use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigWebFactory method loadCFX.
/**
* @param configServer
* @param config
* @param doc
*/
private static void loadCFX(ConfigServerImpl configServer, ConfigImpl config, Document doc) {
boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_CFX_SETTING);
Map<String, CFXTagClass> map = MapFactory.<String, CFXTagClass>getConcurrentMap();
if (configServer != null) {
try {
if (configServer.getCFXTagPool() != null) {
Map<String, CFXTagClass> classes = configServer.getCFXTagPool().getClasses();
Iterator<Entry<String, CFXTagClass>> it = classes.entrySet().iterator();
Entry<String, CFXTagClass> e;
while (it.hasNext()) {
e = it.next();
map.put(e.getKey(), e.getValue().cloneReadOnly());
}
}
} catch (SecurityException e) {
}
}
if (hasAccess) {
if (configServer == null) {
System.setProperty("cfx.bin.path", config.getConfigDir().getRealResource("bin").getAbsolutePath());
}
// Java CFX Tags
Element cfxTagsParent = getChildByName(doc.getDocumentElement(), "ext-tags", false, true);
if (cfxTagsParent == null)
cfxTagsParent = getChildByName(doc.getDocumentElement(), "cfx-tags", false, true);
if (cfxTagsParent == null)
cfxTagsParent = getChildByName(doc.getDocumentElement(), "ext-tags");
boolean oldStyle = cfxTagsParent.getNodeName().equals("cfx-tags");
Element[] cfxTags = oldStyle ? getChildren(cfxTagsParent, "cfx-tag") : getChildren(cfxTagsParent, "ext-tag");
for (int i = 0; i < cfxTags.length; i++) {
String type = getAttr(cfxTags[i], "type");
if (type != null) {
// Java CFX Tags
if (type.equalsIgnoreCase("java")) {
String name = getAttr(cfxTags[i], "name");
ClassDefinition cd = getClassDefinition(cfxTags[i], "", config.getIdentification());
if (!StringUtil.isEmpty(name) && cd.hasClass()) {
map.put(name.toLowerCase(), new JavaCFXTagClass(name, cd));
}
} else // C++ CFX Tags
if (type.equalsIgnoreCase("cpp")) {
String name = getAttr(cfxTags[i], "name");
String serverLibrary = getAttr(cfxTags[i], "server-library");
String procedure = getAttr(cfxTags[i], "procedure");
boolean keepAlive = Caster.toBooleanValue(getAttr(cfxTags[i], "keep-alive"), false);
if (!StringUtil.isEmpty(name) && !StringUtil.isEmpty(serverLibrary) && !StringUtil.isEmpty(procedure)) {
map.put(name.toLowerCase(), new CPPCFXTagClass(name, serverLibrary, procedure, keepAlive));
}
}
}
}
}
config.setCFXTagPool(map);
}
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateSerial.
public void updateSerial(String serial) throws PageException {
checkWriteAccess();
if (!(config instanceof ConfigServer)) {
throw new SecurityException("can't change serial number from this context, access is denied");
}
Element root = doc.getDocumentElement();
if (!StringUtil.isEmpty(serial)) {
serial = serial.trim();
if (!new SerialNumber(serial).isValid(serial))
throw new SecurityException("serial number is invalid");
root.setAttribute("serial-number", serial);
} else {
try {
root.removeAttribute("serial-number");
} catch (Throwable t) {
ExceptionUtil.rethrowIfNecessary(t);
}
}
try {
root.removeAttribute("serial");
} catch (Throwable t) {
ExceptionUtil.rethrowIfNecessary(t);
}
}
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateCustomTagExtensions.
public void updateCustomTagExtensions(String extensions) throws PageException {
checkWriteAccess();
if (!ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_CUSTOM_TAG))
throw new SecurityException("no access to update custom tag setting");
// check
Array arr = ListUtil.listToArrayRemoveEmpty(extensions, ',');
ListUtil.trimItems(arr);
// throw new ApplicationException("you must define at least one extension");
// update charset
Element element = _getRootElement("custom-tag");
element.setAttribute("extensions", ListUtil.arrayToList(arr, ","));
}
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateDefaultSecurity.
/**
* @param setting
* @param file
* @param directJavaAccess
* @param mail
* @param datasource
* @param mapping
* @param customTag
* @param cfxSetting
* @param cfxUsage
* @param debugging
* @param search
* @param scheduledTasks
* @param tagExecute
* @param tagImport
* @param tagObject
* @param tagRegistry
* @throws SecurityException
*/
public void updateDefaultSecurity(short setting, short file, Resource[] fileAccess, short directJavaAccess, short mail, short datasource, short mapping, short remote, short customTag, short cfxSetting, short cfxUsage, short debugging, short search, short scheduledTasks, short tagExecute, short tagImport, short tagObject, short tagRegistry, short cache, short gateway, short orm, short accessRead, short accessWrite) throws SecurityException {
checkWriteAccess();
if (!(config instanceof ConfigServer))
throw new SecurityException("can't change security settings from this context");
Element security = _getRootElement("security");
updateSecurityFileAccess(security, fileAccess, file);
security.setAttribute("setting", SecurityManagerImpl.toStringAccessValue(setting));
security.setAttribute("file", SecurityManagerImpl.toStringAccessValue(file));
security.setAttribute("direct_java_access", SecurityManagerImpl.toStringAccessValue(directJavaAccess));
security.setAttribute("mail", SecurityManagerImpl.toStringAccessValue(mail));
security.setAttribute("datasource", SecurityManagerImpl.toStringAccessValue(datasource));
security.setAttribute("mapping", SecurityManagerImpl.toStringAccessValue(mapping));
security.setAttribute("remote", SecurityManagerImpl.toStringAccessValue(remote));
security.setAttribute("custom_tag", SecurityManagerImpl.toStringAccessValue(customTag));
security.setAttribute("cfx_setting", SecurityManagerImpl.toStringAccessValue(cfxSetting));
security.setAttribute("cfx_usage", SecurityManagerImpl.toStringAccessValue(cfxUsage));
security.setAttribute("debugging", SecurityManagerImpl.toStringAccessValue(debugging));
security.setAttribute("search", SecurityManagerImpl.toStringAccessValue(search));
security.setAttribute("scheduled_task", SecurityManagerImpl.toStringAccessValue(scheduledTasks));
security.setAttribute("tag_execute", SecurityManagerImpl.toStringAccessValue(tagExecute));
security.setAttribute("tag_import", SecurityManagerImpl.toStringAccessValue(tagImport));
security.setAttribute("tag_object", SecurityManagerImpl.toStringAccessValue(tagObject));
security.setAttribute("tag_registry", SecurityManagerImpl.toStringAccessValue(tagRegistry));
security.setAttribute("cache", SecurityManagerImpl.toStringAccessValue(cache));
security.setAttribute("gateway", SecurityManagerImpl.toStringAccessValue(gateway));
security.setAttribute("orm", SecurityManagerImpl.toStringAccessValue(orm));
security.setAttribute("access_read", SecurityManagerImpl.toStringAccessRWValue(accessRead));
security.setAttribute("access_write", SecurityManagerImpl.toStringAccessRWValue(accessWrite));
}
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateCacheConnection.
public void updateCacheConnection(String name, ClassDefinition cd, int _default, Struct custom, boolean readOnly, boolean storage) throws PageException {
checkWriteAccess();
boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManagerImpl.TYPE_CACHE);
if (!hasAccess)
throw new SecurityException("no access to update cache connection");
// check parameters
name = name.trim();
if (StringUtil.isEmpty(name))
throw new ExpressionException("name can't be a empty value");
try {
Class clazz;
if (cd.getClassName() != null && cd.getClassName().endsWith(".EHCacheLite"))
clazz = ClassUtil.loadClass(config.getClassLoader(), "org.lucee.extension.cache.eh.EHCache");
else
clazz = ClassUtil.loadClass(config.getClassLoader(), cd.getClassName());
if (!Reflector.isInstaneOf(clazz, Cache.class))
throw new ExpressionException("class [" + clazz.getName() + "] is not of type [" + Cache.class.getName() + "]");
} catch (ClassException e) {
throw new ExpressionException(e.getMessage());
}
Element parent = _getRootElement("cache");
if (name.equalsIgnoreCase(parent.getAttribute("default-template")))
parent.removeAttribute("default-template");
if (name.equalsIgnoreCase(parent.getAttribute("default-object")))
parent.removeAttribute("default-object");
if (name.equalsIgnoreCase(parent.getAttribute("default-query")))
parent.removeAttribute("default-query");
if (name.equalsIgnoreCase(parent.getAttribute("default-resource")))
parent.removeAttribute("default-resource");
if (name.equalsIgnoreCase(parent.getAttribute("default-function")))
parent.removeAttribute("default-function");
if (name.equalsIgnoreCase(parent.getAttribute("default-include")))
parent.removeAttribute("default-include");
if (_default == ConfigImpl.CACHE_TYPE_OBJECT) {
parent.setAttribute("default-object", name);
} else if (_default == ConfigImpl.CACHE_TYPE_TEMPLATE) {
parent.setAttribute("default-template", name);
} else if (_default == ConfigImpl.CACHE_TYPE_QUERY) {
parent.setAttribute("default-query", name);
} else if (_default == ConfigImpl.CACHE_TYPE_RESOURCE) {
parent.setAttribute("default-resource", name);
} else if (_default == ConfigImpl.CACHE_TYPE_FUNCTION) {
parent.setAttribute("default-function", name);
} else if (_default == ConfigImpl.CACHE_TYPE_INCLUDE) {
parent.setAttribute("default-include", name);
} else if (_default == ConfigImpl.CACHE_TYPE_HTTP) {
parent.setAttribute("default-http", name);
} else if (_default == ConfigImpl.CACHE_TYPE_FILE) {
parent.setAttribute("default-file", name);
} else if (_default == ConfigImpl.CACHE_TYPE_WEBSERVICE) {
parent.setAttribute("default-webservice", name);
}
// Update
// boolean isUpdate=false;
Element[] children = XMLConfigWebFactory.getChildren(parent, "connection");
for (int i = 0; i < children.length; i++) {
String n = children[i].getAttribute("name");
Element el = children[i];
if (n.equalsIgnoreCase(name)) {
setClass(el, null, "", cd);
el.setAttribute("custom", toStringURLStyle(custom));
el.setAttribute("read-only", Caster.toString(readOnly));
el.setAttribute("storage", Caster.toString(storage));
return;
}
}
// Insert
Element el = doc.createElement("connection");
parent.appendChild(el);
el.setAttribute("name", name);
setClass(el, null, "", cd);
el.setAttribute("custom", toStringURLStyle(custom));
el.setAttribute("read-only", Caster.toString(readOnly));
el.setAttribute("storage", Caster.toString(storage));
}
Aggregations