Example 1 with FileResourceProvider
use of lucee.commons.io.res.type.file.FileResourceProvider in project Lucee by lucee.
the class SecurityManagerImpl method checkFileLocation.
@Override
public void checkFileLocation(ConfigWeb cw, Resource res, String strServerPassword) throws SecurityException {
if (res == null || !(res.getResourceProvider() instanceof FileResourceProvider)) {
return;
}
cw = (ConfigWeb) ThreadLocalPageContext.getConfig(cw);
Password serverPassword = PasswordImpl.passwordToCompare(cw, true, strServerPassword);
// All
if (getAccess(TYPE_FILE) == VALUE_ALL)
return;
// Local
if (getAccess(TYPE_FILE) == VALUE_LOCAL) {
res = ResourceUtil.getCanonicalResourceEL(res);
// local
if (rootDirectory != null)
if (ResourceUtil.isChildOf(res, rootDirectory))
return;
// custom
if (!ArrayUtil.isEmpty(customFileAccess)) {
for (int i = 0; i < customFileAccess.length; i++) {
if (ResourceUtil.isChildOf(res, customFileAccess[i]))
return;
}
}
if (isValid(cw, serverPassword) || isAdminContext())
return;
throw new SecurityException(createExceptionMessage(res, true), "access is prohibited by security manager");
}
// None
if (isValid(cw, serverPassword))
return;
// custom
if (!ArrayUtil.isEmpty(customFileAccess)) {
res = ResourceUtil.getCanonicalResourceEL(res);
for (int i = 0; i < customFileAccess.length; i++) {
if (ResourceUtil.isChildOf(res, customFileAccess[i]))
return;
}
}
if (isAdminContext())
return;
throw new SecurityException(createExceptionMessage(res, false), "access is prohibited by security manager");
}
Also used :
FileResourceProvider(lucee.commons.io.res.type.file.FileResourceProvider)
SecurityException(lucee.runtime.exp.SecurityException)
Password(lucee.runtime.config.Password)
Aggregations
FileResourceProvider (lucee.commons.io.res.type.file.FileResourceProvider)1
Password (lucee.runtime.config.Password)1
SecurityException (lucee.runtime.exp.SecurityException)1
