Examples with SecurityManager lucee.runtime.security.SecurityManager used on opensource projects

Example 11 with SecurityManager

use of lucee.runtime.security.SecurityManager in project Lucee by lucee.

the class FileUploadAll method call.

public static Array call(PageContext pc, String destination, String accept, String nameConflict, String mode, String attributes, Object acl) throws PageException {
    SecurityManager securityManager = pc.getConfig().getSecurityManager();
    int nc = FileUtil.toNameConflict(nameConflict);
    int m = FileTag.toMode(mode);
    return FileTag.actionUploadAll(pc, securityManager, destination, nc, accept, true, m, attributes, acl, null);
}

Example 12 with SecurityManager

use of lucee.runtime.security.SecurityManager in project Lucee by lucee.

the class Directory method actionDelete.

/**
 * delete directory
 * @param dir
 * @param forceDelete
 * @throws PageException
 */
public static void actionDelete(PageContext pc, Resource dir, boolean forceDelete, String serverPassword) throws PageException {
    SecurityManager securityManager = pc.getConfig().getSecurityManager();
    securityManager.checkFileLocation(pc.getConfig(), dir, serverPassword);
    // directory doesn't exist
    if (!dir.exists()) {
        if (dir.isDirectory())
            throw new ApplicationException("directory [" + dir.toString() + "] doesn't exist");
        else if (dir.isFile())
            throw new ApplicationException("file [" + dir.toString() + "] doesn't exist and isn't a directory");
    }
    // check if file
    if (dir.isFile())
        throw new ApplicationException("can't delete [" + dir.toString() + "], it isn't a directory it is a file");
    // delete directory
    try {
        dir.remove(forceDelete);
    } catch (IOException e) {
        throw Caster.toPageException(e);
    }
}

Example 13 with SecurityManager

use of lucee.runtime.security.SecurityManager in project Lucee by lucee.

the class FileTag method getInfo.

public static Struct getInfo(PageContext pc, Resource file, String serverPassword) throws PageException {
    SecurityManager sm = pc.getConfig().getSecurityManager();
    checkFile(pc, sm, file, serverPassword, false, false, false, false);
    Struct sct = new StructImpl();
    // fill data to query
    sct.setEL(KeyConstants._name, file.getName());
    sct.setEL(KeyConstants._size, Long.valueOf(file.length()));
    sct.setEL(KeyConstants._type, file.isDirectory() ? "Dir" : "File");
    sct.setEL("dateLastModified", new DateTimeImpl(pc, file.lastModified(), false));
    sct.setEL("attributes", getFileAttribute(file));
    if (SystemUtil.isUnix())
        sct.setEL(KeyConstants._mode, new ModeObjectWrap(file));
    try {
        sct.setEL(KeyConstants._checksum, Hash.md5(file));
    } catch (Throwable t) {
        ExceptionUtil.rethrowIfNecessary(t);
    }
    try {
        BufferedImage bi = ImageUtil.toBufferedImage(file, null);
        if (bi != null) {
            Struct img = new StructImpl();
            img.setEL(KeyConstants._width, new Double(bi.getWidth()));
            img.setEL(KeyConstants._height, new Double(bi.getHeight()));
            sct.setEL(KeyConstants._img, img);
        }
    } catch (Throwable t) {
        ExceptionUtil.rethrowIfNecessary(t);
    }
    return sct;
}

Example 14 with SecurityManager

use of lucee.runtime.security.SecurityManager in project Lucee by lucee.

the class XMLConfigWebFactory method loadSecurity.

/**
 * @param configServer
 * @param config
 * @param doc
 */
private static void loadSecurity(ConfigServerImpl configServer, ConfigImpl config, Document doc) {
    // Serial Number
    if (config instanceof ConfigServer) {
        Element luceeConfiguration = doc.getDocumentElement();
        String serial = getAttr(luceeConfiguration, "serial-number");
        if (!StringUtil.isEmpty(serial))
            config.setSerialNumber(serial);
    } else if (configServer != null) {
        config.setSerialNumber(configServer.getSerialNumber());
    }
    // Security Manger
    SecurityManager securityManager = null;
    if (config instanceof ConfigServerImpl) {
        ConfigServerImpl cs = (ConfigServerImpl) config;
        Element security = getChildByName(doc.getDocumentElement(), "security");
        // Default SecurityManager
        SecurityManagerImpl sm = _toSecurityManager(security);
        // addional file accesss directories
        Element[] elFileAccesses = getChildren(security, "file-access");
        sm.setCustomFileAccess(_loadFileAccess(config, elFileAccesses));
        cs.setDefaultSecurityManager(sm);
        // Web SecurityManager
        Element[] accessors = getChildren(security, "accessor");
        for (int i = 0; i < accessors.length; i++) {
            String id = getAttr(accessors[i], "id");
            if (id != null) {
                sm = _toSecurityManager(accessors[i]);
                elFileAccesses = getChildren(accessors[i], "file-access");
                sm.setCustomFileAccess(_loadFileAccess(config, elFileAccesses));
                cs.setSecurityManager(id, sm);
            }
        }
    } else if (configServer != null) {
        securityManager = configServer.getSecurityManager(config.getIdentification().getId());
    }
    if (config instanceof ConfigWebImpl) {
        if (securityManager == null)
            securityManager = SecurityManagerImpl.getOpenSecurityManager();
        ((ConfigWebImpl) config).setSecurityManager(securityManager);
    }
}

Example 15 with SecurityManager

use of lucee.runtime.security.SecurityManager in project Lucee by lucee.

the class XMLConfigAdmin method updateResourceProvider.

public void updateResourceProvider(String scheme, ClassDefinition cd, String arguments) throws PageException {
    checkWriteAccess();
    SecurityManager sm = config.getSecurityManager();
    short access = sm.getAccess(SecurityManager.TYPE_FILE);
    boolean hasAccess = access == SecurityManager.VALUE_YES;
    if (!hasAccess)
        throw new SecurityException("no access to update resources");
    _updateResourceProvider(scheme, cd, arguments);
}