Author: aparfonov
Date: 2010-06-21 06:19:10 -0400 (Mon, 21 Jun 2010)
New Revision: 2665
Added:
ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java
ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy
Modified:
ws/trunk/exo.ws.rest.ext/pom.xml
ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml
Log:
EXOJCR-793 : test for security restriction
Modified: ws/trunk/exo.ws.rest.ext/pom.xml
===================================================================
--- ws/trunk/exo.ws.rest.ext/pom.xml 2010-06-18 13:57:10 UTC (rev 2664)
+++ ws/trunk/exo.ws.rest.ext/pom.xml 2010-06-21 10:19:10 UTC (rev 2665)
@@ -1,99 +1,129 @@
-<!--
- Copyright (C) 2009 eXo Platform SAS.
+ <!--
- This is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as
- published by the Free Software Foundation; either version 2.1 of
- the License, or (at your option) any later version.
-
- This software is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this software; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-
--->
+ Copyright (C) 2009 eXo Platform SAS. This is free software; you can redistribute it
and/or modify it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or (at
+ your option) any later version. This software is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ License for more details. You should have received a copy of the GNU Lesser General
Public License along with this software; if not, write to the Free Software Foundation,
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ site:
http://www.fsf.org.
+ -->
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
+ <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.exoplatform.ws</groupId>
- <artifactId>ws-parent</artifactId>
- <version>2.2.0-Beta01-SNAPSHOT</version>
- </parent>
+ <parent>
+ <groupId>org.exoplatform.ws</groupId>
+ <artifactId>ws-parent</artifactId>
+ <version>2.2.0-Beta01-SNAPSHOT</version>
+ </parent>
- <artifactId>exo.ws.rest.ext</artifactId>
+ <artifactId>exo.ws.rest.ext</artifactId>
- <name>eXo WS :: REST :: Extentions</name>
+ <name>eXo WS :: REST :: Extentions</name>
- <dependencies>
- <dependency>
- <groupId>org.exoplatform.kernel</groupId>
- <artifactId>exo.kernel.container</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.kernel</groupId>
- <artifactId>exo.kernel.commons</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.core</groupId>
- <artifactId>exo.core.component.xml-processing</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.core</groupId>
- <artifactId>exo.core.component.script.groovy</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.ws</groupId>
- <artifactId>exo.ws.commons</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.ws</groupId>
- <artifactId>exo.ws.rest.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.exoplatform.ws</groupId>
- <artifactId>exo.ws.testframework</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>jsr250-api</artifactId>
- </dependency>
- <dependency>
- <groupId>jtidy</groupId>
- <artifactId>jtidy</artifactId>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.ws.rs</groupId>
- <artifactId>jsr311-api</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.xml.stream</groupId>
- <artifactId>stax-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>xpp3</groupId>
- <artifactId>xpp3</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.codehaus.groovy</groupId>
- <artifactId>groovy-all</artifactId>
- </dependency>
- </dependencies>
+ <dependencies>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.container</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.kernel</groupId>
+ <artifactId>exo.kernel.commons</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.core</groupId>
+ <artifactId>exo.core.component.xml-processing</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.core</groupId>
+ <artifactId>exo.core.component.script.groovy</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.ws</groupId>
+ <artifactId>exo.ws.commons</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.ws</groupId>
+ <artifactId>exo.ws.rest.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.exoplatform.ws</groupId>
+ <artifactId>exo.ws.testframework</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>jsr250-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>jtidy</groupId>
+ <artifactId>jtidy</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.ws.rs</groupId>
+ <artifactId>jsr311-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.xml.stream</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>xpp3</groupId>
+ <artifactId>xpp3</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <argLine>-Djava.security.manager=default
-Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>prepare-test-policy</id>
+ <phase>process-test-resources</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <tasks>
+ <echo>***** Creating Access Policy for tests *****</echo>
+ <makeurl file="${settings.localRepository}"
property="localRepositoryURL" />
+ <makeurl file="${project.build.outputDirectory}"
property="outputDirectoryURL" />
+ <makeurl file="${project.build.testOutputDirectory}"
property="testOutputDirectoryURL" />
+ <copy todir="${project.build.testOutputDirectory}"
overwrite="true">
+ <fileset dir="${project.basedir}/src/test/resources/">
+ <include name="test.policy" />
+ </fileset>
+ <filterset>
+ <filter token="MAVEN_REPO" value="${localRepositoryURL}"
/>
+ <filter token="MAIN_CLASSES"
value="${outputDirectoryURL}" />
+ <filter token="TEST_CLASSES"
value="${testOutputDirectoryURL}" />
+ </filterset>
+ </copy>
+ </tasks>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
Added:
ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java
===================================================================
---
ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java
(rev 0)
+++
ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java 2010-06-21
10:19:10 UTC (rev 2665)
@@ -0,0 +1,55 @@
+/**
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.exoplatform.services.rest.ext.groovy;
+
+import org.exoplatform.services.rest.ext.BaseTest;
+import org.exoplatform.services.rest.impl.ContainerResponse;
+import org.exoplatform.services.rest.tools.ByteArrayContainerResponseWriter;
+
+import java.io.InputStream;
+
+/**
+ * @author <a href="mailto:andrew00x@gmail.com">Andrey
Parfonov</a>
+ * @version $Id$
+ */
+public class GroovySecureRestrictionTest extends BaseTest
+{
+
+ private InputStream script;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ assertNotNull("SecurityManager not installed",
System.getSecurityManager());
+ script =
Thread.currentThread().getContextClassLoader().getResourceAsStream("groovy3.groovy");
+ assertNotNull(script);
+ }
+
+ public void testReadSystemPropertyFail() throws Exception
+ {
+ groovyPublisher.publishPerRequest(script, new BaseResourceId("g1"));
+ ByteArrayContainerResponseWriter writer = new ByteArrayContainerResponseWriter();
+ ContainerResponse resp = service("GET", "/a/b", "",
null, null, writer);
+ assertEquals(500, resp.getStatus());
+ assertTrue(new String(writer.getBody()).startsWith("access denied"));
+ }
+
+}
Property changes on:
ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Name: svn:keywords
+ Id
Name: svn:eol-style
+ native
Modified:
ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml
===================================================================
---
ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml 2010-06-18
13:57:10 UTC (rev 2664)
+++
ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml 2010-06-21
10:19:10 UTC (rev 2665)
@@ -32,7 +32,7 @@
<property name="log4j.appender.file.File"
value="target/container.log" />
<property name="log4j.appender.file.layout"
value="org.apache.log4j.PatternLayout" />
<property name="log4j.appender.file.layout.ConversionPattern"
value="%d{dd.MM.yyyy HH:mm:ss} *%-5p* [%t] %c{1}: %m (%F, line %L) %n" />
-
+ <!-- <property name="log4j.category.exo.ws.rest.core"
value="DEBUG" />-->
</properties-param>
</init-params>
</component>
Added: ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy
===================================================================
--- ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy
(rev 0)
+++ ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy 2010-06-21 10:19:10 UTC
(rev 2665)
@@ -0,0 +1,19 @@
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+@Path("a")
+class CroovyResource3
+{
+
+ CroovyResource3()
+ {
+ }
+
+ @GET
+ @Path("b")
+ def m0()
+ {
+ return System.getProperty("java.home");
+ }
+
+}
\ No newline at end of file