From 23d8dd0c2cdfd850105b2fe059f41b8a7c989d2c Mon Sep 17 00:00:00 2001
From: Simon Kitching <skitching@apache.org>
Date: Thu, 20 Jul 2006 21:52:52 +0000
Subject: [PATCH] Only count security exceptions before a message is actually
 logged, as j.u.logging does (and should) generate security exceptions.

git-svn-id: https://svn.apache.org/repos/asf/jakarta/commons/proper/logging/trunk@424078 13f79535-47bb-0310-9956-ffa450edef68
---
 .../logging/security/SecurityTestCaseAllowed.java | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java b/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
index 9f940ab..53a8ade 100644
--- a/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
+++ b/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
@@ -93,6 +93,19 @@ public class SecurityTestCaseAllowed extends TestCase
                     "org.apache.commons.logging.LogFactory");
             Method m = c.getMethod("getLog", new Class[] {Class.class});
             Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
+
+            // Check whether we had any security exceptions so far (which were
+            // caught by the code). We should not, as every secure operation
+            // should be wrapped in an AccessController. Any security exceptions
+            // indicate a path that is missing an appropriate AccessController.
+            //
+            // We don't wait until after the log.info call to get this count
+            // because java.util.logging tries to load a resource bundle, which
+            // requires permission accessClassInPackage. JCL explicitly does not
+            // wrap calls to log methods in AccessControllers because writes to
+            // a log file *should* only be permitted if the original caller is
+            // trusted to access that file. 
+            int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
             log.info("testing");
             
             // check that the default map implementation was loaded, as JCL was
@@ -104,7 +117,7 @@ public class SecurityTestCaseAllowed extends TestCase
             assertNotNull(factoryTable);
             assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
             
-            assertEquals(0, mySecurityManager.getUntrustedCodeCount());
+            assertEquals(0, untrustedCodeCount);
         } catch(Throwable t) {
             // Restore original security manager so output can be generated; the
             // PrintWriter constructor tries to read the line.separator