Siphalor/tweed5-commons-logging
1
0
Fork 0
Code Activity

Only count security exceptions before a message is actually logged, as j.u.logging

Browse Source 
does (and should) generate security exceptions.


git-svn-id: https://svn.apache.org/repos/asf/jakarta/commons/proper/logging/trunk@424078 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Simon Kitching
2006-07-20 21:52:52 +00:00
parent 111ea9540b
commit 23d8dd0c2c
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
View File

@@ -93,6 +93,19 @@ public class SecurityTestCaseAllowed extends TestCase
"org.apache.commons.logging.LogFactory"); "org.apache.commons.logging.LogFactory");
Method m = c.getMethod("getLog", new Class[] {Class.class}); Method m = c.getMethod("getLog", new Class[] {Class.class});
Log log = (Log) m.invoke(null, new Object[] {this.getClass()}); Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
// Check whether we had any security exceptions so far (which were
// caught by the code). We should not, as every secure operation
// should be wrapped in an AccessController. Any security exceptions
// indicate a path that is missing an appropriate AccessController.
//
// We don't wait until after the log.info call to get this count
// because java.util.logging tries to load a resource bundle, which
// requires permission accessClassInPackage. JCL explicitly does not
// wrap calls to log methods in AccessControllers because writes to
// a log file *should* only be permitted if the original caller is
// trusted to access that file.
int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
log.info("testing"); log.info("testing");
// check that the default map implementation was loaded, as JCL was // check that the default map implementation was loaded, as JCL was
@@ -104,7 +117,7 @@ public class SecurityTestCaseAllowed extends TestCase
assertNotNull(factoryTable); assertNotNull(factoryTable);
assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName()); assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
assertEquals(0, mySecurityManager.getUntrustedCodeCount()); assertEquals(0, untrustedCodeCount);
} catch(Throwable t) { } catch(Throwable t) {
// Restore original security manager so output can be generated; the // Restore original security manager so output can be generated; the
// PrintWriter constructor tries to read the line.separator // PrintWriter constructor tries to read the line.separator