
return null;
}
- }, SET_SUBJECT_PERMISSION);
+ }, PermissionConstants.MODIFY_IDENTITY_PERMISSION);
}
catch (Exception e)
{
@@ -245,7 +245,7 @@
}
/**
- * Check setSubject is denied without "setSubject" permission
+ * Checks setSubject is denied without "setSubject" permission
*/
public void testSubjectWithNoPermissions()
{
@@ -269,6 +269,7 @@
/**
* Creates dummy Identity for testing purposes
+ *
* @return
*/
private Identity getIdentity()
Added: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java 2010-06-10 13:39:04 UTC (rev 2542)
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security;
+
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: TestStatePermissions.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class TestStatePermissions extends BaseSecurityTest
+{
+ private ConversationState state;
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Collection<MembershipEntry> memberships = null;
+
+ memberships = new ArrayList<MembershipEntry>();
+ memberships.add(new MembershipEntry("/group1", "*"));
+ memberships.add(new MembershipEntry("/group2", "member"));
+
+ Identity identity = new Identity("user", memberships);
+ state = new ConversationState(identity);
+ }
+
+ /**
+ * Checks that modification is permitted
+ */
+ public void testStateSetCurrentWithPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ ConversationState.setCurrent(state);
+ ConversationState.setCurrent(null);
+ return null;
+ }
+ }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Checks that modification is denied if no permission given
+ */
+ public void testStateSetCurrentWithNoPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ ConversationState.setCurrent(state);
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Checks that modification is permitted
+ */
+ public void testStateSetAttributeWithPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ state.setAttribute("attribute", "value");
+ return null;
+ }
+ }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Checks that modification is denied if no permission given
+ */
+ public void testStateSetAttributeWithNoPermission()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ state.setAttribute("attribute", "value");
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+}
Property changes on: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
14 years
exo-jcr SVN: r2541 - in core/trunk/exo.core.component.security.core: src/main/java/org/exoplatform/services/security and 2 other directories.
by do-not-reply@jboss.org
Author: nzamosenchuk
Date: 2010-06-10 08:48:48 -0400 (Thu, 10 Jun 2010)
New Revision: 2541
Added:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
core/trunk/exo.core.component.security.core/src/test/resources/test.policy
Modified:
core/trunk/exo.core.component.security.core/pom.xml
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
Log:
EXOJCR-770 : Added test for Identity security and Identity changed using SecureSet from KERNEL project.
Modified: core/trunk/exo.core.component.security.core/pom.xml
===================================================================
--- core/trunk/exo.core.component.security.core/pom.xml 2010-06-10 10:05:24 UTC (rev 2540)
+++ core/trunk/exo.core.component.security.core/pom.xml 2010-06-10 12:48:48 UTC (rev 2541)
@@ -1,25 +1,17 @@
-<!--
- Copyright (C) 2009 eXo Platform SAS.
+ <!--
- This is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as
- published by the Free Software Foundation; either version 2.1 of
- the License, or (at your option) any later version.
+ Copyright (C) 2009 eXo Platform SAS. This is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version. This software is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU
+ Lesser General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51
+ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- This software is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this software; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -53,7 +45,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
- </dependency>
+ </dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
@@ -61,6 +53,15 @@
</dependencies>
<build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>-Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ </plugins>
<testResources>
<testResource>
<directory>src/test/java</directory>
@@ -75,6 +76,7 @@
<include>**/*.properties</include>
<include>**/*.xml</include>
<include>**/login.conf</include>
+ <include>**/test.policy</include>
</includes>
</testResource>
</testResources>
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10 10:05:24 UTC (rev 2540)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-10 12:48:48 UTC (rev 2541)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.services.security;
+import org.exoplatform.commons.utils.secure.SecureCollections;
+
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
@@ -38,10 +40,6 @@
public class Identity
{
- private static final RuntimePermission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
-
- private static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
-
/**
* User's identifier.
*/
@@ -50,7 +48,7 @@
/**
* Memberships.
*/
- private Set<MembershipEntry> memberships;
+ private final Set<MembershipEntry> memberships;
/**
* javax.security.auth.Subject can be used for logout process. <code>
@@ -63,7 +61,7 @@
/**
* User's roles.
*/
- private Collection<String> roles;
+ private final Set<String> roles;
/**
* @param userId the iser's identifier.
@@ -90,8 +88,11 @@
public Identity(String userId, Collection<MembershipEntry> memberships, Collection<String> roles)
{
this.userId = userId;
- this.memberships = new SecureSet<MembershipEntry>(memberships);
- this.roles = new SecureSet<String>(roles);
+ this.memberships =
+ SecureCollections.secureSet(new HashSet<MembershipEntry>(memberships),
+ PermissionConstants.MODIFY_IDENTITY_PERMISSION);
+ this.roles =
+ SecureCollections.secureSet(new HashSet<String>(roles), PermissionConstants.MODIFY_IDENTITY_PERMISSION);;
}
/**
@@ -154,7 +155,8 @@
@Deprecated
public void setMemberships(Collection<MembershipEntry> memberships)
{
- this.memberships = new SecureSet<MembershipEntry>(memberships);
+ this.memberships.clear();
+ this.memberships.addAll(memberships);
}
/**
@@ -172,7 +174,8 @@
*/
public void setRoles(Collection<String> roles)
{
- this.roles = new SecureSet<String>(roles);
+ this.roles.clear();
+ this.roles.addAll(roles);
}
/**
@@ -199,7 +202,7 @@
SecurityManager security = System.getSecurityManager();
if (security != null)
{
- security.checkPermission(SET_SUBJECT_PERMISSION);
+ security.checkPermission(PermissionConstants.SET_SUBJECT_PERMISSION);
}
this.subject = subject;
}
@@ -214,151 +217,4 @@
{
return memberships.contains(checkMe);
}
-
- private static class SecureSet<T> implements Set<T>
- {
-
- final Set<T> set;
-
- SecureSet()
- {
- this.set = new HashSet<T>();
- }
-
- SecureSet(Collection<T> set)
- {
- this.set = new HashSet<T>(set);
- }
-
- public boolean add(T e)
- {
- checkPermission();
- return set.add(e);
- }
-
- public boolean addAll(Collection<? extends T> elements)
- {
- if (elements == null)
- {
- throw new NullPointerException();
- }
- checkPermission();
- set.addAll(elements);
- return elements.size() > 0;
- }
-
- public void clear()
- {
- checkPermission();
- set.clear();
- }
-
- public boolean contains(Object o)
- {
- return set.contains(o);
- }
-
- public boolean containsAll(Collection<?> coll)
- {
- return set.containsAll(coll);
- }
-
- @Override
- public boolean equals(Object o)
- {
- return o == this || set.equals(o);
- }
-
- @Override
- public int hashCode()
- {
- return set.hashCode();
- }
-
- public boolean isEmpty()
- {
- return set.isEmpty();
- }
-
- public Iterator<T> iterator()
- {
- return new Iterator<T>()
- {
- Iterator<? extends T> i = set.iterator();
-
- public boolean hasNext()
- {
- return i.hasNext();
- }
-
- public T next()
- {
- return i.next();
- }
-
- public void remove()
- {
- checkPermission();
- i.remove();
- }
- };
- }
-
- public boolean remove(Object o)
- {
- checkPermission();
- return set.remove(o);
- }
-
- public boolean removeAll(Collection<?> pds)
- {
- if (pds == null)
- {
- throw new NullPointerException();
- }
- checkPermission();
- return set.removeAll(pds);
- }
-
- public boolean retainAll(Collection<?> pds)
- {
- if (pds == null)
- {
- throw new NullPointerException();
- }
- checkPermission();
- return set.retainAll(pds);
- }
-
- public int size()
- {
- return set.size();
- }
-
- public Object[] toArray()
- {
- return set.toArray();
- }
-
- public <T> T[] toArray(T[] a)
- {
- return set.toArray(a);
- }
-
- @Override
- public String toString()
- {
- return set.toString();
- }
-
- protected void checkPermission()
- {
- SecurityManager security = System.getSecurityManager();
- if (security != null)
- {
- security.checkPermission(MODIFY_IDENTITY_PERMISSION);
- }
- }
- }
-
-}
+}
\ No newline at end of file
Added: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java 2010-06-10 12:48:48 UTC (rev 2541)
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: PermissionConstants.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class PermissionConstants
+{
+
+ public static final RuntimePermission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
+
+ public static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
+
+}
Property changes on: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/PermissionConstants.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java 2010-06-10 12:48:48 UTC (rev 2541)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security;
+
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: BaseSecurityTest.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public abstract class BaseSecurityTest extends TestCase
+{
+
+ public static final Permission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
+ public static final Permission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
+ public static final Permission ALL_PERMISSION = new AllPermission();
+
+ /**
+ *
+ */
+ public BaseSecurityTest()
+ {
+ super();
+ }
+
+ /**
+ * @param name
+ */
+ public BaseSecurityTest(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Run privileged action with given privileges.
+ */
+ public <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception
+ {
+ Permissions allPermissions = new Permissions();
+ for (Permission permission : permissions)
+ {
+ if (permission != null)
+ {
+ allPermissions.add(permission);
+ }
+ }
+ ProtectionDomain[] protectionDomains =
+ new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
+ (java.security.cert.Certificate[])null), allPermissions)};
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+
+ protected URL getCodeSource()
+ {
+ return getClass().getProtectionDomain().getCodeSource().getLocation();
+ }
+
+}
\ No newline at end of file
Property changes on: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java 2010-06-10 12:48:48 UTC (rev 2541)
@@ -0,0 +1,286 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security;
+
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+
+import javax.security.auth.Subject;
+
+/**
+ * Test used to check whether SecurityManager related features are working properly.
+ *
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: TestPermissions.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class TestIdentityPermissions extends BaseSecurityTest
+{
+
+ public void testSecurityManagerExists()
+ {
+ assertNotNull(System.getSecurityManager());
+ }
+
+ /**
+ * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ */
+ public void testModifyRolesWithPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().getRoles().clear();
+ return null;
+ }
+ }, MODIFY_IDENTITY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Check that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given
+ */
+ public void testSetRolesWithPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().setRoles(new HashSet<String>());
+ return null;
+ }
+ }, MODIFY_IDENTITY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Check that modification is denied if no permission given
+ */
+ public void testModifyRolesWithNoPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().getRoles().clear();
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Check that setRoles is denied if no permission given
+ */
+ public void testSetWithRolesNoPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().setRoles(new HashSet<String>());
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Check that modification is permitted if MODIFY_IDENTITY_PERMISSION given
+ */
+ public void testModifyMembershipsWithPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().getMemberships().clear();
+ return null;
+ }
+ }, MODIFY_IDENTITY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Check that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given
+ */
+ public void testSetMembershipsWithPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ @SuppressWarnings("deprecation")
+ public Object run() throws Exception
+ {
+ getIdentity().setMemberships(new HashSet<MembershipEntry>());
+ return null;
+ }
+ }, MODIFY_IDENTITY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Check that modification is denied if no permission given
+ */
+ public void testModifyMembershipsWithNoPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().getMemberships().clear();
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Check that setMemberships is denied if no permission given
+ */
+ public void testSetWithMembershipsNoPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ @SuppressWarnings("deprecation")
+ public Object run() throws Exception
+ {
+ getIdentity().setMemberships(new HashSet<MembershipEntry>());
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // it's ok
+ }
+ }
+
+ /**
+ * Check setSubject is permitted with "setSubject" permission
+ */
+ public void testSubjectWithSetSubjectPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().setSubject(new Subject());
+ return null;
+ }
+ }, SET_SUBJECT_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be successfull, since it is launched with required permissions.");
+ }
+ }
+
+ /**
+ * Check setSubject is denied without "setSubject" permission
+ */
+ public void testSubjectWithNoPermissions()
+ {
+ try
+ {
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ getIdentity().setSubject(new Subject());
+ return null;
+ }
+ });
+ fail("Modification should be denied");
+ }
+ catch (Exception e)
+ {
+ // ok
+ }
+ }
+
+ /**
+ * Creates dummy Identity for testing purposes
+ * @return
+ */
+ private Identity getIdentity()
+ {
+ Collection<MembershipEntry> memberships = null;
+
+ memberships = new ArrayList<MembershipEntry>();
+ memberships.add(new MembershipEntry("/group1", "*"));
+ memberships.add(new MembershipEntry("/group2", "member"));
+
+ final Identity identity = new Identity("user", memberships);
+ return identity;
+ }
+
+}
Property changes on: core/trunk/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: core/trunk/exo.core.component.security.core/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/resources/test.policy (rev 0)
+++ core/trunk/exo.core.component.security.core/src/test/resources/test.policy 2010-06-10 12:48:48 UTC (rev 2541)
@@ -0,0 +1,5 @@
+// configure static permissions here
+grant {
+ permission java.security.AllPermission;
+};
+
\ No newline at end of file
14 years
exo-jcr SVN: r2540 - in kernel/trunk/exo.kernel.commons: src/main/java/org/exoplatform/commons/utils and 4 other directories.
by do-not-reply@jboss.org
Author: nzamosenchuk
Date: 2010-06-10 06:05:24 -0400 (Thu, 10 Jun 2010)
New Revision: 2540
Added:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/
kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
Modified:
kernel/trunk/exo.kernel.commons/pom.xml
Log:
EXOJCR-770 : extracting SecureSet class into KERNEL project. Added SecureList and test for secure collections.
Modified: kernel/trunk/exo.kernel.commons/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.commons/pom.xml 2010-06-10 10:00:28 UTC (rev 2539)
+++ kernel/trunk/exo.kernel.commons/pom.xml 2010-06-10 10:05:24 UTC (rev 2540)
@@ -1,25 +1,17 @@
-<!--
- Copyright (C) 2009 eXo Platform SAS.
+ <!--
- This is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as
- published by the Free Software Foundation; either version 2.1 of
- the License, or (at your option) any later version.
+ Copyright (C) 2009 eXo Platform SAS. This is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version. This software is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU
+ Lesser General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51
+ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- This software is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this software; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -57,4 +49,26 @@
<scope>compile</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>-Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ </plugins>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/test.policy</include>
+ </includes>
+ </testResource>
+ </testResources>
+ </build>
+
</project>
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.Permission;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureCollections.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureCollections
+{
+ /**
+ * Creates {@link SecureSet}, which will require given {@link Permission} for it's modification
+ *
+ * @param <E>
+ * @param set
+ * Base List instance
+ * @param permission
+ * Required permission
+ * @return
+ */
+ public static <E> Set<E> secureSet(Set<E> set, Permission permission)
+ {
+ return new SecureSet<E>(set, permission);
+ }
+
+ /**
+ * Creates {@link SecureList}, which will require given {@link Permission} for it's modification
+ *
+ * @param <E>
+ * @param list
+ * Base list instance
+ * @param permission
+ * Required permission
+ * @return
+ */
+ public static <E> List<E> secureList(List<E> list, Permission permission)
+ {
+ return new SecureList<E>(list, permission);
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureCollections.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,286 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.AllPermission;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ListIterator;
+
+/**
+ * SecureList is a wrapper over given List instance providing additional security check.
+ * To be able to modify this list, invoking code must have permission given in SecureList's
+ * constructor or {@link AllPermission}.
+ *
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureList.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureList<E> implements List<E>
+{
+
+ // base list
+ private final List<E> list;
+
+ // required permission
+ private final Permission permission;
+
+ public SecureList(Permission permission)
+ {
+ super();
+ this.list = new ArrayList<E>();
+ this.permission = permission;
+ }
+
+ public SecureList(List<E> list, Permission permission)
+ {
+ super();
+ this.list = list;
+ this.permission = permission;
+ }
+
+ public void add(int index, E pd)
+ {
+ checkPermissions();
+ list.add(index, pd);
+ }
+
+ public boolean add(E pd)
+ {
+ checkPermissions();
+ return list.add(pd);
+ }
+
+ public boolean addAll(Collection<? extends E> pds)
+ {
+ checkPermissions();
+ return list.addAll(pds);
+ }
+
+ public boolean addAll(int index, Collection<? extends E> pds)
+ {
+ checkPermissions();
+ return list.addAll(index, pds);
+ }
+
+ public void clear()
+ {
+ checkPermissions();
+ list.clear();
+ }
+
+ public boolean contains(Object o)
+ {
+ return list.contains(o);
+ }
+
+ public boolean containsAll(Collection<?> coll)
+ {
+ return list.containsAll(coll);
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ return o == this || list.equals(o);
+ }
+
+ public E get(int index)
+ {
+ return list.get(index);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return list.hashCode();
+ }
+
+ public int indexOf(Object o)
+ {
+ return list.indexOf(o);
+ }
+
+ public boolean isEmpty()
+ {
+ return list.isEmpty();
+ }
+
+ public Iterator<E> iterator()
+ {
+ return new Iterator<E>()
+ {
+ Iterator<? extends E> i = list.iterator();
+
+ public boolean hasNext()
+ {
+ return i.hasNext();
+ }
+
+ public E next()
+ {
+ return i.next();
+ }
+
+ public void remove()
+ {
+ checkPermissions();
+ i.remove();
+ }
+ };
+ }
+
+ public int lastIndexOf(Object o)
+ {
+ return list.lastIndexOf(o);
+ }
+
+ public ListIterator<E> listIterator()
+ {
+ return listIterator(0);
+ }
+
+ public ListIterator<E> listIterator(final int index)
+ {
+ return new ListIterator<E>()
+ {
+ ListIterator<E> li = list.listIterator(index);
+
+ public void add(E pd)
+ {
+ checkPermissions();
+ li.add(pd);
+ }
+
+ public boolean hasNext()
+ {
+ return li.hasNext();
+ }
+
+ public boolean hasPrevious()
+ {
+ return li.hasPrevious();
+ }
+
+ public E next()
+ {
+ return li.next();
+ }
+
+ public int nextIndex()
+ {
+ return li.nextIndex();
+ }
+
+ public E previous()
+ {
+ return li.previous();
+ }
+
+ public int previousIndex()
+ {
+ return li.previousIndex();
+ }
+
+ public void remove()
+ {
+ checkPermissions();
+ li.remove();
+ }
+
+ public void set(E pd)
+ {
+ checkPermissions();
+ li.set(pd);
+ }
+ };
+ }
+
+ public E remove(int index)
+ {
+ checkPermissions();
+ return list.remove(index);
+ }
+
+ public boolean remove(Object o)
+ {
+ checkPermissions();
+ return list.remove(o);
+ }
+
+ public boolean removeAll(Collection<?> pds)
+ {
+ checkPermissions();
+ return list.removeAll(pds);
+ }
+
+ public boolean retainAll(Collection<?> pds)
+ {
+ checkPermissions();
+ return list.retainAll(pds);
+ }
+
+ public E set(int index, E pd)
+ {
+ checkPermissions();
+ return list.set(index, pd);
+ }
+
+ public int size()
+ {
+ return list.size();
+ }
+
+ public List<E> subList(int fromIndex, int toIndex)
+ {
+ return new SecureList<E>(list.subList(fromIndex, toIndex), permission);
+ }
+
+ public Object[] toArray()
+ {
+ return list.toArray();
+ }
+
+ public <T> T[] toArray(T[] a)
+ {
+ return list.toArray(a);
+ }
+
+ @Override
+ public String toString()
+ {
+ return list.toString();
+ }
+
+ /**
+ * Checks if code has a permission
+ */
+ private void checkPermissions()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission(permission);
+ }
+ }
+
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureList.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import java.security.AllPermission;
+import java.security.Permission;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * SecureSet is a wrapper over given Set instance providing additional security check.
+ * To be able to modify set, invoking code must have the same permission as given in SecureSet's
+ * constructor or {@link AllPermission}.
+ *
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: SecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class SecureSet<E> implements Set<E>
+{
+
+ // base set
+ private final Set<E> set;
+
+ // required permission
+ private final Permission permission;
+
+ /**
+ * Constructs a SecureSet using new {@link HashSet} inside.
+ * @param permission
+ * Permission that will be required for modificaiton.
+ */
+ public SecureSet(Permission permission)
+ {
+ super();
+ this.set = new HashSet<E>();
+ this.permission = permission;
+ }
+
+ /**
+ * Constructs a SecureSet using new given {@link Set} instance.
+ * @param set
+ * Set, to be based on
+ * @param permission
+ * Permission that will be required for modificaiton.
+ */
+ public SecureSet(Set<E> set, Permission permission)
+ {
+ super();
+ this.set = set;
+ this.permission = permission;
+ }
+
+ public boolean add(E e)
+ {
+ checkPermission();
+ return set.add(e);
+ }
+
+ public boolean addAll(Collection<? extends E> elements)
+ {
+ checkPermission();
+ return set.addAll(elements);
+ }
+
+ public void clear()
+ {
+ checkPermission();
+ set.clear();
+ }
+
+ public boolean contains(Object o)
+ {
+ return set.contains(o);
+ }
+
+ public boolean containsAll(Collection<?> coll)
+ {
+ return set.containsAll(coll);
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ return o == this || set.equals(o);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return set.hashCode();
+ }
+
+ public boolean isEmpty()
+ {
+ return set.isEmpty();
+ }
+
+ public Iterator<E> iterator()
+ {
+ return new Iterator<E>()
+ {
+ Iterator<? extends E> i = set.iterator();
+
+ public boolean hasNext()
+ {
+ return i.hasNext();
+ }
+
+ public E next()
+ {
+ return i.next();
+ }
+
+ public void remove()
+ {
+ checkPermission();
+ i.remove();
+ }
+ };
+ }
+
+ public boolean remove(Object o)
+ {
+ checkPermission();
+ return set.remove(o);
+ }
+
+ public boolean removeAll(Collection<?> pds)
+ {
+ checkPermission();
+ return set.removeAll(pds);
+ }
+
+ public boolean retainAll(Collection<?> pds)
+ {
+ checkPermission();
+ return set.retainAll(pds);
+ }
+
+ public int size()
+ {
+ return set.size();
+ }
+
+ public Object[] toArray()
+ {
+ return set.toArray();
+ }
+
+ public <T> T[] toArray(T[] a)
+ {
+ return set.toArray(a);
+ }
+
+ @Override
+ public String toString()
+ {
+ return set.toString();
+ }
+
+ /**
+ * Checks if code has a permission
+ */
+ private void checkPermission()
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(permission);
+ }
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/secure/SecureSet.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
===================================================================
--- kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils.secure;
+
+import junit.framework.TestCase;
+
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:nikolazius@gmail.com">Nikolay Zamosenchuk</a>
+ * @version $Id: TestSecureSet.java 34360 2009-07-22 23:58:59Z nzamosenchuk $
+ *
+ */
+public class TestSecureCollections extends TestCase
+{
+ // permission for testing purposes
+ public static final Permission MODIFY_PERMISSION = new RuntimePermission("modifyPermisssion");
+
+ public void testSecurityManagerExists()
+ {
+ // check if SM is installed
+ assertNotNull("Security Manager is not installed", System.getSecurityManager());
+ }
+
+ public void testSecureSetAddPermitted()
+ {
+ final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION);
+ try
+ {
+ // giving MODIFY_PERMISSION
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ set.add("string");
+ return null;
+ }
+ }, MODIFY_PERMISSION);
+ }
+ catch (Exception e)
+ {
+ fail("Modification should be permitted.");
+ }
+ }
+
+ public void testSecureSetAddDenied()
+ {
+ final Set<String> set = SecureCollections.secureSet(new HashSet<String>(), MODIFY_PERMISSION);
+ try
+ {
+ // giving no permissions
+ doActionWithPermissions(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ set.add("string");
+ return null;
+ }
+ });
+ fail("Modification should be denied.");
+ }
+ catch (Exception e)
+ {
+ }
+ }
+
+ /**
+ * Run privileged action with given privileges.
+ */
+ private <T> T doActionWithPermissions(PrivilegedExceptionAction<T> action, Permission... permissions)
+ throws Exception
+ {
+ Permissions allPermissions = new Permissions();
+ for (Permission permission : permissions)
+ {
+ if (permission != null)
+ {
+ allPermissions.add(permission);
+ }
+ }
+ ProtectionDomain[] protectionDomains =
+ new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
+ (java.security.cert.Certificate[])null), allPermissions)};
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+
+ private URL getCodeSource()
+ {
+ return getClass().getProtectionDomain().getCodeSource().getLocation();
+ }
+}
Property changes on: kernel/trunk/exo.kernel.commons/src/test/java/org/exoplatform/commons/utils/secure/TestSecureCollections.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: kernel/trunk/exo.kernel.commons/src/test/resources/test.policy
===================================================================
--- kernel/trunk/exo.kernel.commons/src/test/resources/test.policy (rev 0)
+++ kernel/trunk/exo.kernel.commons/src/test/resources/test.policy 2010-06-10 10:05:24 UTC (rev 2540)
@@ -0,0 +1,5 @@
+// configure static permissions here
+grant {
+ permission java.security.AllPermission;
+};
+
\ No newline at end of file
14 years
exo-jcr SVN: r2539 - jcr/trunk/exo.jcr.connectors.localadapter/src/main/rar/META-INF.
by do-not-reply@jboss.org
Author: dkatayev
Date: 2010-06-10 06:00:28 -0400 (Thu, 10 Jun 2010)
New Revision: 2539
Modified:
jcr/trunk/exo.jcr.connectors.localadapter/src/main/rar/META-INF/ra.xml
Log:
EXOJCR-751 fix version of ra.xml version
Modified: jcr/trunk/exo.jcr.connectors.localadapter/src/main/rar/META-INF/ra.xml
===================================================================
--- jcr/trunk/exo.jcr.connectors.localadapter/src/main/rar/META-INF/ra.xml 2010-06-10 09:53:22 UTC (rev 2538)
+++ jcr/trunk/exo.jcr.connectors.localadapter/src/main/rar/META-INF/ra.xml 2010-06-10 10:00:28 UTC (rev 2539)
@@ -25,7 +25,7 @@
<display-name>JCR repository</display-name>
<vendor-name>exoplatform</vendor-name>
<eis-type />
- <resourceadapter-version>1.12.2-GA</resourceadapter-version>
+ <resourceadapter-version>1.14.0-Beta01-SNAPSHOT</resourceadapter-version>
<license>
<license-required>false</license-required>
</license>
14 years
exo-jcr SVN: r2538 - jcr/trunk/docs/reference/en/src/main/docbook/en-US/modules/ws.
by do-not-reply@jboss.org
Author: dkatayev
Date: 2010-06-10 05:53:22 -0400 (Thu, 10 Jun 2010)
New Revision: 2538
Modified:
jcr/trunk/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml
Log:
EXOJCR-731 SNAPSHOT removed from projects versions
Modified: jcr/trunk/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml
===================================================================
--- jcr/trunk/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml 2010-06-10 09:52:49 UTC (rev 2537)
+++ jcr/trunk/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml 2010-06-10 09:53:22 UTC (rev 2538)
@@ -36,8 +36,8 @@
</itemizedlist>
<para>In this article we consider RESTful service compatible with JSR-311
- specification. Currently last feature available in version 1.11-SNAPSHOT
- of JCR, 2.0-SNAPSHOT of WS and version 2.1.4-SNAPSHOT of core.</para>
+ specification. Currently last feature available in version 1.11 of JCR,
+ 2.0 of WS and version 2.1.4 of core.</para>
</section>
<section>
14 years
exo-jcr SVN: r2537 - jcr/tags/1.12.2-GA/docs/reference/en/src/main/docbook/en-US/modules/ws.
by do-not-reply@jboss.org
Author: dkatayev
Date: 2010-06-10 05:52:49 -0400 (Thu, 10 Jun 2010)
New Revision: 2537
Modified:
jcr/tags/1.12.2-GA/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml
Log:
EXOJCR-731 SNAPSHOT removed from projects versions
Modified: jcr/tags/1.12.2-GA/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml
===================================================================
--- jcr/tags/1.12.2-GA/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml 2010-06-10 09:48:10 UTC (rev 2536)
+++ jcr/tags/1.12.2-GA/docs/reference/en/src/main/docbook/en-US/modules/ws/groovy-scripts-as-rest-services.xml 2010-06-10 09:52:49 UTC (rev 2537)
@@ -36,8 +36,8 @@
</itemizedlist>
<para>In this article we consider RESTful service compatible with JSR-311
- specification. Currently last feature available in version 1.11-SNAPSHOT
- of JCR, 2.0-SNAPSHOT of WS and version 2.1.4-SNAPSHOT of core.</para>
+ specification. Currently last feature available in version 1.11 of JCR,
+ 2.0 of WS and version 2.1.4 of core.</para>
</section>
<section>
14 years