Combination View Flat View Tree View
toggle
Dzmitry Shaparau
PACL, issue with SecurityChecker
October 31, 2012 3:20 AM
Answer

Dzmitry Shaparau

Rank: New Member

Posts: 8

Join Date: October 5, 2012

Recent Posts

Hi All,

I faced a problem with SecurityChecker and PACL.
In my plugin I have the code:
1Mac mac = Mac.getInstance("HMACSHA1");


If security manager is enabled it throws the exception:
 1java.lang.SecurityException: Attempted to putProviderProperty.SUN on
 2        at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3        at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4        at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6        at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
 8        at java.security.Provider.check(Provider.java:386)
 9        at java.security.Provider.putAll(Provider.java:224)
10        at sun.security.action.PutAllAction.run(PutAllAction.java:35)
11        at java.security.AccessController.doPrivileged(Native Method)
12        at sun.security.provider.Sun.<init>(Sun.java:254)
13        at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)


I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
 1public void checkPermission(Permission permission) {
 2        String name = permission.getName();
 3
 4        if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
 5            if (!hasGetPolicy()) {
 6                throwSecurityException(_log, "Attempted to get the policy");
 7            }
 8        }
 9        else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
10            if (!hasSetPolicy()) {
11                throwSecurityException(_log, "Attempted to set the policy");
12            }
13        }
14        else {
15            if (_log.isDebugEnabled()) {
16                Thread.dumpStack();
17            }
18
19            throwSecurityException(
20                _log,
21                "Attempted to " + permission.getName() + " on " +
22                    permission.getActions());
23        }
24    }


So, it looks like there is no way to run such "trivial" code with enabled Security Manager in LR. Did I miss anything?
Alexey Melnikov
RE: PACL, issue with SecurityChecker
November 12, 2012 1:04 AM
Answer

Alexey Melnikov

Rank: Regular Member

Posts: 103

Join Date: March 27, 2012

Recent Posts

I also have same problem.
If some permission check not in code, liferay not allowing run this code.
It will be great, if BaseChecker will provide some base functionality to add configurable permission checks, which are not provisioned in liferay.