[jboss-remoting-issues] [JBoss JIRA] Closed: (JBREM-920) Create build.xml target to run test suite with a Security Manager
Ron Sigal (JIRA)
jira-events at lists.jboss.org
Wed May 28 20:19:59 EDT 2008
[ http://jira.jboss.com/jira/browse/JBREM-920?page=all ]
Ron Sigal closed JBREM-920.
---------------------------
Resolution: Done
Six builds of the Remoting functional test suite are now running in hudson:
* jdk 1.4 / no security manager
* jdk 1.4 / with security manager
* jdk 1.5 / no security manager
* jdk 1.5 / with security manager
* jdk 1.6 / no security manager
* jdk 1.6 / with security manager
The installation of a security manager is turned on and off with the flag
-Denable.security.manager={true,false}
There are currently no problems with the jdk 1.5 and 1.6 builds with security manager installed. The jdk 1.4 build has some problems because the classes javax.management.MBeanServerPermission and javax.management.MBeanPermission are not available in rt.jar. It is necessary to install a JMX implementation in jre/lib/endorsed. With the Sun reference implemenation jmxri.jar installed, the problems go away when run on a Windows laptop. A request has been made for the appropriate configuration on the JBoss labs machines.
> Create build.xml target to run test suite with a Security Manager
> -----------------------------------------------------------------
>
> Key: JBREM-920
> URL: http://jira.jboss.com/jira/browse/JBREM-920
> Project: JBoss Remoting
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Reporter: Ron Sigal
> Assigned To: Ron Sigal
> Fix For: 2.4.0.GA (Pinto)
>
>
> From Anil Saldana:
> Presuming that you have a test suite and either use ANT or Maven, I
> recommend an extra target to run the test suite in a Java Security
> Manager with minimal permissions. So for ANT, you will have an
> additional target. For MAVEN, you can use a profile.
> The idea is that you have a Java Security Policy file in which you
> provide unlimited permission to third party libraries and minimal
> permissions to your own code. This exercise is to detect critical
> sections of code that need special privileges and get into privileged
> blocks. If you have an extra target for the security manager and your
> test runs happen on hudson, you can detect issues with security manager
> as new code gets added.
> Please do not have one test that does System.setSecurityManager but run
> your entire test suite via the security manager
> (-Djava.security.manager -Djava.security.policy=somefile).
> Example: (Take a look by clicking "Configure" on the LHS)
> http://hudson.qa.jboss.com/hudson/job/JBossSX_SecurityManager/
> http://anonsvn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/trunk/pom.xml
> Now if your head is spinning or you do not care about security or do not
> have the time to do it, please tell me. I can engage myself, someone
> from JBoss Security Team or the QA person handling your project to add a
> JIRA issue (and make the build.xml/pom.xml changes for your project).
> Why is this important?
> * Because many customers run JBAS in a security manager and we need to
> detect issues in our own code. Also during a recent integration work
> with JBoss Messaging for the SOA platform, there was one issue with
> remoting (JBREM-811) that gave some head ache to Clebert and Ron (who is
> still reeling). It took some cycles from me also.
> * We need to have tests running in a security manager on an ongoing basis.
> I understand that there are resource issues in various projects. But
> that does not discount the work that we need to do before we ship JBAS. ;)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list