Examples with SecurityException lucee.runtime.exp.SecurityException used on opensource projects

Example 1 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class SecurityManagerImpl method checkFileLocation.

@Override
public void checkFileLocation(ConfigWeb cw, Resource res, String strServerPassword) throws SecurityException {
    if (res == null || !(res.getResourceProvider() instanceof FileResourceProvider)) {
        return;
    }
    cw = (ConfigWeb) ThreadLocalPageContext.getConfig(cw);
    Password serverPassword = PasswordImpl.passwordToCompare(cw, true, strServerPassword);
    // All
    if (getAccess(TYPE_FILE) == VALUE_ALL)
        return;
    // Local
    if (getAccess(TYPE_FILE) == VALUE_LOCAL) {
        res = ResourceUtil.getCanonicalResourceEL(res);
        // local
        if (rootDirectory != null)
            if (ResourceUtil.isChildOf(res, rootDirectory))
                return;
        // custom
        if (!ArrayUtil.isEmpty(customFileAccess)) {
            for (int i = 0; i < customFileAccess.length; i++) {
                if (ResourceUtil.isChildOf(res, customFileAccess[i]))
                    return;
            }
        }
        if (isValid(cw, serverPassword) || isAdminContext())
            return;
        throw new SecurityException(createExceptionMessage(res, true), "access is prohibited by security manager");
    }
    // None
    if (isValid(cw, serverPassword))
        return;
    // custom
    if (!ArrayUtil.isEmpty(customFileAccess)) {
        res = ResourceUtil.getCanonicalResourceEL(res);
        for (int i = 0; i < customFileAccess.length; i++) {
            if (ResourceUtil.isChildOf(res, customFileAccess[i]))
                return;
        }
    }
    if (isAdminContext())
        return;
    throw new SecurityException(createExceptionMessage(res, false), "access is prohibited by security manager");
}

Example 2 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class DataSourceServiceImpl method removeDatasource.

@Override
public void removeDatasource(String name) throws SQLException, SecurityException {
    checkWriteAccess();
    try {
        XMLConfigAdmin admin = XMLConfigAdmin.newInstance(config(), null);
        admin.removeDataSource(name);
    } catch (Exception e) {
    // ignoriert wenn die db nicht existiert
    }
}

Example 3 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateDebug.

/**
 * updates if debugging or not
 * @param debug if value is null server setting is used
 * @throws SecurityException
 */
public void updateDebug(Boolean debug, Boolean database, Boolean exception, Boolean tracing, Boolean dump, Boolean timer, Boolean implicitAccess, Boolean queryUsage) throws SecurityException {
    checkWriteAccess();
    boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_DEBUGGING);
    if (!hasAccess)
        throw new SecurityException("no access to change debugging settings");
    Element debugging = _getRootElement("debugging");
    if (debug != null)
        debugging.setAttribute("debug", Caster.toString(debug.booleanValue()));
    else
        debugging.removeAttribute("debug");
    if (database != null)
        debugging.setAttribute("database", Caster.toString(database.booleanValue()));
    else
        debugging.removeAttribute("database");
    if (exception != null)
        debugging.setAttribute("exception", Caster.toString(exception.booleanValue()));
    else
        debugging.removeAttribute("exception");
    if (tracing != null)
        debugging.setAttribute("tracing", Caster.toString(tracing.booleanValue()));
    else
        debugging.removeAttribute("tracing");
    if (dump != null)
        debugging.setAttribute("dump", Caster.toString(dump.booleanValue()));
    else
        debugging.removeAttribute("dump");
    if (timer != null)
        debugging.setAttribute("timer", Caster.toString(timer.booleanValue()));
    else
        debugging.removeAttribute("timer");
    if (implicitAccess != null)
        debugging.setAttribute("implicit-access", Caster.toString(implicitAccess.booleanValue()));
    else
        debugging.removeAttribute("implicit-access");
    if (queryUsage != null)
        debugging.setAttribute("query-usage", Caster.toString(queryUsage.booleanValue()));
    else
        debugging.removeAttribute("query-usage");
}

Example 4 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateDebugSetting.

public void updateDebugSetting(int maxLogs) throws SecurityException {
    checkWriteAccess();
    boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_DEBUGGING);
    if (!hasAccess)
        throw new SecurityException("no access to change debugging settings");
    Element debugging = _getRootElement("debugging");
    if (maxLogs == -1)
        debugging.removeAttribute("max-records-logged");
    else
        debugging.setAttribute("max-records-logged", Caster.toString(maxLogs));
}

Example 5 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method removeResourceProvider.

public void removeResourceProvider(String scheme) throws PageException {
    checkWriteAccess();
    SecurityManager sm = config.getSecurityManager();
    short access = sm.getAccess(SecurityManager.TYPE_FILE);
    boolean hasAccess = access == SecurityManager.VALUE_YES;
    if (!hasAccess)
        throw new SecurityException("no access to remove resource provider");
    _removeResourceProvider(scheme);
}