[jboss-cvs] JBoss Messaging SVN: r2235 - in trunk/tests/src/org/jboss/test/messaging: tools and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 9 06:29:34 EST 2007
Author: ovidiu.feodorov at jboss.com
Date: 2007-02-09 06:29:31 -0500 (Fri, 09 Feb 2007)
New Revision: 2235
Added:
trunk/tests/src/org/jboss/test/messaging/tools/misc/
trunk/tests/src/org/jboss/test/messaging/tools/misc/ConfigurableSecurityManager.java
Modified:
trunk/tests/src/org/jboss/test/messaging/jms/ClientInRestrictedSecurityEnvironmentTest.java
Log:
Refactoring on enhanced security environment tests.
See http://jira.jboss.org/jira/browse/JBMESSAGING-806
Modified: trunk/tests/src/org/jboss/test/messaging/jms/ClientInRestrictedSecurityEnvironmentTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/ClientInRestrictedSecurityEnvironmentTest.java 2007-02-09 11:27:27 UTC (rev 2234)
+++ trunk/tests/src/org/jboss/test/messaging/jms/ClientInRestrictedSecurityEnvironmentTest.java 2007-02-09 11:29:31 UTC (rev 2235)
@@ -21,10 +21,6 @@
*/
package org.jboss.test.messaging.jms;
-import java.net.SocketPermission;
-import java.security.Permission;
-import java.util.Hashtable;
-
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.MessageConsumer;
@@ -37,56 +33,31 @@
import org.jboss.jms.client.JBossConnectionFactory;
import org.jboss.test.messaging.MessagingTestCase;
import org.jboss.test.messaging.tools.ServerManagement;
+import org.jboss.test.messaging.tools.misc.ConfigurableSecurityManager;
+import java.net.SocketPermission;
+
/**
- * A ClientInRestrictedSecurityEnvironmentTest
- *
- * This test runs the JMS client in a restricted security environment to ensure it works.
- *
- * Currently we just check that no socket connections are listened for or accepted on the client side
- * (which would be true for the socket transport)
- *
- * Therefore this test will fail until the bisocket transport is integrated.
- *
- * The test can be easily extended for other security requirements, e.g. getting system properties
- * might be prohibited.
+ * This test runs the JMS client in a restricted security environments.
*
* @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
+ * @author <a href="mailto:ovidiu at jboss.org">Ovidiu Feodorov</a>
* @version <tt>$Revision: 1.1 $</tt>
*
* $Id$
- *
*/
public class ClientInRestrictedSecurityEnvironmentTest extends MessagingTestCase
-{
- // MessagingTestCase overrides ------------------------------------------------------------------
-
- protected void setUp() throws Exception
- {
- super.setUp();
-
- ServerManagement.start("all");
- }
-
- protected void tearDown() throws Exception
- {
- try
- {
- super.tearDown();
- }
- catch (Exception e)
- {
- //Ignore - this will probably faail because the new security manager won't allow something
- //that is done in tearDown()
- }
- }
-
+{
// Constants ------------------------------------------------------------------------------------
// Static ---------------------------------------------------------------------------------------
// Attributes -----------------------------------------------------------------------------------
-
+
+ private InitialContext ic;
+ private SecurityManager oldSM;
+ private ConfigurableSecurityManager configurableSecurityManager;
+
// Constructors ---------------------------------------------------------------------------------
public ClientInRestrictedSecurityEnvironmentTest(String name)
@@ -94,146 +65,151 @@
super(name);
}
-
// Public ---------------------------------------------------------------------------------------
-
+
+ /**
+ * Test case for http://jira.jboss.org/jira/browse/JBMESSAGING-806
+ */
+ public void testGetSystemProperties() throws Exception
+ {
+ // TODO (ovidiu) Will be uncommented in 1.0.1.SP5 and 1.2.0.CR1
+ // See http://jira.jboss.org/jira/browse/JBMESSAGING-806
+
+// if (ServerManagement.isRemote())
+// {
+// // don't run in a remote configuration, so we won't have to open server sockets and
+// // interfere with those permissions (or lack of)
+// return;
+// }
+//
+// // make sure our security manager disallows getProperty()
+// configurableSecurityManager.dissalow(new PropertyPermission("does not matter", "read"));
+//
+// ConnectionFactory cf = (JBossConnectionFactory)ic.lookup("/ConnectionFactory");
+// Queue queue = (Queue)ic.lookup("/queue/TestQueue");
+//
+// Connection conn = null;
+//
+// try
+// {
+// conn = cf.createConnection();
+//
+// Session s = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+//
+// MessageProducer p = s.createProducer(queue);
+// MessageConsumer c = s.createConsumer(queue);
+//
+// conn.start();
+//
+// p.send(s.createTextMessage("payload"));
+//
+// TextMessage m = (TextMessage)c.receive();
+//
+// assertEquals("payload", m.getText());
+//
+// }
+// finally
+// {
+// if (conn != null)
+// {
+// conn.close();
+// }
+// }
+ }
+
+ /**
+ * This test would make no sense on the 1.0 branch, since we won't backport the bisocket support
+ * there.
+ */
public void testSendReceiveWithSecurityManager() throws Exception
{
- if (!ServerManagement.isRemote())
+ if (ServerManagement.isLocal())
{
return;
}
-
- ServerManagement.undeployQueue("TestQueue");
-
- ServerManagement.deployQueue("TestQueue");
-
- InitialContext ic = null;
-
- Connection conn = null;
-
- Hashtable env = ServerManagement.getJNDIEnvironment();
-
- ServerManagement.undeployQueue("TestQueue");
-
- ServerManagement.deployQueue("TestQueue");
-
- ic = new InitialContext(env);
-
+
+ // make sure our security manager disallows "listen" and "accept" on a socket
+ configurableSecurityManager.dissalow(SocketPermission.class, "listen");
+ configurableSecurityManager.dissalow(SocketPermission.class, "accept");
+
ConnectionFactory cf = (JBossConnectionFactory)ic.lookup("/ConnectionFactory");
-
Queue queue = (Queue)ic.lookup("/queue/TestQueue");
-
- SecurityManager oldSm = System.getSecurityManager();
-
- SecurityManager sm = new MySecurityManager();
-
- System.setSecurityManager(sm);
-
- log.info("Security Manager is now " + System.getSecurityManager());
-
-
+
+ Connection conn = null;
+
try
{
conn = cf.createConnection();
-
+
Session s = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
-
+
MessageProducer p = s.createProducer(queue);
-
MessageConsumer c = s.createConsumer(queue);
-
+
conn.start();
p.send(s.createTextMessage("payload"));
-
+
TextMessage m = (TextMessage)c.receive();
assertEquals("payload", m.getText());
-
- conn.close();
- conn = null;
-
- ic.close();
- ic = null;
+
}
- catch (Exception e)
- {
- e.printStackTrace();
-
- throw e;
- }
finally
{
- System.setSecurityManager(oldSm);
-
if (conn != null)
{
- try
- {
- conn.close();
- }
- catch (Exception ignore)
- {
- }
+ conn.close();
}
- if (ic != null)
- {
- try
- {
- ic.close();
- }
- catch (Exception ignore)
- {
- }
- }
-
- try
- {
- ServerManagement.undeployQueue("TestQueue");
- }
- catch (Exception ignore)
- {
- }
}
}
// Package protected ----------------------------------------------------------------------------
- // Package protected ----------------------------------------------------------------------------
+ // MessagingTestCase overrides ------------------------------------------------------------------
- // Protected ------------------------------------------------------------------------------------
-
- protected class MySecurityManager extends SecurityManager
+ protected void setUp() throws Exception
{
+ super.setUp();
+ ServerManagement.start("all");
- public void checkPermission(Permission perm, Object context)
- {
- checkPermission(perm);
- }
+ ServerManagement.undeployQueue("TestQueue");
+ ServerManagement.deployQueue("TestQueue");
- public void checkPermission(Permission perm)
- {
- if (perm instanceof SocketPermission)
- {
- if (perm.getActions().indexOf("listen") != -1 ||
- perm.getActions().indexOf("accept") != -1)
- {
+ ic = new InitialContext(ServerManagement.getJNDIEnvironment());
- //We disallow listening or accepting sockets in the client
- //This should test whether the bisocket is working properly
-
- throw new SecurityException("Client shouldn't listen/accept");
- }
- }
+ // install our own security manager
+
+ configurableSecurityManager = new ConfigurableSecurityManager();
+
+ oldSM = System.getSecurityManager();
+ System.setSecurityManager(configurableSecurityManager);
+
+ log.info("SecurityManager is now " + System.getSecurityManager());
+ log.debug("setup done");
+ }
+
+ protected void tearDown() throws Exception
+ {
+ configurableSecurityManager.clear();
+ configurableSecurityManager = null;
+
+ System.setSecurityManager(oldSM);
+
+ if (ic != null)
+ {
+ ic.close();
}
+ ServerManagement.undeployQueue("TestQueue");
+
+ ServerManagement.stop();
+ super.tearDown();
}
+ // Protected ------------------------------------------------------------------------------------
+
// Private --------------------------------------------------------------------------------------
// Inner classes --------------------------------------------------------------------------------
-}
-
-
-
+}
\ No newline at end of file
Added: trunk/tests/src/org/jboss/test/messaging/tools/misc/ConfigurableSecurityManager.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/tools/misc/ConfigurableSecurityManager.java (rev 0)
+++ trunk/tests/src/org/jboss/test/messaging/tools/misc/ConfigurableSecurityManager.java 2007-02-09 11:29:31 UTC (rev 2235)
@@ -0,0 +1,143 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+package org.jboss.test.messaging.tools.misc;
+
+import java.security.Permission;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.StringTokenizer;
+
+/**
+ * A configurable SecurityManager, that, once installed, can selectively allow or disallow various
+ * permissions.
+ *
+ * @author <a href="mailto:ovidiu at jboss.org">Ovidiu Feodorov</a>
+ * @version <tt>$Revision$</tt>
+ * $Id$
+ */
+public class ConfigurableSecurityManager extends SecurityManager
+{
+ // Constants ------------------------------------------------------------------------------------
+
+ // Static ---------------------------------------------------------------------------------------
+
+ // Attributes -----------------------------------------------------------------------------------
+
+ private List disallowing;
+
+ // Constructors ---------------------------------------------------------------------------------
+
+ public ConfigurableSecurityManager()
+ {
+ disallowing = new ArrayList();
+ }
+
+ // SecurityManager overrides --------------------------------------------------------------------
+
+ public void checkPermission(Permission perm)
+ {
+ for(Iterator i = disallowing.iterator(); i.hasNext(); )
+ {
+ PermissionActionHolder pat = (PermissionActionHolder)i.next();
+ Class deniedPermissionClass = pat.getPermissionClass();
+ String deniedAction = pat.getAction();
+
+ if (!deniedPermissionClass.isAssignableFrom(perm.getClass()))
+ {
+ continue;
+ }
+
+ StringTokenizer st = new StringTokenizer(perm.getActions(), ", ");
+
+ if (!st.hasMoreTokens())
+ {
+ throw new SecurityException(this + " does not allow " + perm);
+ }
+
+ for(; st.hasMoreTokens(); )
+ {
+ String action = st.nextToken();
+ if (deniedAction.equals(action))
+ {
+ throw new SecurityException(
+ this + " does not allow " + perm + ", action " + action);
+ }
+ }
+ }
+ }
+
+ // Public ---------------------------------------------------------------------------------------
+
+ public void dissalow(Class permissionClass, String action)
+ {
+ if (!Permission.class.isAssignableFrom(permissionClass))
+ {
+ throw new IllegalArgumentException(permissionClass + " is not a Permission");
+ }
+
+ disallowing.add(new PermissionActionHolder(permissionClass, action));
+ }
+
+ public void clear()
+ {
+ disallowing.clear();
+ }
+
+ public String toString()
+ {
+ return "ConfigurableSecurityManager[" +
+ Integer.toHexString(System.identityHashCode(this)) + "]";
+ }
+
+ // Package protected ----------------------------------------------------------------------------
+
+ // Protected ------------------------------------------------------------------------------------
+
+ // Private --------------------------------------------------------------------------------------
+
+ // Inner classes --------------------------------------------------------------------------------
+
+ private class PermissionActionHolder
+ {
+ private Class permissionClass;
+ private String action;
+
+ public PermissionActionHolder(Class permissionClass, String action)
+ {
+ this.permissionClass = permissionClass;
+ this.action = action;
+ }
+
+ public Class getPermissionClass()
+ {
+ return permissionClass;
+ }
+
+ public String getAction()
+ {
+ return action;
+ }
+ }
+
+}
Property changes on: trunk/tests/src/org/jboss/test/messaging/tools/misc/ConfigurableSecurityManager.java
___________________________________________________________________
Name: svn:keywords
+ "Id LastChangedDate Author Revision"
More information about the jboss-cvs-commits
mailing list