Author: tolusha
Date: 2010-10-29 05:30:37 -0400 (Fri, 29 Oct 2010)
New Revision: 3365
Added:
core/trunk/exo.core.component.database/src/test/resources/test.policy
core/trunk/exo.core.component.ldap/src/test/resources/test.policy
core/trunk/exo.core.component.organization.api/src/test/resources/test.policy
core/trunk/exo.core.component.organization.jdbc/src/test/resources/test.policy
core/trunk/exo.core.component.organization.ldap/src/test/resources/test.policy
core/trunk/exo.core.component.script.groovy/src/test/resources/TestSimpleXMLGenerator.groovy
core/trunk/exo.core.component.script.groovy/src/test/resources/test.policy
core/trunk/exo.core.component.web.css/src/test/resources/
core/trunk/exo.core.component.web.css/src/test/resources/test.policy
core/trunk/exo.core.component.xml-processing/src/test/resources/test.policy
Removed:
core/trunk/exo.core.component.script.groovy/src/test/resources/SimpleXMLGenerator.groovy
Modified:
core/trunk/exo.core.component.database/pom.xml
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java
core/trunk/exo.core.component.document/pom.xml
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSExcelDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSWordDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXExcelDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXPPTDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXWordDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/OpenOfficeDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/PDFDocumentReader.java
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/XMLDocumentReader.java
core/trunk/exo.core.component.document/src/test/resources/test.policy
core/trunk/exo.core.component.ldap/pom.xml
core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java
core/trunk/exo.core.component.organization.api/pom.xml
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/UserProfileData.java
core/trunk/exo.core.component.organization.jdbc/pom.xml
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/SimpleHibernateUserListAccess.java
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java
core/trunk/exo.core.component.organization.ldap/pom.xml
core/trunk/exo.core.component.script.groovy/pom.xml
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/GroovyInstantiatorTest.java
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/Script.java
core/trunk/exo.core.component.security.core/pom.xml
core/trunk/exo.core.component.security.core/src/test/resources/test.policy
core/trunk/exo.core.component.web.css/pom.xml
core/trunk/exo.core.component.xml-processing/pom.xml
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/html/TidyTransformerImpl.java
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java
Log:
EXOJCR-986: Enable SecurityManager by default
Modified: core/trunk/exo.core.component.database/pom.xml
===================================================================
--- core/trunk/exo.core.component.database/pom.xml 2010-10-29 09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.database/pom.xml 2010-10-29 09:30:37 UTC (rev 3365)
@@ -61,6 +61,11 @@
<artifactId>exo.kernel.component.cache</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>javax.resource</groupId>
<artifactId>connector-api</artifactId>
<scope>test</scope>
@@ -120,18 +125,54 @@
</dependencies>
<build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/DBCreatorTest.java</exclude>
- </excludes>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <excludes>
+ <exclude>**/DBCreatorTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
Modified:
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java
===================================================================
---
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,14 +18,16 @@
*/
package org.exoplatform.services.database.creator;
+import org.exoplatform.commons.utils.PrivilegedFileHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.configuration.ConfigurationException;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.PropertiesParam;
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
@@ -197,15 +199,13 @@
{
Class.forName(driver);
- // Properties props = new java.util.Properties();
- // props.put("user", adminName);
- // props.put("password", adminPwd);
- // if (internal_logon != null)
- // {
- // props.put("internal_logon", internal_logon);
- // }
- // conn = DriverManager.getConnection(serverUrl, props);
- conn = DriverManager.getConnection(serverUrl, adminName, adminPwd);
+ conn = SecurityHelper.doPriviledgedSQLExceptionAction(new
PrivilegedExceptionAction<Connection>()
+ {
+ public Connection run() throws Exception
+ {
+ return DriverManager.getConnection(serverUrl, adminName, adminPwd);
+ }
+ });
}
catch (SQLException e)
{
@@ -219,7 +219,14 @@
String dbProductName;
try
{
- dbProductName = conn.getMetaData().getDatabaseProductName();
+ final Connection connection = conn;
+ dbProductName = SecurityHelper.doPriviledgedSQLExceptionAction(new
PrivilegedExceptionAction<String>()
+ {
+ public String run() throws Exception
+ {
+ return connection.getMetaData().getDatabaseProductName();
+ }
+ });
if (dbProductName.startsWith("Microsoft SQL Server") ||
dbProductName.startsWith("Adaptive Server Anywhere")
|| dbProductName.equals("Sybase SQL Server") ||
dbProductName.equals("Adaptive Server Enterprise"))
@@ -334,7 +341,7 @@
*/
protected String readScriptResource(String path) throws IOException
{
- InputStream is = new FileInputStream(path);
+ InputStream is = PrivilegedFileHelper.fileInputStream(path);
InputStreamReader isr = new InputStreamReader(is);
try
{
Modified:
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java
===================================================================
---
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -19,6 +19,8 @@
package org.exoplatform.services.database.impl;
import org.exoplatform.commons.exception.ObjectNotFoundException;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.component.ComponentRequestLifecycle;
@@ -39,6 +41,7 @@
import java.io.Serializable;
import java.net.URL;
+import java.security.PrivilegedAction;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
@@ -79,8 +82,14 @@
{
threadLocal_ = new ThreadLocal<Session>();
PropertiesParam param =
initParams.getPropertiesParam("hibernate.properties");
- HibernateSettingsFactory settingsFactory = new HibernateSettingsFactory(new
ExoCacheProvider(cacheService));
- conf_ = new HibernateConfigurationImpl(settingsFactory);
+ final HibernateSettingsFactory settingsFactory = new HibernateSettingsFactory(new
ExoCacheProvider(cacheService));
+ conf_ = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<HibernateConfigurationImpl>()
+ {
+ public HibernateConfigurationImpl run()
+ {
+ return new HibernateConfigurationImpl(settingsFactory);
+ }
+ });
Iterator properties = param.getPropertyIterator();
while (properties.hasNext())
{
@@ -108,7 +117,8 @@
String connectionURL = conf_.getProperty("hibernate.connection.url");
if (connectionURL != null)
{
- connectionURL = connectionURL.replace("${java.io.tmpdir}",
System.getProperty("java.io.tmpdir"));
+ connectionURL =
+ connectionURL.replace("${java.io.tmpdir}",
PrivilegedSystemHelper.getProperty("java.io.tmpdir"));
conf_.setProperty("hibernate.connection.url", connectionURL);
}
@@ -280,8 +290,15 @@
{
if (sessionFactory_ == null)
{
- sessionFactory_ = conf_.buildSessionFactory();
- new SchemaUpdate(conf_).execute(false, true);
+ sessionFactory_ = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<SessionFactory>()
+ {
+ public SessionFactory run()
+ {
+ SessionFactory factory = conf_.buildSessionFactory();
+ new SchemaUpdate(conf_).execute(false, true);
+ return factory;
+ }
+ });
}
return sessionFactory_;
}
Added: core/trunk/exo.core.component.database/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.database/src/test/resources/test.policy
(rev 0)
+++ core/trunk/exo.core.component.database/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,15 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
+
+
+
+
+
Modified: core/trunk/exo.core.component.document/pom.xml
===================================================================
--- core/trunk/exo.core.component.document/pom.xml 2010-10-29 09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.document/pom.xml 2010-10-29 09:30:37 UTC (rev 3365)
@@ -104,9 +104,6 @@
<artifactId>tika-parsers</artifactId>
</dependency>
-
-
-
</dependencies>
<build>
<testResources>
@@ -140,7 +137,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
-
<!--argLine>-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine-->
+
<argLine>-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
<systemProperties>
<!--property>
<name>jcr.test.configuration.file</name>
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSExcelDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSExcelDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSExcelDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -24,10 +24,12 @@
import org.apache.poi.hssf.usermodel.HSSFRow;
import org.apache.poi.hssf.usermodel.HSSFSheet;
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedAction;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Properties;
@@ -67,7 +69,7 @@
throw new NullPointerException("InputStream is null.");
}
- StringBuilder builder = new StringBuilder("");
+ final StringBuilder builder = new StringBuilder("");
SimpleDateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
@@ -101,7 +103,7 @@
int lastcell = row.getLastCellNum();
for (int k = 0; k < lastcell; k++)
{
- HSSFCell cell = row.getCell((short)k);
+ final HSSFCell cell = row.getCell((short)k);
if (cell != null)
{
switch (cell.getCellType())
@@ -121,16 +123,44 @@
break;
}
case HSSFCell.CELL_TYPE_FORMULA :
-
builder.append(cell.getCellFormula().toString()).append(" ");
+ SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+
builder.append(cell.getCellFormula().toString()).append(" ");
+ return null;
+ }
+ });
break;
case HSSFCell.CELL_TYPE_BOOLEAN :
- builder.append(cell.getBooleanCellValue()).append("
");
+ SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+
builder.append(cell.getBooleanCellValue()).append(" ");
+ return null;
+ }
+ });
break;
case HSSFCell.CELL_TYPE_ERROR :
- builder.append(cell.getErrorCellValue()).append("
");
+ SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+
builder.append(cell.getErrorCellValue()).append(" ");
+ return null;
+ }
+ });
break;
case HSSFCell.CELL_TYPE_STRING :
-
builder.append(cell.getStringCellValue().toString()).append(" ");
+ SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Void>()
+ {
+ public Void run()
+ {
+
builder.append(cell.getStringCellValue().toString()).append(" ");
+ return null;
+ }
+ });
break;
default :
break;
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSWordDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSWordDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSWordDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -20,10 +20,12 @@
import org.apache.poi.hwpf.HWPFDocument;
import org.apache.poi.hwpf.usermodel.Range;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
/**
@@ -52,7 +54,7 @@
* @param is an input stream with .doc file content.
* @return The string only with text from file content.
*/
- public String getContentAsText(InputStream is) throws IOException,
DocumentReadException
+ public String getContentAsText(final InputStream is) throws IOException,
DocumentReadException
{
if (is == null)
{
@@ -69,7 +71,13 @@
HWPFDocument doc;
try
{
- doc = new HWPFDocument(is);
+ doc = SecurityHelper.doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<HWPFDocument>()
+ {
+ public HWPFDocument run() throws Exception
+ {
+ return new HWPFDocument(is);
+ }
+ });
}
catch (IOException e)
{
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXExcelDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXExcelDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXExcelDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -25,10 +25,12 @@
import org.apache.poi.xssf.usermodel.XSSFRow;
import org.apache.poi.xssf.usermodel.XSSFSheet;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedExceptionAction;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Properties;
@@ -60,7 +62,7 @@
* @param is an input stream with .xls file content.
* @return The string only with text from file content.
*/
- public String getContentAsText(InputStream is) throws IOException,
DocumentReadException
+ public String getContentAsText(final InputStream is) throws IOException,
DocumentReadException
{
if (is == null)
{
@@ -80,7 +82,13 @@
XSSFWorkbook wb;
try
{
- wb = new XSSFWorkbook(is);
+ wb = SecurityHelper.doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<XSSFWorkbook>()
+ {
+ public XSSFWorkbook run() throws Exception
+ {
+ return new XSSFWorkbook(is);
+ }
+ });
}
catch (IOException e)
{
@@ -173,10 +181,18 @@
* @see org.exoplatform.services.document.DocumentReader#getProperties(java.io.
* InputStream)
*/
- public Properties getProperties(InputStream is) throws IOException,
DocumentReadException
+ public Properties getProperties(final InputStream is) throws IOException,
DocumentReadException
{
POIPropertiesReader reader = new POIPropertiesReader();
- reader.readDCProperties(new XSSFWorkbook(is));
+ reader.readDCProperties(SecurityHelper
+ .doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<XSSFWorkbook>()
+ {
+ public XSSFWorkbook run() throws Exception
+ {
+ return new XSSFWorkbook(is);
+ }
+ }));
+
return reader.getProperties();
}
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXPPTDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXPPTDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXPPTDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -25,10 +25,14 @@
import org.apache.poi.xslf.XSLFSlideShow;
import org.apache.poi.xslf.extractor.XSLFPowerPointExtractor;
import org.apache.xmlbeans.XmlException;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
/**
@@ -56,7 +60,7 @@
* @param is an input stream with .pptx file content.
* @return The string only with text from file content.
*/
- public String getContentAsText(InputStream is) throws IOException,
DocumentReadException
+ public String getContentAsText(final InputStream is) throws IOException,
DocumentReadException
{
if (is == null)
{
@@ -69,28 +73,52 @@
return "";
}
- XSLFPowerPointExtractor ppe;
+ final XSLFPowerPointExtractor ppe;
try
{
- ppe = new XSLFPowerPointExtractor(OPCPackage.open(is));
+ ppe = SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<XSLFPowerPointExtractor>()
+ {
+ public XSLFPowerPointExtractor run() throws Exception
+ {
+ return new XSLFPowerPointExtractor(OPCPackage.open(is));
+ }
+ });
}
- catch (IOException e)
+ catch (PrivilegedActionException pae)
{
- throw new DocumentReadException("Can't open presentation.",
e);
+ Throwable cause = pae.getCause();
+ if (cause instanceof IOException)
+ {
+ throw new DocumentReadException("Can't open presentation.",
cause);
+ }
+ else if (cause instanceof OpenXML4JRuntimeException)
+ {
+ throw new DocumentReadException("Can't open presentation.",
cause);
+ }
+ else if (cause instanceof OpenXML4JException)
+ {
+ throw new DocumentReadException("Can't open presentation.",
cause);
+ }
+ else if (cause instanceof XmlException)
+ {
+ throw new DocumentReadException("Can't open presentation.",
cause);
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
- catch (OpenXML4JRuntimeException e)
+ return SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
{
- throw new DocumentReadException("Can't open presentation.",
e);
- }
- catch (OpenXML4JException e)
- {
- throw new DocumentReadException("Can't open presentation.",
e);
- }
- catch (XmlException e)
- {
- throw new DocumentReadException("Can't open presentation.",
e);
- }
- return ppe.getText(true, true);
+ public String run()
+ {
+ return ppe.getText(true, true);
+ }
+ });
}
finally
{
@@ -119,25 +147,44 @@
* @see org.exoplatform.services.document.DocumentReader#getProperties(java.io.
* InputStream)
*/
- public Properties getProperties(InputStream is) throws IOException,
DocumentReadException
+ public Properties getProperties(final InputStream is) throws IOException,
DocumentReadException
{
- POIPropertiesReader reader = new POIPropertiesReader();
+ final POIPropertiesReader reader = new POIPropertiesReader();
try
{
- reader.readDCProperties(new XSLFSlideShow(OPCPackage.open(is)));
+ SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ reader.readDCProperties(new XSLFSlideShow(OPCPackage.open(is)));
+ return null;
+ }
+ });
}
- catch (InvalidFormatException e)
+ catch (PrivilegedActionException pae)
{
- throw new DocumentReadException("Can't read properties from OOXML
document", e);
+ Throwable cause = pae.getCause();
+ if (cause instanceof InvalidFormatException)
+ {
+ throw new DocumentReadException("Can't read properties from OOXML
document", cause);
+ }
+ else if (cause instanceof OpenXML4JException)
+ {
+ throw new DocumentReadException("Can't read properties from OOXML
document", cause);
+ }
+ else if (cause instanceof XmlException)
+ {
+ throw new DocumentReadException("Can't read properties from OOXML
document", cause);
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
- catch (OpenXML4JException e)
- {
- throw new DocumentReadException("Can't read properties from OOXML
document", e);
- }
- catch (XmlException e)
- {
- throw new DocumentReadException("Can't read properties from OOXML
document", e);
- }
return reader.getProperties();
}
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXWordDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXWordDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/MSXWordDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -21,10 +21,13 @@
import org.apache.poi.openxml4j.exceptions.OpenXML4JRuntimeException;
import org.apache.poi.xwpf.extractor.XWPFWordExtractor;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
/**
@@ -53,7 +56,7 @@
* @param is an input stream with .docx file content.
* @return The string only with text from file content.
*/
- public String getContentAsText(InputStream is) throws IOException,
DocumentReadException
+ public String getContentAsText(final InputStream is) throws IOException,
DocumentReadException
{
if (is == null)
{
@@ -70,7 +73,13 @@
XWPFDocument doc;
try
{
- doc = new XWPFDocument(is);
+ doc = SecurityHelper.doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<XWPFDocument>()
+ {
+ public XWPFDocument run() throws Exception
+ {
+ return new XWPFDocument(is);
+ }
+ });
}
catch (IOException e)
{
@@ -81,8 +90,14 @@
throw new DocumentReadException("Can't open message.", e);
}
- XWPFWordExtractor extractor = new XWPFWordExtractor(doc);
- text = extractor.getText();
+ final XWPFWordExtractor extractor = new XWPFWordExtractor(doc);
+ text = SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return extractor.getText();
+ }
+ });
}
finally
{
@@ -112,10 +127,18 @@
/**
* @see
org.exoplatform.services.document.DocumentReader#getProperties(java.io.InputStream)
*/
- public Properties getProperties(InputStream is) throws IOException,
DocumentReadException
+ public Properties getProperties(final InputStream is) throws IOException,
DocumentReadException
{
POIPropertiesReader reader = new POIPropertiesReader();
- reader.readDCProperties(new XWPFDocument(is));
+ reader.readDCProperties(SecurityHelper
+ .doPriviledgedIOExceptionAction(new
PrivilegedExceptionAction<XWPFDocument>()
+ {
+ public XWPFDocument run() throws Exception
+ {
+ return new XWPFDocument(is);
+ }
+ }));
+
return reader.getProperties();
}
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/OpenOfficeDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/OpenOfficeDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/OpenOfficeDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -19,6 +19,7 @@
package org.exoplatform.services.document.impl;
import org.exoplatform.commons.utils.QName;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DCMetaData;
import org.exoplatform.services.document.DocumentReadException;
import org.xml.sax.Attributes;
@@ -29,6 +30,7 @@
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
@@ -73,11 +75,19 @@
}
try
{
- SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
+ final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
saxParserFactory.setValidating(false);
- SAXParser saxParser;
- saxParser = saxParserFactory.newSAXParser();
+ SAXParser saxParser =
+ SecurityHelper
+ .doPriviledgedParserConfigurationOrSAXExceptionAction(new
PrivilegedExceptionAction<SAXParser>()
+ {
+ public SAXParser run() throws Exception
+ {
+ return saxParserFactory.newSAXParser();
+ }
+ });
+
XMLReader xmlReader = saxParser.getXMLReader();
xmlReader.setFeature("http://xml.org/sax/features/validation",
false);
@@ -160,10 +170,18 @@
{
try
{
- SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
+ final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
saxParserFactory.setValidating(false);
- SAXParser saxParser = saxParserFactory.newSAXParser();
-
+ SAXParser saxParser =
+ SecurityHelper
+ .doPriviledgedParserConfigurationOrSAXExceptionAction(new
PrivilegedExceptionAction<SAXParser>()
+ {
+ public SAXParser run() throws Exception
+ {
+ return saxParserFactory.newSAXParser();
+ }
+ });
+
XMLReader xmlReader = saxParser.getXMLReader();
xmlReader.setFeature("http://xml.org/sax/features/validation",
false);
@@ -234,6 +252,7 @@
return content.toString();
}
+ @Override
public void startElement(String namespaceURI, String localName, String rawName,
Attributes atts)
throws SAXException
{
@@ -243,6 +262,7 @@
}
}
+ @Override
public void characters(char[] ch, int start, int length) throws SAXException
{
if (appendChar)
@@ -251,6 +271,7 @@
}
}
+ @Override
public void endElement(java.lang.String namespaceURI, java.lang.String localName,
java.lang.String qName)
throws SAXException
{
@@ -278,6 +299,7 @@
return props;
}
+ @Override
public void startElement(String namespaceURI, String localName, String rawName,
Attributes atts)
throws SAXException
{
@@ -287,6 +309,7 @@
}
}
+ @Override
public void characters(char[] ch, int start, int length) throws SAXException
{
if (curPropertyName != null)
@@ -295,6 +318,7 @@
}
}
+ @Override
public void endElement(java.lang.String namespaceURI, java.lang.String localName,
java.lang.String qName)
throws SAXException
{
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/PDFDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/PDFDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/PDFDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -24,6 +24,7 @@
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.util.PDFTextStripper;
import org.exoplatform.commons.utils.ISO8601;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DCMetaData;
import org.exoplatform.services.document.DocumentReadException;
import org.exoplatform.services.log.ExoLogger;
@@ -207,28 +208,49 @@
* @throws DocumentReadException
* @throws Exception if extracting fails
*/
- protected Properties getPropertiesFromMetadata(byte[] metadata) throws IOException,
DocumentReadException
+ protected Properties getPropertiesFromMetadata(final byte[] metadata) throws
IOException, DocumentReadException
{
Properties props = null;
// parse xml
-
Document doc;
try
{
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- DocumentBuilder docBuilder = dbf.newDocumentBuilder();
- doc = docBuilder.parse(new ByteArrayInputStream(metadata));
+ final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ doc = SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<Document>()
+ {
+ public Document run() throws Exception
+ {
+ DocumentBuilder docBuilder = dbf.newDocumentBuilder();
+ return docBuilder.parse(new ByteArrayInputStream(metadata));
+ }
+ });
}
- catch (SAXException e)
+ catch (PrivilegedActionException pae)
{
- throw new DocumentReadException(e.getMessage(), e);
+ Throwable cause = pae.getCause();
+ if (cause instanceof SAXException)
+ {
+ throw new DocumentReadException(cause.getMessage(), cause);
+ }
+ else if (cause instanceof ParserConfigurationException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else if (cause instanceof IOException)
+ {
+ throw (IOException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw new DocumentReadException(cause.getMessage(), cause);
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
- catch (ParserConfigurationException e)
- {
- throw new DocumentReadException(e.getMessage(), e);
- }
// Check is there PDF/A-1 XMP
String version = "";
Modified:
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/XMLDocumentReader.java
===================================================================
---
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/XMLDocumentReader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.document/src/main/java/org/exoplatform/services/document/impl/XMLDocumentReader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.document.impl;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.document.DocumentReadException;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -26,6 +27,7 @@
import java.io.InputStream;
import java.io.StringWriter;
import java.io.Writer;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.xml.parsers.ParserConfigurationException;
@@ -120,7 +122,7 @@
*/
private String parse(InputStream is)
{
- SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
+ final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
// saxParserFactory.setNamespaceAware(true);
// saxParserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SAXParser saxParser;
@@ -129,7 +131,15 @@
DefaultHandler dh = new WriteOutContentHandler(writer);
try
{
- saxParser = saxParserFactory.newSAXParser();
+ saxParser =
+ SecurityHelper
+ .doPriviledgedParserConfigurationOrSAXExceptionAction(new
PrivilegedExceptionAction<SAXParser>()
+ {
+ public SAXParser run() throws Exception
+ {
+ return saxParserFactory.newSAXParser();
+ }
+ });
saxParser.parse(is, dh);
}
catch (SAXException e)
Modified: core/trunk/exo.core.component.document/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.document/src/test/resources/test.policy 2010-10-29
09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.document/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -7,6 +7,9 @@
};
grant codeBase "@TEST_CLASSES@-"{
- permission java.lang.RuntimePermission "createSystemSession";
- permission java.lang.RuntimePermission "manageRepository";
};
+
+
+
+
+
Modified: core/trunk/exo.core.component.ldap/pom.xml
===================================================================
--- core/trunk/exo.core.component.ldap/pom.xml 2010-10-29 09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.ldap/pom.xml 2010-10-29 09:30:37 UTC (rev 3365)
@@ -51,6 +51,11 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>com.novell.ldap</groupId>
<artifactId>jldap</artifactId>
<scope>test</scope>
@@ -58,20 +63,56 @@
</dependencies>
<build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/TestLDAPService.java</exclude>
- <exclude>**/TestNovellLDAPAPI.java</exclude>
- <exclude>**/TestStandardLDAPAPI.java</exclude>
- </excludes>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <excludes>
+ <exclude>**/TestLDAPService.java</exclude>
+ <exclude>**/TestNovellLDAPAPI.java</exclude>
+ <exclude>**/TestStandardLDAPAPI.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
Modified:
core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java
===================================================================
---
core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.ldap.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.component.ComponentRequestLifecycle;
@@ -76,7 +77,7 @@
{
String keystore = System.getProperty("java.home");
keystore += File.separator + "lib" + File.separator +
"security" + File.separator + "cacerts";
- System.setProperty("javax.net.ssl.trustStore", keystore);
+ PrivilegedSystemHelper.setProperty("javax.net.ssl.trustStore",
keystore);
}
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
Added: core/trunk/exo.core.component.ldap/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.ldap/src/test/resources/test.policy
(rev 0)
+++ core/trunk/exo.core.component.ldap/src/test/resources/test.policy 2010-10-29 09:30:37
UTC (rev 3365)
@@ -0,0 +1,10 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
Modified: core/trunk/exo.core.component.organization.api/pom.xml
===================================================================
--- core/trunk/exo.core.component.organization.api/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.organization.api/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -39,6 +39,11 @@
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.component.cache</artifactId>
</dependency>
<dependency>
@@ -91,6 +96,13 @@
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<executions>
<execution>
@@ -114,7 +126,39 @@
<goal>run</goal>
</goals>
</execution>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
</executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
</plugin>
</plugins>
</build>
Modified:
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/UserProfileData.java
===================================================================
---
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/UserProfileData.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/UserProfileData.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -21,6 +21,10 @@
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.XppDriver;
+import org.exoplatform.commons.utils.SecurityHelper;
+
+import java.security.PrivilegedAction;
+
/**
* Created by The eXo Platform SAS . Author : Tuan Nguyen
* tuan08(a)users.sourceforge.net Date: Jun 14, 2003 Time: 1:12:22 PM
@@ -77,8 +81,14 @@
public org.exoplatform.services.organization.UserProfile getUserProfile()
{
- XStream xstream = getXStream();
- UserProfileImpl up = (UserProfileImpl)xstream.fromXML(profile);
+ final XStream xstream = getXStream();
+ UserProfileImpl up = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<UserProfileImpl>()
+ {
+ public UserProfileImpl run()
+ {
+ return (UserProfileImpl)xstream.fromXML(profile);
+ }
+ });
return up;
}
@@ -89,17 +99,29 @@
profile = "";
return;
}
- UserProfileImpl impl = (UserProfileImpl)up;
+ final UserProfileImpl impl = (UserProfileImpl)up;
userName = up.getUserName();
- XStream xstream = getXStream();
- profile = xstream.toXML(impl);
+ final XStream xstream = getXStream();
+ profile = SecurityHelper.doPriviledgedAction(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return xstream.toXML(impl);
+ }
+ });
}
static private XStream getXStream()
{
if (xstream_ == null)
{
- xstream_ = new XStream(new XppDriver());
+ xstream_ = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<XStream>()
+ {
+ public XStream run()
+ {
+ return new XStream(new XppDriver());
+ }
+ });
xstream_.alias("user-profile", UserProfileImpl.class);
}
return xstream_;
Added: core/trunk/exo.core.component.organization.api/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.organization.api/src/test/resources/test.policy
(rev 0)
+++
core/trunk/exo.core.component.organization.api/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,17 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.security.core/-"{
+ permission java.security.AllPermission;
+};
+
+
+
Modified: core/trunk/exo.core.component.organization.jdbc/pom.xml
===================================================================
--- core/trunk/exo.core.component.organization.jdbc/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.organization.jdbc/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -52,6 +52,11 @@
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
@@ -114,7 +119,54 @@
<artifactId>javassist</artifactId>
<scope>test</scope>
</dependency>
-
</dependencies>
-
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
</project>
\ No newline at end of file
Modified:
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/SimpleHibernateUserListAccess.java
===================================================================
---
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/SimpleHibernateUserListAccess.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/SimpleHibernateUserListAccess.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -37,11 +37,13 @@
*/
package org.exoplatform.services.organization.hibernate;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.database.HibernateService;
import org.exoplatform.services.organization.User;
import org.hibernate.Query;
import org.hibernate.Session;
+import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -93,9 +95,16 @@
* {@inheritDoc}
*/
@Override
- protected int getSize(Session session) throws Exception
+ protected int getSize(final Session session) throws Exception
{
- Query query = session.createQuery(countQuery);
+ Query query = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Query>()
+ {
+ public Query run()
+ {
+ return session.createQuery(countQuery);
+ }
+ });
+
bindFields(query);
List l = query.list();
@@ -108,7 +117,7 @@
* {@inheritDoc}
*/
@Override
- protected User[] load(Session session, int index, int length) throws Exception
+ protected User[] load(final Session session, int index, int length) throws Exception
{
if (index < 0)
throw new IllegalArgumentException("Illegal index: index must be a positive
number");
@@ -118,7 +127,13 @@
User[] users = new User[length];
- Query query = session.createQuery(findQuery);
+ Query query = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Query>()
+ {
+ public Query run()
+ {
+ return session.createQuery(findQuery);
+ }
+ });
bindFields(query);
Iterator<Object> results = query.iterate();
Modified:
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java
===================================================================
---
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -20,15 +20,21 @@
import org.exoplatform.commons.utils.LazyPageList;
import org.exoplatform.commons.utils.ListAccess;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.cache.CacheService;
import org.exoplatform.services.cache.ExoCache;
import org.exoplatform.services.database.HibernateService;
import org.exoplatform.services.database.ObjectQuery;
-import org.exoplatform.services.organization.*;
+import org.exoplatform.services.organization.Query;
+import org.exoplatform.services.organization.User;
+import org.exoplatform.services.organization.UserEventListener;
+import org.exoplatform.services.organization.UserEventListenerHandler;
+import org.exoplatform.services.organization.UserHandler;
import org.exoplatform.services.organization.impl.UserImpl;
import org.hibernate.Session;
import org.hibernate.Transaction;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
@@ -80,9 +86,16 @@
{
if (broadcast)
preSave(user, true);
- Session session = service_.openSession();
- Transaction transaction = session.beginTransaction();
+ final Session session = service_.openSession();
+ Transaction transaction = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<Transaction>()
+ {
+ public Transaction run()
+ {
+ return session.beginTransaction();
+ }
+ });
+
UserImpl userImpl = (UserImpl)user;
userImpl.setId(user.getUserName());
session.save(user);
Added: core/trunk/exo.core.component.organization.jdbc/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.organization.jdbc/src/test/resources/test.policy
(rev 0)
+++
core/trunk/exo.core.component.organization.jdbc/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,21 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.database/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.organization.api/-"{
+ permission java.security.AllPermission;
+};
+
+
+
Modified: core/trunk/exo.core.component.organization.ldap/pom.xml
===================================================================
--- core/trunk/exo.core.component.organization.ldap/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.organization.ldap/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -44,6 +44,11 @@
</dependency>
<dependency>
<groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
@@ -66,18 +71,55 @@
</dependencies>
<build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/TestOrganizationService.java</exclude>
- </excludes>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <excludes>
+ <exclude>**/TestOrganizationService.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
\ No newline at end of file
Added: core/trunk/exo.core.component.organization.ldap/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.organization.ldap/src/test/resources/test.policy
(rev 0)
+++
core/trunk/exo.core.component.organization.ldap/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,29 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.ldap/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.database/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@../../../exo.core.component.organization.api/-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase
"@MAIN_CLASSES@../../../exo.core.component.organization.jdbc/-"{
+ permission java.security.AllPermission;
+};
+
+
+
Modified: core/trunk/exo.core.component.script.groovy/pom.xml
===================================================================
--- core/trunk/exo.core.component.script.groovy/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.script.groovy/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -43,8 +43,62 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
</project>
\ No newline at end of file
Modified:
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -22,6 +22,7 @@
import groovy.lang.GroovyCodeSource;
import org.codehaus.groovy.control.CompilationFailedException;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.component.ComponentPlugin;
@@ -35,6 +36,9 @@
import java.lang.reflect.Constructor;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -128,13 +132,26 @@
GroovyClassLoader loader;
if (mapping.size() > 0)
{
- JarJarClassLoader jarjarLoader = new JarJarClassLoader();
+ JarJarClassLoader jarjarLoader = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<JarJarClassLoader>()
+ {
+ public JarJarClassLoader run()
+ {
+ return new JarJarClassLoader();
+ }
+ });
+
jarjarLoader.addMapping(mapping);
loader = jarjarLoader;
}
else
{
- loader = new GroovyClassLoader();
+ loader = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<GroovyClassLoader>()
+ {
+ public GroovyClassLoader run()
+ {
+ return new GroovyClassLoader();
+ }
+ });
}
return instantiateScript(stream, name, loader);
}
@@ -152,7 +169,8 @@
* @throws IOException if stream can't be parsed or object can't be created
* cause to illegal content of stream
*/
- public Object instantiateScript(InputStream stream, String name, GroovyClassLoader
loader) throws IOException
+ public Object instantiateScript(final InputStream stream, final String name,
GroovyClassLoader loader)
+ throws IOException
{
if (loader == null)
{
@@ -161,19 +179,39 @@
Class<?> clazz = null;
try
{
- if (name != null && name.length() > 0)
+ final GroovyClassLoader fLoader = loader;
+ clazz = SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<Class<?>>()
{
- clazz = loader.parseClass(stream, name);
+ public Class<?> run() throws Exception
+ {
+ if (name != null && name.length() > 0)
+ {
+ return fLoader.parseClass(stream, name);
+ }
+ else
+ {
+ return fLoader.parseClass(stream);
+ }
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof CompilationFailedException)
+ {
+ throw new IOException("Error occurs when parse stream, compiler error:\n
" + cause.getMessage());
}
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
else
{
- clazz = loader.parseClass(stream);
+ throw new RuntimeException(cause);
}
}
- catch (CompilationFailedException e)
- {
- throw new IOException("Error occurs when parse stream, compiler error:\n
" + e.getMessage());
- }
+
try
{
return createObject(clazz);
Modified:
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -29,8 +29,10 @@
import org.codehaus.groovy.control.CompilerConfiguration;
import org.codehaus.groovy.control.Phases;
import org.codehaus.groovy.control.SourceUnit;
+import org.exoplatform.commons.utils.SecurityHelper;
import java.security.CodeSource;
+import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
@@ -92,15 +94,22 @@
}
@Override
- protected CompilationUnit createCompilationUnit(CompilerConfiguration
compilerConfiguration, CodeSource codeSource)
+ protected CompilationUnit createCompilationUnit(final CompilerConfiguration
compilerConfiguration,
+ final CodeSource codeSource)
{
-
//
- final CompilationUnit unit = super.createCompilationUnit(compilerConfiguration,
codeSource);
+ final CompilationUnit unit = SecurityHelper.doPriviledgedAction(new
PrivilegedAction<CompilationUnit>()
+ {
+ public CompilationUnit run()
+ {
+ return JarJarClassLoader.super.createCompilationUnit(compilerConfiguration,
codeSource);
+ }
+ });
//
unit.addPhaseOperation(new CompilationUnit.PrimaryClassNodeOperation()
{
+ @Override
public void call(SourceUnit sourceUnit, GeneratorContext generatorContext,
ClassNode classNode)
throws CompilationFailedException
{
@@ -136,4 +145,15 @@
return unit;
}
+
+ static protected JarJarClassLoader createJarJarClassLoaderInPrivilegedMode(final
ClassLoader classLoader)
+ {
+ return SecurityHelper.doPriviledgedAction(new
PrivilegedAction<JarJarClassLoader>()
+ {
+ public JarJarClassLoader run()
+ {
+ return new JarJarClassLoader(classLoader);
+ }
+ });
+ }
}
Modified:
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/GroovyInstantiatorTest.java
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/GroovyInstantiatorTest.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/GroovyInstantiatorTest.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -79,7 +79,8 @@
public void testGroovyScriptInstantiatorXML() throws Exception
{
- String url =
Thread.currentThread().getContextClassLoader().getResource("SimpleXMLGenerator.groovy").toString();
+ String url =
+
Thread.currentThread().getContextClassLoader().getResource("TestSimpleXMLGenerator.groovy").toString();
GroovyObject groovyObject =
(GroovyObject)groovyScriptInstantiator.instantiateScript(url);
groovyObject.invokeMethod("generateXML", new Object[]{new Book()});
}
Modified:
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/Script.java
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/Script.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/Script.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -23,6 +23,8 @@
import junit.framework.Assert;
import junit.framework.AssertionFailedError;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+
import java.io.IOException;
import java.net.URL;
@@ -45,13 +47,14 @@
{
//
- JarJarClassLoader loader = new
JarJarClassLoader(Thread.currentThread().getContextClassLoader());
+ JarJarClassLoader loader =
+
JarJarClassLoader.createJarJarClassLoaderInPrivilegedMode(Thread.currentThread().getContextClassLoader());
//
mapping.configure(loader);
// Obtain script class
- URL url =
Thread.currentThread().getContextClassLoader().getResource("jarjar/" + name);
+ URL url = PrivilegedSystemHelper.getResource("jarjar/" + name);
Assert.assertNotNull(url);
GroovyCodeSource gcs;
try
Deleted:
core/trunk/exo.core.component.script.groovy/src/test/resources/SimpleXMLGenerator.groovy
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/test/resources/SimpleXMLGenerator.groovy 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.script.groovy/src/test/resources/SimpleXMLGenerator.groovy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -1,18 +0,0 @@
-package org.exoplatform.script.groovy.test
-
-import groovy.xml.MarkupBuilder
-import org.exoplatform.services.script.groovy.Book
-public class SimpleXMLGenerator {
-
- public void generateXML (Book b) {
- def xmlBuilder = new MarkupBuilder()
- xmlBuilder.books() {
- book() {
- title(b.getTitle())
- author(b.getAuthor())
- price(b.getPrice())
- ISDN(b.getIsdn())
- }
- }
- }
-}
\ No newline at end of file
Added:
core/trunk/exo.core.component.script.groovy/src/test/resources/TestSimpleXMLGenerator.groovy
===================================================================
---
core/trunk/exo.core.component.script.groovy/src/test/resources/TestSimpleXMLGenerator.groovy
(rev 0)
+++
core/trunk/exo.core.component.script.groovy/src/test/resources/TestSimpleXMLGenerator.groovy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,18 @@
+package org.exoplatform.script.groovy.test
+
+import groovy.xml.MarkupBuilder
+import org.exoplatform.services.script.groovy.Book
+public class SimpleXMLGenerator {
+
+ public void generateXML (Book b) {
+ def xmlBuilder = new MarkupBuilder()
+ xmlBuilder.books() {
+ book() {
+ title(b.getTitle())
+ author(b.getAuthor())
+ price(b.getPrice())
+ ISDN(b.getIsdn())
+ }
+ }
+ }
+}
\ No newline at end of file
Added: core/trunk/exo.core.component.script.groovy/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.script.groovy/src/test/resources/test.policy
(rev 0)
+++ core/trunk/exo.core.component.script.groovy/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,10 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
Modified: core/trunk/exo.core.component.security.core/pom.xml
===================================================================
--- core/trunk/exo.core.component.security.core/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.security.core/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -38,6 +38,11 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</dependency>
@@ -57,9 +62,46 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <argLine>-Djava.security.manager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
<testResources>
<testResource>
Modified: core/trunk/exo.core.component.security.core/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.security.core/src/test/resources/test.policy 2010-10-29
09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.security.core/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -1,5 +1,12 @@
-// configure static permissions here
-grant {
- permission java.security.AllPermission;
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
};
-
\ No newline at end of file
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+ permission java.lang.RuntimePermission "modifyIdentity";
+ permission java.lang.RuntimePermission "modifyConversationState";
+};
Modified: core/trunk/exo.core.component.web.css/pom.xml
===================================================================
--- core/trunk/exo.core.component.web.css/pom.xml 2010-10-29 09:00:31 UTC (rev 3364)
+++ core/trunk/exo.core.component.web.css/pom.xml 2010-10-29 09:30:37 UTC (rev 3365)
@@ -47,5 +47,59 @@
<groupId>batik</groupId>
<artifactId>batik-css</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
</project>
Added: core/trunk/exo.core.component.web.css/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.web.css/src/test/resources/test.policy
(rev 0)
+++ core/trunk/exo.core.component.web.css/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,10 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};
Modified: core/trunk/exo.core.component.xml-processing/pom.xml
===================================================================
--- core/trunk/exo.core.component.xml-processing/pom.xml 2010-10-29 09:00:31 UTC (rev
3364)
+++ core/trunk/exo.core.component.xml-processing/pom.xml 2010-10-29 09:30:37 UTC (rev
3365)
@@ -38,6 +38,11 @@
<artifactId>exo.kernel.container</artifactId>
</dependency>
<dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons.test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>jtidy</groupId>
<artifactId>jtidy</artifactId>
</dependency>
@@ -97,5 +102,51 @@
</includes>
</testResource>
</testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>${env.MAVEN_OPTS}
-Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <echo>Creating Access Policy for tests</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset
dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO"
value="${localRepositoryURL}" />
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant-optional</artifactId>
+ <version>1.5.3-1</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
</build>
</project>
\ No newline at end of file
Modified:
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java
===================================================================
---
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.xml.resolving.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
@@ -66,11 +67,10 @@
entity = publicIDs_.get(publicId);
if (entity != null)
{
- if (Thread.currentThread().getContextClassLoader().getResource(entity) != null)
+ if (PrivilegedSystemHelper.getResource(entity) != null)
{
- InputSource src =
- new
InputSource(Thread.currentThread().getContextClassLoader().getResourceAsStream(entity));
-
src.setSystemId(Thread.currentThread().getContextClassLoader().getResource(entity).getPath());
+ InputSource src = new
InputSource(PrivilegedSystemHelper.getResourceAsStream(entity));
+ src.setSystemId(PrivilegedSystemHelper.getResource(entity).getPath());
return src;
}
}
Modified:
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java
===================================================================
---
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.services.xml.transform.impl;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.xml.resolving.XMLResolvingService;
@@ -31,6 +33,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.security.PrivilegedExceptionAction;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
@@ -60,7 +63,7 @@
public TransformerBase()
{
log.debug("Current javax.xml.parsers.SAXParserFactory sys property [ "
- + System.getProperty("javax.xml.parsers.SAXParserFactory", "-Not
set-") + "]");
+ +
PrivilegedSystemHelper.getProperty("javax.xml.parsers.SAXParserFactory",
"-Not set-") + "]");
tSAXFactory = (SAXTransformerFactory)SAXTransformerFactory.newInstance();
}
@@ -70,7 +73,13 @@
*/
static public XMLReader getXMLReader() throws SAXException
{
- return XMLReaderFactory.createXMLReader();
+ return SecurityHelper.doPriviledgedSAXExceptionAction(new
PrivilegedExceptionAction<XMLReader>()
+ {
+ public XMLReader run() throws Exception
+ {
+ return XMLReaderFactory.createXMLReader();
+ }
+ });
}
public void setResolvingService(XMLResolvingService r)
Modified:
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/html/TidyTransformerImpl.java
===================================================================
---
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/html/TidyTransformerImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/html/TidyTransformerImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.xml.transform.impl.html;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.services.xml.transform.EncodingMap;
import org.exoplatform.services.xml.transform.NotSupportedIOTypeException;
import org.exoplatform.services.xml.transform.html.HTMLTransformer;
@@ -96,6 +97,7 @@
log.debug("Transform from temp output to " +
getResult().getClass().getName() + " complete");
}
+ @Override
protected void internalTransform(Source source) throws NotSupportedIOTypeException,
TransformerException,
IllegalStateException
{
@@ -150,7 +152,7 @@
protected String getCurrentIANAEncoding() throws UnsupportedEncodingException
{
EncodingMap encodingMap = new EncodingMapImpl();
- String ianaEncoding =
encodingMap.convertJava2IANA(System.getProperty("file.encoding"));
+ String ianaEncoding =
encodingMap.convertJava2IANA(PrivilegedSystemHelper.getProperty("file.encoding"));
if (ianaEncoding == null)
{
throw new UnsupportedEncodingException("Can't find corresponding type
of encoding for : "
Modified:
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java
===================================================================
---
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.xml.transform.impl.trax;
+import org.exoplatform.commons.utils.PrivilegedSystemHelper;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
@@ -116,11 +117,11 @@
String xsltSchema = m.get(key);
try
{
- if (Thread.currentThread().getContextClassLoader().getResource(xsltSchema)
!= null)
+ if (PrivilegedSystemHelper.getResource(xsltSchema) != null)
{
LOGGER.info("XSLT schema found by relative path: " +
xsltSchema);
- addTRAXTemplates(key, traxTransformerService_.getTemplates(new
StreamSource(Thread.currentThread()
- .getContextClassLoader().getResourceAsStream(xsltSchema))));
+ addTRAXTemplates(key, traxTransformerService_.getTemplates(new
StreamSource(PrivilegedSystemHelper
+ .getResourceAsStream(xsltSchema))));
}
else
LOGGER.error("XSLT schema not found: " + xsltSchema);
Modified:
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java
===================================================================
---
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java 2010-10-29
09:00:31 UTC (rev 3364)
+++
core/trunk/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java 2010-10-29
09:30:37 UTC (rev 3365)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.xml.transform.impl.trax;
+import org.exoplatform.commons.utils.SecurityHelper;
import org.exoplatform.services.xml.transform.NotSupportedIOTypeException;
import org.exoplatform.services.xml.transform.impl.TransformerBase;
import org.exoplatform.services.xml.transform.trax.TRAXTransformer;
@@ -28,6 +29,8 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.xml.transform.ErrorListener;
@@ -70,10 +73,35 @@
tHandler = saxTFactory.newTransformerHandler();
}
- public TRAXTransformerImpl(Source source) throws TransformerConfigurationException
+ public TRAXTransformerImpl(final Source source) throws
TransformerConfigurationException
{
- SAXTransformerFactory saxTFactory =
(SAXTransformerFactory)SAXTransformerFactory.newInstance();
- tHandler = saxTFactory.newTransformerHandler(source);
+ final SAXTransformerFactory saxTFactory =
(SAXTransformerFactory)SAXTransformerFactory.newInstance();
+ try
+ {
+ tHandler = SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<TransformerHandler>()
+ {
+ public TransformerHandler run() throws Exception
+ {
+ return saxTFactory.newTransformerHandler(source);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if (cause instanceof TransformerConfigurationException)
+ {
+ throw (TransformerConfigurationException)cause;
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
+ }
}
public TRAXTransformerImpl(Templates templates) throws
TransformerConfigurationException
@@ -82,6 +110,7 @@
tHandler = saxTFactory.newTransformerHandler(templates);
}
+ @Override
protected void internalTransform(Source source) throws TransformerException,
NotSupportedIOTypeException,
IllegalStateException
{
@@ -126,21 +155,43 @@
{
throw new NotSupportedIOTypeException(source);
}
+
try
{
- xmlReader.parse(inputSource);
+ final XMLReader fXMLReader = xmlReader;
+ final InputSource fInputSource = inputSource;
+ SecurityHelper.doPriviledgedExceptionAction(new
PrivilegedExceptionAction<Void>()
+ {
+ public Void run() throws Exception
+ {
+ fXMLReader.parse(fInputSource);
+ return null;
+ }
+ });
}
- catch (SAXException ex)
+ catch (PrivilegedActionException pae)
{
- throw new TransformerException(ex);
+ Throwable cause = pae.getCause();
+ if (cause instanceof SAXException)
+ {
+ throw new TransformerException(cause);
+ }
+ else if (cause instanceof IOException)
+ {
+ throw new TransformerException(cause);
+ }
+ else if (cause instanceof RuntimeException)
+ {
+ throw (RuntimeException)cause;
+ }
+ else
+ {
+ throw new RuntimeException(cause);
+ }
}
- catch (IOException ex)
- {
- throw new TransformerException(ex);
- }
-
}
+ @Override
protected void afterInitResult()
{
tHandler.setResult(getResult());
Added: core/trunk/exo.core.component.xml-processing/src/test/resources/test.policy
===================================================================
--- core/trunk/exo.core.component.xml-processing/src/test/resources/test.policy
(rev 0)
+++ core/trunk/exo.core.component.xml-processing/src/test/resources/test.policy 2010-10-29
09:30:37 UTC (rev 3365)
@@ -0,0 +1,10 @@
+grant codeBase "@MAVEN_REPO@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@MAIN_CLASSES@-"{
+ permission java.security.AllPermission;
+};
+
+grant codeBase "@TEST_CLASSES@-"{
+};