Hi All,
I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");
If security manager is enabled it throws the exception:
1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
2 at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
3 at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
4 at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
5 at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
6 at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
7 at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
8 at java.security.Provider.check(Provider.java:386)
9 at java.security.Provider.putAll(Provider.java:224)
10 at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11 at java.security.AccessController.doPrivileged(Native Method)
12 at sun.security.provider.Sun.<init>(Sun.java:254)
13 at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)
I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
1public void checkPermission(Permission permission) {
2 String name = permission.getName();
3
4 if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
5 if (!hasGetPolicy()) {
6 throwSecurityException(_log, "Attempted to get the policy");
7 }
8 }
9 else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10 if (!hasSetPolicy()) {
11 throwSecurityException(_log, "Attempted to set the policy");
12 }
13 }
14 else {
15 if (_log.isDebugEnabled()) {
16 Thread.dumpStack();
17 }
18
19 throwSecurityException(
20 _log,
21 "Attempted to " + permission.getName() + " on " +
22 permission.getActions());
23 }
24 }
So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
Por favor, faça login para denunciar.