[jboss-cvs] JBossAS SVN: r62656 - in projects/test/trunk/src: main/java/org/jboss/test/security and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 30 15:24:00 EDT 2007
Author: adrian at jboss.org
Date: 2007-04-30 15:24:00 -0400 (Mon, 30 Apr 2007)
New Revision: 62656
Added:
projects/test/trunk/src/main/java/org/jboss/test/security/NothingPolicyPlugin.java
projects/test/trunk/src/test/java/org/jboss/test/security/
projects/test/trunk/src/test/java/org/jboss/test/security/test/
projects/test/trunk/src/test/java/org/jboss/test/security/test/NothingSecurityUnitTestCase.java
projects/test/trunk/src/test/java/org/jboss/test/security/test/OriginalSecurityUnitTestCase.java
Modified:
projects/test/trunk/src/main/java/org/jboss/test/AbstractTestDelegate.java
projects/test/trunk/src/main/java/org/jboss/test/security/PolicyPlugin.java
projects/test/trunk/src/main/java/org/jboss/test/security/TestsPolicyPlugin.java
Log:
The old security policy is broken. It has been hacked to allow too much stuff.
The fix:
Implement a NothingSecurityPolicy.
Add the ability to override the security policy with a specific class by the test.
Additionally since the maven tests don't run from the jars and the directory
name no longer contains the magic "tests", add "test-classes" to the check of a codesource url being a test.
Modified: projects/test/trunk/src/main/java/org/jboss/test/AbstractTestDelegate.java
===================================================================
--- projects/test/trunk/src/main/java/org/jboss/test/AbstractTestDelegate.java 2007-04-30 19:17:09 UTC (rev 62655)
+++ projects/test/trunk/src/main/java/org/jboss/test/AbstractTestDelegate.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -41,6 +41,9 @@
/** Whether security is enabled */
public boolean enableSecurity = false;
+ /** The security policy name */
+ public String securityPolicyName = null;
+
/** The policy plugin */
protected PolicyPlugin policy;
@@ -174,7 +177,10 @@
*/
protected void setUpSecurity() throws Exception
{
- policy = PolicyPlugin.getInstance(clazz);
+ if (securityPolicyName != null)
+ policy = PolicyPlugin.getInstance(clazz, securityPolicyName);
+ else
+ policy = PolicyPlugin.getInstance(clazz);
PolicyPlugin.setPolicy(policy);
System.setSecurityManager(new SecurityManager());
}
Added: projects/test/trunk/src/main/java/org/jboss/test/security/NothingPolicyPlugin.java
===================================================================
--- projects/test/trunk/src/main/java/org/jboss/test/security/NothingPolicyPlugin.java (rev 0)
+++ projects/test/trunk/src/main/java/org/jboss/test/security/NothingPolicyPlugin.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -0,0 +1,163 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.security;
+
+import java.io.File;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+import java.security.Permission;
+import java.security.ProtectionDomain;
+import java.util.HashSet;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Enumeration;
+import java.lang.reflect.Constructor;
+
+import org.jboss.test.visitor.TypeHierarchyTraversal;
+import org.jboss.test.visitor.PropertiesVisitorImpl;
+
+/**
+ * A Test PolicyPlugin.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 56504 $
+ */
+public class NothingPolicyPlugin extends PolicyPlugin
+{
+ private HashSet<Permission> classPermissions = new HashSet<Permission>();
+
+ private static final URL codeSourceLocation;
+
+ static
+ {
+ URL temp = null;
+ ProtectionDomain pd = NothingPolicyPlugin.class.getProtectionDomain();
+ if (pd != null)
+ {
+ CodeSource cs = pd.getCodeSource();
+ if (cs != null)
+ {
+ temp = cs.getLocation();
+ }
+ }
+ codeSourceLocation = temp;
+ }
+
+ /**
+ * This ctor scans for properties using the TypeHierarchyTraversal and
+ * PropertiesVisitorImpl to pickup testclass specific permissions. Only
+ * class/interfaces properties are currently consulted for properties of
+ * the form 'test.Permission.N' where N=[0-9]+
+ * The value format of the test.Permission.N property is:
+ * perm-class, name [, actions]
+ * which conforms to the BasicPermission(String name, String actions) and
+ * BasicPermission(String name) sigs.
+ * @param clazz
+ */
+ public NothingPolicyPlugin(Class clazz)
+ {
+ // Augment the policy with testcase clazz data
+ PropertiesVisitorImpl visitor = new PropertiesVisitorImpl();
+ TypeHierarchyTraversal.visit(clazz, visitor);
+ HashMap<Class, Properties> typeProperties = visitor.getTypeProperties();
+ Iterator<Properties> iter = typeProperties.values().iterator();
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ while( iter.hasNext() )
+ {
+ Properties props = iter.next();
+ Enumeration names = props.propertyNames();
+ while( names.hasMoreElements() )
+ {
+ String name = (String) names.nextElement();
+ // Any test.Permission.N is what we are looking for
+ if( name.matches("test.Permission.[0-9]+") )
+ {
+ // Permission value syntax is perm-class, name [, actions]
+ String value = props.getProperty(name);
+ String[] info = value.split(", ");
+ try
+ {
+ // Create the permission based on the number of args
+ Class pc = loader.loadClass(info[0]);
+ Permission p;
+ if( info.length == 1 )
+ {
+ p = (Permission) pc.newInstance();
+ }
+ else if( info.length == 2 )
+ {
+ Class[] sig = {String.class};
+ Object[] args = {info[1]};
+ Constructor ctor = pc.getConstructor(sig);
+ p = (Permission) ctor.newInstance(args);
+ }
+ else
+ {
+ Class[] sig = {String.class, String.class};
+ Object[] args = {info[1], info[2]};
+ Constructor ctor = pc.getConstructor(sig);
+ p = (Permission) ctor.newInstance(args);
+ }
+ classPermissions.add(p);
+ }
+ catch(ClassNotFoundException e)
+ {
+ // We could break out ClassNotFoundException to create lazy loaded...
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+ }
+
+ public PermissionCollection getPermissions(CodeSource codesource)
+ {
+ URL url = codesource.getLocation();
+ if (url != null)
+ {
+ // Is this us?
+ if (url.equals(codeSourceLocation))
+ return allPermissions();
+
+ // Is this a test location?
+ File file = new File(url.toString());
+ String name = file.getName();
+ if (name.indexOf("tests") != -1 || name.indexOf("test-classes") != -1 || name.indexOf("-test.jar") != -1)
+ {
+ PermissionCollection pc = noPermissions();
+ Iterator iter = classPermissions.iterator();
+ while( iter.hasNext() )
+ {
+ Permission p = (Permission) iter.next();
+ pc.add(p);
+ }
+ return pc;
+ }
+ }
+ return allPermissions();
+ }
+}
Modified: projects/test/trunk/src/main/java/org/jboss/test/security/PolicyPlugin.java
===================================================================
--- projects/test/trunk/src/main/java/org/jboss/test/security/PolicyPlugin.java 2007-04-30 19:17:09 UTC (rev 62655)
+++ projects/test/trunk/src/main/java/org/jboss/test/security/PolicyPlugin.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -64,7 +64,26 @@
{
String policyClassName = System.getProperty("org.jboss.test.security.PolicyPlugin",
"org.jboss.test.security.TestsPolicyPlugin");
- Class policyClass = Thread.currentThread().getContextClassLoader().loadClass(policyClassName);
+ return getInstance(clazz, policyClassName);
+ }
+
+ /**
+ * Get the security plugin. With the specified name.
+ * The class must implement {@link PolicyPlugin} with a constructor
+ * that takes the test class as a single parameter
+ *
+ * @see PolicyPlugin
+ * @see TestsPolicyPlugin
+ *
+ * @param clazz - the unit testcase class
+ * @param policyName - the policy name
+ * @return the security policy plugin
+ * @throws Exception for any error
+ */
+ public static PolicyPlugin getInstance(Class clazz, String policyName)
+ throws Exception
+ {
+ Class policyClass = Thread.currentThread().getContextClassLoader().loadClass(policyName);
Class[] sig = {Class.class};
Constructor ctor = policyClass.getConstructor(sig);
Object[] args = {clazz};
Modified: projects/test/trunk/src/main/java/org/jboss/test/security/TestsPolicyPlugin.java
===================================================================
--- projects/test/trunk/src/main/java/org/jboss/test/security/TestsPolicyPlugin.java 2007-04-30 19:17:09 UTC (rev 62655)
+++ projects/test/trunk/src/main/java/org/jboss/test/security/TestsPolicyPlugin.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -146,9 +146,9 @@
// Is this a test location?
File file = new File(url.toString());
String name = file.getName();
- if (name.indexOf("tests") != -1 || name.indexOf("-test.jar") != -1)
+ if (name.indexOf("tests") != -1 || name.indexOf("test-classes") != -1 || name.indexOf("-test.jar") != -1)
{
- // @TODO: Make configurable
+ // TODO: Make configurable
PermissionCollection pc = fileReadPermissions();
// Needed for the class loading tests
pc.add(new RuntimePermission("createClassLoader"));
Added: projects/test/trunk/src/test/java/org/jboss/test/security/test/NothingSecurityUnitTestCase.java
===================================================================
--- projects/test/trunk/src/test/java/org/jboss/test/security/test/NothingSecurityUnitTestCase.java (rev 0)
+++ projects/test/trunk/src/test/java/org/jboss/test/security/test/NothingSecurityUnitTestCase.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -0,0 +1,84 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2006, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.security.test;
+
+import java.io.File;
+import java.net.URL;
+import java.security.AccessControlException;
+
+import org.jboss.test.AbstractTestCaseWithSetup;
+import org.jboss.test.AbstractTestDelegate;
+import org.jboss.test.security.NothingPolicyPlugin;
+
+/**
+ * OriginalSecurityUnitTestCase.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 1.1 $
+ */
+public class NothingSecurityUnitTestCase extends AbstractTestCaseWithSetup
+{
+ public NothingSecurityUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ public static AbstractTestDelegate getDelegate(Class clazz)
+ {
+ AbstractTestDelegate delegate = new AbstractTestDelegate(clazz);
+ delegate.enableSecurity = true;
+ delegate.securityPolicyName = NothingPolicyPlugin.class.getName();
+ return delegate;
+ }
+
+ public void testSecurity() throws Exception
+ {
+ // Shouldn't be allowed to get a system property
+ try
+ {
+ System.getProperty("blah");
+ fail("Should not be here!");
+ }
+ catch (Exception expected)
+ {
+ checkThrowable(AccessControlException.class, expected);
+ }
+
+ // We can't access files with the nothing policy
+ URL url = getResource("/org/jboss/test/BaseTestCase.class");
+ assertNotNull(url);
+ try
+ {
+ File file = new File(url.getFile());
+ assertTrue(file.exists());
+ fail("Should not be here!");
+ }
+ catch (Exception expected)
+ {
+ checkThrowable(AccessControlException.class, expected);
+ }
+
+ // A plain getResource for some other codesource should not work with the nothing policy
+ url = getClass().getResource("/org/jboss/test/BaseTestCase.class");
+ assertNull(url);
+ }
+}
Added: projects/test/trunk/src/test/java/org/jboss/test/security/test/OriginalSecurityUnitTestCase.java
===================================================================
--- projects/test/trunk/src/test/java/org/jboss/test/security/test/OriginalSecurityUnitTestCase.java (rev 0)
+++ projects/test/trunk/src/test/java/org/jboss/test/security/test/OriginalSecurityUnitTestCase.java 2007-04-30 19:24:00 UTC (rev 62656)
@@ -0,0 +1,74 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2006, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.security.test;
+
+import java.io.File;
+import java.net.URL;
+import java.security.AccessControlException;
+
+import org.jboss.test.AbstractTestCaseWithSetup;
+import org.jboss.test.AbstractTestDelegate;
+
+/**
+ * OriginalSecurityUnitTestCase.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 1.1 $
+ */
+public class OriginalSecurityUnitTestCase extends AbstractTestCaseWithSetup
+{
+ public OriginalSecurityUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ public static AbstractTestDelegate getDelegate(Class clazz)
+ {
+ AbstractTestDelegate delegate = new AbstractTestDelegate(clazz);
+ delegate.enableSecurity = true;
+ return delegate;
+ }
+
+ public void testSecurity() throws Exception
+ {
+ // Shouldn't be allowed to get a system property
+ try
+ {
+ System.getProperty("blah");
+ fail("Should not be here!");
+ }
+ catch (Exception expected)
+ {
+ checkThrowable(AccessControlException.class, expected);
+ }
+
+ // We can access files with the old policy
+ URL url = getResource("/org/jboss/test/BaseTestCase.class");
+ assertNotNull(url);
+ File file = new File(url.getFile());
+ assertTrue(file.exists());
+
+ // A plain getResource for some other codesource works with the old policy
+ url = getClass().getResource("/org/jboss/test/BaseTestCase.class");
+ assertNotNull(url);
+ }
+}
More information about the jboss-cvs-commits
mailing list