Example 31 with SecurityException
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateDomaincookies.
/**
* set if domain cookies are enabled or not
* @param domainCookies
* @throws SecurityException
*/
public void updateDomaincookies(Boolean domainCookies) throws SecurityException {
checkWriteAccess();
boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_SETTING);
if (!hasAccess)
throw new SecurityException("no access to update scope setting");
Element scope = _getRootElement("scope");
scope.setAttribute("setdomaincookies", Caster.toString(domainCookies, ""));
}
Also used :
Element(org.w3c.dom.Element)
SecurityException(lucee.runtime.exp.SecurityException)
Example 32 with SecurityException
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method setMailLog.
/**
* sets Mail Logger to Config
* @param logFile
* @param level
* @throws PageException
*/
public void setMailLog(String logFile, String level) throws PageException {
checkWriteAccess();
boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_MAIL);
if (!hasAccess)
throw new SecurityException("no access to update mail server settings");
ConfigWebUtil.getFile(config, config.getRootDirectory(), logFile, FileUtil.TYPE_FILE);
Element logging = XMLConfigWebFactory.getChildByName(doc.getDocumentElement(), "logging");
Element[] children = XMLUtil.getChildElementsAsArray(logging);
Element logger = null;
for (int i = 0; i < children.length; i++) {
if (children[i].getTagName().equals("logger") && "mail".equalsIgnoreCase(children[i].getAttribute("name"))) {
logger = children[i];
break;
}
}
if (logger == null) {
logger = doc.createElement("logger");
logging.appendChild(logger);
}
logger.setAttribute("name", "mail");
if ("console".equalsIgnoreCase(logFile)) {
setClass(logger, null, "appender-", Log4jUtil.appenderClassDefintion("console"));
setClass(logger, null, "layout-", Log4jUtil.layoutClassDefintion("pattern"));
} else {
setClass(logger, null, "appender-", Log4jUtil.appenderClassDefintion("resource"));
setClass(logger, null, "layout-", Log4jUtil.layoutClassDefintion("classic"));
logger.setAttribute("appender-arguments", "path:" + logFile);
}
logger.setAttribute("log-level", level);
}
Also used :
Element(org.w3c.dom.Element)
SecurityException(lucee.runtime.exp.SecurityException)
Example 33 with SecurityException
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method _updateCustomTag.
private void _updateCustomTag(String virtual, String physical, String archive, String primary, short inspect) throws ExpressionException, SecurityException {
boolean hasAccess = ConfigWebUtil.hasAccess(config, SecurityManager.TYPE_CUSTOM_TAG);
if (!hasAccess)
throw new SecurityException("no access to change custom tag settings");
if (physical == null)
physical = "";
if (archive == null)
archive = "";
// virtual="/custom-tag";
if (StringUtil.isEmpty(virtual))
virtual = createVirtual(physical, archive);
boolean isArchive = primary.equalsIgnoreCase("archive");
if (isArchive && archive.length() == 0) {
throw new ExpressionException("archive must have a value when primary has value archive");
}
if (!isArchive && physical.length() == 0) {
throw new ExpressionException("physical must have a value when primary has value physical");
}
Element mappings = _getRootElement("custom-tag");
// Update
String v;
Element[] children = XMLConfigWebFactory.getChildren(mappings, "mapping");
for (int i = 0; i < children.length; i++) {
Element el = children[i];
v = createVirtual(el);
if (v.equals(virtual)) {
el.setAttribute("virtual", v);
el.setAttribute("physical", physical);
el.setAttribute("archive", archive);
el.setAttribute("primary", primary.equalsIgnoreCase("archive") ? "archive" : "physical");
el.setAttribute("inspect-template", ConfigWebUtil.inspectTemplate(inspect, ""));
el.removeAttribute("trusted");
return;
}
}
// Insert
Element el = doc.createElement("mapping");
mappings.appendChild(el);
if (physical.length() > 0)
el.setAttribute("physical", physical);
if (archive.length() > 0)
el.setAttribute("archive", archive);
el.setAttribute("primary", primary.equalsIgnoreCase("archive") ? "archive" : "physical");
el.setAttribute("inspect-template", ConfigWebUtil.inspectTemplate(inspect, ""));
el.setAttribute("virtual", virtual);
}
Also used :
Element(org.w3c.dom.Element)
SecurityException(lucee.runtime.exp.SecurityException)
ExpressionException(lucee.runtime.exp.ExpressionException)
Example 34 with SecurityException
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateDataSource.
/**
* update or insert new database connection
* @param name
* @param clazzName
* @param dsn
* @param username
* @param password
* @param host
* @param database
* @param port
* @param connectionLimit
* @param connectionTimeout
* @param blob
* @param clob
* @param allow
* @param storage
* @param custom
* @throws PageException
*/
public void updateDataSource(String name, String newName, ClassDefinition cd, String dsn, String username, String password, String host, String database, int port, int connectionLimit, int connectionTimeout, long metaCacheTimeout, boolean blob, boolean clob, int allow, boolean validate, boolean storage, String timezone, Struct custom, String dbdriver, ParamSyntax paramSyntax, boolean literalTimestampWithTSOffset, boolean alwaysSetTimeout) throws PageException {
checkWriteAccess();
SecurityManager sm = config.getSecurityManager();
short access = sm.getAccess(SecurityManager.TYPE_DATASOURCE);
boolean hasAccess = true;
boolean hasInsertAccess = true;
int maxLength = 0;
if (access == SecurityManager.VALUE_YES)
hasAccess = true;
else if (access == SecurityManager.VALUE_NO)
hasAccess = false;
else if (access >= SecurityManager.VALUE_1 && access <= SecurityManager.VALUE_10) {
int existingLength = getDatasourceLength(config);
maxLength = access - SecurityManager.NUMBER_OFFSET;
hasInsertAccess = maxLength > existingLength;
// print.ln("maxLength:"+maxLength);
// print.ln("existingLength:"+existingLength);
}
// boolean hasAccess=ConfigWebUtil.hasAccess(config,SecurityManager.TYPE_DATASOURCE);
if (!hasAccess)
throw new SecurityException("no access to update datsource connections");
// check parameters
if (name == null || name.length() == 0)
throw new ExpressionException("name can't be a empty value");
Element datasources = _getRootElement("data-sources");
// Update
Element[] children = XMLConfigWebFactory.getChildren(datasources, "data-source");
for (int i = 0; i < children.length; i++) {
String n = children[i].getAttribute("name");
if (n.equalsIgnoreCase(name)) {
Element el = children[i];
if (password.equalsIgnoreCase("****************"))
password = el.getAttribute("password");
if (!StringUtil.isEmpty(newName) && !newName.equals(name))
el.setAttribute("name", newName);
setClass(el, null, "", cd);
el.setAttribute("dsn", dsn);
el.setAttribute("username", username);
el.setAttribute("password", ConfigWebUtil.encrypt(password));
el.setAttribute("host", host);
if (!StringUtil.isEmpty(timezone))
el.setAttribute("timezone", timezone);
else if (el.hasAttribute("timezone"))
el.removeAttribute("timezone");
el.setAttribute("database", database);
el.setAttribute("port", Caster.toString(port));
el.setAttribute("connectionLimit", Caster.toString(connectionLimit));
el.setAttribute("connectionTimeout", Caster.toString(connectionTimeout));
el.setAttribute("metaCacheTimeout", Caster.toString(metaCacheTimeout));
el.setAttribute("blob", Caster.toString(blob));
el.setAttribute("clob", Caster.toString(clob));
el.setAttribute("allow", Caster.toString(allow));
el.setAttribute("validate", Caster.toString(validate));
el.setAttribute("storage", Caster.toString(storage));
el.setAttribute("custom", toStringURLStyle(custom));
if (!StringUtil.isEmpty(dbdriver))
el.setAttribute("dbdriver", Caster.toString(dbdriver));
// Param Syntax
el.setAttribute("param-delimiter", (paramSyntax.delimiter));
el.setAttribute("param-leading-delimiter", (paramSyntax.leadingDelimiter));
el.setAttribute("param-separator", (paramSyntax.separator));
if (literalTimestampWithTSOffset)
el.setAttribute("literal-timestamp-with-tsoffset", "true");
else if (el.hasAttribute("literal-timestamp-with-tsoffset"))
el.removeAttribute("literal-timestamp-with-tsoffset");
if (alwaysSetTimeout)
el.setAttribute("always-set-timeout", "true");
else if (el.hasAttribute("always-set-timeout"))
el.removeAttribute("always-set-timeout");
return;
}
}
if (!hasInsertAccess)
throw new SecurityException("no access to add datasource connections, the maximum count of [" + maxLength + "] datasources is reached");
// Insert
Element el = doc.createElement("data-source");
datasources.appendChild(el);
if (!StringUtil.isEmpty(newName))
el.setAttribute("name", newName);
else
el.setAttribute("name", name);
setClass(el, null, "", cd);
el.setAttribute("dsn", dsn);
if (username.length() > 0)
el.setAttribute("username", username);
if (password.length() > 0)
el.setAttribute("password", ConfigWebUtil.encrypt(password));
el.setAttribute("host", host);
if (!StringUtil.isEmpty(timezone))
el.setAttribute("timezone", timezone);
el.setAttribute("database", database);
if (port > -1)
el.setAttribute("port", Caster.toString(port));
if (connectionLimit > -1)
el.setAttribute("connectionLimit", Caster.toString(connectionLimit));
if (connectionTimeout > -1)
el.setAttribute("connectionTimeout", Caster.toString(connectionTimeout));
if (metaCacheTimeout > -1)
el.setAttribute("metaCacheTimeout", Caster.toString(metaCacheTimeout));
el.setAttribute("blob", Caster.toString(blob));
el.setAttribute("clob", Caster.toString(clob));
el.setAttribute("validate", Caster.toString(validate));
el.setAttribute("storage", Caster.toString(storage));
if (allow > -1)
el.setAttribute("allow", Caster.toString(allow));
el.setAttribute("custom", toStringURLStyle(custom));
if (!StringUtil.isEmpty(dbdriver))
el.setAttribute("dbdriver", Caster.toString(dbdriver));
// Param Syntax
el.setAttribute("param-delimiter", (paramSyntax.delimiter));
el.setAttribute("param-leading-delimiter", (paramSyntax.leadingDelimiter));
el.setAttribute("param-separator", (paramSyntax.separator));
if (literalTimestampWithTSOffset)
el.setAttribute("literal-timestamp-with-tsoffset", "true");
if (alwaysSetTimeout)
el.setAttribute("always-set-timeout", "true");
}
Also used :
SecurityManager(lucee.runtime.security.SecurityManager)
Element(org.w3c.dom.Element)
SecurityException(lucee.runtime.exp.SecurityException)
ExpressionException(lucee.runtime.exp.ExpressionException)
Example 35 with SecurityException
use of lucee.runtime.exp.SecurityException in project Lucee by lucee.
the class XMLConfigAdmin method updateRestMapping.
public void updateRestMapping(String virtual, String physical, boolean _default) throws ExpressionException, SecurityException {
checkWriteAccess();
// TODO ConfigWebUtil.hasAccess(config,SecurityManager.TYPE_REST);
boolean hasAccess = true;
virtual = virtual.trim();
physical = physical.trim();
if (!hasAccess)
throw new SecurityException("no access to update REST mapping");
// check virtual
if (virtual == null || virtual.length() == 0)
throw new ExpressionException("virtual path cannot be a empty value");
virtual = virtual.replace('\\', '/');
if (virtual.equals("/"))
throw new ExpressionException("virtual path cannot be /");
if (virtual.endsWith("/"))
virtual = virtual.substring(0, virtual.length() - 1);
if (virtual.charAt(0) != '/')
virtual = "/" + virtual;
if ((physical.length()) == 0)
throw new ExpressionException("physical path cannot be a empty value");
Element rest = _getRootElement("rest");
Element[] children = XMLConfigWebFactory.getChildren(rest, "mapping");
// remove existing default
if (_default) {
for (int i = 0; i < children.length; i++) {
if (Caster.toBooleanValue(children[i].getAttribute("default"), false))
children[i].setAttribute("default", "false");
}
}
// Update
String v;
Element el = null;
for (int i = 0; i < children.length; i++) {
v = children[i].getAttribute("virtual");
if (v != null && v.equals(virtual)) {
el = children[i];
}
}
// Insert
if (el == null) {
el = doc.createElement("mapping");
rest.appendChild(el);
}
el.setAttribute("virtual", virtual);
el.setAttribute("physical", physical);
el.setAttribute("default", Caster.toString(_default));
}
Also used :
Element(org.w3c.dom.Element)
SecurityException(lucee.runtime.exp.SecurityException)
ExpressionException(lucee.runtime.exp.ExpressionException)
Aggregations
SecurityException (lucee.runtime.exp.SecurityException)91
Element (org.w3c.dom.Element)83
ExpressionException (lucee.runtime.exp.ExpressionException)14
SecurityManager (lucee.runtime.security.SecurityManager)6
ApplicationException (lucee.runtime.exp.ApplicationException)5
IOException (java.io.IOException)4
Resource (lucee.commons.io.res.Resource)2
ClassException (lucee.commons.lang.ClassException)2
PageException (lucee.runtime.exp.PageException)2
ServiceException (coldfusion.server.ServiceException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
MalformedURLException (java.net.MalformedURLException)1
UnknownHostException (java.net.UnknownHostException)1
SQLException (java.sql.SQLException)1
Entry (java.util.Map.Entry)1
lucee.aprint (lucee.aprint)1
Cache (lucee.commons.io.cache.Cache)1
FileResourceProvider (lucee.commons.io.res.type.file.FileResourceProvider)1
CacheConnection (lucee.runtime.cache.CacheConnection)1
CFXTagException (lucee.runtime.cfx.CFXTagException)1
