Siphalor/tweed5-commons-logging
1
0
Fork 0
Code Activity

Fix security testcases for IBM JVM.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/logging/trunk@1456669 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Thomas Neidhart
2013-03-14 20:48:10 +00:00
parent 611c7156d0
commit 9d9273ac23
3 changed files with 28 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
View File

@@ -31,7 +31,7 @@ public class MockSecurityManager extends SecurityManager {
private final Permissions permissions = new Permissions(); private final Permissions permissions = new Permissions();
private static final Permission setSecurityManagerPerm = private static final Permission setSecurityManagerPerm =
new RuntimePermission("setSecurityManager"); new RuntimePermission("setSecurityManager");
private int untrustedCodeCount = 0; private int untrustedCodeCount = 0;
public MockSecurityManager() { public MockSecurityManager() {
@@ -52,7 +52,7 @@ public class MockSecurityManager extends SecurityManager {
* value indicates a bug in JCL, ie a situation where code was not * value indicates a bug in JCL, ie a situation where code was not
* correctly wrapped in an AccessController block. The result of such a * correctly wrapped in an AccessController block. The result of such a
* bug is that signing JCL is not sufficient to allow JCL to perform * bug is that signing JCL is not sufficient to allow JCL to perform
* the operation; the caller would need to be signed too. * the operation; the caller would need to be signed too.
*/ */
public int getUntrustedCodeCount() { public int getUntrustedCodeCount() {
return untrustedCodeCount; return untrustedCodeCount;
@@ -81,13 +81,19 @@ public class MockSecurityManager extends SecurityManager {
Exception e = new Exception(); Exception e = new Exception();
e.fillInStackTrace(); e.fillInStackTrace();
StackTraceElement[] stack = e.getStackTrace(); StackTraceElement[] stack = e.getStackTrace();
// scan the call stack from most recent to oldest. // scan the call stack from most recent to oldest.
// start at 1 to skip the entry in the stack for this method // start at 1 to skip the entry in the stack for this method
for(int i=1; i<stack.length; ++i) { for(int i=1; i<stack.length; ++i) {
String cname = stack[i].getClassName(); String cname = stack[i].getClassName();
System.out.println("" + i + ":" + stack[i].getClassName() + System.out.println("" + i + ":" + stack[i].getClassName() +
"." + stack[i].getMethodName()); "." + stack[i].getMethodName() + stack[i].getLineNumber());
if (cname.equals("java.util.logging.Handler") && stack[i].getMethodName().equals("setLevel")) {
// LOGGING CODE CAUSES ACCESSCONTROLEXCEPTION
// http://www-01.ibm.com/support/docview.wss?uid=swg1IZ51152
return;
}
if (cname.equals("java.security.AccessController")) { if (cname.equals("java.security.AccessController")) {
// Presumably method name equals "doPrivileged" // Presumably method name equals "doPrivileged"
@@ -102,9 +108,9 @@ public class MockSecurityManager extends SecurityManager {
// the call stack. // the call stack.
System.out.println("Access controller found: returning"); System.out.println("Access controller found: returning");
return; return;
} else if (cname.startsWith("java.") } else if (cname.startsWith("java.")
|| cname.startsWith("javax.") || cname.startsWith("javax.")
|| cname.startsWith("junit.") || cname.startsWith("junit.")
|| cname.startsWith("org.apache.tools.ant.") || cname.startsWith("org.apache.tools.ant.")
|| cname.startsWith("sun.")) { || cname.startsWith("sun.")) {
// Code in these packages is trusted if the caller is trusted. // Code in these packages is trusted if the caller is trusted.

14
src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
View File

@@ -73,7 +73,7 @@ public class SecurityAllowedTestCase extends TestCase
// save security manager so it can be restored in tearDown // save security manager so it can be restored in tearDown
oldSecMgr = System.getSecurityManager(); oldSecMgr = System.getSecurityManager();
} }
public void tearDown() { public void tearDown() {
// Restore, so other tests don't get stuffed up if a test // Restore, so other tests don't get stuffed up if a test
// sets a custom security manager. // sets a custom security manager.
@@ -110,20 +110,22 @@ public class SecurityAllowedTestCase extends TestCase
// requires permission accessClassInPackage. JCL explicitly does not // requires permission accessClassInPackage. JCL explicitly does not
// wrap calls to log methods in AccessControllers because writes to // wrap calls to log methods in AccessControllers because writes to
// a log file *should* only be permitted if the original caller is // a log file *should* only be permitted if the original caller is
// trusted to access that file. // trusted to access that file.
int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount(); int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
log.info("testing"); log.info("testing");
// check that the default map implementation was loaded, as JCL was // check that the default map implementation was loaded, as JCL was
// forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property. // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
System.setSecurityManager(null); System.setSecurityManager(null);
Field factoryField = c.getDeclaredField("factories"); Field factoryField = c.getDeclaredField("factories");
factoryField.setAccessible(true); factoryField.setAccessible(true);
Object factoryTable = factoryField.get(null); Object factoryTable = factoryField.get(null);
assertNotNull(factoryTable); assertNotNull(factoryTable);
assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName()); assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
assertEquals(0, untrustedCodeCount); // we better compare that we have no security exception during the call to log
// IBM JVM tries to load bundles during the invoke call, which increase the count
assertEquals(untrustedCodeCount, mySecurityManager.getUntrustedCodeCount());
} catch(Throwable t) { } catch(Throwable t) {
// Restore original security manager so output can be generated; the // Restore original security manager so output can be generated; the
// PrintWriter constructor tries to read the line.separator // PrintWriter constructor tries to read the line.separator

11
src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
View File

@@ -76,7 +76,7 @@ public class SecurityForbiddenTestCase extends TestCase
// save security manager so it can be restored in tearDown // save security manager so it can be restored in tearDown
oldSecMgr = System.getSecurityManager(); oldSecMgr = System.getSecurityManager();
} }
public void tearDown() { public void tearDown() {
// Restore, so other tests don't get stuffed up if a test // Restore, so other tests don't get stuffed up if a test
// sets a custom security manager. // sets a custom security manager.
@@ -85,7 +85,7 @@ public class SecurityForbiddenTestCase extends TestCase
/** /**
* Test what happens when JCL is run with absolutely no security * Test what happens when JCL is run with absolutely no security
* priveleges at all, including reading system properties. Everything * privileges at all, including reading system properties. Everything
* should fall back to the built-in defaults. * should fall back to the built-in defaults.
*/ */
public void testAllForbidden() { public void testAllForbidden() {
@@ -93,6 +93,7 @@ public class SecurityForbiddenTestCase extends TestCase
LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY, LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
CustomHashtable.class.getName()); CustomHashtable.class.getName());
MockSecurityManager mySecurityManager = new MockSecurityManager(); MockSecurityManager mySecurityManager = new MockSecurityManager();
System.setSecurityManager(mySecurityManager); System.setSecurityManager(mySecurityManager);
try { try {
@@ -103,7 +104,7 @@ public class SecurityForbiddenTestCase extends TestCase
Method m = c.getMethod("getLog", new Class[] {Class.class}); Method m = c.getMethod("getLog", new Class[] {Class.class});
Log log = (Log) m.invoke(null, new Object[] {this.getClass()}); Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
log.info("testing"); log.info("testing");
// check that the default map implementation was loaded, as JCL was // check that the default map implementation was loaded, as JCL was
// forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property. // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
// //
@@ -112,10 +113,10 @@ public class SecurityForbiddenTestCase extends TestCase
System.setSecurityManager(oldSecMgr); System.setSecurityManager(oldSecMgr);
Field factoryField = c.getDeclaredField("factories"); Field factoryField = c.getDeclaredField("factories");
factoryField.setAccessible(true); factoryField.setAccessible(true);
Object factoryTable = factoryField.get(null); Object factoryTable = factoryField.get(null);
assertNotNull(factoryTable); assertNotNull(factoryTable);
String ftClassName = factoryTable.getClass().getName(); String ftClassName = factoryTable.getClass().getName();
assertTrue("Custom hashtable unexpectedly used", assertTrue("Custom hashtable unexpectedly used",
!CustomHashtable.class.getName().equals(ftClassName)); !CustomHashtable.class.getName().equals(ftClassName));
assertEquals(0, mySecurityManager.getUntrustedCodeCount()); assertEquals(0, mySecurityManager.getUntrustedCodeCount());