Author: tolusha
Date: 2010-10-29 05:00:31 -0400 (Fri, 29 Oct 2010)
New Revision: 3364
Modified:
kernel/trunk/exo.kernel.commons/pom.xml
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java
Log:
EXOJCR-986: Enable SecurityManager by default
Modified: kernel/trunk/exo.kernel.commons/pom.xml
===================================================================
--- kernel/trunk/exo.kernel.commons/pom.xml 2010-10-29 07:11:50 UTC (rev 3363)
+++ kernel/trunk/exo.kernel.commons/pom.xml 2010-10-29 09:00:31 UTC (rev 3364)
@@ -60,7 +60,6 @@
<directory>src/test/resources</directory>
<includes>
<include>**/*.properties</include>
- <include>**/test.policy</include>
</includes>
</testResource>
</testResources>
Modified:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java
===================================================================
---
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -394,9 +394,9 @@
*/
public static void deleteOnExit(final File file)
{
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
file.deleteOnExit();
return null;
Modified:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java
===================================================================
---
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.commons.utils;
+import java.io.InputStream;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties;
@@ -74,9 +76,9 @@
*/
public static void setProperty(final String key, final String value)
{
- PrivilegedAction<String> action = new PrivilegedAction<String>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public String run()
+ public Void run()
{
System.setProperty(key, value);
return null;
@@ -103,4 +105,43 @@
};
return AccessController.doPrivileged(action);
}
+
+ /**
+ * Get resource in privileged mode.
+ *
+ * @param key
+ * @param def
+ * @return
+ */
+ public static URL getResource(final String name)
+ {
+ PrivilegedAction<URL> action = new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ return Thread.currentThread().getContextClassLoader().getResource(name);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get resource as stream in privileged mode.
+ *
+ * @param key
+ * @param def
+ * @return
+ */
+ public static InputStream getResourceAsStream(final String name)
+ {
+ PrivilegedAction<InputStream> action = new
PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ return
Thread.currentThread().getContextClassLoader().getResourceAsStream(name);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+
}
Modified:
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java
===================================================================
---
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -18,13 +18,18 @@
*/
package org.exoplatform.commons.utils;
+import org.xml.sax.SAXException;
+
import java.io.IOException;
+import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.sql.SQLException;
+import javax.xml.parsers.ParserConfigurationException;
+
/**
* Helps running code in privileged
*
@@ -100,6 +105,108 @@
}
/**
+ * Launches action in privileged mode. Can throw only ParserConfigurationException,
SAXException.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ * @throws IOException
+ */
+ public static <E> E
doPriviledgedParserConfigurationOrSAXExceptionAction(PrivilegedExceptionAction<E>
action)
+ throws ParserConfigurationException, SAXException
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof ParserConfigurationException)
+ {
+ throw (ParserConfigurationException)cause;
+ }
+ else if (cause instanceof SAXException)
+ {
+ throw (SAXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Launches action in privileged mode. Can throw only SAXException.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ * @throws IOException
+ */
+ public static <E> E
doPriviledgedSAXExceptionAction(PrivilegedExceptionAction<E> action) throws
SAXException
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof SAXException)
+ {
+ throw (SAXException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
+ * Launches action in privileged mode. Can throw only SAXException.
+ *
+ * @param <E>
+ * @param action
+ * @return
+ * @throws IOException
+ */
+ public static <E> E
doPriviledgedMalformedURLExceptionAction(PrivilegedExceptionAction<E> action)
+ throws MalformedURLException
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof MalformedURLException)
+ {
+ throw (MalformedURLException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
+ }
+
+ /**
* Launches action in privileged mode. Can throw only runtime exceptions.
*
* @param <E>
Modified:
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java
===================================================================
---
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -45,9 +45,9 @@
*/
public static <K, V> void start(final Cache<K, V> cache)
{
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
cache.start();
return null;
@@ -63,9 +63,9 @@
*/
public static <K, V> void stop(final Cache<K, V> cache)
{
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
cache.stop();
return null;
@@ -81,9 +81,9 @@
*/
public static <K, V> void create(final Cache<K, V> cache)
{
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
cache.create();
return null;
@@ -99,9 +99,9 @@
*/
public static <K, V> void endBatch(final Cache<K, V> cache, final boolean
successful)
{
- PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ PrivilegedAction<Void> action = new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
cache.endBatch(successful);
return null;
Modified:
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java
===================================================================
---
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -19,6 +19,7 @@
package org.exoplatform.container;
import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.configuration.ConfigurationException;
import org.exoplatform.container.configuration.ConfigurationManager;
import org.exoplatform.container.configuration.ConfigurationManagerImpl;
@@ -35,6 +36,7 @@
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.PrivilegedExceptionAction;
import java.util.List;
/**
@@ -199,11 +201,19 @@
* @param path, path to configuration file
* @throws MalformedURLException if path is wrong
*/
- public static void addConfigurationPath(String path) throws MalformedURLException
+ public static void addConfigurationPath(final String path) throws
MalformedURLException
{
if ((path == null) || (path.length() == 0))
return;
- URL confURL = new File(path).toURI().toURL();
+
+ URL confURL = SecurityHelper.doPriviledgedMalformedURLExceptionAction(new
PrivilegedExceptionAction<URL>()
+ {
+ public URL run() throws Exception
+ {
+ return new File(path).toURI().toURL();
+ }
+ });
+
configurationURL = fileExists(confURL) ? confURL : null;
}
@@ -305,11 +315,18 @@
return smanager_;
}
- private static boolean fileExists(URL url)
+ private static boolean fileExists(final URL url)
{
try
{
- url.openStream().close();
+ SecurityHelper.doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ url.openStream().close();
+ return null;
+ }
+ });
return true;
}
catch (Exception e)
@@ -331,16 +348,29 @@
// or
if (configurationURL == null)
{
- J2EEServerInfo env = new J2EEServerInfo();
+ final J2EEServerInfo env = new J2EEServerInfo();
// (2) exo-configuration.xml in AS (standalone) home directory
- configurationURL = (new File(env.getServerHome() +
"/exo-configuration.xml")).toURI().toURL();
+ configurationURL =
+ SecurityHelper.doPriviledgedMalformedURLExceptionAction(new
PrivilegedExceptionAction<URL>()
+ {
+ public URL run() throws Exception
+ {
+ return (new File(env.getServerHome() +
"/exo-configuration.xml")).toURI().toURL();
+ }
+ });
// (3) AS_HOME/conf/exo-conf (JBossAS usecase)
if (!fileExists(configurationURL))
{
configurationURL =
- (new File(env.getExoConfigurationDirectory() +
"/exo-configuration.xml")).toURI().toURL();
+ SecurityHelper.doPriviledgedMalformedURLExceptionAction(new
PrivilegedExceptionAction<URL>()
+ {
+ public URL run() throws Exception
+ {
+ return (new File(env.getExoConfigurationDirectory() +
"/exo-configuration.xml")).toURI().toURL();
+ }
+ });
}
// (4) conf/exo-configuration.xml in war/ear(?)
Modified:
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java
===================================================================
---
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -55,8 +55,7 @@
else if (uri.startsWith("classpath:"))
{
String path = removePrefix("classpath:/", uri);
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
- return cl.getResource(path);
+ return PrivilegedSystemHelper.getResource(path);
}
else if (uri.startsWith("war:"))
{
Modified:
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java
===================================================================
---
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java 2010-10-29
07:11:50 UTC (rev 3363)
+++
kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java 2010-10-29
09:00:31 UTC (rev 3364)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.container.jmx;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.component.ComponentLifecycle;
import org.exoplatform.container.component.ComponentPlugin;
@@ -31,6 +32,7 @@
import org.picocontainer.defaults.AbstractComponentAdapter;
import java.lang.reflect.Method;
+import java.security.PrivilegedExceptionAction;
import java.util.List;
/**
@@ -134,7 +136,7 @@
return instance_;
}
- private void addComponentPlugin(boolean debug, Object component,
+ private void addComponentPlugin(boolean debug, final Object component,
List<org.exoplatform.container.xml.ComponentPlugin> plugins, ExoContainer
container) throws Exception
{
if (plugins == null)
@@ -150,15 +152,24 @@
cplugin.setDescription(plugin.getDescription());
Class clazz = component.getClass();
- Method m = getSetMethod(clazz, plugin.getSetMethod(), pluginClass);
+ final Method m = getSetMethod(clazz, plugin.getSetMethod(), pluginClass);
if (m == null)
{
log.error("Cannot find the method '" + plugin.getSetMethod()
+ "' that has only one parameter of type '"
+ pluginClass.getName() + "' in the class '" +
clazz.getName() + "'.");
continue;
}
- Object[] params = {cplugin};
- m.invoke(component, params);
+ final Object[] params = {cplugin};
+
+ SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ m.invoke(component, params);
+ return null;
+ }
+ });
+
if (debug)
log.debug("==> add component plugin: " + cplugin);