From 9d9273ac2325aecf44e9687be53c0df4da42154c Mon Sep 17 00:00:00 2001
From: Thomas Neidhart <tn@apache.org>
Date: Thu, 14 Mar 2013 20:48:10 +0000
Subject: [PATCH] Fix security testcases for IBM JVM.

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/logging/trunk@1456669 13f79535-47bb-0310-9956-ffa450edef68
---
 .../logging/security/MockSecurityManager.java | 22 ++++++++++++-------
 .../security/SecurityAllowedTestCase.java     | 14 +++++++-----
 .../security/SecurityForbiddenTestCase.java   | 11 +++++-----
 3 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java b/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
index eae94c6..d9620f5 100644
--- a/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
+++ b/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
@@ -31,7 +31,7 @@ public class MockSecurityManager extends SecurityManager {
     private final Permissions permissions = new Permissions();
     private static final Permission setSecurityManagerPerm =
         new RuntimePermission("setSecurityManager");
-    
+
     private int untrustedCodeCount = 0;
 
     public MockSecurityManager() {
@@ -52,7 +52,7 @@ public class MockSecurityManager extends SecurityManager {
      * value indicates a bug in JCL, ie a situation where code was not
      * correctly wrapped in an AccessController block. The result of such a
      * bug is that signing JCL is not sufficient to allow JCL to perform
-     * the operation; the caller would need to be signed too. 
+     * the operation; the caller would need to be signed too.
      */
     public int getUntrustedCodeCount() {
         return untrustedCodeCount;
@@ -81,13 +81,19 @@ public class MockSecurityManager extends SecurityManager {
         Exception e = new Exception();
         e.fillInStackTrace();
         StackTraceElement[] stack = e.getStackTrace();
-        
+
         // scan the call stack from most recent to oldest.
         // start at 1 to skip the entry in the stack for this method
         for(int i=1; i<stack.length; ++i) {
             String cname = stack[i].getClassName();
-            System.out.println("" + i + ":" + stack[i].getClassName() + 
-              "." + stack[i].getMethodName());
+            System.out.println("" + i + ":" + stack[i].getClassName() +
+              "." + stack[i].getMethodName() + stack[i].getLineNumber());
+
+            if (cname.equals("java.util.logging.Handler") && stack[i].getMethodName().equals("setLevel")) {
+                // LOGGING CODE CAUSES ACCESSCONTROLEXCEPTION
+                // http://www-01.ibm.com/support/docview.wss?uid=swg1IZ51152
+                return;
+            }
 
             if (cname.equals("java.security.AccessController")) {
                 // Presumably method name equals "doPrivileged"
@@ -102,9 +108,9 @@ public class MockSecurityManager extends SecurityManager {
                 // the call stack.
                 System.out.println("Access controller found: returning");
                 return;
-            } else if (cname.startsWith("java.") 
-                || cname.startsWith("javax.") 
-                || cname.startsWith("junit.") 
+            } else if (cname.startsWith("java.")
+                || cname.startsWith("javax.")
+                || cname.startsWith("junit.")
                 || cname.startsWith("org.apache.tools.ant.")
                 || cname.startsWith("sun.")) {
                 // Code in these packages is trusted if the caller is trusted.
diff --git a/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java b/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
index 11f5352..3247ef4 100644
--- a/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
+++ b/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
@@ -73,7 +73,7 @@ public class SecurityAllowedTestCase extends TestCase
         // save security manager so it can be restored in tearDown
         oldSecMgr = System.getSecurityManager();
     }
-    
+
     public void tearDown() {
         // Restore, so other tests don't get stuffed up if a test
         // sets a custom security manager.
@@ -110,20 +110,22 @@ public class SecurityAllowedTestCase extends TestCase
             // requires permission accessClassInPackage. JCL explicitly does not
             // wrap calls to log methods in AccessControllers because writes to
             // a log file *should* only be permitted if the original caller is
-            // trusted to access that file. 
+            // trusted to access that file.
             int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
             log.info("testing");
-            
+
             // check that the default map implementation was loaded, as JCL was
             // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
             System.setSecurityManager(null);
             Field factoryField = c.getDeclaredField("factories");
             factoryField.setAccessible(true);
-            Object factoryTable = factoryField.get(null); 
+            Object factoryTable = factoryField.get(null);
             assertNotNull(factoryTable);
             assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
-            
-            assertEquals(0, untrustedCodeCount);
+
+            // we better compare that we have no security exception during the call to log
+            // IBM JVM tries to load bundles during the invoke call, which increase the count
+            assertEquals(untrustedCodeCount, mySecurityManager.getUntrustedCodeCount());
         } catch(Throwable t) {
             // Restore original security manager so output can be generated; the
             // PrintWriter constructor tries to read the line.separator
diff --git a/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java b/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
index 00fe66f..b3f07eb 100644
--- a/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
+++ b/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
@@ -76,7 +76,7 @@ public class SecurityForbiddenTestCase extends TestCase
         // save security manager so it can be restored in tearDown
         oldSecMgr = System.getSecurityManager();
     }
-    
+
     public void tearDown() {
         // Restore, so other tests don't get stuffed up if a test
         // sets a custom security manager.
@@ -85,7 +85,7 @@ public class SecurityForbiddenTestCase extends TestCase
 
     /**
      * Test what happens when JCL is run with absolutely no security
-     * priveleges at all, including reading system properties. Everything
+     * privileges at all, including reading system properties. Everything
      * should fall back to the built-in defaults.
      */
     public void testAllForbidden() {
@@ -93,6 +93,7 @@ public class SecurityForbiddenTestCase extends TestCase
                 LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
                 CustomHashtable.class.getName());
         MockSecurityManager mySecurityManager = new MockSecurityManager();
+
         System.setSecurityManager(mySecurityManager);
 
         try {
@@ -103,7 +104,7 @@ public class SecurityForbiddenTestCase extends TestCase
             Method m = c.getMethod("getLog", new Class[] {Class.class});
             Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
             log.info("testing");
-            
+
             // check that the default map implementation was loaded, as JCL was
             // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
             //
@@ -112,10 +113,10 @@ public class SecurityForbiddenTestCase extends TestCase
             System.setSecurityManager(oldSecMgr);
             Field factoryField = c.getDeclaredField("factories");
             factoryField.setAccessible(true);
-            Object factoryTable = factoryField.get(null); 
+            Object factoryTable = factoryField.get(null);
             assertNotNull(factoryTable);
             String ftClassName = factoryTable.getClass().getName();
-            assertTrue("Custom hashtable unexpectedly used", 
+            assertTrue("Custom hashtable unexpectedly used",
                     !CustomHashtable.class.getName().equals(ftClassName));
 
             assertEquals(0, mySecurityManager.getUntrustedCodeCount());