rotty3000/description.md

## description.md

      
    Raw
  

              description.md
            
          
place the plugin into generate mode:
 security-manager-enabled=generate


with no other policy rules in place, the policy for the app will behave as if PACL is enabled (performing expected checks)


however, rather than throwing an error on failed security checks, causing the plugin to fail, the individual checker which caused the failuer will contribute a suggested rule which resolves the failed check


the rules will be collected and writen (on the fly) to a properties file


the default write location is:
 ${liferay.home}/pacl-policy/${servletContextName}.policy


if the developer specifies the property
 security-manager-generator-dir=/home/user/paclfoo

then the generated policy file will be writen to that path, e.g.:
 /home/user/paclfoo/${servletContextName}.policy


new rules will be merged with any already existing rules originating from the liferay-plugin-package.properties of the plugin


once the app is completely tested, and all policy rules writen to the generated policy file the developer should copy those and merged them with the liferay-plugin-package.properties file in the originating plugin


revert the property
 security-manager-enabled=generate

to
 security-manager-enabled=true


submit the plugin


## sample-service-builder-portlet.policy
#
# What follows is the policy generated for the sample-service-builder-portlet
#

security-manager-expando-bridge=\
    com.liferay.sampleservicebuilder.model.Foo

security-manager-files-read=\
    ./service-ext.properties,\
    /home/rotty/global-configuration.properties,\
    /home/rotty/service-ext.properties,\
    global-configuration.properties

security-manager-get-bean-property=\
    com.liferay.portal.kernel.dao.orm.EntityCacheUtil,\
    com.liferay.portal.kernel.dao.orm.FinderCacheUtil,\
    com.liferay.portal.kernel.spring.util.SpringFactoryUtil,\
    com.liferay.portal.kernel.util.FastDateFormatFactoryUtil,\
    com.liferay.portal.kernel.util.InfrastructureUtil#dataSource,\
    com.liferay.portal.kernel.util.InfrastructureUtil#dynamicDataSourceTargetSource,\
    com.liferay.portal.kernel.util.InfrastructureUtil#transactionManager,\
    com.liferay.portal.kernel.util.PropsUtil,\
    com.liferay.portal.kernel.uuid.PortalUUIDUtil,\
    com.liferay.portal.util.PortalUtil,\
    com.liferay.portlet.expando.util.ExpandoBridgeFactoryUtil

security-manager-services[portal]=\
    com.liferay.counter.service.CounterLocalService#increment,\
    com.liferay.portal.service.GroupLocalService#getGroup,\
    com.liferay.portal.service.LayoutLocalService#getLayout,\
    com.liferay.portal.service.LayoutSetLocalService#getLayoutSet,\
    com.liferay.portal.service.ResourceActionLocalService#getResourceAction,\
    com.liferay.portal.service.ResourceBlockLocalService#isSupported,\
    com.liferay.portal.service.ResourceLocalService#addResources,\
    com.liferay.portal.service.ResourcePermissionLocalService#setOwnerResourcePermissions,\
    com.liferay.portal.service.ResourcePermissionLocalService#setResourcePermissions,\
    com.liferay.portal.service.RoleLocalService#getDefaultGroupRole,\
    com.liferay.portal.service.UserLocalService#getUserById,\
    com.liferay.portal.service.persistence.UserPersistence#findByPrimaryKey,\
    com.liferay.portlet.asset.service.AssetEntryLocalService#deleteEntry,\
    com.liferay.portlet.asset.service.AssetEntryLocalService#updateEntry,\
    com.liferay.portlet.asset.service.AssetLinkLocalService#deleteLinks,\
    com.liferay.portlet.asset.service.AssetTagLocalService#addTag,\
    com.liferay.portlet.asset.service.AssetTagLocalService#getTag,\
    com.liferay.portlet.asset.service.AssetTagLocalService#incrementAssetCount,\
    com.liferay.portlet.asset.service.AssetTagStatsLocalService#addTagStats,\
    com.liferay.portlet.asset.service.AssetTagStatsLocalService#updateTagStats,\
    com.liferay.portlet.social.service.SocialActivityCounterLocalService#deleteActivityCounters,\
    com.liferay.portlet.social.service.SocialActivityLocalService#deleteActivities,\
    com.liferay.portlet.social.service.SocialActivitySettingLocalService#deleteActivitySetting

security-manager-sql-tables-insert=\
    AssetEntries_AssetTags,\
    AssetTag,\
    AssetTagStats,\
    ResourcePermission

security-manager-sql-tables-select=\
    AssetEntries_AssetTags,\
    AssetEntry,\
    AssetTag,\
    AssetTagStats,\
    ResourcePermission,\
    SSB_Foo

security-manager-sql-tables-update=\
    AssetEntry,\
    AssetTag,\
    AssetTagStats,\
    SSB_Foo
	#
	# What follows is the policy generated for the sample-service-builder-portlet
	#

	security-manager-expando-bridge=\
	com.liferay.sampleservicebuilder.model.Foo

	security-manager-files-read=\
	./service-ext.properties,\
	/home/rotty/global-configuration.properties,\
	/home/rotty/service-ext.properties,\
	global-configuration.properties

	security-manager-get-bean-property=\
	com.liferay.portal.kernel.dao.orm.EntityCacheUtil,\
	com.liferay.portal.kernel.dao.orm.FinderCacheUtil,\
	com.liferay.portal.kernel.spring.util.SpringFactoryUtil,\
	com.liferay.portal.kernel.util.FastDateFormatFactoryUtil,\
	com.liferay.portal.kernel.util.InfrastructureUtil#dataSource,\
	com.liferay.portal.kernel.util.InfrastructureUtil#dynamicDataSourceTargetSource,\
	com.liferay.portal.kernel.util.InfrastructureUtil#transactionManager,\
	com.liferay.portal.kernel.util.PropsUtil,\
	com.liferay.portal.kernel.uuid.PortalUUIDUtil,\
	com.liferay.portal.util.PortalUtil,\
	com.liferay.portlet.expando.util.ExpandoBridgeFactoryUtil

	security-manager-services[portal]=\
	com.liferay.counter.service.CounterLocalService#increment,\
	com.liferay.portal.service.GroupLocalService#getGroup,\
	com.liferay.portal.service.LayoutLocalService#getLayout,\
	com.liferay.portal.service.LayoutSetLocalService#getLayoutSet,\
	com.liferay.portal.service.ResourceActionLocalService#getResourceAction,\
	com.liferay.portal.service.ResourceBlockLocalService#isSupported,\
	com.liferay.portal.service.ResourceLocalService#addResources,\
	com.liferay.portal.service.ResourcePermissionLocalService#setOwnerResourcePermissions,\
	com.liferay.portal.service.ResourcePermissionLocalService#setResourcePermissions,\
	com.liferay.portal.service.RoleLocalService#getDefaultGroupRole,\
	com.liferay.portal.service.UserLocalService#getUserById,\
	com.liferay.portal.service.persistence.UserPersistence#findByPrimaryKey,\
	com.liferay.portlet.asset.service.AssetEntryLocalService#deleteEntry,\
	com.liferay.portlet.asset.service.AssetEntryLocalService#updateEntry,\
	com.liferay.portlet.asset.service.AssetLinkLocalService#deleteLinks,\
	com.liferay.portlet.asset.service.AssetTagLocalService#addTag,\
	com.liferay.portlet.asset.service.AssetTagLocalService#getTag,\
	com.liferay.portlet.asset.service.AssetTagLocalService#incrementAssetCount,\
	com.liferay.portlet.asset.service.AssetTagStatsLocalService#addTagStats,\
	com.liferay.portlet.asset.service.AssetTagStatsLocalService#updateTagStats,\
	com.liferay.portlet.social.service.SocialActivityCounterLocalService#deleteActivityCounters,\
	com.liferay.portlet.social.service.SocialActivityLocalService#deleteActivities,\
	com.liferay.portlet.social.service.SocialActivitySettingLocalService#deleteActivitySetting

	security-manager-sql-tables-insert=\
	AssetEntries_AssetTags,\
	AssetTag,\
	AssetTagStats,\
	ResourcePermission

	security-manager-sql-tables-select=\
	AssetEntries_AssetTags,\
	AssetEntry,\
	AssetTag,\
	AssetTagStats,\
	ResourcePermission,\
	SSB_Foo

	security-manager-sql-tables-update=\
	AssetEntry,\
	AssetTag,\
	AssetTagStats,\
	SSB_Foo