Created
January 8, 2013 01:56
-
-
Save rotty3000/4480407 to your computer and use it in GitHub Desktop.
Fix for PACL java.lang.SecurityException: Attempted to get environment name *
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# To support simple calls to System.getenv(String name); declare comma delimited list of env variables. | |
# | |
security-manager-get-environment-variable=\ | |
LD_LIBRARY_PATH,\ | |
PATH | |
# | |
# To support calls to System.getenv(); one must declare accessing any env variables using '*'. | |
# | |
security-manager-get-environment-variable=* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java | |
index cb358bf..67999be 100644 | |
--- a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java | |
+++ b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java | |
@@ -51,6 +51,7 @@ public class RuntimeChecker extends BaseReflectChecker { | |
public void afterPropertiesSet() { | |
initClassLoaderReferenceIds(); | |
+ initEnvironmentVariables(); | |
} | |
public void checkPermission(Permission permission) { | |
@@ -363,6 +364,12 @@ public class RuntimeChecker extends BaseReflectChecker { | |
} | |
protected boolean hasGetEnv(String name) { | |
+ if (_environmentVariables.contains(name) || | |
+ _environmentVariables.contains(StringPool.STAR)) { | |
+ | |
+ return true; | |
+ } | |
+ | |
Class<?> callerClass7 = Reflection.getCallerClass(7); | |
if (callerClass7 == AbstractApplicationContext.class) { | |
@@ -473,6 +480,22 @@ public class RuntimeChecker extends BaseReflectChecker { | |
} | |
} | |
+ protected void initEnvironmentVariables() { | |
+ _environmentVariables = getPropertySet( | |
+ "security-manager-get-environment-variable"); | |
+ | |
+ if (_log.isDebugEnabled()) { | |
+ Set<String> environmentVariables = new TreeSet<String>( | |
+ _environmentVariables); | |
+ | |
+ for (String environmentVariable : environmentVariables) { | |
+ _log.debug( | |
+ "Allowing access to environment variable " + | |
+ environmentVariable); | |
+ } | |
+ } | |
+ } | |
+ | |
protected boolean isDefaultMBeanServerInterceptor(Class<?> clazz) { | |
String className = clazz.getName(); | |
@@ -757,5 +780,6 @@ public class RuntimeChecker extends BaseReflectChecker { | |
private static Log _log = LogFactoryUtil.getLog(RuntimeChecker.class); | |
private Set<String> _classLoaderReferenceIds; | |
+ private Set<String> _environmentVariables; | |
} | |
\ No newline at end of file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment