Portal Access Control List (PACL) Properties
Liferay Portal’s Plugin Security Manager checks all your plugin’s API access attempts against the security manager properties specified in your plugin’s
liferay-plugin-package.properties file. If your plugin tries to access a portal resource that is not specified in these properties, the Plugin Security Manager prevents it from happening. Consider this a virtual finger waggin’. To prevent this from happening, you have to tell the Plugin Security Manager up-front the access your plugin needs.
The online definitions for the PACL properties can be found at http://docs.liferay.com/portal/6.2/propertiesdoc/liferay-plugin-package_6_2_0.properties.html. If you have the Liferay Portal source code, you can find the
liferay-plugin-package_6_2_0.properties file in the
Some of the properties accept wildcard characters that have special meaning. Let’s investigate the wildcard characters you can use in your plugin’s file security properties.
The following properties address file deletion, execution, reading, writing and replacement operations. The
* character in a path name indicates all files in the current directory. The
- character in a path name indicates all files in the current directory and in its subdirectories.
Here’s an example that uses the
- character to specify that the plugin is permitted to delete files in the
../webapps/chat-portlet/WEB-INF/src/com/liferay/chat/temp directory and its subdirectories.
Note, you can use a relative paths in the file security properties.
You can use a mix of UNIX/Linux style paths and Windows style paths as demonstrated in the example below:
And the following example uses the
* character to specify that the plugin is reads files in the
../webapps/chat-portlet/WEB-INF/* directories, but not their subdirectories:
For socket security properties the
* character represents any hostname. For example,
*.liferay.com matches any host ending in
.liferay.com, such as
*:* matches every socket and every port.