JBoss Remoting SVN: r5895 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 15:01:00 -0400 (Sat, 03 Jul 2010)
New Revision: 5895
Modified:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/EmptyURITestCase.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/EmptyURITestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/EmptyURITestCase.java 2010-07-03 19:00:36 UTC (rev 5894)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/EmptyURITestCase.java 2010-07-03 19:01:00 UTC (rev 5895)
@@ -24,6 +24,8 @@
import java.io.IOException;
import java.net.InetAddress;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -85,7 +87,14 @@
ConsoleAppender consoleAppender = new ConsoleAppender(layout);
Logger.getRootLogger().addAppender(consoleAppender);
- InvokerRegistry.registerInvokerFactories("http", TransportClientFactory.class, TestCoyoteInvokerFactory.class);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.registerInvokerFactories("http", TransportClientFactory.class, TestCoyoteInvokerFactory.class);
+ return null;
+ }
+ });
}
}
14 years, 5 months
JBoss Remoting SVN: r5894 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/registry.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 15:00:36 -0400 (Sat, 03 Jul 2010)
New Revision: 5894
Modified:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/registry/InvokerRegistryRaceTestCase.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/registry/InvokerRegistryRaceTestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/registry/InvokerRegistryRaceTestCase.java 2010-07-03 18:27:59 UTC (rev 5893)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/registry/InvokerRegistryRaceTestCase.java 2010-07-03 19:00:36 UTC (rev 5894)
@@ -2,6 +2,8 @@
import java.net.InetAddress;
import java.net.MalformedURLException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -273,7 +275,14 @@
{
try
{
- InvokerRegistry.updateServerInvokerLocator(locator, locator);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.updateServerInvokerLocator(locator, locator);
+ return null;
+ }
+ });
if ((i + 1) % (counter / 5) == 0)
{
log.info(this + " updated locator: " + (i + 1));
14 years, 5 months
JBoss Remoting SVN: r5893 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/connection.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 14:27:59 -0400 (Sat, 03 Jul 2010)
New Revision: 5893
Modified:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/connection/ConnectionValidatorDisconnectTimeoutTestCase.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/connection/ConnectionValidatorDisconnectTimeoutTestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/connection/ConnectionValidatorDisconnectTimeoutTestCase.java 2010-07-03 17:27:13 UTC (rev 5892)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/connection/ConnectionValidatorDisconnectTimeoutTestCase.java 2010-07-03 18:27:59 UTC (rev 5893)
@@ -24,6 +24,8 @@
import java.io.IOException;
import java.net.InetAddress;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -475,8 +477,16 @@
protected void setupServer() throws Exception
- {
- InvokerRegistry.registerInvokerFactories("socket", org.jboss.remoting.transport.socket.TransportClientFactory.class, TestServerInvokerFactory.class);
+ {
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.registerInvokerFactories("socket", org.jboss.remoting.transport.socket.TransportClientFactory.class, TestServerInvokerFactory.class);
+ return null;
+ }
+ });
+
host = InetAddress.getLocalHost().getHostAddress();
port = PortUtil.findFreePort(host);
locatorURI = getTransport() + "://" + host + ":" + port + "/?x=x";
14 years, 5 months
JBoss Remoting SVN: r5892 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/ssl/config.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:27:13 -0400 (Sat, 03 Jul 2010)
New Revision: 5892
Modified:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/ssl/config/HostnameVerifierTestCase.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/ssl/config/HostnameVerifierTestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/ssl/config/HostnameVerifierTestCase.java 2010-07-03 17:25:15 UTC (rev 5891)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/transport/http/ssl/config/HostnameVerifierTestCase.java 2010-07-03 17:27:13 UTC (rev 5892)
@@ -37,8 +37,10 @@
import org.jboss.remoting.transport.Connector;
import org.jboss.remoting.transport.PortUtil;
import org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker;
+import javax.management.MBeanServer;
-import javax.management.MBeanServer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
@@ -63,9 +65,16 @@
if (connector == null)
{
// Register subclassed transport for test.
- InvokerRegistry.registerInvokerFactories(getTransport(),
- TestClientInvokerFactory.class,
- TestServerInvokerFactory.class);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.registerInvokerFactories(getTransport(),
+ TestClientInvokerFactory.class,
+ TestServerInvokerFactory.class);
+ return null;
+ }
+ });
HashMap config = new HashMap();
14 years, 5 months
JBoss Remoting SVN: r5891 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/ssl.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:25:15 -0400 (Sat, 03 Jul 2010)
New Revision: 5891
Modified:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/ssl/SSLSupportedTransportTestCase.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/ssl/SSLSupportedTransportTestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/ssl/SSLSupportedTransportTestCase.java 2010-07-03 17:24:44 UTC (rev 5890)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/ssl/SSLSupportedTransportTestCase.java 2010-07-03 17:25:15 UTC (rev 5891)
@@ -21,6 +21,10 @@
*/
package org.jboss.test.remoting.ssl;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
import junit.framework.TestCase;
import org.jboss.remoting.InvokerRegistry;
@@ -31,13 +35,29 @@
{
public void testTransportSupportsSSL() throws Exception
{
- String[] transports = new String[] {"socket", "sslsocket", "multiplex", "sslmultiplex", "rmi", "sslrmi", "http", "https"};
+ final String[] transports = new String[] {"socket", "sslsocket", "multiplex", "sslmultiplex", "rmi", "sslrmi", "http", "https"};
boolean[] expextedResult = new boolean[] {false, true, false, true, false, true, false, true};
for(int x = 0; x < transports.length; x++)
{
- boolean isSupported = InvokerRegistry.isSSLSupported(transports[x]);
- assertEquals("transport " + transports[x] + " was supposed to be " + expextedResult[x] + " for supporting ssl.", expextedResult[x], isSupported);
+ Boolean isSupported = null;
+ final int finalX = x;
+ try
+ {
+ isSupported = (Boolean) AccessController.doPrivileged( new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
+ {
+ return new Boolean(InvokerRegistry.isSSLSupported(transports[finalX]));
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw pae.getException();
+ }
+
+ assertEquals("transport " + transports[x] + " was supposed to be " + expextedResult[x] + " for supporting ssl.", expextedResult[x], isSupported.booleanValue());
}
}
}
\ No newline at end of file
14 years, 5 months
JBoss Remoting SVN: r5890 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:24:44 -0400 (Sat, 03 Jul 2010)
New Revision: 5890
Added:
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistryCaller.java
remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistrySecurityTestCase.java
Log:
JBREM-1231: New unit tests.
Added: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistryCaller.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistryCaller.java (rev 0)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistryCaller.java 2010-07-03 17:24:44 UTC (rev 5890)
@@ -0,0 +1,96 @@
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * by the @author tags. See the COPYRIGHT.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.remoting.security;
+
+import java.util.Map;
+
+import org.jboss.remoting.InvokerLocator;
+import org.jboss.remoting.InvokerRegistry;
+import org.jboss.remoting.ServerInvoker;
+
+/**
+ * Used by InvokerRegistrySecurityTestCase.
+ *
+ * @author <a href="mailto:ron.sigal@jboss.com">Ron Sigal</a>
+ * @version $Rev$
+ * <p>
+ * Copyright Jul 1, 2010
+ * </p>
+ */
+public class InvokerRegistryCaller
+{
+ public static void registerInvokerFactories(String transport, Class clientFactory, Class serverFactory)
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.registerInvokerFactories(transport, clientFactory, serverFactory);
+ }
+
+ public static void unregisterInvokerFactories(String transport)
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.unregisterInvokerFactories(transport);
+ }
+
+ public static void unregisterLocator(InvokerLocator locator)
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.unregisterLocator(locator);
+ }
+
+ public static void destroyClientInvoker(InvokerLocator locator, Map map)
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.destroyClientInvoker(locator, map);
+ }
+
+ public static void createClientInvoker(InvokerLocator locator, Map map) throws Exception
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.createClientInvoker(locator, map);
+ }
+
+ public static void createServerInvoker(InvokerLocator locator, Map map) throws Exception
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.createServerInvoker(locator, map);
+ }
+
+ public static void destroyServerInvoker(ServerInvoker invoker) throws Exception
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.destroyServerInvoker(invoker);
+ }
+
+ public static void updateServerInvokerLocator(InvokerLocator locator, InvokerLocator newLocator)
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ }
+
+ public static void isSSLSupported(String transport) throws Exception
+ {
+ new Exception("InvokerRegistryCaller stacktrace").printStackTrace();
+ InvokerRegistry.isSSLSupported(transport);
+ }
+}
Added: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistrySecurityTestCase.java
===================================================================
--- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistrySecurityTestCase.java (rev 0)
+++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistrySecurityTestCase.java 2010-07-03 17:24:44 UTC (rev 5890)
@@ -0,0 +1,399 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.remoting.security;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.apache.log4j.PatternLayout;
+import org.jboss.remoting.Client;
+import org.jboss.remoting.InvokerLocator;
+import org.jboss.remoting.InvokerRegistry;
+import org.jboss.remoting.ServerInvoker;
+import org.jboss.remoting.transport.ClientFactory;
+import org.jboss.remoting.transport.ClientInvoker;
+import org.jboss.remoting.transport.Connector;
+import org.jboss.remoting.transport.ServerFactory;
+import org.jboss.remoting.transport.socket.SocketClientInvoker;
+import org.jboss.remoting.transport.socket.SocketServerInvoker;
+
+
+public class InvokerRegistrySecurityTestCase extends TestCase
+{
+ private static Logger log = Logger.getLogger(InvokerRegistrySecurityTestCase.class);
+ private static boolean firstTime = true;
+
+ public void setUp() throws Exception
+ {
+ if (firstTime)
+ {
+ firstTime = false;
+ Logger.getLogger("org.jboss.remoting").setLevel(Level.INFO);
+ Logger.getLogger("org.jboss.test.remoting").setLevel(Level.INFO);
+ String pattern = "[%d{ABSOLUTE}] [%t] %5p (%F:%L) - %m%n";
+ PatternLayout layout = new PatternLayout(pattern);
+ ConsoleAppender consoleAppender = new ConsoleAppender(layout);
+ Logger.getRootLogger().addAppender(consoleAppender);
+ }
+ }
+
+
+ public void tearDown()
+ {
+ }
+
+
+ public void testRegisterUnregisterInvokerFactories() throws Throwable
+ {
+ log.info("entering " + getName());
+
+ // Call from code with proper privileges.
+ InvokerRegistry.registerInvokerFactories("test", TestClientFactory.class, TestServerFactory.class);
+ InvokerRegistry.unregisterInvokerFactories("test");
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.registerInvokerFactories("test", TestClientFactory.class, TestServerFactory.class);
+ InvokerRegistryCaller.unregisterInvokerFactories("test");
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.registerInvokerFactories("test", TestClientFactory.class, TestServerFactory.class);
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ try
+ {
+ InvokerRegistryCaller.unregisterInvokerFactories("test");
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testUnregisterLocator() throws Throwable
+ {
+ log.info("entering " + getName());
+ Connector connector = null;
+
+ try
+ {
+ // Create server, which stores InvokerLocator in InvokerRegistry.
+ InvokerLocator locator = new InvokerLocator("socket://localhost");
+ connector = new Connector(locator);
+ connector.start();
+ InvokerLocator updatedLocator = connector.getLocator();
+
+ // Call from code with proper privileges.
+ InvokerRegistry.unregisterLocator(updatedLocator);
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.unregisterLocator(updatedLocator);
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.unregisterLocator(updatedLocator);
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+ }
+ finally
+ {
+ if (connector != null)
+ {
+ connector.stop();
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testDestroyClientInvoker() throws Throwable
+ {
+ log.info("entering " + getName());
+ Client client = null;
+
+ try
+ {
+ // Create client.
+ InvokerLocator locator = new InvokerLocator("socket://localhost");
+ client = new Client(locator);
+ client.connect();
+
+ // Call from code with proper privileges.
+ InvokerRegistry.destroyClientInvoker(locator, new HashMap());
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.destroyClientInvoker(locator, new HashMap());
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.destroyClientInvoker(locator, new HashMap());
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+ }
+ finally
+ {
+ if (client != null)
+ {
+ client.disconnect();
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testCreateClientInvoker() throws Throwable
+ {
+ log.info("entering " + getName());
+ InvokerLocator locator = new InvokerLocator("socket://localhost");
+
+ // Call from code with proper privileges.
+ ClientInvoker invoker = InvokerRegistry.createClientInvoker(locator, new HashMap());;
+
+ try
+ {
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.createClientInvoker(locator, new HashMap());
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.createClientInvoker(locator, new HashMap());
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+ }
+ finally
+ {
+ if (invoker != null)
+ {
+ InvokerRegistry.destroyClientInvoker(locator, new HashMap());
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testCreateServerInvoker() throws Throwable
+ {
+ log.info("entering " + getName());
+ InvokerLocator locator = new InvokerLocator("socket://localhost");
+
+ // Call from code with proper privileges.
+ ServerInvoker invoker = InvokerRegistry.createServerInvoker(locator, new HashMap());;
+
+ try
+ {
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.createServerInvoker(locator, new HashMap());
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.createServerInvoker(locator, new HashMap());
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+ }
+ finally
+ {
+ if (invoker != null)
+ {
+ InvokerRegistry.destroyServerInvoker(invoker);
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testDestroyServerInvoker() throws Throwable
+ {
+ log.info("entering " + getName());
+ InvokerLocator locator = new InvokerLocator("socket://localhost");
+ ServerInvoker invoker = InvokerRegistry.createServerInvoker(locator, new HashMap());;
+
+ // Call from code with proper privileges.
+ InvokerRegistry.destroyServerInvoker(invoker);
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.destroyServerInvoker(invoker);
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.destroyServerInvoker(invoker);
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testUpdateServerInvokerLocator() throws Throwable
+ {
+ log.info("entering " + getName());
+ InvokerLocator oldLocator = new InvokerLocator("socket://localhost");
+ InvokerLocator newLocator = new InvokerLocator("socket://localhost");
+ ServerInvoker invoker = InvokerRegistry.createServerInvoker(oldLocator, new HashMap());;
+
+ try
+ {
+ // Call from code with proper privileges.
+ InvokerRegistry.updateServerInvokerLocator(oldLocator, newLocator);
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.updateServerInvokerLocator(oldLocator, newLocator);
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.updateServerInvokerLocator(oldLocator, newLocator);
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+ }
+ finally
+ {
+ if (invoker != null)
+ {
+ InvokerRegistry.destroyServerInvoker(invoker);
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ public void testIsSSLSupported() throws Throwable
+ {
+ log.info("entering " + getName());
+
+ // Call from code with proper privileges.
+ InvokerRegistry.isSSLSupported("bisocket");
+
+ // Call from code without proper privileges.
+ if (System.getSecurityManager() == null)
+ {
+ InvokerRegistryCaller.isSSLSupported("http");
+ }
+ else
+ {
+ try
+ {
+ InvokerRegistryCaller.isSSLSupported("http");
+ fail("expected SecurityException");
+ }
+ catch (SecurityException e)
+ {
+ log.info("got expected SecurityException");
+ }
+ }
+
+ log.info(getName() + " PASSES");
+ }
+
+ static class TestServerFactory implements ServerFactory
+ {
+ public ServerInvoker createServerInvoker(InvokerLocator locator, Map config)
+ {
+ return new SocketServerInvoker(locator, config);
+ }
+ public boolean supportsSSL()
+ {
+ return false;
+ }
+ }
+
+ static class TestClientFactory implements ClientFactory
+ {
+ public ClientInvoker createClientInvoker(InvokerLocator locator, Map config) throws IOException
+ {
+ return new SocketClientInvoker(locator, config);
+ }
+ public boolean supportsSSL()
+ {
+ return false;
+ }
+ }
+}
\ No newline at end of file
Property changes on: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/security/InvokerRegistrySecurityTestCase.java
___________________________________________________________________
Name: svn:executable
+ *
14 years, 5 months
JBoss Remoting SVN: r5889 - remoting2/branches/2.x/src/main/org/jboss/remoting/transport/multiplex.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:20:36 -0400 (Sat, 03 Jul 2010)
New Revision: 5889
Modified:
remoting2/branches/2.x/src/main/org/jboss/remoting/transport/multiplex/MultiplexServerInvoker.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/multiplex/MultiplexServerInvoker.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/transport/multiplex/MultiplexServerInvoker.java 2010-07-03 17:19:32 UTC (rev 5888)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/transport/multiplex/MultiplexServerInvoker.java 2010-07-03 17:20:36 UTC (rev 5889)
@@ -30,6 +30,8 @@
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -490,13 +492,21 @@
protected void resetLocator(int bindPort)
{
this.bindPort = bindPort;
- InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(),
- locator.getHost(),
- bindPort,
- locator.getPath(),
- locator.getParameters());
+ final InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(),
+ locator.getHost(),
+ bindPort,
+ locator.getPath(),
+ locator.getParameters());
- InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ return null;
+ }
+ });
+
locator = newLocator;
}
@@ -918,9 +928,18 @@
}
// re-write locator since the port is different
- InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(), locator.getHost(), bindPort, locator.getPath(), locator.getParameters());
+ final InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(), locator.getHost(), bindPort, locator.getPath(), locator.getParameters());
+
// need to update the locator key used in the invoker registry
- InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ return null;
+ }
+ });
+
this.locator = newLocator;
}
14 years, 5 months
JBoss Remoting SVN: r5888 - remoting2/branches/2.x/src/main/org/jboss/remoting/transport.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:19:32 -0400 (Sat, 03 Jul 2010)
New Revision: 5888
Modified:
remoting2/branches/2.x/src/main/org/jboss/remoting/transport/Connector.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/Connector.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/transport/Connector.java 2010-07-03 17:18:54 UTC (rev 5887)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/transport/Connector.java 2010-07-03 17:19:32 UTC (rev 5888)
@@ -415,12 +415,26 @@
throw new IllegalStateException("Connector not configured with LocatorURI.");
}
- InvokerLocator locator = new InvokerLocator(locatorURI);
+ final InvokerLocator locator = new InvokerLocator(locatorURI);
if (invoker == null)
{
// create the server invoker
- invoker = InvokerRegistry.createServerInvoker(locator, configuration);
+ try
+ {
+ invoker = (ServerInvoker) AccessController.doPrivileged( new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
+ {
+ return InvokerRegistry.createServerInvoker(locator, configuration);
+ }
+ });
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw pae.getException();
+ }
+
invoker.setMBeanServer(server);
// set the server socket factory if has been already set on the connector
@@ -1128,7 +1142,16 @@
log.trace(this + " shutting down server invoker");
invoker.stop();
invoker.destroy();
- InvokerRegistry.destroyServerInvoker(invoker);
+
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.destroyServerInvoker(invoker);
+ return null;
+ }
+ });
+
invoker = null;
}
if (marshallerLoaderConnector != null && marshallerLoaderConnector.isStarted)
@@ -1164,7 +1187,16 @@
{
invoker.stop();
invoker.destroy();
- InvokerRegistry.destroyServerInvoker(invoker);
+
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.destroyServerInvoker(invoker);
+ return null;
+ }
+ });
+
invoker = null;
}
isCreated = false;
@@ -1188,7 +1220,16 @@
{
invoker.stop();
invoker.destroy();
- InvokerRegistry.destroyServerInvoker(invoker);
+
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.destroyServerInvoker(invoker);
+ return null;
+ }
+ });
+
invoker = null;
}
isCreated = false;
14 years, 5 months
JBoss Remoting SVN: r5887 - remoting2/branches/2.x/src/main/org/jboss/remoting.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:18:54 -0400 (Sat, 03 Jul 2010)
New Revision: 5887
Modified:
remoting2/branches/2.x/src/main/org/jboss/remoting/ServerInvoker.java
Log:
JBREM-1231: Wrapped all state changing calls to InvokerRegistry in PrivilegedAction.
Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/ServerInvoker.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/ServerInvoker.java 2010-07-03 17:18:25 UTC (rev 5886)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/ServerInvoker.java 2010-07-03 17:18:54 UTC (rev 5887)
@@ -57,6 +57,7 @@
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
@@ -1158,7 +1159,7 @@
createServerSocketFactory();
// need to check invoker locator to see if need to provide binding address (in the case 0.0.0.0 was used)
- InvokerLocator originalLocator = locator;
+ final InvokerLocator originalLocator = locator;
locator = InvokerLocator.validateLocator(locator);
if (!locator.getLocatorURI().equals(originalLocator.getLocatorURI())) {
log.debug(this + " original locator: " + originalLocator);
@@ -1166,7 +1167,14 @@
}
// need to update the locator key used in the invoker registry
- InvokerRegistry.updateServerInvokerLocator(originalLocator, locator);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.updateServerInvokerLocator(originalLocator, locator);
+ return null;
+ }
+ });
}
protected void setupHomes(Map config) throws Exception
@@ -1333,11 +1341,19 @@
port = PortUtil.findFreePort(locator.getHost());
// re-write locator since the port is different
- InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(), locator.getHost(), port,
+ final InvokerLocator newLocator = new InvokerLocator(locator.getProtocol(), locator.getHost(), port,
locator.getPath(), locator.getParameters());
// need to update the locator key used in the invoker registry
- InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ InvokerRegistry.updateServerInvokerLocator(locator, newLocator);
+ return null;
+ }
+ });
+
this.locator = newLocator;
return port;
}
14 years, 5 months
JBoss Remoting SVN: r5886 - remoting2/branches/2.x/src/main/org/jboss/remoting.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2010-07-03 13:18:25 -0400 (Sat, 03 Jul 2010)
New Revision: 5886
Modified:
remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java
Log:
JBREM-1231: Added doSecurityCheck().
Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java 2010-07-03 17:16:08 UTC (rev 5885)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java 2010-07-03 17:18:25 UTC (rev 5886)
@@ -22,7 +22,6 @@
package org.jboss.remoting;
-
import org.jboss.logging.Logger;
import org.jboss.remoting.serialization.ClassLoaderUtility;
import org.jboss.remoting.transport.ClientFactory;
@@ -69,6 +68,8 @@
private static final Map transportClientFactoryClasses = new HashMap();
private static final Map transportServerFactoryClasses = new HashMap();
+
+ private static final RuntimePermission INVOKER_REGISTRY_UPDATE_PERMISSION = new RuntimePermission("invokerRegistryUpdate");
/**
* return an array of InvokerLocators that are local to this VM (server invokers)
@@ -174,6 +175,7 @@
*/
public static void registerInvokerFactories(String transport, Class clientFactory, Class serverFactory)
{
+ doSecurityCheck();
synchronized (clientLock)
{
transportClientFactoryClasses.put(transport, clientFactory);
@@ -191,6 +193,7 @@
*/
public static void unregisterInvokerFactories(String transport)
{
+ doSecurityCheck();
synchronized (clientLock)
{
transportClientFactoryClasses.remove(transport);
@@ -203,6 +206,7 @@
public static void unregisterLocator(InvokerLocator locator)
{
+ doSecurityCheck();
synchronized (serverLock)
{
serverLocators.remove(locator);
@@ -230,6 +234,7 @@
*/
public static void destroyClientInvoker(InvokerLocator locator, Map configuration)
{
+ doSecurityCheck();
synchronized(clientLock)
{
if (trace)
@@ -276,6 +281,8 @@
public static ClientInvoker createClientInvoker(InvokerLocator locator, Map configuration)
throws Exception
{
+ doSecurityCheck();
+
if(locator == null)
{
throw new NullPointerException("locator cannot be null");
@@ -545,7 +552,7 @@
public static ServerInvoker createServerInvoker(InvokerLocator locator, Map configuration)
throws Exception
{
-
+ doSecurityCheck();
ServerInvoker invoker = null;
synchronized(serverLock)
{
@@ -568,6 +575,7 @@
public static void destroyServerInvoker(ServerInvoker invoker)
{
+ doSecurityCheck();
if(invoker != null)
{
InvokerLocator locator = invoker.getLocator();
@@ -648,6 +656,7 @@
*/
public static void updateServerInvokerLocator(InvokerLocator locator, InvokerLocator newLocator)
{
+ doSecurityCheck();
synchronized (serverLock)
{
Object si = serverLocators.get(locator);
@@ -669,6 +678,7 @@
*/
public static boolean isSSLSupported(String transport) throws Exception
{
+ doSecurityCheck();
boolean isSSLSupported = false;
Class transportFactoryClass = null;
try
@@ -810,4 +820,17 @@
throw (NoSuchMethodException) e.getCause();
}
}
+
+ static private void doSecurityCheck()
+ {
+ // If there is no Security Manager, the issue is moot.
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return;
+ }
+
+ // If the calling code is not verifiably in Remoting, then require it to have InvokerRegistryUpdatePermission.
+ sm.checkPermission(INVOKER_REGISTRY_UPDATE_PERMISSION);
+ }
}
14 years, 5 months