Author: aparfonov Date: 2010-06-21 06:19:10 -0400 (Mon, 21 Jun 2010) New Revision: 2665 Added: ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy Modified: ws/trunk/exo.ws.rest.ext/pom.xml ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml Log: EXOJCR-793 : test for security restriction Modified: ws/trunk/exo.ws.rest.ext/pom.xml =================================================================== --- ws/trunk/exo.ws.rest.ext/pom.xml 2010-06-18 13:57:10 UTC (rev 2664) +++ ws/trunk/exo.ws.rest.ext/pom.xml 2010-06-21 10:19:10 UTC (rev 2665) @@ -1,99 +1,129 @@ -<!-- - Copyright (C) 2009 eXo Platform SAS. + <!-- - This is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - This software is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this software; if not, write to the Free - Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - 02110-1301 USA, or see the FSF site: http://www.fsf.org. - ---> + Copyright (C) 2009 eXo Platform SAS. This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at + your option) any later version. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License for more details. You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF + site: http://www.fsf.org. + --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <modelVersion>4.0.0</modelVersion> + <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.exoplatform.ws</groupId> - <artifactId>ws-parent</artifactId> - <version>2.2.0-Beta01-SNAPSHOT</version> - </parent> + <parent> + <groupId>org.exoplatform.ws</groupId> + <artifactId>ws-parent</artifactId> + <version>2.2.0-Beta01-SNAPSHOT</version> + </parent> - <artifactId>exo.ws.rest.ext</artifactId> + <artifactId>exo.ws.rest.ext</artifactId> - <name>eXo WS :: REST :: Extentions</name> + <name>eXo WS :: REST :: Extentions</name> - <dependencies> - <dependency> - <groupId>org.exoplatform.kernel</groupId> - <artifactId>exo.kernel.container</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.kernel</groupId> - <artifactId>exo.kernel.commons</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.core</groupId> - <artifactId>exo.core.component.xml-processing</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.core</groupId> - <artifactId>exo.core.component.script.groovy</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.ws</groupId> - <artifactId>exo.ws.commons</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.ws</groupId> - <artifactId>exo.ws.rest.core</artifactId> - </dependency> - <dependency> - <groupId>org.exoplatform.ws</groupId> - <artifactId>exo.ws.testframework</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>javax.annotation</groupId> - <artifactId>jsr250-api</artifactId> - </dependency> - <dependency> - <groupId>jtidy</groupId> - <artifactId>jtidy</artifactId> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - </dependency> - <dependency> - <groupId>javax.ws.rs</groupId> - <artifactId>jsr311-api</artifactId> - </dependency> - <dependency> - <groupId>javax.xml.stream</groupId> - <artifactId>stax-api</artifactId> - <version>1.0</version> - </dependency> - <dependency> - <groupId>xpp3</groupId> - <artifactId>xpp3</artifactId> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - </dependency> - <dependency> - <groupId>org.codehaus.groovy</groupId> - <artifactId>groovy-all</artifactId> - </dependency> - </dependencies> + <dependencies> + <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.container</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.core</groupId> + <artifactId>exo.core.component.xml-processing</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.core</groupId> + <artifactId>exo.core.component.script.groovy</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.ws</groupId> + <artifactId>exo.ws.commons</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.ws</groupId> + <artifactId>exo.ws.rest.core</artifactId> + </dependency> + <dependency> + <groupId>org.exoplatform.ws</groupId> + <artifactId>exo.ws.testframework</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>javax.annotation</groupId> + <artifactId>jsr250-api</artifactId> + </dependency> + <dependency> + <groupId>jtidy</groupId> + <artifactId>jtidy</artifactId> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + <dependency> + <groupId>javax.ws.rs</groupId> + <artifactId>jsr311-api</artifactId> + </dependency> + <dependency> + <groupId>javax.xml.stream</groupId> + <artifactId>stax-api</artifactId> + <version>1.0</version> + </dependency> + <dependency> + <groupId>xpp3</groupId> + <artifactId>xpp3</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </dependency> + <dependency> + <groupId>org.codehaus.groovy</groupId> + <artifactId>groovy-all</artifactId> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <argLine>-Djava.security.manager=default -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-antrun-plugin</artifactId> + <executions> + <execution> + <id>prepare-test-policy</id> + <phase>process-test-resources</phase> + <goals> + <goal>run</goal> + </goals> + <configuration> + <tasks> + <echo>***** Creating Access Policy for tests *****</echo> + <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> + <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> + <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> + <copy todir="${project.build.testOutputDirectory}" overwrite="true"> + <fileset dir="${project.basedir}/src/test/resources/"> + <include name="test.policy" /> + </fileset> + <filterset> + <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> + <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> + <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> + </filterset> + </copy> + </tasks> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> </project> Added: ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java =================================================================== --- ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java (rev 0) +++ ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java 2010-06-21 10:19:10 UTC (rev 2665) @@ -0,0 +1,55 @@ +/** + * Copyright (C) 2010 eXo Platform SAS. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.services.rest.ext.groovy; + +import org.exoplatform.services.rest.ext.BaseTest; +import org.exoplatform.services.rest.impl.ContainerResponse; +import org.exoplatform.services.rest.tools.ByteArrayContainerResponseWriter; + +import java.io.InputStream; + +/** + * @author <a href="mailto:andrew00x@gmail.com">Andrey Parfonov</a> + * @version $Id$ + */ +public class GroovySecureRestrictionTest extends BaseTest +{ + + private InputStream script; + + @Override + public void setUp() throws Exception + { + super.setUp(); + assertNotNull("SecurityManager not installed", System.getSecurityManager()); + script = Thread.currentThread().getContextClassLoader().getResourceAsStream("groovy3.groovy"); + assertNotNull(script); + } + + public void testReadSystemPropertyFail() throws Exception + { + groovyPublisher.publishPerRequest(script, new BaseResourceId("g1")); + ByteArrayContainerResponseWriter writer = new ByteArrayContainerResponseWriter(); + ContainerResponse resp = service("GET", "/a/b", "", null, null, writer); + assertEquals(500, resp.getStatus()); + assertTrue(new String(writer.getBody()).startsWith("access denied")); + } + +} Property changes on: ws/trunk/exo.ws.rest.ext/src/test/java/org/exoplatform/services/rest/ext/groovy/GroovySecureRestrictionTest.java ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Id Name: svn:eol-style + native Modified: ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml =================================================================== --- ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml 2010-06-18 13:57:10 UTC (rev 2664) +++ ws/trunk/exo.ws.rest.ext/src/test/resources/conf/standalone/test-configuration.xml 2010-06-21 10:19:10 UTC (rev 2665) @@ -32,7 +32,7 @@ <property name="log4j.appender.file.File" value="target/container.log" /> <property name="log4j.appender.file.layout" value="org.apache.log4j.PatternLayout" /> <property name="log4j.appender.file.layout.ConversionPattern" value="%d{dd.MM.yyyy HH:mm:ss} *%-5p* [%t] %c{1}: %m (%F, line %L) %n" /> - + <!-- <property name="log4j.category.exo.ws.rest.core" value="DEBUG" />--> </properties-param> </init-params> </component> Added: ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy =================================================================== --- ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy (rev 0) +++ ws/trunk/exo.ws.rest.ext/src/test/resources/groovy3.groovy 2010-06-21 10:19:10 UTC (rev 2665) @@ -0,0 +1,19 @@ +import javax.ws.rs.GET; +import javax.ws.rs.Path; + +@Path("a") +class CroovyResource3 +{ + + CroovyResource3() + { + } + + @GET + @Path("b") + def m0() + { + return System.getProperty("java.home"); + } + +} \ No newline at end of file