Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed

      Description

      I faced a problem with SecurityChecker and PACL.
      In my plugin I have the code:
      Mac mac = Mac.getInstance("HMACSHA1");

      If security manager is enabled it throws the exception:
      java.lang.SecurityException: Attempted to putProviderProperty.SUN on
      at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
      at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
      at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
      at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
      at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
      at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
      at java.security.Provider.check(Provider.java:386)
      at java.security.Provider.putAll(Provider.java:224)
      at sun.security.action.PutAllAction.run(PutAllAction.java:35)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.provider.Sun.<init>(Sun.java:254)
      at sun.security.util.ManifestEntryVerifier.setEntry(ManifestEntryVerifier.java:110)

      I looked into the code of SecurityChecker and found out that it can handle only permissions for getPolicy and setPolicy. In other cases it ALWAYS throws the security exception:
      public void checkPermission(Permission permission) {
      String name = permission.getName();

      if (name.equals(SECURITY_PERMISSION_GET_POLICY)) {
      if (!hasGetPolicy())

      { throwSecurityException(_log, "Attempted to get the policy"); }

      }
      else if (name.equals(SECURITY_PERMISSION_SET_POLICY)) {
      if (!hasSetPolicy())

      { throwSecurityException(_log, "Attempted to set the policy"); }

      }
      else {
      if (_log.isDebugEnabled())

      { Thread.dumpStack(); }

      throwSecurityException(
      _log,
      "Attempted to " + permission.getName() + " on " +
      permission.getActions());
      }
      }

      So, it looks like there is no way to run such "tivial" code with enabled Security Manager in LR. Did I miss anything?

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 34 weeks, 3 days ago