Fix security testcases for IBM JVM.
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/logging/trunk@1456669 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java b/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
index eae94c6..d9620f5 100644
--- a/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
+++ b/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java
@@ -31,7 +31,7 @@
private final Permissions permissions = new Permissions();
private static final Permission setSecurityManagerPerm =
new RuntimePermission("setSecurityManager");
-
+
private int untrustedCodeCount = 0;
public MockSecurityManager() {
@@ -52,7 +52,7 @@
* value indicates a bug in JCL, ie a situation where code was not
* correctly wrapped in an AccessController block. The result of such a
* bug is that signing JCL is not sufficient to allow JCL to perform
- * the operation; the caller would need to be signed too.
+ * the operation; the caller would need to be signed too.
*/
public int getUntrustedCodeCount() {
return untrustedCodeCount;
@@ -81,13 +81,19 @@
Exception e = new Exception();
e.fillInStackTrace();
StackTraceElement[] stack = e.getStackTrace();
-
+
// scan the call stack from most recent to oldest.
// start at 1 to skip the entry in the stack for this method
for(int i=1; i<stack.length; ++i) {
String cname = stack[i].getClassName();
- System.out.println("" + i + ":" + stack[i].getClassName() +
- "." + stack[i].getMethodName());
+ System.out.println("" + i + ":" + stack[i].getClassName() +
+ "." + stack[i].getMethodName() + stack[i].getLineNumber());
+
+ if (cname.equals("java.util.logging.Handler") && stack[i].getMethodName().equals("setLevel")) {
+ // LOGGING CODE CAUSES ACCESSCONTROLEXCEPTION
+ // http://www-01.ibm.com/support/docview.wss?uid=swg1IZ51152
+ return;
+ }
if (cname.equals("java.security.AccessController")) {
// Presumably method name equals "doPrivileged"
@@ -102,9 +108,9 @@
// the call stack.
System.out.println("Access controller found: returning");
return;
- } else if (cname.startsWith("java.")
- || cname.startsWith("javax.")
- || cname.startsWith("junit.")
+ } else if (cname.startsWith("java.")
+ || cname.startsWith("javax.")
+ || cname.startsWith("junit.")
|| cname.startsWith("org.apache.tools.ant.")
|| cname.startsWith("sun.")) {
// Code in these packages is trusted if the caller is trusted.
diff --git a/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java b/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
index 11f5352..3247ef4 100644
--- a/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
+++ b/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java
@@ -73,7 +73,7 @@
// save security manager so it can be restored in tearDown
oldSecMgr = System.getSecurityManager();
}
-
+
public void tearDown() {
// Restore, so other tests don't get stuffed up if a test
// sets a custom security manager.
@@ -110,20 +110,22 @@
// requires permission accessClassInPackage. JCL explicitly does not
// wrap calls to log methods in AccessControllers because writes to
// a log file *should* only be permitted if the original caller is
- // trusted to access that file.
+ // trusted to access that file.
int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
log.info("testing");
-
+
// check that the default map implementation was loaded, as JCL was
// forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
System.setSecurityManager(null);
Field factoryField = c.getDeclaredField("factories");
factoryField.setAccessible(true);
- Object factoryTable = factoryField.get(null);
+ Object factoryTable = factoryField.get(null);
assertNotNull(factoryTable);
assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
-
- assertEquals(0, untrustedCodeCount);
+
+ // we better compare that we have no security exception during the call to log
+ // IBM JVM tries to load bundles during the invoke call, which increase the count
+ assertEquals(untrustedCodeCount, mySecurityManager.getUntrustedCodeCount());
} catch(Throwable t) {
// Restore original security manager so output can be generated; the
// PrintWriter constructor tries to read the line.separator
diff --git a/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java b/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
index 00fe66f..b3f07eb 100644
--- a/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
+++ b/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
@@ -76,7 +76,7 @@
// save security manager so it can be restored in tearDown
oldSecMgr = System.getSecurityManager();
}
-
+
public void tearDown() {
// Restore, so other tests don't get stuffed up if a test
// sets a custom security manager.
@@ -85,7 +85,7 @@
/**
* Test what happens when JCL is run with absolutely no security
- * priveleges at all, including reading system properties. Everything
+ * privileges at all, including reading system properties. Everything
* should fall back to the built-in defaults.
*/
public void testAllForbidden() {
@@ -93,6 +93,7 @@
LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
CustomHashtable.class.getName());
MockSecurityManager mySecurityManager = new MockSecurityManager();
+
System.setSecurityManager(mySecurityManager);
try {
@@ -103,7 +104,7 @@
Method m = c.getMethod("getLog", new Class[] {Class.class});
Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
log.info("testing");
-
+
// check that the default map implementation was loaded, as JCL was
// forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
//
@@ -112,10 +113,10 @@
System.setSecurityManager(oldSecMgr);
Field factoryField = c.getDeclaredField("factories");
factoryField.setAccessible(true);
- Object factoryTable = factoryField.get(null);
+ Object factoryTable = factoryField.get(null);
assertNotNull(factoryTable);
String ftClassName = factoryTable.getClass().getName();
- assertTrue("Custom hashtable unexpectedly used",
+ assertTrue("Custom hashtable unexpectedly used",
!CustomHashtable.class.getName().equals(ftClassName));
assertEquals(0, mySecurityManager.getUntrustedCodeCount());
