Here in webcenter-driven ADF application we have a standard library called generic-site-resources-model.jar which contains file META-INF/service-definition.xml, which i wish to alter at one line, to add view resource' security permission, as in:
## -1189,7 +1189,7 ##
<resource-permission>
<resource-permission-impl>oracle.webcenter.security.auth.WebCenterResourcePermission</resource-permission-impl>
<resource-permission-target-id>resource_oracle_webcenter_siteresource_#scope#_navigation_#resource#</resource-permission-target-id>
- <resource-permission-action-list>manage,update</resource-permission-action-list>
+ <resource-permission-action-list>view,manage,update</resource-permission-action-list>
</resource-permission>
</permission-metadata>
</security-definition>
How this is can be possibly done without alterning weblogic domain containing this library itself, somehow configuring our application? Maybe some way to override the whole generic-site-resources-model.jar with application-shipped clone? Or (ideally) some way to replace the targeted resource permission? Or some custom way of taking control over resource loading in application?
It is possible to implement appending custom actions to specific resource type using initialization phase listener and a little bit code, without any overriding at all.
Here is how:
ViewControllerProject/src/META-INF/adf-settings.xml
<?xml version="1.0" encoding="UTF-8" ?>
<adf-settings xmlns="http://xmlns.oracle.com/adf/settings">
<adfc-controller-config xmlns="http://xmlns.oracle.com/adf/controller/config">
<lifecycle>
<phase-listener>
<listener-id>PortalInitializer</listener-id>
<class>com.otr.portal.initializer.PortalInitializer</class>
</phase-listener>
</lifecycle>
</adfc-controller-config>
</adf-settings>
com.otr.portal.initializer.PortalInitializer
package com.otr.portal.initializer;
import oracle.adf.controller.v2.lifecycle.Lifecycle;
import oracle.adf.controller.v2.lifecycle.PagePhaseEvent;
import oracle.adf.controller.v2.lifecycle.PagePhaseListener;
import oracle.webcenter.security.internal.common.SecurityUtil;
import oracle.webcenter.security.model.exception.SecExtensionNotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class PortalInitializer implements PagePhaseListener {
private static final Log log = LogFactory.getLog(PortalInitializer.class);
private boolean firstCall = true;
#Override
public void afterPhase(PagePhaseEvent pagePhaseEvent) {
if (pagePhaseEvent.getPhaseId() == Lifecycle.INIT_CONTEXT_ID) {
if (firstCall) {
setupViewNavigationResourcePermssion();
firstCall = false;
}
}
}
private void setupViewNavigationResourcePermssion() {
try {
SecurityUtil.getSecurityExtension("oracle.webcenter.siteresources.navigation").getExtensionPermMetadata().getResourcePermMetadata().getResourcePermActionsList().add("view");
} catch (SecExtensionNotFoundException e) {
log.error("Error adding view resource permission to navigation resource type", e);
}
}
#Override
public void beforePhase(PagePhaseEvent pagePhaseEvent) {
}
}
Related
Well, i felt myself really lost with Vertx structure due to everything is a lambda expression.
i followed this tutorial exactly in order to well structure my application,
unfortunately it doesn't register any router i have no idea why. pleasefind bellow what i did
serviceEndPoint same with the above tutorial
import io.vertx.core.Vertx;
import io.vertx.ext.web.Router;
public interface ServiceEndPoint {
String mountPoint();
Router router(Vertx vertx);
}
and here is the subscriptionService
import com.poc.poc.repositories.SubscriptionRepository;
import com.poc.poc.services.ServiceEndPoint;
import io.vertx.core.Vertx;
import io.vertx.ext.web.Router;
public class SubscriptionService implements ServiceEndPoint {
private SubscriptionRepository subscriptionRepository;
public SubscriptionService() {
subscriptionRepository = new SubscriptionRepository();
}
#Override
public String mountPoint() {
return "/test";
}
#Override
public Router router(Vertx vertx) {
Router router = Router.router(vertx);
router.get("/test").handler(rc -> rc.response().end(subscriptionRepository.getSubscriptionInfo(rc, vertx).toString()));
return router;
}
}
And finally here is the server vertical
import com.poc.poc.services.ServiceEndPoint;
import io.vertx.core.AbstractVerticle;
import io.vertx.core.Future;
import java.util.ServiceLoader;
import java.util.stream.StreamSupport;
import io.vertx.ext.web.Router;
public class ServerVertical extends AbstractVerticle {
#Override
public void start(final Future<Void> startFuture) throws Exception {
ServiceLoader<ServiceEndPoint> loader = ServiceLoader.load(ServiceEndPoint.class);
Router main = StreamSupport.stream(loader.spliterator(), false)
.collect(() -> Router.router(vertx), //the main router
(r, s) -> r.mountSubRouter(s.mountPoint(), s.router(vertx)),
(r1, r2) -> {
});
vertx.createHttpServer().requestHandler(main::accept).listen(8080, res -> {
if (res.succeeded()) {
startFuture.complete();
} else {
startFuture.fail(res.cause());
}
});
}
}
Please be noted once i run the application, im getting those warnings
Jun 12, 2018 6:16:45 PM io.vertx.core.impl.BlockedThreadChecker
WARNING: Thread Thread[vert.x-eventloop-thread-0,5,main] has been blocked for 2486 ms, time limit is 2000
Jun 12, 2018 6:16:46 PM io.vertx.core.impl.BlockedThreadChecker
WARNING: Thread Thread[vert.x-eventloop-thread-0,5,main] has been blocked for 3485 ms, time limit is 2000
by the way Router main = StreamSupport.stream(loader.spliterator(), false) size is 0.
any help ?
First, not everything in Vert.x is a lambda expression. That's just quite a weird tutorial you've found. As you can see, it uses java.util.ServiceLoader which is not a Vert.x class. Nor I'm familiar with anyone else recommending to use this class with Vert.x applications.
What it tries to do is to load your classes dynamically. What you probably miss is putting the correct file in META-INF directory, as described here: https://docs.oracle.com/javase/tutorial/ext/basics/spi.html#register-service-providers
Anyway, that's not the way I would recommend to use VertX. Instead, go with the regular VertX tutorial, which is excellent: https://vertx.io/docs/vertx-web/java/#_handling_requests_and_calling_the_next_handler
Once you have created you service interface (com.poc.poc.services.ServiceEndPoint) declaration and the concrete implementation (SubscriptionService), you should add the service provider binding.
As per the ServiceLocator documentation, the binding should be inserted under a file named after you interface FQN, i.e. under META-INF/services/com.poc.poc.services.ServiceEndPoint (The whole directory structure goes under the project / module resources directory).
The file will contain the actual interface implementation:
com.poc.poc.services.SubscriptionService
What am I trying to achieve?
I am working on a java application that can be extended by additional jars that get integrated via ServiceLoader. These loaded extensions should run with some restrictions by the SecurityManager, of course simply to improve the security. As an example each Extension shall get one specific directory where it can store whatever, but access to any other file/folder should be restricted. The main application is trusted code and can therefore run without any restrictions. Furthermore the main application provides some api implementations for each extension that shall also run without restrictions. That means an extension mustn't access a file outside of its directory but when the extension is calling an api method that tries to access any other file, the access should be granted.
Question
How can I achieve the mentioned behaviour that only 'direct' calls from extension classes get restricted but not any code from the main application?
Running extensions in different threads/threadGroups might be a good solution anyway but since calls to the api might run under the same thread(group) it might not help to identify whether access should be restricted or not based only on the thread.
Example
I created a simplified test environment. On one hand there are these two interfaces:
public interface Extension {
void doSomethingRestricted();
void doSameViaApi(ExtensionApi api);
}
public interface ExtensionApi {
void doSomethingWithHigherPermissions();
}
For testing I created a jar containing this extension:
public class SomeExtension implements Extension {
public void doSomethingRestricted() {
System.out.println(System.getProperty("user.home"));
}
public void doSameViaApi(final ExtensionApi api) {
api.doSomethingWithHigherPermissions();
}
}
In the main application I would like do something like this:
final ExtensionApi api = () -> System.out.println(System.getProperty("user.home"));
try {
final URLClassLoader urlClassLoader = new URLClassLoader(new URL[] { jarFile.toURI().toURL() });
for(final Extension extension : ServiceLoader.load(Extension.class, urlClassLoader)) {
extension.doSomethingRestricted();
extension.doSameViaApi(api);
}
}
So when I call extension.doSomethingRestricted(); it should result in a SecurityException but calling extension.doSameViaApi(api); should work just fine.
So both methods try to do the same but one does try to do it via the api call. The only approach I could think of is iterating through the call history and checking the classloaders to analyze whether the access request is based on trusted code or extension code. But I feel like this might be a nasty error-prone solution so maybe I missed some better approaches?
First ensure your "main" JAR's classes get to enjoy full privileges. Programmatically this may be accomplished as follows:
package q46991566;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.Policy;
import java.util.Collections;
public class Main {
public static void main(String... args) throws Exception {
// policy configuration contents: this JAR gets all permissions, others get nothing
StringBuilder sb = new StringBuilder("grant {};\n\ngrant codebase \"")
.append(Main.class.getProtectionDomain().getCodeSource().getLocation())
.append("\" {\n\tpermission java.security.AllPermission;\n};\n");
// temp-save the policy configuration
Path policyPath = Files.createTempFile(null, null);
Files.write(policyPath, Collections.singleton(sb.toString()));
// convey to the default file-backed policy provider where to obtain its configuration from;
// leading equals ensures only the specified config file gets processed
System.setProperty("java.security.policy", "=".concat(policyPath.toUri().toURL().toString()));
// establish a policy; "javaPolicy" is the default provider's standard JCA name
Policy.setPolicy(Policy.getInstance("javaPolicy", null));
// policy loaded; backing config no longer needed
Files.delete(policyPath);
// establish a security manager for enforcing the policy (the default implementation is more than
// sufficient)
System.setSecurityManager(new SecurityManager());
// ...
}
}
Alternatively, you will either have to a) modify the JRE distribution's java.policy (or specify a different configuration via the policy.url.n properties in java.security), or b) replace the implementation of the System ClassLoader with one that statically grants AllPermission to the ProtectionDomain associated with classes loaded from the "main" JAR.
Secondly, when loading Extensions from some JAR, employ a URLClassLoader subclass that a) manages extension-specific directories and b) includes a java.io.FilePermission in the permission collection being statically accorded to the protection domain mapped to its defined classes. Crude sample implementation (note that there is no persistent relationship between an extension JAR and a directory; also note that two Extensions originating from the same JAR (but loaded by different class loaders, of course) will get different directories):
package q46991566;
import java.io.FilePermission;
import java.io.IOException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.Objects;
public final class ExtensionLoader extends URLClassLoader {
private static void copyPermissions(PermissionCollection src, PermissionCollection dst) {
for (Enumeration<Permission> e = src.elements(); e.hasMoreElements();) {
dst.add(e.nextElement());
}
}
private final CodeSource origin;
private final PermissionCollection perms = new Permissions();
private final Path baseDir;
public ExtensionLoader(URL extensionOrigin) {
super(new URL[] { extensionOrigin });
origin = new CodeSource(Objects.requireNonNull(extensionOrigin), (Certificate[]) null);
try {
baseDir = Files.createTempDirectory(null);
perms.add(new FilePermission(baseDir.toString().concat("/-"), "read,write,delete"));
copyPermissions(super.getPermissions(origin), perms);
perms.setReadOnly();
}
catch (IOException ioe) {
throw new RuntimeException(ioe);
}
}
#Override
protected PermissionCollection getPermissions(CodeSource cs) {
return (origin.implies(cs)) ? perms : super.getPermissions(cs);
}
// ExtensionApiImpl (or ExtensionImpl directly -- but then ExtensionLoader would have to be relocated
// into a separate, also fully privileged JAR, accessible to the extension) can call this to relay to
// extensions where they can persist their data
public Path getExtensionBaseDir() {
return baseDir;
}
// optionally override close() to delete baseDir early
}
Lastly, for unprivileged Extensions to be able to execute privileged operations via ExtensionApi, the latter's implementation must wrap privileged method (methods issuing SecurityManager::checkXXX requests) invocations within Privileged(Exception)Actions and pass them to AccessController::doPrivileged; e.g.:
ExtensionApi api = () -> {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
try {
Files.write(Paths.get("/root/Documents/highly-sensitive.doc"), Collections.singleton("trusted content"),
StandardOpenOption.CREATE, StandardOpenOption.WRITE, StandardOpenOption.APPEND);
return null;
}
catch (IOException ioe) {
throw new RuntimeException(ioe);
}
});
};
For details on the (proper) use of "privileged blocks", refer to the AccessController documentation and the "Secure Coding Guidelines for Java SE" document.
I have more than 10 mp4 videos which I am tying to embed in my web application using vaadin video component. When I run my application on Edge/IE the vidoes work fine, but on chrome they dont. Its known issue with chrome where if the page has more than 6-8 mp4 videos, it hangs as it tried to preload all of them together.
I was wondering if the video component provide me option to set the preload to none. I can see the mediabase has this option
https://vaadin.com/api/7.6.7/index.html?com/google/gwt/media/client/MediaBase.html
But I dont see it for video.
Also I found another link where they seems to do the fix https://github.com/vaadin/framework/issues/5178 , but couldnt make it work.
Any help?
Until the commit/PR in your linkgets merged, it does not in 7 or 8.
However, you can use an AbstractExtension and AbstractExtensionConnector to accomplish this.
The AbstractExtension
package com.my.package;
import com.vaadin.server.AbstractClientConnector;
import com.vaadin.server.AbstractExtension;
import com.vaadin.ui.AbstractComponent;
public class VideoPreloadExtension extends AbstractExtension {
public VideoPreloadExtension() {
}
public VideoPreloadExtension(AbstractClientConnector target) {
super(target);
}
public void extend(AbstractComponent component) {
super.extend(component);
}
}
The AbstractExtensionConnector
package com.my.package.client;
import com.google.gwt.user.client.ui.Widget;
import com.vaadin.client.ComponentConnector;
import com.vaadin.client.ServerConnector;
import com.vaadin.client.extensions.AbstractExtensionConnector;
import com.my.package.VideoPreloadExtension;
import com.vaadin.shared.ui.Connect;
#Connect(VideoPreloadExtension.class)
public class VideoPreloadConnector extends AbstractExtensionConnector {
#Override
protected void init() {
super.init();
}
#Override
protected void extend(ServerConnector target) {
// Get the extended widget
final Widget widget = ((ComponentConnector) target).getWidget();
widget.getElement().setAttribute("preload","auto");
}
}
Usage is as follows:
Video image = new Video();
VideoPreloadExtension ext = new VideoPreloadExtension();
ext.extend(image);
Some Notes (because vaadin can be a pain at times)
If you have a library module already, its best to add the above classes to it.
Confirm that the module you add these classes to has the following dependency add so the widgetset will get compiled:
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-client</artifactId>
</dependency>
Remember that the VideoPreloadConnector needs to be in a package name that ends with ".client".
Here is a screenshot of an inspect element from chrome of it working:
HTHs!
I am trying to use a custom formatter to turn a boolean into "Yes" or "No" and have run into a roadblock.
My IDE (Eclipse) does not indicate any errors but when I try to compile I receive
[ERROR] Annotation error: cannot resolve foobar.client.formatter.YesNoFormatter - exception: ClassNotFoundException
followed by a few other exceptions that appear to stem from this exception. I understand what a ClassNotFoundException indicates however I cannot figure out why I would be getting it since, as my code shows, the YesNoFormatter class is located in foobar.client.formatter and I can access it through
GWT.log("True: " + YesNoFactory.getFormat().format(Boolean.TRUE);
I am using GXT 3.1.0 and GWT 2.6.1.
Could anybody have an idea of why I am getting this exception? The example given at http://docs.sencha.com/gxt-guides/3/utility/xtemplates/XTemplates.html doesn't mention anything (as far as I can see) about these classes needing to be in specific locations so I am at a loss.
EntryPoint:
package foobar.client;
import com.google.gwt.core.client.EntryPoint;
import com.google.gwt.core.client.GWT;
import com.google.gwt.safehtml.shared.SafeHtml;
import com.sencha.gxt.core.client.XTemplates.FormatterFactories;
import com.sencha.gxt.core.client.XTemplates.FormatterFactory;
public class TestClass implements EntryPoint {
#FormatterFactories(#FormatterFactory(factory=YesNoFactory.class, name="yesNo"))
public interface Renderer extends XTemplates {
#XTemplate(source="yesNo.html")
SafeHtml render(Boolean b);
}
#Override
public void onModuledLoad() {
GWT.log("True: " + YesNoFactory.getFormat().format(Boolean.TRUE);
Renderer r = GWT.create(Renderer.class);
Window.alert(r.render(true).asString());
}
}
YesNo:
package foobar.client.formatter;
import com.sencha.gxt.core.client.XTemplates.Formatter;
public class YesNo implements Formatter<Boolean> {
#Override
public String format(Boolean data) {
if (data == null) {
return null;
}
return (data) ? "Yes" : "No";
}
}
YesNoFactory:
package foobar.client.formatter;
public class YesNoFactory {
public static YesNo getFormat() {
return new YesNo();
}
}
in foobar
<?xml version="1.0 encoding="UTF-8"?>
<module>
<inherits name='com.google.gwt.user.User'/>
<inherits name='com.sencha.gxt.GXT'/>
<entry-point class='foobar.client.TestClass'/>
<source path='client'/>
</module>
foobar/client/yesNo.html:
{b:yesNo()}
My formatter classes (YesNo and YesNoFactory) apparently have to be in a location that gets compiled prior to compiling the client-side code. After I moved these classes to my 'shared' package - the package that houses code used by the client and server - everything worked.
This was not obvious in the XTemplates portion of the guide at http://docs.sencha.com/gxt-guides/3/utility/xtemplates/XTemplates.html which does not seem to specify where the files used for custom formatters need to be located. Maybe that should have been obvious but not to me.
I'm trying to implement a custom java.security.Permission type, which should be checked at runtime (so no policy file, but in code). This checking is done by a java.security.Policy. I understood I should implement my own java.security.PolicySpi for this.
I cannot find any explanation on how to initialise and use a PolicySpi, or is there a better way to do this?
Checking permissions
In your question you stated that you then want to check the permission with java.security.Policy, but without using a spi.policy file.
From the PolicySpi API, you can see that a PolicySpi object features 4 methods:
engineGetPermissions(CodeSource codesource)
engineGetPermissions(ProtectionDomain domain)
engineImplies(ProtectionDomain domain, Permission permission)
engineRefresh()
However, you might not need PolicySpi as there are easier solutions to check permissions.
See:
Security Manager vs Access Controller
AccessController usage
Since you haven't specified what kind of permission you will grant, I will assume it is a permission concerning a java.security.CodeSource object.
To check all current permissions for a file:
public static void main(String[] args) {
CodeSource source;
try {
source = new CodeSource(new URL("file:/c:/*"), (java.security.cert.Certificate[]) null);
Policy policy = Policy.getPolicy();
System.out.println(policy.getPermissions(source));
} catch (IOException e) {
e.printStackTrace();
}
}
A nice example for the SecurityManager checkPermission() is this tutorial.
For checking specific FilePermissions, you can use:
FilePermission perm = new FilePermission("path/file", "read");
AccessController.checkPermission(perm);
Granting permissions
Granting permissions at runtime can be done with java.lang.RuntimePermission.
For other examples of how to grant permissions to a file, I suggest you read the following:
Access Control Mechanisms and Algorithms
Configuring spi.policy files
Security Managers and Permissions
That should bring you a long way! Good luck!
The previous answer lists alternatives to using PolicySpi (and more generally custom Policy implementations ). This answer will instead give a simplistic example on how a PolicySpi implementation can actually be used as a replacement of the system-default Policy.
Author a JCA Provider.
package com.example;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Provider;
public final class TestProvider extends Provider {
private static final long serialVersionUID = 5544432861418770903L;
public TestProvider() {
super("TestProvider", 1, "TestProvider 1.0");
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
putService(new TestPolicySpiService(this));
return null;
});
}
}
Author the sole Service descriptor encapsulated by the provider.
package com.example;
import java.security.Policy.Parameters;
import java.security.PolicySpi;
import java.security.Provider;
import java.security.Provider.Service;
import java.util.Collections;
final class TestPolicySpiService extends Service {
TestPolicySpiService(Provider p) {
super(p, "Policy", "TestPolicy", PolicySpi.class.getName(), Collections.emptyList(), Collections.emptyMap());
}
#Override
public PolicySpi newInstance(Object constructorParameter) {
Parameters policyParams = null;
if (constructorParameter instanceof Parameters) {
policyParams = (Parameters) constructorParameter;
}
return new TestPolicySpi(policyParams);
}
#Override
public boolean supportsParameter(Object parameter) {
return parameter instanceof Parameters;
}
}
Author the actual service (the PolicySpi implementation in this case) that the service descriptor produces.
package com.example;
import java.security.Permission;
import java.security.Policy.Parameters;
import java.security.PolicySpi;
import java.security.ProtectionDomain;
final class TestPolicySpi extends PolicySpi {
TestPolicySpi(Parameters policyParams) {}
#Override
protected boolean engineImplies(ProtectionDomain domain, Permission permission) {
// deny unconditionally
return false;
}
}
Register the provider either statically, by modifying the security.provider.n properties in JAVA_HOME/lib/security/java.security, or programmatically, via java.security.Security.addProvider(Provider) / java.security.Security.insertProviderAt(Provider, int).
Replace the default Policy.
package com.example;
import java.security.NoSuchAlgorithmException;
import java.security.Policy;
public class Main {
public static void main(String... args) throws NoSuchAlgorithmException {
// the following assumes that the provider has been statically registered
Policy.setPolicy(Policy.getInstance("TestPolicy", null));
System.setSecurityManager(new SecurityManager());
// test
System.out.println(System.getProperty("user.home")); // should raise AccessControlException
}
}
Is there a better way to do this?
There certainly is a less involved way, as long as the consequent tight coupling between application and policy does not irk you too badly: Just subclass Policy directly and pass an instance of your implementation to Policy.setPolicy(Policy).
Further reading:
Java Cryptography Architecture (JCA) Reference Guide
How to Implement a Provider in the Java Cryptography Architecture
Standard Algorithm Name Documentation for JDK 8
Troubleshooting Security
As of Java 6, the default implementation for PolicySpi is sun.security.provider.PolicySpiFile. You can get inspired from the source code of PolicySpiFile:
package sun.security.provider;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.PolicySpi;
import java.security.ProtectionDomain;
import java.security.URIParameter;
import java.net.MalformedURLException;
/**
* This class wraps the PolicyFile subclass implementation of Policy
* inside a PolicySpi implementation that is available from the SUN provider
* via the Policy.getInstance calls.
*
*/
public final class PolicySpiFile extends PolicySpi {
private PolicyFile pf;
public PolicySpiFile(Policy.Parameters params) {
if (params == null) {
pf = new PolicyFile();
} else {
if (!(params instanceof URIParameter)) {
throw new IllegalArgumentException
("Unrecognized policy parameter: " + params);
}
URIParameter uriParam = (URIParameter)params;
try {
pf = new PolicyFile(uriParam.getURI().toURL());
} catch (MalformedURLException mue) {
throw new IllegalArgumentException("Invalid URIParameter", mue);
}
}
}
protected PermissionCollection engineGetPermissions(CodeSource codesource) {
return pf.getPermissions(codesource);
}
protected PermissionCollection engineGetPermissions(ProtectionDomain d) {
return pf.getPermissions(d);
}
protected boolean engineImplies(ProtectionDomain d, Permission p) {
return pf.implies(d, p);
}
protected void engineRefresh() {
pf.refresh();
}
}