public void checkFileLocation(Config config, Resource res, String serverPassword) throws SecurityException { if (res == null || !(res.getResourceProvider() instanceof FileResourceProvider)) { return; } // All if (getAccess(TYPE_FILE) == VALUE_ALL) return; // Local if (getAccess(TYPE_FILE) == VALUE_LOCAL) { res = ResourceUtil.getCanonicalResourceEL(res); // local if (rootDirectory != null) if (ResourceUtil.isChildOf(res, rootDirectory)) return; // custom if (!ArrayUtil.isEmpty(customFileAccess)) { for (int i = 0; i < customFileAccess.length; i++) { if (ResourceUtil.isChildOf(res, customFileAccess[i])) return; } } if (isValid(config, serverPassword) || isAdminContext()) return; throw new SecurityException( createExceptionMessage(res, true), "access is prohibited by security manager"); } // None if (isValid(config, serverPassword)) return; // custom if (!ArrayUtil.isEmpty(customFileAccess)) { res = ResourceUtil.getCanonicalResourceEL(res); for (int i = 0; i < customFileAccess.length; i++) { if (ResourceUtil.isChildOf(res, customFileAccess[i])) return; } } if (isAdminContext()) return; throw new SecurityException( createExceptionMessage(res, false), "access is prohibited by security manager"); }