Author: nzamosenchuk Date: 2010-06-09 07:50:54 -0400 (Wed, 09 Jun 2010) New Revision: 2521 Added: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy Removed: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java jcr/trunk/exo.jcr.component.core/pom.xml jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java Log: EXOJCR-764 : merging from branch SEC into trunk EXOJCR-767 : merging from branch SEC into trunk EXOJCR-770 : merging from branch SEC into trunk Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java =================================================================== --- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-09 09:48:49 UTC (rev 2520) +++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/ConversationState.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -23,7 +23,7 @@ /** * Created by The eXo Platform SAS . - * + * * @author Gennady Azarenkov * @version $Id: $ */ @@ -31,6 +31,8 @@ public class ConversationState { + private static final RuntimePermission SET_CURRENT_STATE_PERMISSION = new RuntimePermission("setCurrentState"); + /** * "subject". */ @@ -67,11 +69,17 @@ /** * Preset current ConversationState. - * + * * @param state ConversationState */ public static void setCurrent(ConversationState state) { + SecurityManager security = System.getSecurityManager(); + if (security != null) + { + security.checkPermission(SET_CURRENT_STATE_PERMISSION); + } + current.set(state); } @@ -85,12 +93,13 @@ /** * sets attribute. - * + * * @param key * @param value */ public void setAttribute(String name, Object value) { + // TODO : need check is it allowed to set any attributes this.attributes.put(name, value); } @@ -113,7 +122,7 @@ /** * removes attribute. - * + * * @param key */ public void removeAttribute(String name) Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java =================================================================== --- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-09 09:48:49 UTC (rev 2520) +++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -20,15 +20,17 @@ import java.util.Collection; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; /** - * Created by The eXo Platform SAS .<br/> User Session encapsulates user's - * principals such as name, groups along with JAAS subject (useful in J2EE - * environment) as well as other optional attributes - * + * Created by The eXo Platform SAS .<br/> + * User Session encapsulates user's principals such as name, groups along with + * JAAS subject (useful in J2EE environment) as well as other optional + * attributes + * * @author Gennady Azarenkov * @version $Id: $ */ @@ -36,6 +38,10 @@ public class Identity { + private static final RuntimePermission SET_SUBJECT_PERMISSION = new RuntimePermission("setSubject"); + + private static final RuntimePermission MODIFY_IDENTITY_PERMISSION = new RuntimePermission("modifyIdentity"); + /** * User's identifier. */ @@ -84,8 +90,8 @@ public Identity(String userId, Collection<MembershipEntry> memberships, Collection<String> roles) { this.userId = userId; - this.memberships = new HashSet<MembershipEntry>(memberships); - this.roles = roles; + this.memberships = new SecureSet<MembershipEntry>(memberships); + this.roles = new SecureSet<String>(roles); } /** @@ -118,7 +124,7 @@ /** * Check is user member of group. - * + * * @param group the group. * @return true if user has any membershipType for given group, false * otherwise. @@ -133,6 +139,7 @@ */ public Set<String> getGroups() { + // TODO : Need to protect group's set ?? Set<String> groups = new HashSet<String>(); for (MembershipEntry m : memberships) { @@ -146,7 +153,7 @@ */ public void setMemberships(Collection<MembershipEntry> memberships) { - this.memberships = new HashSet<MembershipEntry>(memberships); + this.memberships = new SecureSet<MembershipEntry>(memberships); } /** @@ -159,12 +166,12 @@ /** * Sets the roles for J2EE environment using. - * + * * @param roles the roles. */ public void setRoles(Collection<String> roles) { - this.roles = roles; + this.roles = new SecureSet<String>(roles); } /** @@ -188,12 +195,17 @@ */ public void setSubject(Subject subject) { + SecurityManager security = System.getSecurityManager(); + if (security != null) + { + security.checkPermission(SET_SUBJECT_PERMISSION); + } this.subject = subject; } /** * Check is given {@link MembershipEntry} presents in user's memberships. - * + * * @param checkMe the MembershipEntry. * @return true if presents false otherwise. */ @@ -202,4 +214,146 @@ return memberships.contains(checkMe); } + private static class SecureSet<T> implements Set<T> + { + + final Set<T> set; + + SecureSet() + { + this.set = new HashSet<T>(); + } + + SecureSet(Collection<T> set) + { + this.set = new HashSet<T>(set); + } + + public boolean add(T e) + { + checkPermission(); + return set.add(e); + } + + public boolean addAll(Collection<? extends T> elements) + { + if (elements == null) + { + throw new NullPointerException(); + } + checkPermission(); + return elements.size() > 0; + } + + public void clear() + { + checkPermission(); + set.clear(); + } + + public boolean contains(Object o) + { + return set.contains(o); + } + + public boolean containsAll(Collection<?> coll) + { + return set.containsAll(coll); + } + + public boolean equals(Object o) + { + return o == this || set.equals(o); + } + + public int hashCode() + { + return set.hashCode(); + } + + public boolean isEmpty() + { + return set.isEmpty(); + } + + public Iterator<T> iterator() + { + return new Iterator<T>() + { + Iterator<? extends T> i = set.iterator(); + + public boolean hasNext() + { + return i.hasNext(); + } + + public T next() + { + return i.next(); + } + + public void remove() + { + checkPermission(); + i.remove(); + } + }; + } + + public boolean remove(Object o) + { + checkPermission(); + return set.remove(o); + } + + public boolean removeAll(Collection<?> pds) + { + if (pds == null) + { + throw new NullPointerException(); + } + checkPermission(); + return set.removeAll(pds); + } + + public boolean retainAll(Collection<?> pds) + { + if (pds == null) + { + throw new NullPointerException(); + } + checkPermission(); + return set.retainAll(pds); + } + + public int size() + { + return set.size(); + } + + public Object[] toArray() + { + return set.toArray(); + } + + public <T> T[] toArray(T[] a) + { + return set.toArray(a); + } + + public String toString() + { + return set.toString(); + } + + protected void checkPermission() + { + SecurityManager security = System.getSecurityManager(); + if (security != null) + { + security.checkPermission(MODIFY_IDENTITY_PERMISSION); + } + } + } + } Modified: jcr/trunk/exo.jcr.component.core/pom.xml =================================================================== --- jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-09 09:48:49 UTC (rev 2520) +++ jcr/trunk/exo.jcr.component.core/pom.xml 2010-06-09 11:50:54 UTC (rev 2521) @@ -340,6 +340,7 @@ <include>**/*.tiff</include> <include>**/*.pdf</include> <include>**/*.dtd</include> + <include>**/*.policy</include> </includes> </testResource> </testResources> @@ -589,6 +590,7 @@ <exclude>org/apache/jackrabbit/test/api/TestAll.java</exclude> <exclude>org/apache/jackrabbit/test/api/**/Abstract*.java</exclude> <exclude>org/apache/jackrabbit/test/api/**/FrozenNodeTest.java</exclude> + <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude> </excludes> </configuration> </plugin> @@ -696,6 +698,8 @@ <exclude>org/apache/jackrabbit/test/api/TestAll.java</exclude> <exclude>org/apache/jackrabbit/test/api/**/Abstract*.java</exclude> <exclude>org/apache/jackrabbit/test/api/**/FrozenNodeTest.java</exclude> + <!-- security --> + <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude> </excludes> </configuration> </plugin> @@ -735,6 +739,9 @@ <include>**/**/TestSVNodeDataOptimization_.java</include> <include>**/**/TestValueConstraints.java</include> </includes> + <excludes> + <exclude>org/exoplatform/services/jcr/impl/core/security/Test*.java</exclude> + </excludes> </configuration> </plugin> </plugins> Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-09 09:48:49 UTC (rev 2520) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -60,13 +60,15 @@ /** * Created by The eXo Platform SAS.<br/> * Implementation of javax.jcr.Repository - * + * * @author <a href="mailto:geaz@users.sourceforge.net">Gennady Azarenkov </a> * @version $Id: RepositoryImpl.java 14487 2008-05-20 07:08:40Z gazarenkov $ */ public class RepositoryImpl implements ManageableRepository { + private static final RuntimePermission GET_SYSTEM_SESSION_PERMISSION = new RuntimePermission("getJCRSystemSession"); + /** * Repository descriptors. */ @@ -134,7 +136,7 @@ /** * RepositoryImpl constructor. - * + * * @param container Repository container * @throws RepositoryException error of initialization * @throws RepositoryConfigurationException error of configuration @@ -215,13 +217,13 @@ /** * Creation contains three steps. First * <code>configWorkspace(WorkspaceEntry wsConfig)</code> - registration a new - * configuration in RepositoryContainer and create WorkspaceContainer. Second, - * the main step, is + * configuration in RepositoryContainer and create WorkspaceContainer. + * Second, the main step, is * <code>initWorkspace(String workspaceName, String rootNodeType)</code> - * initializing workspace by name and root nodetype. Third, final step, * starting all components of workspace. Before creation workspace <b>must be * configured</b> - * + * * @see org.exoplatform.services.jcr.core.RepositoryImpl#configWorkspace(org.exoplatform.services.jcr.config.WorkspaceEntry * ) * @see org.exoplatform.services.jcr.core.RepositoryImpl#initWorkspace(java.lang.String,java.lang.String) @@ -327,6 +329,13 @@ */ public SessionImpl getSystemSession(String workspaceName) throws RepositoryException { + // Need privileges to get system session. + SecurityManager security = System.getSecurityManager(); + if (security != null) + { + security.checkPermission(GET_SYSTEM_SESSION_PERMISSION); + } + if (getState() == OFFLINE) LOG.warn("Repository " + getName() + " is OFFLINE."); @@ -410,7 +419,7 @@ /** * Internal Remove Workspace. - * + * * @param workspaceName workspace name * @throws RepositoryException error of remove */ @@ -498,7 +507,7 @@ /** * Internal login. - * + * * @param state ConversationState * @param workspaceName workspace name * @return SessionImpl @@ -580,7 +589,7 @@ /** * Set all repository workspaces ReadOnly status. - * + * * @param wsStatus ReadOnly workspace status */ private void setAllWorkspacesReadOnly(boolean wsStatus) Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security) Deleted: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java =================================================================== --- jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-04 13:47:36 UTC (rev 2493) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -1,173 +0,0 @@ -/** - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ - -package org.exoplatform.services.jcr.impl.core.security; - -import org.exoplatform.services.jcr.BaseStandaloneTest; - -import java.net.URL; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.AllPermission; -import java.security.CodeSource; -import java.security.Permission; -import java.security.PermissionCollection; -import java.security.Permissions; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import java.security.ProtectionDomain; -import java.util.Enumeration; - -/** - * @author <a href="mailto:andrew00x@gmail.com">Andrey Parfonov</a> - * @version $Id$ - */ -public abstract class BaseSecurityTest extends BaseStandaloneTest -{ - - public void setUp() throws Exception - { - super.setUp(); - SecurityManager security = System.getSecurityManager(); - assertNotNull("SecurityManager must be ON.", security); - } - - public String getRepositoryName() - { - return "db1"; - } - - /** - * Run privileged action with specified privileges. - */ - protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action, ProtectionDomain[] protectionDomains) - throws Throwable - { - try - { - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - catch (PrivilegedActionException pae) - { - throw pae.getCause(); - } - } - - /** - * Run privileged action without any privileges. - */ - protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action) throws Throwable - { - ProtectionDomain[] protectionDomains = - new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), - (java.security.cert.Certificate[])null), new Permissions())}; - try - { - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - catch (PrivilegedActionException pae) - { - throw pae.getCause(); - } - } - - /** - * Run privileged action with static permissions only. - */ - protected <T> T doPrivilegedActionStaticPermissions(PrivilegedExceptionAction<T> action) throws Throwable - { - try - { - return AccessController.doPrivileged(action); - } - catch (PrivilegedActionException pae) - { - throw pae.getCause(); - } - } - - /** - * Run privileged action with specified privileges. - */ - protected <T> T doPrivilegedAction(PrivilegedAction<T> action, ProtectionDomain[] protectionDomains) - { - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - - /** - * Run privileged action without any privileges. - */ - protected <T> T doPrivilegedAction(PrivilegedAction<T> action) - { - ProtectionDomain[] protectionDomains = - new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), - (java.security.cert.Certificate[])null), new Permissions())}; - return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); - } - - /** - * Run privileged action with static permissions only. - */ - protected <T> T doPrivilegedActionStaticPermissions(PrivilegedAction<T> action) - { - return AccessController.doPrivileged(action); - } - - /** - * Get code-source of class. - */ - protected URL getCodeSource() - { - return getClass().getProtectionDomain().getCodeSource().getLocation(); - } - - protected static final PermissionCollection ALL = new PermissionCollection() - { - - public boolean implies(Permission permission) - { - return true; - } - - public Enumeration<Permission> elements() - { - return new Enumeration<Permission>() - { - private boolean hasMore = true; - - public boolean hasMoreElements() - { - return hasMore; - } - - public Permission nextElement() - { - hasMore = false; - return new AllPermission(); - } - }; - } - - public void add(Permission permission) - { - } - }; - -} Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java) =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java (rev 0) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/BaseSecurityTest.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -0,0 +1,173 @@ +/** + * Copyright (C) 2010 eXo Platform SAS. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.services.jcr.impl.core.security; + +import org.exoplatform.services.jcr.BaseStandaloneTest; + +import java.net.URL; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.AllPermission; +import java.security.CodeSource; +import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.security.ProtectionDomain; +import java.util.Enumeration; + +/** + * @author <a href="mailto:andrew00x@gmail.com">Andrey Parfonov</a> + * @version $Id$ + */ +public abstract class BaseSecurityTest extends BaseStandaloneTest +{ + + public void setUp() throws Exception + { + super.setUp(); + SecurityManager security = System.getSecurityManager(); + assertNotNull("SecurityManager must be ON.", security); + } + + public String getRepositoryName() + { + return "db1"; + } + + /** + * Run privileged action with specified privileges. + */ + protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action, ProtectionDomain[] protectionDomains) + throws Throwable + { + try + { + return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); + } + catch (PrivilegedActionException pae) + { + throw pae.getCause(); + } + } + + /** + * Run privileged action without any privileges. + */ + protected <T> T doPrivilegedAction(PrivilegedExceptionAction<T> action) throws Throwable + { + ProtectionDomain[] protectionDomains = + new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), + (java.security.cert.Certificate[])null), new Permissions())}; + try + { + return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); + } + catch (PrivilegedActionException pae) + { + throw pae.getCause(); + } + } + + /** + * Run privileged action with static permissions only. + */ + protected <T> T doPrivilegedActionStaticPermissions(PrivilegedExceptionAction<T> action) throws Throwable + { + try + { + return AccessController.doPrivileged(action); + } + catch (PrivilegedActionException pae) + { + throw pae.getCause(); + } + } + + /** + * Run privileged action with specified privileges. + */ + protected <T> T doPrivilegedAction(PrivilegedAction<T> action, ProtectionDomain[] protectionDomains) + { + return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); + } + + /** + * Run privileged action without any privileges. + */ + protected <T> T doPrivilegedAction(PrivilegedAction<T> action) + { + ProtectionDomain[] protectionDomains = + new ProtectionDomain[]{new ProtectionDomain(new CodeSource(getCodeSource(), + (java.security.cert.Certificate[])null), new Permissions())}; + return AccessController.doPrivileged(action, new AccessControlContext(protectionDomains)); + } + + /** + * Run privileged action with static permissions only. + */ + protected <T> T doPrivilegedActionStaticPermissions(PrivilegedAction<T> action) + { + return AccessController.doPrivileged(action); + } + + /** + * Get code-source of class. + */ + protected URL getCodeSource() + { + return getClass().getProtectionDomain().getCodeSource().getLocation(); + } + + protected static final PermissionCollection ALL = new PermissionCollection() + { + + public boolean implies(Permission permission) + { + return true; + } + + public Enumeration<Permission> elements() + { + return new Enumeration<Permission>() + { + private boolean hasMore = true; + + public boolean hasMoreElements() + { + return hasMore; + } + + public Permission nextElement() + { + hasMore = false; + return new AllPermission(); + } + }; + } + + public void add(Permission permission) + { + } + }; + +} Deleted: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java =================================================================== --- jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-04 13:47:36 UTC (rev 2493) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -1,83 +0,0 @@ -/** - * Copyright (C) 2010 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ - -package org.exoplatform.services.jcr.impl.core.security; - -import java.security.AccessControlException; -import java.security.PrivilegedExceptionAction; - -/** - * @author <a href="mailto:andrew00x@gmail.com">Andrey Parfonov</a> - * @version $Id$ - */ -public class TestGetSystemSession extends BaseSecurityTest -{ - public void testGetSystemSessionSuccess() - { - PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - repository.getSystemSession(); - return null; - } - - }; - try - { - doPrivilegedActionStaticPermissions(action); - } - catch (AccessControlException ace) - { - fail("Must be able get system session. We are under static permissions"); - } - catch (Throwable t) - { - t.printStackTrace(); - fail(); - } - } - - public void testGetSystemSessionFail() - { - PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - repository.getSystemSession(); - return null; - } - - }; - try - { - doPrivilegedAction(action); - fail("Must not be able get system session."); - } - catch (AccessControlException ace) - { - // OK - } - catch (Throwable t) - { - t.printStackTrace(); - fail(); - } - } -} Copied: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java) =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java (rev 0) +++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-09 11:50:54 UTC (rev 2521) @@ -0,0 +1,83 @@ +/** + * Copyright (C) 2010 eXo Platform SAS. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.services.jcr.impl.core.security; + +import java.security.AccessControlException; +import java.security.PrivilegedExceptionAction; + +/** + * @author <a href="mailto:andrew00x@gmail.com">Andrey Parfonov</a> + * @version $Id$ + */ +public class TestGetSystemSession extends BaseSecurityTest +{ + public void testGetSystemSessionSuccess() + { + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + repository.getSystemSession(); + return null; + } + + }; + try + { + doPrivilegedActionStaticPermissions(action); + } + catch (AccessControlException ace) + { + fail("Must be able get system session. We are under static permissions"); + } + catch (Throwable t) + { + t.printStackTrace(); + fail(); + } + } + + public void testGetSystemSessionFail() + { + PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + repository.getSystemSession(); + return null; + } + + }; + try + { + doPrivilegedAction(action); + fail("Must not be able get system session."); + } + catch (AccessControlException ace) + { + // OK + } + catch (Throwable t) + { + t.printStackTrace(); + fail(); + } + } +} Copied: jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy (from rev 2493, jcr/branches/1.12-SEC/exo.jcr.component.core/src/test/resources/test.policy) =================================================================== --- jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy (rev 0) +++ jcr/trunk/exo.jcr.component.core/src/test/resources/test.policy 2010-06-09 11:50:54 UTC (rev 2521) @@ -0,0 +1,5 @@ +// configure static permissions here +grant { + permission java.security.AllPermission; +}; + \ No newline at end of file