Author: tolusha Date: 2010-10-29 05:00:31 -0400 (Fri, 29 Oct 2010) New Revision: 3364 Modified: kernel/trunk/exo.kernel.commons/pom.xml kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java Log: EXOJCR-986: Enable SecurityManager by default Modified: kernel/trunk/exo.kernel.commons/pom.xml =================================================================== --- kernel/trunk/exo.kernel.commons/pom.xml 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.commons/pom.xml 2010-10-29 09:00:31 UTC (rev 3364) @@ -60,7 +60,6 @@ <directory>src/test/resources</directory> <includes> <include>**/*.properties</include> - <include>**/test.policy</include> </includes> </testResource> </testResources> Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedFileHelper.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -394,9 +394,9 @@ */ public static void deleteOnExit(final File file) { - PrivilegedAction<Object> action = new PrivilegedAction<Object>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Object run() + public Void run() { file.deleteOnExit(); return null; Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/PrivilegedSystemHelper.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -18,6 +18,8 @@ */ package org.exoplatform.commons.utils; +import java.io.InputStream; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Properties; @@ -74,9 +76,9 @@ */ public static void setProperty(final String key, final String value) { - PrivilegedAction<String> action = new PrivilegedAction<String>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public String run() + public Void run() { System.setProperty(key, value); return null; @@ -103,4 +105,43 @@ }; return AccessController.doPrivileged(action); } + + /** + * Get resource in privileged mode. + * + * @param key + * @param def + * @return + */ + public static URL getResource(final String name) + { + PrivilegedAction<URL> action = new PrivilegedAction<URL>() + { + public URL run() + { + return Thread.currentThread().getContextClassLoader().getResource(name); + } + }; + return AccessController.doPrivileged(action); + } + + /** + * Get resource as stream in privileged mode. + * + * @param key + * @param def + * @return + */ + public static InputStream getResourceAsStream(final String name) + { + PrivilegedAction<InputStream> action = new PrivilegedAction<InputStream>() + { + public InputStream run() + { + return Thread.currentThread().getContextClassLoader().getResourceAsStream(name); + } + }; + return AccessController.doPrivileged(action); + } + } Modified: kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java =================================================================== --- kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.commons/src/main/java/org/exoplatform/commons/utils/SecurityHelper.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -18,13 +18,18 @@ */ package org.exoplatform.commons.utils; +import org.xml.sax.SAXException; + import java.io.IOException; +import java.net.MalformedURLException; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.sql.SQLException; +import javax.xml.parsers.ParserConfigurationException; + /** * Helps running code in privileged * @@ -100,6 +105,108 @@ } /** + * Launches action in privileged mode. Can throw only ParserConfigurationException, SAXException. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedParserConfigurationOrSAXExceptionAction(PrivilegedExceptionAction<E> action) + throws ParserConfigurationException, SAXException + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof ParserConfigurationException) + { + throw (ParserConfigurationException)cause; + } + else if (cause instanceof SAXException) + { + throw (SAXException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } + + /** + * Launches action in privileged mode. Can throw only SAXException. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedSAXExceptionAction(PrivilegedExceptionAction<E> action) throws SAXException + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof SAXException) + { + throw (SAXException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } + + /** + * Launches action in privileged mode. Can throw only SAXException. + * + * @param <E> + * @param action + * @return + * @throws IOException + */ + public static <E> E doPriviledgedMalformedURLExceptionAction(PrivilegedExceptionAction<E> action) + throws MalformedURLException + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof MalformedURLException) + { + throw (MalformedURLException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + } + + /** * Launches action in privileged mode. Can throw only runtime exceptions. * * @param <E> Modified: kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java =================================================================== --- kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.component.ext.cache.impl.jboss.v3/src/main/java/org/exoplatform/services/cache/impl/jboss/util/PrivilegedCacheHelper.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -45,9 +45,9 @@ */ public static <K, V> void start(final Cache<K, V> cache) { - PrivilegedAction<Object> action = new PrivilegedAction<Object>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Object run() + public Void run() { cache.start(); return null; @@ -63,9 +63,9 @@ */ public static <K, V> void stop(final Cache<K, V> cache) { - PrivilegedAction<Object> action = new PrivilegedAction<Object>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Object run() + public Void run() { cache.stop(); return null; @@ -81,9 +81,9 @@ */ public static <K, V> void create(final Cache<K, V> cache) { - PrivilegedAction<Object> action = new PrivilegedAction<Object>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Object run() + public Void run() { cache.create(); return null; @@ -99,9 +99,9 @@ */ public static <K, V> void endBatch(final Cache<K, V> cache, final boolean successful) { - PrivilegedAction<Object> action = new PrivilegedAction<Object>() + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Object run() + public Void run() { cache.endBatch(successful); return null; Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java =================================================================== --- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/StandaloneContainer.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -19,6 +19,7 @@ package org.exoplatform.container; import org.exoplatform.commons.utils.PrivilegedSystemHelper; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.configuration.ConfigurationException; import org.exoplatform.container.configuration.ConfigurationManager; import org.exoplatform.container.configuration.ConfigurationManagerImpl; @@ -35,6 +36,7 @@ import java.io.File; import java.net.MalformedURLException; import java.net.URL; +import java.security.PrivilegedExceptionAction; import java.util.List; /** @@ -199,11 +201,19 @@ * @param path, path to configuration file * @throws MalformedURLException if path is wrong */ - public static void addConfigurationPath(String path) throws MalformedURLException + public static void addConfigurationPath(final String path) throws MalformedURLException { if ((path == null) || (path.length() == 0)) return; - URL confURL = new File(path).toURI().toURL(); + + URL confURL = SecurityHelper.doPriviledgedMalformedURLExceptionAction(new PrivilegedExceptionAction<URL>() + { + public URL run() throws Exception + { + return new File(path).toURI().toURL(); + } + }); + configurationURL = fileExists(confURL) ? confURL : null; } @@ -305,11 +315,18 @@ return smanager_; } - private static boolean fileExists(URL url) + private static boolean fileExists(final URL url) { try { - url.openStream().close(); + SecurityHelper.doPriviledgedIOExceptionAction(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + url.openStream().close(); + return null; + } + }); return true; } catch (Exception e) @@ -331,16 +348,29 @@ // or if (configurationURL == null) { - J2EEServerInfo env = new J2EEServerInfo(); + final J2EEServerInfo env = new J2EEServerInfo(); // (2) exo-configuration.xml in AS (standalone) home directory - configurationURL = (new File(env.getServerHome() + "/exo-configuration.xml")).toURI().toURL(); + configurationURL = + SecurityHelper.doPriviledgedMalformedURLExceptionAction(new PrivilegedExceptionAction<URL>() + { + public URL run() throws Exception + { + return (new File(env.getServerHome() + "/exo-configuration.xml")).toURI().toURL(); + } + }); // (3) AS_HOME/conf/exo-conf (JBossAS usecase) if (!fileExists(configurationURL)) { configurationURL = - (new File(env.getExoConfigurationDirectory() + "/exo-configuration.xml")).toURI().toURL(); + SecurityHelper.doPriviledgedMalformedURLExceptionAction(new PrivilegedExceptionAction<URL>() + { + public URL run() throws Exception + { + return (new File(env.getExoConfigurationDirectory() + "/exo-configuration.xml")).toURI().toURL(); + } + }); } // (4) conf/exo-configuration.xml in war/ear(?) Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java =================================================================== --- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/configuration/MockConfigurationManagerImpl.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -55,8 +55,7 @@ else if (uri.startsWith("classpath:")) { String path = removePrefix("classpath:/", uri); - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - return cl.getResource(path); + return PrivilegedSystemHelper.getResource(path); } else if (uri.startsWith("war:")) { Modified: kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java =================================================================== --- kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java 2010-10-29 07:11:50 UTC (rev 3363) +++ kernel/trunk/exo.kernel.container/src/main/java/org/exoplatform/container/jmx/MX4JComponentAdapter.java 2010-10-29 09:00:31 UTC (rev 3364) @@ -18,6 +18,7 @@ */ package org.exoplatform.container.jmx; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.ExoContainer; import org.exoplatform.container.component.ComponentLifecycle; import org.exoplatform.container.component.ComponentPlugin; @@ -31,6 +32,7 @@ import org.picocontainer.defaults.AbstractComponentAdapter; import java.lang.reflect.Method; +import java.security.PrivilegedExceptionAction; import java.util.List; /** @@ -134,7 +136,7 @@ return instance_; } - private void addComponentPlugin(boolean debug, Object component, + private void addComponentPlugin(boolean debug, final Object component, List<org.exoplatform.container.xml.ComponentPlugin> plugins, ExoContainer container) throws Exception { if (plugins == null) @@ -150,15 +152,24 @@ cplugin.setDescription(plugin.getDescription()); Class clazz = component.getClass(); - Method m = getSetMethod(clazz, plugin.getSetMethod(), pluginClass); + final Method m = getSetMethod(clazz, plugin.getSetMethod(), pluginClass); if (m == null) { log.error("Cannot find the method '" + plugin.getSetMethod() + "' that has only one parameter of type '" + pluginClass.getName() + "' in the class '" + clazz.getName() + "'."); continue; } - Object[] params = {cplugin}; - m.invoke(component, params); + final Object[] params = {cplugin}; + + SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + m.invoke(component, params); + return null; + } + }); + if (debug) log.debug("==> add component plugin: " + cplugin);