[exo-jcr-commits] exo-jcr SVN: r3419 - in kernel/trunk: exo.kernel.commons and 10 other directories.

Author: tolusha Date: 2010-11-10 05:55:16 -0500 (Wed, 10 Nov 2010) New Revision: 3419 Modified: kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java kernel/trunk/exo.kernel.commons/pom.xml kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/MimeTypeResolver.java kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java kernel/trunk/exo.kernel.component.cache/pom.xml kernel/trunk/exo.kernel.component.command/pom.xml kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommandService.java kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommonsXMLConfigurationPlugin.java kernel/trunk/exo.kernel.component.common/pom.xml kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml kernel/trunk/exo.kernel.container/pom.xml kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManagerImpl.java kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml kernel/trunk/pom.xml Log: EXOJCR-986: Enable SecurityManager by default Modified: kernel/trunk/exo.kernel.commons/pom.xml =================================================================== --- kernel/trunk/exo.kernel.commons/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.commons/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -49,7 +49,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> </dependencies> Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/MimeTypeResolver.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/MimeTypeResolver.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/MimeTypeResolver.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -19,6 +19,7 @@ package org.exoplatform.commons.utils; import java.io.IOException; +import java.security.PrivilegedExceptionAction; import java.util.Iterator; import java.util.Properties; @@ -33,7 +34,14 @@ { try { - mimeTypes.load(getClass().getResourceAsStream("mimetypes.properties")); + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + mimeTypes.load(getClass().getResourceAsStream("mimetypes.properties")); + return null; + } + }); } catch (IOException e) { Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -142,6 +142,39 @@ } /** + * Launches action in privileged mode. Can throw only ParserConfigurationException. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedParserConfigurationAction(PrivilegedExceptionAction<E> action) + throws ParserConfigurationException + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof ParserConfigurationException) + { + throw (ParserConfigurationException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } + + /** * Launches action in privileged mode. Can throw only SAXException. * * @param <E> Modified: kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java =================================================================== --- kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.commons.test/src/main/java/org/exoplatform/commons/test/TestSecurityManager.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -55,17 +55,13 @@ if (className.startsWith("org.exoplatform")) { - // hide Exception during JCR initialization - if (fileName.equals("BaseStandaloneTest.java")) - { - return; - } - // known tests classes if (fileName.startsWith("Test") || fileName.endsWith("Test.java") || fileName.endsWith("TestBase.java") || fileName.endsWith("TestCase.java") || fileName.equals("Probe.java") || fileName.equals("ExportBase.java") - || fileName.equals("AbstractTestContainer.java") || fileName.equals("ContainerBuilder.java")) + || fileName.equals("AbstractTestContainer.java") || fileName.equals("ContainerBuilder.java") + || fileName.equals("WorkspaceStorageCacheBaseCase.java") + || fileName.equals("ExoRepositoryStub.java")) { testCode = true; } @@ -76,14 +72,9 @@ } else if (className.startsWith("org.apache.jackrabbit.test")) { - // Allow access to instances - if (fileName.equals("RepositoryHelper.java")) + if (fileName.endsWith("Test.java") || fileName.equals("JCRTestResult.java") + || fileName.equals("RepositoryHelper.java") || fileName.equals("RepositoryStub.java")) { - return; - } - - if (fileName.endsWith("Test.java") || fileName.equals("JCRTestResult.java")) - { testCode = true; } } @@ -99,7 +90,13 @@ } // Only for debug purpose - // se.printStackTrace(); + // if (!se + // .getMessage() + // .equals( + // "access denied (java.lang.RuntimePermission accessClassInPackage.com.sun.xml.internal.bind.v2.runtime.reflect)")) + // { + // se.printStackTrace(); + // } throw se; } } Modified: kernel/trunk/exo.kernel.component.cache/pom.xml =================================================================== --- kernel/trunk/exo.kernel.component.cache/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.cache/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -49,7 +49,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>org.slf4j</groupId> Modified: kernel/trunk/exo.kernel.component.command/pom.xml =================================================================== --- kernel/trunk/exo.kernel.component.command/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.command/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -45,7 +45,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>commons-chain</groupId> Modified: kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommandService.java =================================================================== --- kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommandService.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommandService.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -28,6 +28,10 @@ import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Iterator; /** @@ -51,8 +55,14 @@ { this.catalogFactory = CatalogFactoryBase.getInstance(); - ConfigParser parser = new ConfigParser(); - this.digester = parser.getDigester(); + final ConfigParser parser = new ConfigParser(); + this.digester = AccessController.doPrivileged(new PrivilegedAction<Digester>() + { + public Digester run() + { + return parser.getDigester(); + } + }); } public void addPlugin(ComponentPlugin plugin) @@ -79,14 +89,45 @@ * @throws IOException * @throws SAXException */ - public void putCatalog(InputStream xml) throws IOException, SAXException + public void putCatalog(final InputStream xml) throws IOException, SAXException { // ConfigParser parser = new ConfigParser(); // Prepare our Digester instance // Digester digester = parser.getDigester(); digester.clear(); - digester.parse(xml); + try + { + AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + digester.parse(xml); + return null; + } + }); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof SAXException) + { + throw (SAXException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + // parser.getDigester().parse(xml); } Modified: kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommonsXMLConfigurationPlugin.java =================================================================== --- kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommonsXMLConfigurationPlugin.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.command/src/main/java/org/exoplatform/services/command/impl/CommonsXMLConfigurationPlugin.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -27,6 +27,9 @@ import org.exoplatform.services.log.Log; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; /** * Created by The eXo Platform SAS.<br/> The plugin for configuring @@ -50,18 +53,34 @@ ValueParam confFile = params.getValueParam("config-file"); if (confFile != null) { - String path = confFile.getValue(); - ConfigParser parser = new ConfigParser(); + final String path = confFile.getValue(); + final ConfigParser parser = new ConfigParser(); // may work for StandaloneContainer - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - URL res = cl.getResource(path); + + URL res = AccessController.doPrivileged(new PrivilegedAction<URL>() + { + public URL run() + { + return Thread.currentThread().getContextClassLoader().getResource(path); + } + }); + // for PortalContainer if (res == null) res = configurationManager.getResource(path); if (res == null) throw new Exception("Resource not found " + path); log.info("Catalog configuration found at " + res); - parser.parse(res); + + final URL fRes = res; + AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + parser.parse(fRes); + return null; + } + }); } } Modified: kernel/trunk/exo.kernel.component.common/pom.xml =================================================================== --- kernel/trunk/exo.kernel.component.common/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.common/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -49,7 +49,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>javax.activation</groupId> Modified: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml =================================================================== --- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -40,7 +40,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>org.exoplatform.kernel</groupId> @@ -59,8 +58,6 @@ <artifactId>slf4j-log4j12</artifactId> </dependency> </dependencies> - - <build> <plugins> <plugin> Modified: kernel/trunk/exo.kernel.container/pom.xml =================================================================== --- kernel/trunk/exo.kernel.container/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.container/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -25,7 +25,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>org.exoplatform.tool</groupId> Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManagerImpl.java =================================================================== --- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManagerImpl.java 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/ConfigurationManagerImpl.java 2010-11-10 10:55:16 UTC (rev 3419) @@ -18,6 +18,7 @@ */ package org.exoplatform.container.configuration; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.xml.Component; import org.exoplatform.container.xml.Configuration; import org.exoplatform.container.xml.Deserializer; @@ -28,6 +29,8 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; +import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.Collections; import java.util.Iterator; @@ -294,13 +297,20 @@ public InputStream getInputStream(String uri) throws Exception { - URL url = getURL(uri); + final URL url = getURL(uri); if (url == null) { throw new IOException("Resource (" + uri + ") could not be found or the invoker doesn't have adequate privileges to get the resource"); } - return url.openStream(); + + return SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<InputStream>() + { + public InputStream run() throws Exception + { + return url.openStream(); + } + }); } public URL getURL(String url) throws Exception @@ -308,7 +318,7 @@ return getURL(scontext_, url); } - private URL getURL(ServletContext context, String url) throws Exception + private URL getURL(final ServletContext context, String url) throws Exception { if (url == null) { @@ -316,22 +326,41 @@ } else if (url.startsWith("jar:")) { - String path = removePrefix("jar:/", url); - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - return cl.getResource(path); + final String path = removePrefix("jar:/", url); + final ClassLoader cl = Thread.currentThread().getContextClassLoader(); + return SecurityHelper.doPriviledgedAction(new PrivilegedAction<URL>() + { + public URL run() + { + return cl.getResource(path); + } + }); } else if (url.startsWith("classpath:")) { - String path = removePrefix("classpath:/", url); - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - return cl.getResource(path); + final String path = removePrefix("classpath:/", url); + final ClassLoader cl = Thread.currentThread().getContextClassLoader(); + return SecurityHelper.doPriviledgedAction(new PrivilegedAction<URL>() + { + public URL run() + { + return cl.getResource(path); + } + }); } else if (url.startsWith("war:")) { String path = removePrefix("war:", url); if (context != null) { - return context.getResource(WAR_CONF_LOCATION + path); + final String fPath = path; + return SecurityHelper.doPriviledgedMalformedURLExceptionAction(new PrivilegedExceptionAction<URL>() + { + public URL run() throws Exception + { + return context.getResource(WAR_CONF_LOCATION + fPath); + } + }); } if (scontextClassLoader_ != null) { @@ -340,7 +369,14 @@ // The ClassLoader doesn't support the first "/" path = path.substring(1); } - return scontextClassLoader_.getResource(path); + final String fPath = path; + return SecurityHelper.doPriviledgedAction(new PrivilegedAction<URL>() + { + public URL run() + { + return scontextClassLoader_.getResource(fPath); + } + }); } throw new Exception("unsupport war uri in this configuration service"); } Modified: kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml =================================================================== --- kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/exo.kernel.mc-integration/exo.kernel.mc-int-tests/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -27,7 +27,6 @@ <dependency> <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> - <scope>test</scope> </dependency> <dependency> <groupId>org.exoplatform.kernel</groupId> Modified: kernel/trunk/pom.xml =================================================================== --- kernel/trunk/pom.xml 2010-11-10 09:34:27 UTC (rev 3418) +++ kernel/trunk/pom.xml 2010-11-10 10:55:16 UTC (rev 3419) @@ -81,6 +81,7 @@ <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons.test</artifactId> <version>${project.version}</version> + <scope>test</scope> </dependency> <dependency> <groupId>org.exoplatform.kernel</groupId>