论坛

主页 » 1. Marketplace App Development

RSS (打开新窗口)

组合视图 统一视图 树状图
讨论主题 [ 上一个 | 下一个 ]
发表新帖
toggle
Dzmitry Shaparau
PACL, issue with SecurityChecker
2012年10月31日 上午3:20
答复

Dzmitry Shaparau

等级: Youngling

帖子: 0

加入日期: 2012年10月5日

最近的帖子

Hi All,

I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");


If security manager is enabled it throws the exception:
 1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
 2        at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3        at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4        at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
 8        at java.security.Provider.check(Provider.java:386)
 9        at java.security.Provider.putAll(Provider.java:224)
10        at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11        at java.security.AccessController.doPrivileged(Native Method)
12        at sun.security.provider.Sun.<init>(Sun.java:254)
13        at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)


I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
 1public void checkPermission(Permission permission) {
 2        String name = permission.getName();
 3
 4        if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
 5            if (!hasGetPolicy()) {
 6                throwSecurityException(_log, "Attempted to get the policy");
 7            }
 8        }
 9        else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10            if (!hasSetPolicy()) {
11                throwSecurityException(_log, "Attempted to set the policy");
12            }
13        }
14        else {
15            if (_log.isDebugEnabled()) {
16                Thread.dumpStack();
17            }
18
19            throwSecurityException(
20                _log,
21                "Attempted to " + permission.getName() + " on " +
22                    permission.getActions());
23        }
24    }


So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
标识
Alexey Melnikov
RE: PACL, issue with SecurityChecker
2012年11月12日 上午1:04
答复

Alexey Melnikov

等级: Youngling

帖子: 0

加入日期: 2012年3月27日

最近的帖子

I also have same problem.
If some permission check not in code, liferay not allowing run this code.
It will be great, if BaseChecker will provide some base functionality to add configurable permission checks, which are not provisioned in liferay.
标识

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.