Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
pacl policy process
  1. place the plugin into generate mode:

    security-manager-enabled=generate
    
  2. with no other policy rules in place, the policy for the app will behave as if PACL is enabled (performing expected checks)

  3. however, rather than throwing an error on failed security checks, causing the plugin to fail, the individual checker which caused the failuer will contribute a suggested rule which resolves the failed check
  4. the rules will be collected and writen (on the fly) to a properties file
  5. the default write location is:

    ${liferay.home}/pacl-policy/${servletContextName}.policy
    
  6. if the developer specifies the property

    security-manager-generator-dir=/home/user/paclfoo
    

    then the generated policy file will be writen to that path, e.g.:

    /home/user/paclfoo/${servletContextName}.policy
    
  7. new rules will be merged with any already existing rules originating from the liferay-plugin-package.properties of the plugin

  8. once the app is completely tested, and all policy rules writen to the generated policy file the developer should copy those and merged them with the liferay-plugin-package.properties file in the originating plugin
  9. revert the property

    security-manager-enabled=generate
    

    to

    security-manager-enabled=true
    
  10. submit the plugin

#
# What follows is the policy generated for the sample-service-builder-portlet
#
security-manager-expando-bridge=\
com.liferay.sampleservicebuilder.model.Foo
security-manager-files-read=\
./service-ext.properties,\
/home/rotty/global-configuration.properties,\
/home/rotty/service-ext.properties,\
global-configuration.properties
security-manager-get-bean-property=\
com.liferay.portal.kernel.dao.orm.EntityCacheUtil,\
com.liferay.portal.kernel.dao.orm.FinderCacheUtil,\
com.liferay.portal.kernel.spring.util.SpringFactoryUtil,\
com.liferay.portal.kernel.util.FastDateFormatFactoryUtil,\
com.liferay.portal.kernel.util.InfrastructureUtil#dataSource,\
com.liferay.portal.kernel.util.InfrastructureUtil#dynamicDataSourceTargetSource,\
com.liferay.portal.kernel.util.InfrastructureUtil#transactionManager,\
com.liferay.portal.kernel.util.PropsUtil,\
com.liferay.portal.kernel.uuid.PortalUUIDUtil,\
com.liferay.portal.util.PortalUtil,\
com.liferay.portlet.expando.util.ExpandoBridgeFactoryUtil
security-manager-services[portal]=\
com.liferay.counter.service.CounterLocalService#increment,\
com.liferay.portal.service.GroupLocalService#getGroup,\
com.liferay.portal.service.LayoutLocalService#getLayout,\
com.liferay.portal.service.LayoutSetLocalService#getLayoutSet,\
com.liferay.portal.service.ResourceActionLocalService#getResourceAction,\
com.liferay.portal.service.ResourceBlockLocalService#isSupported,\
com.liferay.portal.service.ResourceLocalService#addResources,\
com.liferay.portal.service.ResourcePermissionLocalService#setOwnerResourcePermissions,\
com.liferay.portal.service.ResourcePermissionLocalService#setResourcePermissions,\
com.liferay.portal.service.RoleLocalService#getDefaultGroupRole,\
com.liferay.portal.service.UserLocalService#getUserById,\
com.liferay.portal.service.persistence.UserPersistence#findByPrimaryKey,\
com.liferay.portlet.asset.service.AssetEntryLocalService#deleteEntry,\
com.liferay.portlet.asset.service.AssetEntryLocalService#updateEntry,\
com.liferay.portlet.asset.service.AssetLinkLocalService#deleteLinks,\
com.liferay.portlet.asset.service.AssetTagLocalService#addTag,\
com.liferay.portlet.asset.service.AssetTagLocalService#getTag,\
com.liferay.portlet.asset.service.AssetTagLocalService#incrementAssetCount,\
com.liferay.portlet.asset.service.AssetTagStatsLocalService#addTagStats,\
com.liferay.portlet.asset.service.AssetTagStatsLocalService#updateTagStats,\
com.liferay.portlet.social.service.SocialActivityCounterLocalService#deleteActivityCounters,\
com.liferay.portlet.social.service.SocialActivityLocalService#deleteActivities,\
com.liferay.portlet.social.service.SocialActivitySettingLocalService#deleteActivitySetting
security-manager-sql-tables-insert=\
AssetEntries_AssetTags,\
AssetTag,\
AssetTagStats,\
ResourcePermission
security-manager-sql-tables-select=\
AssetEntries_AssetTags,\
AssetEntry,\
AssetTag,\
AssetTagStats,\
ResourcePermission,\
SSB_Foo
security-manager-sql-tables-update=\
AssetEntry,\
AssetTag,\
AssetTagStats,\
SSB_Foo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.