Examples with SecurityException lucee.runtime.exp.SecurityException used on opensource projects

Example 46 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigWebFactory method loadCFX.

/**
 * @param configServer
 * @param config
 * @param doc
 */
private static void loadCFX(ConfigServerImpl configServer, ConfigImpl config, Document doc) {
    boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_CFX_SETTING);
    Map<String, CFXTagClass> map = MapFactory.<String, CFXTagClass>getConcurrentMap();
    if (configServer != null) {
        try {
            if (configServer.getCFXTagPool() != null) {
                Map<String, CFXTagClass> classes = configServer.getCFXTagPool().getClasses();
                Iterator<Entry<String, CFXTagClass>> it = classes.entrySet().iterator();
                Entry<String, CFXTagClass> e;
                while (it.hasNext()) {
                    e = it.next();
                    map.put(e.getKey(), e.getValue().cloneReadOnly());
                }
            }
        } catch (SecurityException e) {
        }
    }
    if (hasAccess) {
        if (configServer == null) {
            System.setProperty("cfx.bin.path", config.getConfigDir().getRealResource("bin").getAbsolutePath());
        }
        // Java CFX Tags
        Element cfxTagsParent = getChildByName(doc.getDocumentElement(), "ext-tags", false, true);
        if (cfxTagsParent == null)
            cfxTagsParent = getChildByName(doc.getDocumentElement(), "cfx-tags", false, true);
        if (cfxTagsParent == null)
            cfxTagsParent = getChildByName(doc.getDocumentElement(), "ext-tags");
        boolean oldStyle = cfxTagsParent.getNodeName().equals("cfx-tags");
        Element[] cfxTags = oldStyle ? getChildren(cfxTagsParent, "cfx-tag") : getChildren(cfxTagsParent, "ext-tag");
        for (int i = 0; i < cfxTags.length; i++) {
            String type = getAttr(cfxTags[i], "type");
            if (type != null) {
                // Java CFX Tags
                if (type.equalsIgnoreCase("java")) {
                    String name = getAttr(cfxTags[i], "name");
                    ClassDefinition cd = getClassDefinition(cfxTags[i], "", config.getIdentification());
                    if (!StringUtil.isEmpty(name) && cd.hasClass()) {
                        map.put(name.toLowerCase(), new JavaCFXTagClass(name, cd));
                    }
                } else // C++ CFX Tags
                if (type.equalsIgnoreCase("cpp")) {
                    String name = getAttr(cfxTags[i], "name");
                    String serverLibrary = getAttr(cfxTags[i], "server-library");
                    String procedure = getAttr(cfxTags[i], "procedure");
                    boolean keepAlive = Caster.toBooleanValue(getAttr(cfxTags[i], "keep-alive"), false);
                    if (!StringUtil.isEmpty(name) && !StringUtil.isEmpty(serverLibrary) && !StringUtil.isEmpty(procedure)) {
                        map.put(name.toLowerCase(), new CPPCFXTagClass(name, serverLibrary, procedure, keepAlive));
                    }
                }
            }
        }
    }
    config.setCFXTagPool(map);
}

Example 47 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateSerial.

public void updateSerial(String serial) throws PageException {
    checkWriteAccess();
    if (!(config instanceof ConfigServer)) {
        throw new SecurityException("can't change serial number from this context, access is denied");
    }
    Element root = doc.getDocumentElement();
    if (!StringUtil.isEmpty(serial)) {
        serial = serial.trim();
        if (!new SerialNumber(serial).isValid(serial))
            throw new SecurityException("serial number is invalid");
        root.setAttribute("serial-number", serial);
    } else {
        try {
            root.removeAttribute("serial-number");
        } catch (Throwable t) {
            ExceptionUtil.rethrowIfNecessary(t);
        }
    }
    try {
        root.removeAttribute("serial");
    } catch (Throwable t) {
        ExceptionUtil.rethrowIfNecessary(t);
    }
}

Example 48 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateCustomTagExtensions.

public void updateCustomTagExtensions(String extensions) throws PageException {
    checkWriteAccess();
    if (!ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_CUSTOM_TAG))
        throw new SecurityException("no access to update custom tag setting");
    // check
    Array arr = ListUtil.listToArrayRemoveEmpty(extensions, ',');
    ListUtil.trimItems(arr);
    // throw new ApplicationException("you must define at least one extension");
    // update charset
    Element element = _getRootElement("custom-tag");
    element.setAttribute("extensions", ListUtil.arrayToList(arr, ","));
}

Example 49 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateDefaultSecurity.

/**
 * @param setting
 * @param file
 * @param directJavaAccess
 * @param mail
 * @param datasource
 * @param mapping
 * @param customTag
 * @param cfxSetting
 * @param cfxUsage
 * @param debugging
 * @param search
 * @param scheduledTasks
 * @param tagExecute
 * @param tagImport
 * @param tagObject
 * @param tagRegistry
 * @throws SecurityException
 */
public void updateDefaultSecurity(short setting, short file, Resource[] fileAccess, short directJavaAccess, short mail, short datasource, short mapping, short remote, short customTag, short cfxSetting, short cfxUsage, short debugging, short search, short scheduledTasks, short tagExecute, short tagImport, short tagObject, short tagRegistry, short cache, short gateway, short orm, short accessRead, short accessWrite) throws SecurityException {
    checkWriteAccess();
    if (!(config instanceof ConfigServer))
        throw new SecurityException("can't change security settings from this context");
    Element security = _getRootElement("security");
    updateSecurityFileAccess(security, fileAccess, file);
    security.setAttribute("setting", SecurityManagerImpl.toStringAccessValue(setting));
    security.setAttribute("file", SecurityManagerImpl.toStringAccessValue(file));
    security.setAttribute("direct_java_access", SecurityManagerImpl.toStringAccessValue(directJavaAccess));
    security.setAttribute("mail", SecurityManagerImpl.toStringAccessValue(mail));
    security.setAttribute("datasource", SecurityManagerImpl.toStringAccessValue(datasource));
    security.setAttribute("mapping", SecurityManagerImpl.toStringAccessValue(mapping));
    security.setAttribute("remote", SecurityManagerImpl.toStringAccessValue(remote));
    security.setAttribute("custom_tag", SecurityManagerImpl.toStringAccessValue(customTag));
    security.setAttribute("cfx_setting", SecurityManagerImpl.toStringAccessValue(cfxSetting));
    security.setAttribute("cfx_usage", SecurityManagerImpl.toStringAccessValue(cfxUsage));
    security.setAttribute("debugging", SecurityManagerImpl.toStringAccessValue(debugging));
    security.setAttribute("search", SecurityManagerImpl.toStringAccessValue(search));
    security.setAttribute("scheduled_task", SecurityManagerImpl.toStringAccessValue(scheduledTasks));
    security.setAttribute("tag_execute", SecurityManagerImpl.toStringAccessValue(tagExecute));
    security.setAttribute("tag_import", SecurityManagerImpl.toStringAccessValue(tagImport));
    security.setAttribute("tag_object", SecurityManagerImpl.toStringAccessValue(tagObject));
    security.setAttribute("tag_registry", SecurityManagerImpl.toStringAccessValue(tagRegistry));
    security.setAttribute("cache", SecurityManagerImpl.toStringAccessValue(cache));
    security.setAttribute("gateway", SecurityManagerImpl.toStringAccessValue(gateway));
    security.setAttribute("orm", SecurityManagerImpl.toStringAccessValue(orm));
    security.setAttribute("access_read", SecurityManagerImpl.toStringAccessRWValue(accessRead));
    security.setAttribute("access_write", SecurityManagerImpl.toStringAccessRWValue(accessWrite));
}

Example 50 with SecurityException

use of lucee.runtime.exp.SecurityException in project Lucee by lucee.

the class XMLConfigAdmin method updateCacheConnection.

public void updateCacheConnection(String name, ClassDefinition cd, int _default, Struct custom, boolean readOnly, boolean storage) throws PageException {
    checkWriteAccess();
    boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManagerImpl.TYPE_CACHE);
    if (!hasAccess)
        throw new SecurityException("no access to update cache connection");
    // check parameters
    name = name.trim();
    if (StringUtil.isEmpty(name))
        throw new ExpressionException("name can't be a empty value");
    try {
        Class clazz;
        if (cd.getClassName() != null && cd.getClassName().endsWith(".EHCacheLite"))
            clazz = ClassUtil.loadClass(config.getClassLoader(), "org.lucee.extension.cache.eh.EHCache");
        else
            clazz = ClassUtil.loadClass(config.getClassLoader(), cd.getClassName());
        if (!Reflector.isInstaneOf(clazz, Cache.class))
            throw new ExpressionException("class [" + clazz.getName() + "] is not of type [" + Cache.class.getName() + "]");
    } catch (ClassException e) {
        throw new ExpressionException(e.getMessage());
    }
    Element parent = _getRootElement("cache");
    if (name.equalsIgnoreCase(parent.getAttribute("default-template")))
        parent.removeAttribute("default-template");
    if (name.equalsIgnoreCase(parent.getAttribute("default-object")))
        parent.removeAttribute("default-object");
    if (name.equalsIgnoreCase(parent.getAttribute("default-query")))
        parent.removeAttribute("default-query");
    if (name.equalsIgnoreCase(parent.getAttribute("default-resource")))
        parent.removeAttribute("default-resource");
    if (name.equalsIgnoreCase(parent.getAttribute("default-function")))
        parent.removeAttribute("default-function");
    if (name.equalsIgnoreCase(parent.getAttribute("default-include")))
        parent.removeAttribute("default-include");
    if (_default == ConfigImpl.CACHE_TYPE_OBJECT) {
        parent.setAttribute("default-object", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_TEMPLATE) {
        parent.setAttribute("default-template", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_QUERY) {
        parent.setAttribute("default-query", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_RESOURCE) {
        parent.setAttribute("default-resource", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_FUNCTION) {
        parent.setAttribute("default-function", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_INCLUDE) {
        parent.setAttribute("default-include", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_HTTP) {
        parent.setAttribute("default-http", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_FILE) {
        parent.setAttribute("default-file", name);
    } else if (_default == ConfigImpl.CACHE_TYPE_WEBSERVICE) {
        parent.setAttribute("default-webservice", name);
    }
    // Update
    // boolean isUpdate=false;
    Element[] children = XMLConfigWebFactory.getChildren(parent, "connection");
    for (int i = 0; i < children.length; i++) {
        String n = children[i].getAttribute("name");
        Element el = children[i];
        if (n.equalsIgnoreCase(name)) {
            setClass(el, null, "", cd);
            el.setAttribute("custom", toStringURLStyle(custom));
            el.setAttribute("read-only", Caster.toString(readOnly));
            el.setAttribute("storage", Caster.toString(storage));
            return;
        }
    }
    // Insert
    Element el = doc.createElement("connection");
    parent.appendChild(el);
    el.setAttribute("name", name);
    setClass(el, null, "", cd);
    el.setAttribute("custom", toStringURLStyle(custom));
    el.setAttribute("read-only", Caster.toString(readOnly));
    el.setAttribute("storage", Caster.toString(storage));
}