Tribune

Home » 1. Marketplace App Development

IFrame (Apri una nuova finestra)

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
Crea Nuova Discussione
toggle
Dzmitry Shaparau
PACL, issue with SecurityChecker
31 ottobre 2012 3.20
Risposta

Dzmitry Shaparau

Punteggio: Youngling

Messaggi: 0

Data di Iscrizione: 5 ottobre 2012

Messaggi recenti

Hi All,

I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");


If security manager is enabled it throws the exception:
 1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
 2        at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3        at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4        at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
 8        at java.security.Provider.check(Provider.java:386)
 9        at java.security.Provider.putAll(Provider.java:224)
10        at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11        at java.security.AccessController.doPrivileged(Native Method)
12        at sun.security.provider.Sun.<init>(Sun.java:254)
13        at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)


I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
 1public void checkPermission(Permission permission) {
 2        String name = permission.getName();
 3
 4        if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
 5            if (!hasGetPolicy()) {
 6                throwSecurityException(_log, "Attempted to get the policy");
 7            }
 8        }
 9        else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10            if (!hasSetPolicy()) {
11                throwSecurityException(_log, "Attempted to set the policy");
12            }
13        }
14        else {
15            if (_log.isDebugEnabled()) {
16                Thread.dumpStack();
17            }
18
19            throwSecurityException(
20                _log,
21                "Attempted to " + permission.getName() + " on " +
22                    permission.getActions());
23        }
24    }


So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
Bandierina
Alexey Melnikov
RE: PACL, issue with SecurityChecker
12 novembre 2012 1.04
Risposta

Alexey Melnikov

Punteggio: Youngling

Messaggi: 0

Data di Iscrizione: 27 marzo 2012

Messaggi recenti

I also have same problem.
If some permission check not in code, liferay not allowing run this code.
It will be great, if BaseChecker will provide some base functionality to add configurable permission checks, which are not provisioned in liferay.
Bandierina

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.