[exo-jcr-commits] exo-jcr SVN: r2521 - jcr/trunk/exo.jcr.component.core and 4 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Wed Jun 9 07:50:55 EDT 2010
Author: nzamosenchuk
Date: 2010-06-09 07:50:54 -0400 (Wed, 09 Jun 2010)
New Revision: 2521
Added:
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java
jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy
Removed:
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java
Modified:
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
jcr/trunk/exo.jcr.component.core/pom.xml
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
Log:
EXOJCR-764 : merging from branch SEC into trunk
EXOJCR-767 : merging from branch SEC into trunk
EXOJCR-770 : merging from branch SEC into trunk
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-09 09:48:49 UTC (rev 2520)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -23,7 +23,7 @@
/**
* Created by The eXo Platform SAS .
- *
+ *
* @author Gennady Azarenkov
* @version $Id: $
*/
@@ -31,6 +31,8 @@
public class ConversationState
{
+ private static final RuntimePermission SET_CURRENT_STATE_PERMISSION = new RuntimePermission("setCurrentState");
+
/**
* "subject".
*/
@@ -67,11 +69,17 @@
/**
* Preset current ConversationState.
- *
+ *
* @param state ConversationState
*/
public static void setCurrent(ConversationState state)
{
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(SET_CURRENT_STATE_PERMISSION);
+ }
+
current.set(state);
}
@@ -85,12 +93,13 @@
/**
* sets attribute.
- *
+ *
* @param key
* @param value
*/
public void setAttribute(String name, Object value)
{
+ // TODO : need check is it allowed to set any attributes
this.attributes.put(name, value);
}
@@ -113,7 +122,7 @@
/**
* removes attribute.
- *
+ *
* @param key
*/
public void removeAttribute(String name)
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-09 09:48:49 UTC (rev 2520)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -20,15 +20,17 @@
import java.util.Collection;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
/**
- * Created by The eXo Platform SAS .<br/> User Session encapsulates user's
- * principals such as name, groups along with JAAS subject (useful in J2EE
- * environment) as well as other optional attributes
- *
+ * Created by The eXo Platform SAS .<br/>
+ * User Session encapsulates user's principals such as name, groups along with
+ * JAAS subject (useful in J2EE environment) as well as other optional
+ * attributes
+ *
* @author Gennady Azarenkov
* @version $Id: $
*/
@@ -36,6 +38,10 @@
public class Identity
{
+ private static final RuntimePermission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject");
+
+ private static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity");
+
/**
* User's identifier.
*/
@@ -84,8 +90,8 @@
public Identity(String userId, Collection<MembershipEntry> memberships, Collection<String> roles)
{
this.userId = userId;
- this.memberships = new HashSet<MembershipEntry>(memberships);
- this.roles = roles;
+ this.memberships = new SecureSet<MembershipEntry>(memberships);
+ this.roles = new SecureSet<String>(roles);
}
/**
@@ -118,7 +124,7 @@
/**
* Check is user member of group.
- *
+ *
* @param group the group.
* @return true if user has any membershipType for given group, false
* otherwise.
@@ -133,6 +139,7 @@
*/
public Set<String> getGroups()
{
+ // TODO : Need to protect group's set ??
Set<String> groups = new HashSet<String>();
for (MembershipEntry m : memberships)
{
@@ -146,7 +153,7 @@
*/
public void setMemberships(Collection<MembershipEntry> memberships)
{
- this.memberships = new HashSet<MembershipEntry>(memberships);
+ this.memberships = new SecureSet<MembershipEntry>(memberships);
}
/**
@@ -159,12 +166,12 @@
/**
* Sets the roles for J2EE environment using.
- *
+ *
* @param roles the roles.
*/
public void setRoles(Collection<String> roles)
{
- this.roles = roles;
+ this.roles = new SecureSet<String>(roles);
}
/**
@@ -188,12 +195,17 @@
*/
public void setSubject(Subject subject)
{
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(SET_SUBJECT_PERMISSION);
+ }
this.subject = subject;
}
/**
* Check is given {@link MembershipEntry} presents in user's memberships.
- *
+ *
* @param checkMe the MembershipEntry.
* @return true if presents false otherwise.
*/
@@ -202,4 +214,146 @@
return memberships.contains(checkMe);
}
+ private static class SecureSet<T> implements Set<T>
+ {
+
+ final Set<T> set;
+
+ SecureSet()
+ {
+ this.set = new HashSet<T>();
+ }
+
+ SecureSet(Collection<T> set)
+ {
+ this.set = new HashSet<T>(set);
+ }
+
+ public boolean add(T e)
+ {
+ checkPermission();
+ return set.add(e);
+ }
+
+ public boolean addAll(Collection<? extends T> elements)
+ {
+ if (elements == null)
+ {
+ throw new NullPointerException();
+ }
+ checkPermission();
+ return elements.size() > 0;
+ }
+
+ public void clear()
+ {
+ checkPermission();
+ set.clear();
+ }
+
+ public boolean contains(Object o)
+ {
+ return set.contains(o);
+ }
+
+ public boolean containsAll(Collection<?> coll)
+ {
+ return set.containsAll(coll);
+ }
+
+ public boolean equals(Object o)
+ {
+ return o == this || set.equals(o);
+ }
+
+ public int hashCode()
+ {
+ return set.hashCode();
+ }
+
+ public boolean isEmpty()
+ {
+ return set.isEmpty();
+ }
+
+ public Iterator<T> iterator()
+ {
+ return new Iterator<T>()
+ {
+ Iterator<? extends T> i = set.iterator();
+
+ public boolean hasNext()
+ {
+ return i.hasNext();
+ }
+
+ public T next()
+ {
+ return i.next();
+ }
+
+ public void remove()
+ {
+ checkPermission();
+ i.remove();
+ }
+ };
+ }
+
+ public boolean remove(Object o)
+ {
+ checkPermission();
+ return set.remove(o);
+ }
+
+ public boolean removeAll(Collection<?> pds)
+ {
+ if (pds == null)
+ {
+ throw new NullPointerException();
+ }
+ checkPermission();
+ return set.removeAll(pds);
+ }
+
+ public boolean retainAll(Collection<?> pds)
+ {
+ if (pds == null)
+ {
+ throw new NullPointerException();
+ }
+ checkPermission();
+ return set.retainAll(pds);
+ }
+
+ public int size()
+ {
+ return set.size();
+ }
+
+ public Object[] toArray()
+ {
+ return set.toArray();
+ }
+
+ public <T> T[] toArray(T[] a)
+ {
+ return set.toArray(a);
+ }
+
+ public String toString()
+ {
+ return set.toString();
+ }
+
+ protected void checkPermission()
+ {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MODIFY_IDENTITY_PERMISSION);
+ }
+ }
+ }
+
}
Modified: jcr/trunk/exo.jcr.component.core/pom.xml
===================================================================
--- jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-09 09:48:49 UTC (rev 2520)
+++ jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-09 11:50:54 UTC (rev 2521)
@@ -340,6 +340,7 @@
<include>**/*.tiff</include>
<include>**/*.pdf</include>
<include>**/*.dtd</include>
+ <include>**/*.policy</include>
</includes>
</testResource>
</testResources>
@@ -589,6 +590,7 @@
<exclude>org/apache/jackrabbit/test/api/TestAll.java</exclude>
<exclude>org/apache/jackrabbit/test/api/**/Abstract*.java</exclude>
<exclude>org/apache/jackrabbit/test/api/**/FrozenNodeTest.java</exclude>
+ <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude>
</excludes>
</configuration>
</plugin>
@@ -696,6 +698,8 @@
<exclude>org/apache/jackrabbit/test/api/TestAll.java</exclude>
<exclude>org/apache/jackrabbit/test/api/**/Abstract*.java</exclude>
<exclude>org/apache/jackrabbit/test/api/**/FrozenNodeTest.java</exclude>
+ <!-- security -->
+ <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude>
</excludes>
</configuration>
</plugin>
@@ -735,6 +739,9 @@
<include>**/**/TestSVNodeDataOptimization_.java</include>
<include>**/**/TestValueConstraints.java</include>
</includes>
+ <excludes>
+ <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude>
+ </excludes>
</configuration>
</plugin>
</plugins>
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-09 09:48:49 UTC (rev 2520)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -60,13 +60,15 @@
/**
* Created by The eXo Platform SAS.<br/>
* Implementation of javax.jcr.Repository
- *
+ *
* @author <a href="mailto:geaz at users.sourceforge.net">Gennady Azarenkov </a>
* @version $Id: RepositoryImpl.java 14487 2008-05-20 07:08:40Z gazarenkov $
*/
public class RepositoryImpl implements ManageableRepository
{
+ private static final RuntimePermission GET_SYSTEM_SESSION_PERMISSION = new RuntimePermission("getJCRSystemSession");
+
/**
* Repository descriptors.
*/
@@ -134,7 +136,7 @@
/**
* RepositoryImpl constructor.
- *
+ *
* @param container Repository container
* @throws RepositoryException error of initialization
* @throws RepositoryConfigurationException error of configuration
@@ -215,13 +217,13 @@
/**
* Creation contains three steps. First
* <code>configWorkspace(WorkspaceEntry wsConfig)</code> - registration a new
- * configuration in RepositoryContainer and create WorkspaceContainer. Second,
- * the main step, is
+ * configuration in RepositoryContainer and create WorkspaceContainer.
+ * Second, the main step, is
* <code>initWorkspace(String workspaceName, String rootNodeType)</code> -
* initializing workspace by name and root nodetype. Third, final step,
* starting all components of workspace. Before creation workspace <b>must be
* configured</b>
- *
+ *
* @see org.exoplatform.services.jcr.core.RepositoryImpl#configWorkspace(org.exoplatform.services.jcr.config.WorkspaceEntry
* )
* @see org.exoplatform.services.jcr.core.RepositoryImpl#initWorkspace(java.lang.String,java.lang.String)
@@ -327,6 +329,13 @@
*/
public SessionImpl getSystemSession(String workspaceName) throws RepositoryException
{
+ // Need privileges to get system session.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(GET_SYSTEM_SESSION_PERMISSION);
+ }
+
if (getState() == OFFLINE)
LOG.warn("Repository " + getName() + " is OFFLINE.");
@@ -410,7 +419,7 @@
/**
* Internal Remove Workspace.
- *
+ *
* @param workspaceName workspace name
* @throws RepositoryException error of remove
*/
@@ -498,7 +507,7 @@
/**
* Internal login.
- *
+ *
* @param state ConversationState
* @param workspaceName workspace name
* @return SessionImpl
@@ -580,7 +589,7 @@
/**
* Set all repository workspaces ReadOnly status.
- *
+ *
* @param wsStatus ReadOnly workspace status
*/
private void setAllWorkspacesReadOnly(boolean wsStatus)
Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security)
Deleted: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java
===================================================================
--- jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-04 13:47:36 UTC (rev 2493)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -1,173 +0,0 @@
-/**
- * Copyright (C) 2010 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.services.jcr.impl.core.security;
-
-import org.exoplatform.services.jcr.BaseStandaloneTest;
-
-import java.net.URL;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.AllPermission;
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.PermissionCollection;
-import java.security.Permissions;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.security.ProtectionDomain;
-import java.util.Enumeration;
-
-/**
- * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
- * @version $Id$
- */
-public abstract class BaseSecurityTest extends BaseStandaloneTest
-{
-
- public void setUp() throws Exception
- {
- super.setUp();
- SecurityManager security = System.getSecurityManager();
- assertNotNull("SecurityManager must be ON.", security);
- }
-
- public String getRepositoryName()
- {
- return "db1";
- }
-
- /**
- * Run privileged action with specified privileges.
- */
- protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action, ProtectionDomain[] protectionDomains)
- throws Throwable
- {
- try
- {
- return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
- }
- catch (PrivilegedActionException pae)
- {
- throw pae.getCause();
- }
- }
-
- /**
- * Run privileged action without any privileges.
- */
- protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action) throws Throwable
- {
- ProtectionDomain[] protectionDomains =
- new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
- (java.security.cert.Certificate[])null), new Permissions())};
- try
- {
- return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
- }
- catch (PrivilegedActionException pae)
- {
- throw pae.getCause();
- }
- }
-
- /**
- * Run privileged action with static permissions only.
- */
- protected <T> T doPrivilegedActionStaticPermissions(PrivilegedExceptionAction<T> action) throws Throwable
- {
- try
- {
- return AccessController.doPrivileged(action);
- }
- catch (PrivilegedActionException pae)
- {
- throw pae.getCause();
- }
- }
-
- /**
- * Run privileged action with specified privileges.
- */
- protected <T> T doPrivilegedAction(PrivilegedAction<T> action, ProtectionDomain[] protectionDomains)
- {
- return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
- }
-
- /**
- * Run privileged action without any privileges.
- */
- protected <T> T doPrivilegedAction(PrivilegedAction<T> action)
- {
- ProtectionDomain[] protectionDomains =
- new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
- (java.security.cert.Certificate[])null), new Permissions())};
- return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
- }
-
- /**
- * Run privileged action with static permissions only.
- */
- protected <T> T doPrivilegedActionStaticPermissions(PrivilegedAction<T> action)
- {
- return AccessController.doPrivileged(action);
- }
-
- /**
- * Get code-source of class.
- */
- protected URL getCodeSource()
- {
- return getClass().getProtectionDomain().getCodeSource().getLocation();
- }
-
- protected static final PermissionCollection ALL = new PermissionCollection()
- {
-
- public boolean implies(Permission permission)
- {
- return true;
- }
-
- public Enumeration<Permission> elements()
- {
- return new Enumeration<Permission>()
- {
- private boolean hasMore = true;
-
- public boolean hasMoreElements()
- {
- return hasMore;
- }
-
- public Permission nextElement()
- {
- hasMore = false;
- return new AllPermission();
- }
- };
- }
-
- public void add(Permission permission)
- {
- }
- };
-
-}
Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java)
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java (rev 0)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -0,0 +1,173 @@
+/**
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.services.jcr.impl.core.security;
+
+import org.exoplatform.services.jcr.BaseStandaloneTest;
+
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+import java.util.Enumeration;
+
+/**
+ * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
+ * @version $Id$
+ */
+public abstract class BaseSecurityTest extends BaseStandaloneTest
+{
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ SecurityManager security = System.getSecurityManager();
+ assertNotNull("SecurityManager must be ON.", security);
+ }
+
+ public String getRepositoryName()
+ {
+ return "db1";
+ }
+
+ /**
+ * Run privileged action with specified privileges.
+ */
+ protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action, ProtectionDomain[] protectionDomains)
+ throws Throwable
+ {
+ try
+ {
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw pae.getCause();
+ }
+ }
+
+ /**
+ * Run privileged action without any privileges.
+ */
+ protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action) throws Throwable
+ {
+ ProtectionDomain[] protectionDomains =
+ new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
+ (java.security.cert.Certificate[])null), new Permissions())};
+ try
+ {
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw pae.getCause();
+ }
+ }
+
+ /**
+ * Run privileged action with static permissions only.
+ */
+ protected <T> T doPrivilegedActionStaticPermissions(PrivilegedExceptionAction<T> action) throws Throwable
+ {
+ try
+ {
+ return AccessController.doPrivileged(action);
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw pae.getCause();
+ }
+ }
+
+ /**
+ * Run privileged action with specified privileges.
+ */
+ protected <T> T doPrivilegedAction(PrivilegedAction<T> action, ProtectionDomain[] protectionDomains)
+ {
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+
+ /**
+ * Run privileged action without any privileges.
+ */
+ protected <T> T doPrivilegedAction(PrivilegedAction<T> action)
+ {
+ ProtectionDomain[] protectionDomains =
+ new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(),
+ (java.security.cert.Certificate[])null), new Permissions())};
+ return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains));
+ }
+
+ /**
+ * Run privileged action with static permissions only.
+ */
+ protected <T> T doPrivilegedActionStaticPermissions(PrivilegedAction<T> action)
+ {
+ return AccessController.doPrivileged(action);
+ }
+
+ /**
+ * Get code-source of class.
+ */
+ protected URL getCodeSource()
+ {
+ return getClass().getProtectionDomain().getCodeSource().getLocation();
+ }
+
+ protected static final PermissionCollection ALL = new PermissionCollection()
+ {
+
+ public boolean implies(Permission permission)
+ {
+ return true;
+ }
+
+ public Enumeration<Permission> elements()
+ {
+ return new Enumeration<Permission>()
+ {
+ private boolean hasMore = true;
+
+ public boolean hasMoreElements()
+ {
+ return hasMore;
+ }
+
+ public Permission nextElement()
+ {
+ hasMore = false;
+ return new AllPermission();
+ }
+ };
+ }
+
+ public void add(Permission permission)
+ {
+ }
+ };
+
+}
Deleted: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java
===================================================================
--- jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-04 13:47:36 UTC (rev 2493)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -1,83 +0,0 @@
-/**
- * Copyright (C) 2010 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.services.jcr.impl.core.security;
-
-import java.security.AccessControlException;
-import java.security.PrivilegedExceptionAction;
-
-/**
- * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
- * @version $Id$
- */
-public class TestGetSystemSession extends BaseSecurityTest
-{
- public void testGetSystemSessionSuccess()
- {
- PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- repository.getSystemSession();
- return null;
- }
-
- };
- try
- {
- doPrivilegedActionStaticPermissions(action);
- }
- catch (AccessControlException ace)
- {
- fail("Must be able get system session. We are under static permissions");
- }
- catch (Throwable t)
- {
- t.printStackTrace();
- fail();
- }
- }
-
- public void testGetSystemSessionFail()
- {
- PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- repository.getSystemSession();
- return null;
- }
-
- };
- try
- {
- doPrivilegedAction(action);
- fail("Must not be able get system session.");
- }
- catch (AccessControlException ace)
- {
- // OK
- }
- catch (Throwable t)
- {
- t.printStackTrace();
- fail();
- }
- }
-}
Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java)
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java (rev 0)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-09 11:50:54 UTC (rev 2521)
@@ -0,0 +1,83 @@
+/**
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.services.jcr.impl.core.security;
+
+import java.security.AccessControlException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
+ * @version $Id$
+ */
+public class TestGetSystemSession extends BaseSecurityTest
+{
+ public void testGetSystemSessionSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getSystemSession();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able get system session. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testGetSystemSessionFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getSystemSession();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able get system session.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+}
Copied: jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/resources/test.policy)
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy (rev 0)
+++ jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy 2010-06-09 11:50:54 UTC (rev 2521)
@@ -0,0 +1,5 @@
+// configure static permissions here
+grant {
+ permission java.security.AllPermission;
+};
+
\ No newline at end of file
More information about the exo-jcr-commits
mailing list