Implement PACL security manager

LPS-32137 PACL- java.lang.SecurityException: Attempted to get environment name *

• Closed

LPS-32235 As a Marketplace Developer, I would like to specify PACL policies for allowed socket connections using wildcards, so that my app can deploy to unknown environments successfully

• Closed

LPS-34711 PACL does not allow launching java from a plugin

• Closed

LPS-34863 PACL AccessControlException with Mojarra JSF portlets with @PostConstruct annotated managed-bean methods

• Closed

LPS-25725 Executing "Clean Up Permissions" twice removes Add to Page permissions for User role

• Closed

LPS-28210 PACL: Deploying test-pacl-portlet does not allow adding of blog entries

• Closed

LPS-29397 PACL causes exceptions when upgrading to GA2

• Closed

LPS-32623 PACL incompatibility with MacOS X JDK

• Closed

LPS-34609 PACL - Permission implementations need to follow the 0, 1, or 2 rule for Constructors

• Closed

LPS-34664 PACL - As a plugin developer I would like to see DEBUG logging enabled for GeneratingPACLPolicy by default

• Closed

LPS-34689 PACL causes ExpandoBridgeImpl's equals comparison to fail

• Closed

LPS-36198 SQLChecker fails to parse valid SQL on Hypersonic

• Closed

LPS-33047 PACL - As a developer I would like reasonable java operations such as classloading, reflection, native library access within libraries I include to not prevent me from developing plugins for the marketplace

• 
• Closed

LPS-28281 PACL utilities should use ProxyUtil rather than Proxy for better concurrency

• 
• Closed

LPS-33296 PACL - Refactor PortalSecurityManager into an injectable resource

• 
• Closed

LPS-33009 PACL - Read and track state by enum

• 
• Closed

LPS-33010 PACL - Expose methods to get specific checkers

• 
• Closed

LPS-33011 PACL - Rule generation API

• 
• Closed

LPS-33018 PACL - Implement the rule generation API

• 
• Closed

LPS-33020 PACL - Generating policy implementation

• 
• Closed

LPS-33058 PACL - Rename PACLClassLoaderUtil to ClassLoaderUtil to begin uncluttering the portal of PACL naming

• 
• Closed

LPS-33286 PACL - java.security.Policy based PACL implementation (a.k.a. PACLv2)

• 
• Closed

LPS-33292 PACL - Centralize initialization of PACL into a private SecurityManagerUtil class

• 
• Closed

LPS-33293 PACL - Use new SecurityManagerUtil and initialize as early as possible

• 
• Closed

LPS-33298 PACL- Initialize the new java.security.Policy

• 
• Closed

LPS-33324 PACL - Convert to boolean implies API method to match j.s.Policy

• 
• Closed

LPS-33329 PACL - Implement a bean post processor which will process @DoPrivileged annotations

• 
• Closed

LPS-33330 PACL - It's nessecary to initialize the portal security manager impl from the beginning in all cases

• 
• Closed

LPS-33331 PACL - private interfaces to support proxies

• 
• Closed

LPS-33334 PACL - Apply interfaces everywhere a cast to the impl exists

• 
• Closed

LPS-33351 PACL - Private interface so that core code can unwrap privileged beans if needed

• 
• Closed

LPS-33358 PACL - Move PACL specific classes into the pacl package

• 
• Closed

LPS-33367 PACL - Algorithm for handling permission checks on accessibility changes in local code

• 
• Closed

LPS-33368 PACL - AWTPermission support (richfaces uses AWT for image processing)

• 
• Closed

LPS-33585 PACL - Document environment variable security property

• 
• Closed

LPS-33587 PACL - deprecate PACLBeanHandler

• 
• Closed

LPS-33589 PACL - deprecate BaseReflectChecker

• 
• Closed

LPS-33592 PACL - deprecate PACLTemplateWrapper

• 
• Closed

LPS-33594 PACL - deprecate PACLAdvice

• 
• Closed

LPS-33596 PACL - deprecate PACLClassUtil

• 
• Closed

LPS-33608 PACL - rename inner PACLPortalLifecycle class

• 
• Closed

LPS-33609 PACL - eliminate most occurences of PortalSecurityManagerThreadLocal

• 
• Closed

LPS-33610 PACL - centralize and localize HookHotDeployListener security checks

• 
• Closed

LPS-33657 PACL - remove uses of CheckerUtil.isAccessControllerDoPrivileged()

• 
• Closed

LPS-33658 PACL - add method to get the policy on PortalSecurityManager interface

• 
• Closed

LPS-33661 PACL - remove unused PACLPolicy.hasPortalService method

• 
• Closed

LPS-33663 PACL - add missing getter to LogFactoryUtil - needed for pacl security

• 
• Closed

LPS-33665 PACL - remove hard coded classnames from RuntimeChecker

• 
• Closed

LPS-33679 PACL - unwrap HttpImpl if it's wrapped by DoPrivilegedBean

• 
• Closed

LPS-33685 PACL - prevent a circularity error in CentralizedThreadLocal

• 
• Closed

LPS-33689 PACL - add missing permission checks to ExpandoBridgeFactoryUtil

• 
• Closed

LPS-33691 PACL - centralize getClassLoader permission check, make sure it doesn't break any native JVM checks

• 
• Closed

LPS-33692 PACL - remove unused interface from InfrastructureUtil

• 
• Closed

LPS-33696 PACL - add missing socket permission checks to HttpUtil

• 
• Closed

LPS-33697 PACL - add missing permission checks to FileUtil

• 
• Closed

LPS-33699 PACL - prevent FileAvailabilityUtil from causing an unnecessary FilePermission check

• 
• Closed

LPS-33700 PACL - centralize PortalMessageBusPermission checking

• 
• Closed

LPS-33701 PACL - centralize ThreadPoolExecutor checking

• 
• Closed

LPS-33702 PACL - centralize DynamicQuery check

• 
• Closed

LPS-33703 PACL - centralize the Service checks

• 
• Closed

LPS-33704 PACL - implement security checks for PortletBagPool

• 
• Closed

LPS-33717 PACL - implement cross-plugin security checks for BeanLocator

• 
• Closed

LPS-33722 PACL - centralize PortalHookPermission checking

• 
• Closed

LPS-33724 PACL - remove unused code from SecurityManagerUtil

• 
• Closed

LPS-33725 PACL - remove remaining uses of PortalSecurityManagerThreadLocal in favour of access controllers

• 
• Closed

LPS-33726 PACL - fast way to get the current PACLPolicy

• 
• Closed

LPS-33729 PACL - ensure accessibility checks still work on public members

• 
• Closed

LPS-33748 PACL - method of detecting privileged callers

• 
• Closed

LPS-33750 PACL - method to account for differences between JVM implementations

• 
• Closed

LPS-33751 PACL - method for deep Liferay bean class detection

• 
• Closed

LPS-33769 PACL - method to dynamically wrap objects with a privileged handler

• 
• Closed

LPS-33779 PACL - register trusted protection domains as early as possible

• 
• Closed

LPS-33782 PACL - implement trusted caller support for SecurityChecker

• 
• Closed

LPS-33784 PACL - implement trusted caller support for RuntimeChecker

• 
• Closed

LPS-33786 PACL - implement trusted caller support for ReflectChecker

• 
• Closed

LPS-33787 PACL - implement trusted caller support for PortalServiceChecker

• 
• Closed

LPS-33789 PACL - implement trusted caller support for NetChecker

• 
• Closed

LPS-33815 PACL - improve the performance of DoPrivilegedHandler

• 
• Closed

LPS-33820 PACL - update the FileChecker with improved logic

• 
• Closed

LPS-33823 PACL - implement trusted caller support for PortalRuntimeChecker

• 
• Closed

LPS-33826 PACL - separate context classloader swaping from the PACL logic in DirectRequestDispatcherFactoryImpl

• 
• Closed

LPS-33863 PACL - fix a small regression with the JSP compiler

• 
• Closed

LPS-33864 PACL - fallback onto a locally instantiated, locally applicable java.security.Policy

• 
• Closed

LPS-33866 PACL - fix identification of current JVM version

• 
• Closed

LPS-33875 PACL - wrap objects with DoPrivileged proxy where appropriate

• 
• Closed

LPS-33876 PACL - inject pacl into BeanLocatorImpl

• 
• Closed

LPS-33877 PACL - add access controller to PACLRequestDispatcherWrapper

• 
• Closed

LPS-33879 PACL - inject pacl into DataSourceFactoryImpl

• 
• Closed

LPS-33881 PACL - inject pacl into HotDeployImpl

• 
• Closed

LPS-33882 PACL - inject pacl into DirectRequestDispatcherFactoryImpl

• 
• Closed

LPS-33884 PACL - inject pacl into PortalFilePermission

• 
• Closed

LPS-33885 PACL - inject pacl into PortalHookPermission

• 
• Closed

LPS-33886 PACL - inject pacl into PortalMessageBusPermission

• 
• Closed

LPS-33887 PACL - the PortalMessageBusPermission only checks send

• 
• Closed

LPS-33889 PACL - inject pacl into PortalRuntimePermission

• 
• Closed

LPS-33890 PACL - inject pacl into PortalServicePermission

• 
• Closed

LPS-33891 PACL - inject pacl into PortalSocketPermission

• 
• Closed

LPS-33893 PACL - inject pacl into PortletApplicationContext

• 
• Closed

LPS-33894 PACL - inject pacl into ServiceBeanAopProxy

• 
• Closed

LPS-33898 PACL - util-taglib should not be changing context classLoader

• 
• Closed

LPS-33899 PACL - auto proxy finder and persistence when PACL is enabled

• 
• Closed

LPS-33900 PACL - allow service builder plugins to unregister their MBeans

• 
• Closed

LPS-33904 PACL - create a test suite for testing PACL

• 
• Closed

LPS-33906 PACL - SQL tests

• 
• Closed

LPS-33932 PACL - when calling the portal's BeanLocator the servletContextName is null

• 
• Closed

LPS-33938 PACL - when we create PACLInitialContextFactoryBuilder we block the JVM from performing scheme based JNDI lookups

• 
• Closed

LPS-33954 PACL - getPackage on a java proxy returns null

• 
• Closed

LPS-33960 PACL - make sure BeanLocator beans are properly wrapped (avoid wrapping in VelocityBeanHandler when not a velocity bean)

• 
• Closed

LPS-33961 PACL - prevent deep cascading permission checks on getClassLoader

• 
• Closed

LPS-33964 PACL - fix BeanLocatorTest to account for the bean being wrapped rather than not returned (so that i behaves like it did originally)

• 
• Closed

LPS-33965 PACL - don't wrap the bean if it's the portal asking for it

• 
• Closed

LPS-34240 PACL - SQL security checks for indexes

• 
• Closed

LPS-34724 PACL - move the classes and make the API changes to load from the jar

• 
• Closed

LPS-38601 PACL - PortalDelegateServlet does not work when PACL is enabled

• Closed