Forums

Home » 1. Marketplace App Development

RSS (Opens New Window)

Combination View Flat View Tree View
Threads [ Previous | Next ]
Post New Thread
toggle
Dzmitry Shaparau
PACL, issue with SecurityChecker
October 31, 2012 3:20 AM
Answer

Dzmitry Shaparau

Rank: Youngling

Posts: 0

Join Date: October 5, 2012

Recent Posts

Hi All,

I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");


If security manager is enabled it throws the exception:
 1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
 2        at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3        at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4        at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
 8        at java.security.Provider.check(Provider.java:386)
 9        at java.security.Provider.putAll(Provider.java:224)
10        at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11        at java.security.AccessController.doPrivileged(Native Method)
12        at sun.security.provider.Sun.<init>(Sun.java:254)
13        at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)


I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
 1public void checkPermission(Permission permission) {
 2        String name = permission.getName();
 3
 4        if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
 5            if (!hasGetPolicy()) {
 6                throwSecurityException(_log, "Attempted to get the policy");
 7            }
 8        }
 9        else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10            if (!hasSetPolicy()) {
11                throwSecurityException(_log, "Attempted to set the policy");
12            }
13        }
14        else {
15            if (_log.isDebugEnabled()) {
16                Thread.dumpStack();
17            }
18
19            throwSecurityException(
20                _log,
21                "Attempted to " + permission.getName() + " on " +
22                    permission.getActions());
23        }
24    }


So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
Flag
Alexey Melnikov
RE: PACL, issue with SecurityChecker
November 12, 2012 1:04 AM
Answer

Alexey Melnikov

Rank: Youngling

Posts: 0

Join Date: March 27, 2012

Recent Posts

I also have same problem.
If some permission check not in code, liferay not allowing run this code.
It will be great, if BaseChecker will provide some base functionality to add configurable permission checks, which are not provisioned in liferay.
Flag

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.