protected boolean setSigner(final String clazzFile) { NotesContext ctx = NotesContext.getCurrent(); NSFComponentModule module = ctx.getRunningModule(); RuntimeFileSystem fs = module.getRuntimeFileSystem(); NSFResource res = fs.getResource(clazzFile); if ((res != null) && ((res instanceof RuntimeFileSystem.NSFFile))) { ctx.setSignerSessionRights(clazzFile); return true; } return false; }
/** * Registers the definitions at the XPage Scheduler. * * @param req * @param res * @throws SchedulerException */ private void registerTransponder(final ServletRequest req, final ServletResponse res) { // the root of the definition is the META-INF/services file which MUST have a valid signature String clazzFile = "META-INF/services/" + TransponderData.class.getName(); if (!setSigner(clazzFile)) return; NotesContext ctx = NotesContext.getCurrent(); NSFComponentModule module = ctx.getRunningModule(); String signer = null; try { Session signerSession = ctx.getSessionAsSigner(); signer = signerSession.getEffectiveUserName(); } catch (NotesException e) { } // here wo do some security checks (I like signers!) if (signer == null) { log_.severe("!!! The file " + module.getDatabasePath() + "/" + clazzFile + " is not signed!"); TransponderRegistry.unRegister(module.getDatabasePath()); } else { List<TransponderData> defs = ServiceLocator.findServices(TransponderData.class, Scope.NONE); // everything must be signed by the SAME user!!! - check it after loading all services if (ctx.getSessionAsSigner() == null) { log_.severe( "!!! One or more classes listed in " + module.getDatabasePath() + "/" + clazzFile + " are not properly signed!"); TransponderRegistry.unRegister(module.getDatabasePath()); } else { TransponderRegistry.register(module.getDatabasePath(), defs); } } }