[jboss-cvs] JBossAS SVN: r89376 - in branches/Branch_5_x/testsuite: imports and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon May 25 09:36:52 EDT 2009
Author: pskopek at redhat.com
Date: 2009-05-25 09:36:52 -0400 (Mon, 25 May 2009)
New Revision: 89376
Added:
branches/Branch_5_x/testsuite/src/resources/security-tst/
branches/Branch_5_x/testsuite/src/resources/security-tst/server.policy
Modified:
branches/Branch_5_x/testsuite/build.xml
branches/Branch_5_x/testsuite/imports/server-config.xml
Log:
Adding new test target for running most of unit tests under Java security manager.
Modified: branches/Branch_5_x/testsuite/build.xml
===================================================================
--- branches/Branch_5_x/testsuite/build.xml 2009-05-25 13:10:19 UTC (rev 89375)
+++ branches/Branch_5_x/testsuite/build.xml 2009-05-25 13:36:52 UTC (rev 89376)
@@ -1044,6 +1044,31 @@
tests-report">
</target>
+ <!-- Purpose to run these tests is to identify all priviledged blocks and fix the code to maximum possible extent.
+ It will be base for Common Criteria tests under security manager.
+ -->
+ <target name="tests-security-tst"
+ description="All possible tests runable under one server configuration using security manager.">
+
+ <antcall target="create-sec-tst-config" />
+ <server:start name="security-tst"/>
+
+ <antcall target="tests-standard-unit"/>
+
+ <server:stop name="security-tst"/>
+ </target>
+
+ <!-- This target creates required tests-security-tst configuration -->
+ <target name="create-sec-tst-config" description="Creates required tests-security-tst configuration">
+ <!-- Create the security-tst config starting with the "all" config -->
+ <create-config baseconf="all" newconf="security-tst" newconf-src="security-tst">
+ <patternset>
+ <include name="**/*"/>
+ </patternset>
+ </create-config>
+
+ </target>
+
<target name="jboss-minimal-tests"
description="Validate the minimal config">
<server:start name="minimal"/>
Modified: branches/Branch_5_x/testsuite/imports/server-config.xml
===================================================================
--- branches/Branch_5_x/testsuite/imports/server-config.xml 2009-05-25 13:10:19 UTC (rev 89375)
+++ branches/Branch_5_x/testsuite/imports/server-config.xml 2009-05-25 13:36:52 UTC (rev 89376)
@@ -124,6 +124,27 @@
<sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
<sysproperty key="xb.builder.useUnorderedSequence" value="true" />
</server>
+ <server name="security-tst" config="security-tst" host="${node0}">
+ <jvmarg value="${jpda.cmdline}" />
+ <jvmarg value="-Xms128m" />
+ <jvmarg value="-Xmx512m" />
+ <jvmarg value="-XX:MaxPermSize=512m" />
+ <jvmarg value="-Djboss.home.dir=${jboss.dist}" />
+ <jvmarg value="-Djboss.server.home.dir=${jboss.dist}${/}server${/}security-tst" />
+ <jvmarg value="-Djboss.test.deploy.dir=${jboss.test.deploy.dir}" />
+ <jvmarg value="-Djava.security.manager"/>
+ <jvmarg value="-Djava.security.policy==${build.resources}/security-tst/server.policy"/>
+ <sysproperty key="java.protocol.handler.pkgs" value="org.jboss.handlers.stub"/>
+ <jvmarg value="-Djava.security.debug=failure,debug"/>
+
+ <!-- Replace for security manager debug verbose info
+ <jvmarg value="-Djava.security.debug=access,failure,policy"/>
+ -->
+
+ <sysproperty key="java.net.preferIPv4Stack" value="true" />
+ <sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
+ <sysproperty key="xb.builder.useUnorderedSequence" value="true" />
+ </server>
<server name="scoped-aop-jdk50" host="${node0}">
<jvmarg value="-Xms128m" />
<jvmarg value="-Xmx512m" />
Added: branches/Branch_5_x/testsuite/src/resources/security-tst/server.policy
===================================================================
--- branches/Branch_5_x/testsuite/src/resources/security-tst/server.policy (rev 0)
+++ branches/Branch_5_x/testsuite/src/resources/security-tst/server.policy 2009-05-25 13:36:52 UTC (rev 89376)
@@ -0,0 +1,421 @@
+// The Java2 security policy for the securitymgr tests
+// Install with -Djava.security.policy==server.policy
+// and -Djboss.home.dir=path_to_jboss_distribution
+
+// ***************************************
+// Trusted core Java code
+//***************************************
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${java.home}/lib/*" {
+ permission java.security.AllPermission;
+};
+// For java.home pointing to the JDK jre directory
+grant codeBase "file:${java.home}/../lib/*" {
+ permission java.security.AllPermission;
+};
+
+
+
+
+//********************************************
+// Trusted core JBoss code (REAL URL Version)
+//********************************************
+grant codeBase "file:${jboss.home.dir}/bin/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/common/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/server/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/work/-" {
+ permission java.security.AllPermission;
+};
+
+
+//********************************************
+// Trusted core JBoss code (VFS URL Version)
+//********************************************
+grant codeBase "vfszip:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.home.dir}/common/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.home.dir}/server/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/work/-" {
+ permission java.security.AllPermission;
+};
+
+
+//*******************************************************
+// Trusted Specific JBoss Code (REAL URL Version)
+//*******************************************************
+grant codeBase "file:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-remoting.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.net.SocketPermission "*", "accept,listen,resolve";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jsf-libs/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar/-" {
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar!/jboss-local-jdbc.jar" {
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/management/console-mgr.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","*";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup,rebind,unbind";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar!/jms-ra.jar" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
+ permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar/jms-ra.jar!/" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
+ permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/quartz-ra.rar!/quartz-ra.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/quartz-ra.rar/quartz-ra.jar!/" {
+ permission java.security.AllPermission;
+};
+
+
+
+//*******************************************************
+// Trusted Specific JBoss Code (VFS URL Version)
+//*******************************************************
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+};
+
+grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jmx-remoting.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.net.SocketPermission "*", "accept,listen,resolve";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jbossweb.sar/jboss-web-service.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jbossweb.sar/jbossweb.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/jbossweb.sar/jbossweb.jar/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jbossweb.sar/jsf-libs/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jbossweb.sar/jasper-jdt.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jbossweb.sar/jstl.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar/-" {
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/management/console-mgr.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","*";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup,rebind,unbind";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup,rebind,unbind";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/jms-ra.rar/jms-ra.jar" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
+ permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
+};
+
+grant codeBase "vfszip:${jboss.server.home.dir}/deploy/quartz-ra.rar/quartz-ra.jar" {
+ permission java.security.AllPermission;
+};
+
+//***************************************************************
+// JBoss AS Test Suite Permissions (REAL URL Version)
+//***************************************************************
+
+// Permissions for the WarPermissionsUnitTestCase
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/jbosstest-web.ear/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","list,lookup";
+ permission org.jboss.naming.JndiPermission "env","list";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/jbosstest-web.ear!/jbosstest-web.war" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","list,lookup";
+ permission org.jboss.naming.JndiPermission "env","list";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+grant codeBase "jar:file:${jboss.test.deploy.dir}/jbosstest-web.ear!/lib/util.jar" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/aoptest.sar!/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/jmx-aoptest.sar!/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/aop-scopeddependency-scoped.sar!/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/simpleejb.sar!/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/singleton1.sar!/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/shared-jndi.sar!/-" {
+// permission javax.management.MBeanTrustPermission "register";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/shared-jndi.war!/-" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","listBindings,lookup";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/class-loading.war/WEB-INF/classes/" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/security-ejb3.jar" {
+ permission java.lang.RuntimePermission "createClassLoader";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/security-ejb3.jar!/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/-" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+//***************************************************************
+// JBoss AS Test Suite Permissions (VFS URL Version)
+//***************************************************************
+
+// Permissions for the WarPermissionsUnitTestCase
+grant codeBase "vfszip:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+grant codeBase "vfsfile:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "vfszip:${jboss.test.deploy.dir}/jbosstest-web.ear/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","list,lookup";
+ permission org.jboss.naming.JndiPermission "env","list";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "vfszip:${jboss.test.deploy.dir}/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","listBindings,lookup";
+};
+
+grant codeBase "vfszip:${jboss.test.deploy.dir}/class-loading.war/WEB-INF/classes/" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo";
+};
+
+grant codeBase "vfsmemory://*" {
+ permission java.security.AllPermission;
+};
+
+//****************************************************************
+// Default block of permissions
+// Minimal permissions are allowed to everyone else
+//****************************************************************
+grant {
+ permission java.io.FilePermission "${jboss.server.home.dir}/tmp/-", "read";
+ permission java.io.FilePermission "${jboss.home.dir}/server/lib/quartz.jar/org/quartz/quartz.properties", "read";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "quartz.properties", "read";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "queuePrintJob";
+ permission java.net.SocketPermission "*", "connect";
+ permission java.security.SecurityPermission "getPolicy";
+ permission java.lang.RuntimePermission "accessClassInPackage.*";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
+ permission java.lang.RuntimePermission "org.jboss.security.plugins.JBossSecurityContext.getSubjectInfo";
+
+ permission javax.management.MBeanServerPermission "findMBeanServer";
+ permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
+ permission javax.management.MBeanPermission "org.jboss.security.plugins.AuthorizationManagerService#*[jboss.security:service=AuthorizationManager]", "invoke";
+ permission javax.management.MBeanPermission "org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore#*[jboss.messaging:service=SecurityStore]", "invoke";
+ permission javax.management.MBeanPermission "org.jboss.security.auth.login.XMLLoginConfig#*[jboss.security:service=XMLLoginConfig]", "invoke";
+ permission javax.management.MBeanPermission "org.jboss.security.plugins.JaasSecurityManagerService#*[jboss.security:service=JaasSecurityManager]", "invoke";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+
+ permission javax.security.auth.AuthPermission "createLoginContext.*";
+ permission javax.security.auth.AuthPermission "getLoginConfiguration";
+
+ permission java.util.logging.LoggingPermission "control";
+};
More information about the jboss-cvs-commits
mailing list