diff --git a/exo.core.component.database/pom.xml b/exo.core.component.database/pom.xml index 8bdda5daf..54c7a828e 100644 --- a/exo.core.component.database/pom.xml +++ b/exo.core.component.database/pom.xml @@ -136,13 +136,7 @@ - - - maven-surefire-plugin - - @{argLine} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy - - + maven-antrun-plugin diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/ExoDatasource.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/ExoDatasource.java index 2e25e36b5..36e60ed85 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/ExoDatasource.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/ExoDatasource.java @@ -18,15 +18,12 @@ */ package org.exoplatform.services.database; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.database.table.IDGenerator; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.DatabaseMetaData; -import java.sql.SQLException; import javax.sql.DataSource; @@ -96,14 +93,7 @@ public class ExoDatasource public ExoDatasource(final DataSource ds) throws Exception { xaDatasource_ = ds; - DatabaseMetaData metaData = - SecurityHelper.doPrivilegedSQLExceptionAction(new PrivilegedExceptionAction() - { - public DatabaseMetaData run() throws SQLException - { - return ds.getConnection().getMetaData(); - } - }); + DatabaseMetaData metaData = ds.getConnection().getMetaData(); databaseName_ = metaData.getDatabaseProductName(); databaseVersion_ = metaData.getDatabaseProductVersion(); diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java index 7e81b4186..d6c3aaf42 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/creator/DBCreator.java @@ -20,7 +20,6 @@ import org.exoplatform.commons.utils.ClassLoading; import org.exoplatform.commons.utils.IOUtil; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.configuration.ConfigurationException; import org.exoplatform.container.configuration.ConfigurationManager; import org.exoplatform.container.xml.InitParams; @@ -31,7 +30,6 @@ import org.exoplatform.services.database.utils.JDBCUtils; import java.io.IOException; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; @@ -446,14 +444,8 @@ private Connection openConnection() throws DBCreatorException { ClassLoading.forName(connectionProperties.get(DRIVER_NAME), this); - conn = SecurityHelper.doPrivilegedSQLExceptionAction(new PrivilegedExceptionAction() - { - public Connection run() throws Exception - { - return DriverManager.getConnection(serverUrl, connectionProperties.get(USERNAME), - connectionProperties.get(PASSWORD)); - } - }); + conn = DriverManager.getConnection(serverUrl, connectionProperties.get(USERNAME), + connectionProperties.get(PASSWORD)); return conn; } diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java index 4d8239c7a..073f7b8e9 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/HibernateServiceImpl.java @@ -30,8 +30,6 @@ import org.hibernate.cfg.Configuration; import org.exoplatform.commons.exception.ObjectNotFoundException; -import org.exoplatform.commons.utils.PrivilegedSystemHelper; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.ExoContainer; import org.exoplatform.container.component.ComponentRequestLifecycle; import org.exoplatform.container.xml.InitParams; @@ -64,11 +62,7 @@ public class HibernateServiceImpl implements HibernateService, ComponentRequestL public HibernateServiceImpl(InitParams initParams) { threadLocal_ = new ThreadLocal(); PropertiesParam param = initParams.getPropertiesParam("hibernate.properties"); - conf_ = SecurityHelper.doPrivilegedAction(new PrivilegedAction() { - public HibernateConfigurationImpl run() { - return new HibernateConfigurationImpl(); - } - }); + conf_ = new HibernateConfigurationImpl(); Iterator properties = param.getPropertyIterator(); while (properties.hasNext()) { Property p = (Property) properties.next(); @@ -79,7 +73,7 @@ public HibernateConfigurationImpl run() { String connectionURL = conf_.getProperty("hibernate.connection.url"); if (connectionURL != null) { connectionURL = - connectionURL.replace("${java.io.tmpdir}", PrivilegedSystemHelper.getProperty("java.io.tmpdir")); + connectionURL.replace("${java.io.tmpdir}", System.getProperty("java.io.tmpdir")); conf_.setProperty("hibernate.connection.url", connectionURL); } } @@ -93,12 +87,7 @@ public Configuration getHibernateConfiguration() { */ public SessionFactory getSessionFactory() { if (sessionFactory_ == null) { - sessionFactory_ = SecurityHelper.doPrivilegedAction(new PrivilegedAction() { - public SessionFactory run() { - SessionFactory factory = conf_.buildSessionFactory(); - return factory; - } - }); + sessionFactory_ = conf_.buildSessionFactory(); } return sessionFactory_; diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/XAPoolTxSupportDatabaseService.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/XAPoolTxSupportDatabaseService.java index 5af962946..9be06cf3e 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/XAPoolTxSupportDatabaseService.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/impl/XAPoolTxSupportDatabaseService.java @@ -20,14 +20,12 @@ import org.enhydra.jdbc.pool.StandardXAPoolDataSource; import org.enhydra.jdbc.standard.StandardXADataSource; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.xml.InitParams; import org.exoplatform.container.xml.PropertiesParam; import org.exoplatform.services.database.DatabaseService; import org.exoplatform.services.database.ExoDatasource; import org.exoplatform.services.transaction.TransactionService; -import java.security.PrivilegedAction; import java.sql.Connection; import java.util.HashMap; import java.util.Iterator; @@ -96,13 +94,7 @@ public TransactionService getTransactionService() throws Exception private DataSource createDatasource(Map props) throws Exception { - StandardXADataSource ds = SecurityHelper.doPrivilegedAction(new PrivilegedAction() - { - public StandardXADataSource run() - { - return new StandardXADataSource(); - } - }); + StandardXADataSource ds = new StandardXADataSource(); ds.setDriverName(props.get("connection.driver")); ds.setUrl(props.get("connection.url")); diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/DialectDetecter.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/DialectDetecter.java index 15215e8b5..d005fc642 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/DialectDetecter.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/DialectDetecter.java @@ -18,11 +18,9 @@ */ package org.exoplatform.services.database.utils; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; -import java.security.PrivilegedExceptionAction; import java.sql.DatabaseMetaData; import java.sql.SQLException; @@ -51,14 +49,7 @@ public class DialectDetecter */ public static String detect(final DatabaseMetaData metaData) throws SQLException { - final String databaseName = - SecurityHelper.doPrivilegedSQLExceptionAction(new PrivilegedExceptionAction() - { - public String run() throws Exception - { - return metaData.getDatabaseProductName(); - } - }); + final String databaseName = metaData.getDatabaseProductName(); if ("HSQL Database Engine".equals(databaseName)) { diff --git a/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/JDBCUtils.java b/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/JDBCUtils.java index cb3c28058..acc54b134 100644 --- a/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/JDBCUtils.java +++ b/exo.core.component.database/src/main/java/org/exoplatform/services/database/utils/JDBCUtils.java @@ -18,11 +18,9 @@ */ package org.exoplatform.services.database.utils; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; @@ -272,13 +270,7 @@ public static String getAppropriateCharType(DataSource dataSource) throws SQLExc */ public static String resolveDialect(final DataSource dataSource) throws SQLException { - Connection jdbcConn = SecurityHelper.doPrivilegedSQLExceptionAction(new PrivilegedExceptionAction() - { - public Connection run() throws Exception - { - return dataSource.getConnection(); - } - }); + Connection jdbcConn = dataSource.getConnection(); try { diff --git a/exo.core.component.organization.api/pom.xml b/exo.core.component.organization.api/pom.xml index 8a3b0142c..4c12be647 100644 --- a/exo.core.component.organization.api/pom.xml +++ b/exo.core.component.organization.api/pom.xml @@ -97,12 +97,6 @@ - - maven-surefire-plugin - - @{argLine} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy - - org.apache.maven.plugins maven-antrun-plugin diff --git a/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java b/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java index fb4f4753b..bb919d70e 100644 --- a/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java +++ b/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/GroovyScriptInstantiator.java @@ -24,7 +24,6 @@ import org.codehaus.groovy.control.CompilationFailedException; import org.exoplatform.commons.utils.IOUtil; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.ExoContainer; import org.exoplatform.container.ExoContainerContext; import org.exoplatform.container.component.ComponentPlugin; @@ -136,26 +135,14 @@ public Object instantiateScript(InputStream stream, String name) throws IOExcept GroovyClassLoader loader; if (mapping.size() > 0) { - JarJarClassLoader jarjarLoader = SecurityHelper.doPrivilegedAction(new PrivilegedAction() - { - public JarJarClassLoader run() - { - return new JarJarClassLoader(); - } - }); + JarJarClassLoader jarjarLoader = new JarJarClassLoader(); jarjarLoader.addMapping(mapping); loader = jarjarLoader; } else { - loader = SecurityHelper.doPrivilegedAction(new PrivilegedAction() - { - public GroovyClassLoader run() - { - return new GroovyClassLoader(); - } - }); + loader = new GroovyClassLoader(); } return instantiateScript(stream, name, loader); } @@ -181,40 +168,8 @@ public Object instantiateScript(final InputStream stream, final String name, Gro loader = new GroovyClassLoader(); } Class clazz = null; - try - { - final GroovyClassLoader fLoader = loader; - clazz = SecurityHelper.doPrivilegedExceptionAction(new PrivilegedExceptionAction>() - { - public Class run() throws Exception - { - if (name != null && name.length() > 0) - { - return fLoader.parseClass(stream, name); - } - else - { - return fLoader.parseClass(IOUtil.getStreamContentAsString(stream)); - } - } - }); - } - catch (PrivilegedActionException pae) - { - Throwable cause = pae.getCause(); - if (cause instanceof CompilationFailedException) - { - throw new IOException("Error occurs when parse stream, compiler error:\n " + cause.getMessage(), cause); - } - else if (cause instanceof RuntimeException) - { - throw (RuntimeException)cause; - } - else - { - throw new RuntimeException(cause); - } - } + final GroovyClassLoader fLoader = loader; + clazz = fLoader.parseClass(IOUtil.getStreamContentAsString(stream)); try { @@ -253,13 +208,7 @@ public Object instantiateScript(final GroovyCodeSource codeSource, GroovyClassLo } final GroovyClassLoader fLoader = loader; - Class clazz = SecurityHelper.doPrivilegedAction(new PrivilegedAction>() - { - public Class run() - { - return fLoader.parseClass(codeSource); - } - }); + Class clazz = fLoader.parseClass(codeSource); try { diff --git a/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java b/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java index ca3b58d6a..404d66dce 100644 --- a/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java +++ b/exo.core.component.script.groovy/src/main/java/org/exoplatform/services/script/groovy/jarjar/JarJarClassLoader.java @@ -29,10 +29,8 @@ import org.codehaus.groovy.control.CompilerConfiguration; import org.codehaus.groovy.control.Phases; import org.codehaus.groovy.control.SourceUnit; -import org.exoplatform.commons.utils.SecurityHelper; import java.security.CodeSource; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Iterator; import java.util.List; @@ -98,13 +96,7 @@ protected CompilationUnit createCompilationUnit(final CompilerConfiguration comp final CodeSource codeSource) { // - final CompilationUnit unit = SecurityHelper.doPrivilegedAction(new PrivilegedAction() - { - public CompilationUnit run() - { - return JarJarClassLoader.super.createCompilationUnit(compilerConfiguration, codeSource); - } - }); + final CompilationUnit unit = JarJarClassLoader.super.createCompilationUnit(compilerConfiguration, codeSource); // unit.addPhaseOperation(new CompilationUnit.PrimaryClassNodeOperation() @@ -148,12 +140,6 @@ public void call(SourceUnit sourceUnit, GeneratorContext generatorContext, Class static protected JarJarClassLoader createJarJarClassLoaderInPrivilegedMode(final ClassLoader classLoader) { - return SecurityHelper.doPrivilegedAction(new PrivilegedAction() - { - public JarJarClassLoader run() - { - return new JarJarClassLoader(classLoader); - } - }); + return new JarJarClassLoader(classLoader); } } diff --git a/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/TestScript.java b/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/TestScript.java index 33902cb4d..03dc5fab5 100644 --- a/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/TestScript.java +++ b/exo.core.component.script.groovy/src/test/java/org/exoplatform/services/script/groovy/jarjar/TestScript.java @@ -23,8 +23,6 @@ import junit.framework.Assert; import junit.framework.AssertionFailedError; -import org.exoplatform.commons.utils.PrivilegedSystemHelper; - import java.io.IOException; import java.net.URL; @@ -54,7 +52,7 @@ public Object execute(Mapping mapping) mapping.configure(loader); // Obtain script class - URL url = PrivilegedSystemHelper.getResource("jarjar/" + name); + URL url = Thread.currentThread().getContextClassLoader().getResource("jarjar/" + name); Assert.assertNotNull(url); GroovyCodeSource gcs; try diff --git a/exo.core.component.security.core/pom.xml b/exo.core.component.security.core/pom.xml index 9245fc9b6..e4ee8eb6b 100644 --- a/exo.core.component.security.core/pom.xml +++ b/exo.core.component.security.core/pom.xml @@ -61,12 +61,6 @@ - - maven-surefire-plugin - - @{argLine} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy - - maven-antrun-plugin diff --git a/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java b/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java index 9dc3612bb..519a8b38a 100644 --- a/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java +++ b/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java @@ -78,7 +78,6 @@ public static ConversationState getCurrent() */ public static void setCurrent(ConversationState state) { - checkPermissions(); current.set(state); } @@ -98,7 +97,6 @@ public Identity getIdentity() */ public void setAttribute(String name, Object value) { - checkPermissions(); this.attributes.put(name, value); } @@ -128,7 +126,6 @@ public Set getAttributeNames() */ public void removeAttribute(String name) { - checkPermissions(); this.attributes.remove(name); } @@ -140,15 +137,4 @@ public ThreadContext getThreadContext() return new ThreadContext(current); } - /** - * Checks if modification allowed - */ - private static void checkPermissions() - { - SecurityManager security = System.getSecurityManager(); - if (security != null) - { - security.checkPermission(PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION); - } - } } diff --git a/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java b/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java index ee435fb75..b8c542c80 100644 --- a/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java +++ b/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java @@ -18,8 +18,6 @@ */ package org.exoplatform.services.security; -import org.exoplatform.commons.utils.secure.SecureCollections; - import java.util.Collection; import java.util.HashSet; import java.util.Set; @@ -87,11 +85,8 @@ public Identity(String userId, Collection memberships) public Identity(String userId, Collection memberships, Collection roles) { this.userId = userId; - this.memberships = - SecureCollections.secureSet(new MembershipHashSet(memberships), - PermissionConstants.MODIFY_IDENTITY_PERMISSION); - this.roles = - SecureCollections.secureSet(new HashSet(roles), PermissionConstants.MODIFY_IDENTITY_PERMISSION);; + this.memberships = new MembershipHashSet(memberships); + this.roles = new HashSet<>(roles); } /** @@ -201,11 +196,6 @@ public Subject getSubject() */ public void setSubject(Subject subject) { - SecurityManager security = System.getSecurityManager(); - if (security != null) - { - security.checkPermission(PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } this.subject = subject; } @@ -219,4 +209,4 @@ private boolean containsMembership(MembershipEntry checkMe) { return memberships.contains(checkMe); } -} \ No newline at end of file +} diff --git a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java b/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java deleted file mode 100644 index d3564df8e..000000000 --- a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/BaseSecurityTest.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.exoplatform.services.security; - -import java.net.URL; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.AllPermission; -import java.security.CodeSource; -import java.security.Permission; -import java.security.Permissions; -import java.security.PrivilegedExceptionAction; -import java.security.ProtectionDomain; - -import junit.framework.TestCase; - -/** - * @author Nikolay Zamosenchuk - * @version $Id: BaseSecurityTest.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ - * - */ -public abstract class BaseSecurityTest extends TestCase -{ - /** - * - */ - public BaseSecurityTest() - { - super(); - } - - /** - * @param name - */ - public BaseSecurityTest(String name) - { - super(name); - } - - /** - * Run privileged action with given privileges. - */ - public T doActionWithPermissions(PrivilegedExceptionAction action, Permission... permissions) throws Exception - { - Permissions allPermissions = new Permissions(); - for (Permission permission : permissions) - { - if (permission != null) - { - allPermissions.add(permission); - } - } - ProtectionDomain[] protectionDomains = - new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), - (java.security.cert.Certificate[])null), allPermissions)}; - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - - protected URL getCodeSource() - { - return getClass().getProtectionDomain().getCodeSource().getLocation(); - } - -} \ No newline at end of file diff --git a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java b/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java deleted file mode 100644 index 72721ea20..000000000 --- a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestIdentityPermissions.java +++ /dev/null @@ -1,287 +0,0 @@ -/* - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.exoplatform.services.security; - -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; - -import javax.security.auth.Subject; - -/** - * Test used to check whether SecurityManager related features are working properly. - * - * @author Nikolay Zamosenchuk - * @version $Id: TestPermissions.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ - * - */ -public class TestIdentityPermissions extends BaseSecurityTest -{ - - public void testSecurityManagerExists() - { - assertNotNull(System.getSecurityManager()); - } - - /** - * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given - */ - public void testModifyRolesWithPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().getRoles().clear(); - return null; - } - }, PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that setRoles is permitted if MODIFY_IDENTITY_PERMISSION given - */ - public void testSetRolesWithPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().setRoles(new HashSet()); - return null; - } - }, PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that modification is denied if no permission given - */ - public void testModifyRolesWithNoPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().getRoles().clear(); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - /** - * Checks that setRoles is denied if no permission given - */ - public void testSetWithRolesNoPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().setRoles(new HashSet()); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - /** - * Checks that modification is permitted if MODIFY_IDENTITY_PERMISSION given - */ - public void testModifyMembershipsWithPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().getMemberships().clear(); - return null; - } - }, PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that setMemberships is permitted if MODIFY_IDENTITY_PERMISSION given - */ - public void testSetMembershipsWithPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - @SuppressWarnings("deprecation") - public Object run() throws Exception - { - getIdentity().setMemberships(new HashSet()); - return null; - } - }, PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that modification is denied if no permission given - */ - public void testModifyMembershipsWithNoPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().getMemberships().clear(); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - /** - * Checks that setMemberships is denied if no permission given - */ - public void testSetWithMembershipsNoPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - @SuppressWarnings("deprecation") - public Object run() throws Exception - { - getIdentity().setMemberships(new HashSet()); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - /** - * Checks setSubject is permitted with "setSubject" permission - */ - public void testSubjectWithSetSubjectPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().setSubject(new Subject()); - return null; - } - }, PermissionConstants.MODIFY_IDENTITY_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks setSubject is denied without "setSubject" permission - */ - public void testSubjectWithNoPermissions() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - getIdentity().setSubject(new Subject()); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // ok - } - } - - /** - * Creates dummy Identity for testing purposes - * - * @return - */ - private Identity getIdentity() - { - Collection memberships = null; - - memberships = new ArrayList(); - memberships.add(new MembershipEntry("/group1", "*")); - memberships.add(new MembershipEntry("/group2", "member")); - - final Identity identity = new Identity("user", memberships); - return identity; - } - -} diff --git a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java b/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java deleted file mode 100644 index c6354de88..000000000 --- a/exo.core.component.security.core/src/test/java/org/exoplatform/services/security/TestStatePermissions.java +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.exoplatform.services.security; - -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.Collection; - -/** - * @author Nikolay Zamosenchuk - * @version $Id: TestStatePermissions.java 34360 2009-07-22 23:58:59Z nzamosenchuk $ - * - */ -public class TestStatePermissions extends BaseSecurityTest -{ - private ConversationState state; - - @Override - protected void setUp() throws Exception - { - super.setUp(); - Collection memberships = null; - - memberships = new ArrayList(); - memberships.add(new MembershipEntry("/group1", "*")); - memberships.add(new MembershipEntry("/group2", "member")); - - Identity identity = new Identity("user", memberships); - state = new ConversationState(identity); - } - - /** - * Checks that modification is permitted - */ - public void testStateSetCurrentWithPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - ConversationState.setCurrent(state); - ConversationState.setCurrent(null); - return null; - } - }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that modification is denied if no permission given - */ - public void testStateSetCurrentWithNoPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - ConversationState.setCurrent(state); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - /** - * Checks that modification is permitted - */ - public void testStateSetAttributeWithPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - state.setAttribute("attribute", "value"); - return null; - } - }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that modification is denied if no permission given - */ - public void testStateSetAttributeWithNoPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - state.setAttribute("attribute", "value"); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } - - - /** - * Checks that modification is permitted - */ - public void testStateRemoveAttributeWithPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - state.removeAttribute("attribute"); - return null; - } - }, PermissionConstants.MODIFY_CONVERSATION_STATE_PERMISSION); - } - catch (Exception e) - { - fail("Modification should be successfull, since it is launched with required permissions."); - } - } - - /** - * Checks that modification is denied if no permission given - */ - public void testStateRemoveAttributeWithNoPermission() - { - try - { - doActionWithPermissions(new PrivilegedExceptionAction() - { - public Object run() throws Exception - { - state.removeAttribute("attribute"); - return null; - } - }); - fail("Modification should be denied"); - } - catch (Exception e) - { - // it's ok - } - } -} diff --git a/exo.core.component.xml-processing/pom.xml b/exo.core.component.xml-processing/pom.xml index 8759e9ab6..1a8b141d4 100644 --- a/exo.core.component.xml-processing/pom.xml +++ b/exo.core.component.xml-processing/pom.xml @@ -92,12 +92,6 @@ - - maven-surefire-plugin - - @{argLine} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy - - maven-antrun-plugin diff --git a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java index fd6942581..d484d1e73 100644 --- a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java +++ b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/resolving/impl/XMLResolver.java @@ -18,7 +18,6 @@ */ package org.exoplatform.services.xml.resolving.impl; -import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; @@ -67,10 +66,10 @@ public InputSource resolveEntity(String publicId, String systemId) throws SAXExc entity = publicIDs_.get(publicId); if (entity != null) { - if (PrivilegedSystemHelper.getResource(entity) != null) + if (this.getClass().getResource(entity) != null) { - InputSource src = new InputSource(PrivilegedSystemHelper.getResourceAsStream(entity)); - src.setSystemId(PrivilegedSystemHelper.getResource(entity).getPath()); + InputSource src = new InputSource(Thread.currentThread().getContextClassLoader().getResourceAsStream(entity)); + src.setSystemId(Thread.currentThread().getContextClassLoader().getResource(entity).getPath()); return src; } } diff --git a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java index a1b402f08..6434bf80d 100644 --- a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java +++ b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/TransformerBase.java @@ -18,8 +18,6 @@ */ package org.exoplatform.services.xml.transform.impl; -import org.exoplatform.commons.utils.PrivilegedSystemHelper; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.xml.resolving.XMLResolvingService; @@ -63,7 +61,7 @@ public abstract class TransformerBase implements AbstractTransformer public TransformerBase() { LOG.debug("Current javax.xml.parsers.SAXParserFactory sys property [ " - + PrivilegedSystemHelper.getProperty("javax.xml.parsers.SAXParserFactory", "-Not set-") + "]"); + + System.getProperty("javax.xml.parsers.SAXParserFactory", "-Not set-") + "]"); tSAXFactory = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); } @@ -73,13 +71,7 @@ public TransformerBase() */ static public XMLReader getXMLReader() throws SAXException { - return SecurityHelper.doPrivilegedSAXExceptionAction(new PrivilegedExceptionAction() - { - public XMLReader run() throws Exception - { - return XMLReaderFactory.createXMLReader(); - } - }); + return XMLReaderFactory.createXMLReader(); } public void setResolvingService(XMLResolvingService r) diff --git a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java index 335a486e5..9dfa88f4b 100644 --- a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java +++ b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTemplatesServiceImpl.java @@ -18,7 +18,6 @@ */ package org.exoplatform.services.xml.transform.impl.trax; -import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.container.component.ComponentPlugin; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -117,10 +116,10 @@ public void addPlugin(ComponentPlugin plugin) String xsltSchema = m.get(key); try { - if (PrivilegedSystemHelper.getResource(xsltSchema) != null) + if (Thread.currentThread().getContextClassLoader().getResource(xsltSchema) != null) { LOG.info("XSLT schema found by relative path: " + xsltSchema); - addTRAXTemplates(key, traxTransformerService_.getTemplates(new StreamSource(PrivilegedSystemHelper + addTRAXTemplates(key, traxTransformerService_.getTemplates(new StreamSource(Thread.currentThread().getContextClassLoader() .getResourceAsStream(xsltSchema)))); } else diff --git a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java index 01c1c76e0..ea1e42d87 100644 --- a/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java +++ b/exo.core.component.xml-processing/src/main/java/org/exoplatform/services/xml/transform/impl/trax/TRAXTransformerImpl.java @@ -18,7 +18,6 @@ */ package org.exoplatform.services.xml.transform.impl.trax; -import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.xml.transform.NotSupportedIOTypeException; import org.exoplatform.services.xml.transform.impl.TransformerBase; import org.exoplatform.services.xml.transform.trax.TRAXTransformer; @@ -29,8 +28,6 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Properties; import javax.xml.transform.ErrorListener; @@ -76,32 +73,9 @@ public TRAXTransformerImpl() throws TransformerConfigurationException public TRAXTransformerImpl(final Source source) throws TransformerConfigurationException { final SAXTransformerFactory saxTFactory = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); - try - { - tHandler = SecurityHelper.doPrivilegedExceptionAction(new PrivilegedExceptionAction() - { - public TransformerHandler run() throws Exception - { - return saxTFactory.newTransformerHandler(source); - } - }); - } - catch (PrivilegedActionException pae) - { - Throwable cause = pae.getCause(); - if (cause instanceof TransformerConfigurationException) - { - throw (TransformerConfigurationException)cause; - } - else if (cause instanceof RuntimeException) - { - throw (RuntimeException)cause; - } - else - { - throw new RuntimeException(cause); - } - } + + tHandler = saxTFactory.newTransformerHandler(source); + } public TRAXTransformerImpl(Templates templates) throws TransformerConfigurationException @@ -160,18 +134,11 @@ protected void internalTransform(Source source) throws TransformerException, Not { final XMLReader fXMLReader = xmlReader; final InputSource fInputSource = inputSource; - SecurityHelper.doPrivilegedExceptionAction(new PrivilegedExceptionAction() - { - public Void run() throws Exception - { - fXMLReader.parse(fInputSource); - return null; - } - }); + fXMLReader.parse(fInputSource); } - catch (PrivilegedActionException pae) + catch (Exception e) { - Throwable cause = pae.getCause(); + Throwable cause = e.getCause(); if (cause instanceof SAXException) { throw new TransformerException(cause);