[JBoss Microcontainer Development] New message: "Re: Security problems with org.jboss.test:jboss-test 1.1.5.GA"

Monday, 8 March 2010

JBoss development,

A new message was posted in the thread "Security problems with
org.jboss.test:jboss-test 1.1.5.GA":

http://community.jboss.org/message/530617#530617

Author  : Flavia Rainone
Profile : http://community.jboss.org/people/flavia.rainone@jboss.com

Message:
--------------------------------------------------------------
...
 mailto:adrian@jboss.org wrote:

 Looks like a bug to me, but I don't see any recent changes in the code that would
cause the problem?

 The SecurityManager shouldn't be installed until it runs
AbstractTestDelegate.setUp()
 The error above is happening in the constructor of the delegate.

 Its only after that happens that you can do:

 delegate.enableSecurity = true;

 Most likely, there is a security manager still around from a previous test?
You're right!
Taking a better look, I found this:

public class AOPTestDelegate extends AbstractTestDelegate
{
    public void tearDown() throws Exception
    {
...
>>       //TODO Figure out cause of security exception when
making this call
>> //       super.tearDown();        String deployedByClassLoader =
(String)systemProps.get(EclipseTestTransformer.CLASSLOADER_DEPLOYED_XML); 
       if (deployedByClassLoader != null)
       {
          URL url =
Thread.currentThread().getContextClassLoader().getResource(deployedByClassLoader);
          AspectXmlLoader.undeployXML(url);
       }
    }

}

AbstractTestDelegate.setUpSecurity defines a SecurityManager, and
AbstractTestDelegate.tearDownSecurity should set the SecurityManager as null. This is not
happening, because AbstractTestDelegate.tearDown is overwritten and the call to
super.tearDown is commented out.

Uncomenting this call took me to:

Testcase: testBasic took 1.531 sec
        Caused an ERROR
access denied (java.lang.RuntimePermission setSecurityManager)
java.security.AccessControlException: access denied (java.lang.RuntimePermission
setSecurityManager)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.System.setSecurityManager0(System.java:272)
        at java.lang.System.setSecurityManager(System.java:263)
        at
org.jboss.test.AbstractTestDelegate.tearDownSecurity(AbstractTestDelegate.java:195)
        at org.jboss.test.AbstractTestDelegate.tearDown(AbstractTestDelegate.java:142)
        at org.jboss.test.aop.AOPTestDelegate.tearDown(AOPTestDelegate.java:66)
        at org.jboss.test.AbstractTestSetup.tearDown(AbstractTestSetup.java:73)
        at
org.jboss.test.AbstractTestCaseWithSetup.tearDown(AbstractTestCaseWithSetup.java:112)

...
From that, I'm assuming that I should define a security policy
that allow AbstractTestDelegate to call setSecurityManager. Is that correct? 
--------------------------------------------------------------

To reply to this message visit the message page:
http://community.jboss.org/message/530617#530617

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006