Forum

Accueil » 1. Marketplace App Development

Flux RSS (Ouvre la nouvelle fenêtre)

Vue combinée Vue Plate Arborescence
Sujets [ Précédent | Suivant ]
Nouveau sujet de discussion
toggle
Dzmitry Shaparau
PACL, issue with SecurityChecker
31 octobre 2012 03:20
Réponse

Dzmitry Shaparau

Rang: Youngling

Publications: 0

Date d'inscription: 5 octobre 2012

Publications Récentes

Hi All,

I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");


If security manager is enabled it throws the exception:
 1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
 2        at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3        at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4        at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
 8        at java.security.Provider.check(Provider.java:386)
 9        at java.security.Provider.putAll(Provider.java:224)
10        at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11        at java.security.AccessController.doPrivileged(Native Method)
12        at sun.security.provider.Sun.<init>(Sun.java:254)
13        at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)


I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
 1public void checkPermission(Permission permission) {
 2        String name = permission.getName();
 3
 4        if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
 5            if (!hasGetPolicy()) {
 6                throwSecurityException(_log, "Attempted to get the policy");
 7            }
 8        }
 9        else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10            if (!hasSetPolicy()) {
11                throwSecurityException(_log, "Attempted to set the policy");
12            }
13        }
14        else {
15            if (_log.isDebugEnabled()) {
16                Thread.dumpStack();
17            }
18
19            throwSecurityException(
20                _log,
21                "Attempted to " + permission.getName() + " on " +
22                    permission.getActions());
23        }
24    }


So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
Drapeau
Alexey Melnikov
RE: PACL, issue with SecurityChecker
12 novembre 2012 01:04
Réponse

Alexey Melnikov

Rang: Youngling

Publications: 0

Date d'inscription: 27 mars 2012

Publications Récentes

I also have same problem.
If some permission check not in code, liferay not allowing run this code.
It will be great, if BaseChecker will provide some base functionality to add configurable permission checks, which are not provisioned in liferay.
Drapeau

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.