| Index: lucene/common-build.xml
|
| ===================================================================
|
| --- lucene/common-build.xml (revision 1378465)
|
| +++ lucene/common-build.xml (working copy)
|
| @@ -796,6 +796,11 @@
|
| <sysproperty key="tempDir" value="." /> |
| <sysproperty key="java.io.tmpdir" value="." /> |
| |
| + <!-- Restrict file modify access to build dir only and install security manager --> |
| + <sysproperty key="tests.sandbox.dir" value="${build.dir}" /> |
| + <sysproperty key="java.security.manager" value="" /> |
| + <sysproperty key="java.security.policy" value="${common.dir}/tools/junit4/tests.policy" /> |
| + |
| <sysproperty key="lucene.version" value="${dev.version}"/> |
| |
| <sysproperty key="jetty.testMode" value="1"/> |
| Index: lucene/tools/junit4/tests.policy
|
| ===================================================================
|
| --- lucene/tools/junit4/tests.policy (revision 0)
|
| +++ lucene/tools/junit4/tests.policy (working copy)
|
| @@ -0,0 +1,46 @@
|
| +/* |
| + * Licensed to the Apache Software Foundation (ASF) under one or more |
| + * contributor license agreements. See the NOTICE file distributed with |
| + * this work for additional information regarding copyright ownership. |
| + * The ASF licenses this file to You under the Apache License, Version 2.0 |
| + * (the "License"); you may not use this file except in compliance with |
| + * the License. You may obtain a copy of the License at |
| + * |
| + * http://www.apache.org/licenses/LICENSE-2.0 |
| + * |
| + * Unless required by applicable law or agreed to in writing, software |
| + * distributed under the License is distributed on an "AS IS" BASIS, |
| + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| + * See the License for the specific language governing permissions and |
| + * limitations under the License. |
| + */ |
| + |
| +// Policy file to prevent tests from writing outside the test sandbox directory |
| +// (must be given as a sysprop: tests.sandbox.dir) |
| +// This policy also disallows stuff like listening on network ports of interfaces |
| +// different than 127.0.0.1. |
| + |
| +// PLEASE NOTE: You may need to enable other permissions when new tests are added, |
| +// everything not allowed here is forbidden! |
| + |
| +grant { |
| + permission java.io.FilePermission "<<ALL FILES>>", "read,execute"; |
| + permission java.io.FilePermission "${tests.sandbox.dir}${/}-", "read,execute,write,delete"; |
| + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; |
| + permission java.net.SocketPermission "*", "connect,resolve"; |
| + permission java.util.PropertyPermission "*", "read,write"; |
| + permission java.lang.reflect.ReflectPermission "*"; |
| + permission java.lang.RuntimePermission "*"; |
| + |
| + // Solr needs those: |
| + permission java.net.NetPermission "*"; |
| + permission java.util.logging.LoggingPermission "control"; |
| + permission java.lang.management.ManagementPermission "monitor"; |
| + permission javax.management.MBeanPermission "*", "*"; |
| + permission javax.management.MBeanServerPermission "*"; |
| + permission javax.management.MBeanTrustPermission "*"; |
| + |
| + // TIKA uses BouncyCastle and that registers new provider for PDF parsing + MSOffice parsing. Maybe report as bug! |
| + permission java.security.SecurityPermission "putProviderProperty.BC"; |
| + permission java.security.SecurityPermission "insertProvider.BC"; |
| +}; |
| Index: lucene/tools/junit4/tests.policy
|
| ===================================================================
|
| --- lucene/tools/junit4/tests.policy (revision 0)
|
| +++ lucene/tools/junit4/tests.policy (working copy)
|
|
|
| Property changes on: lucene/tools/junit4/tests.policy
|
| ___________________________________________________________________
|
| Added: svn:eol-style
|
| ## -0,0 +1 ##
|
| +native
|
| \ No newline at end of property
|
| Index: solr/core/src/java/org/apache/solr/core/JmxMonitoredMap.java
|
| ===================================================================
|
| --- solr/core/src/java/org/apache/solr/core/JmxMonitoredMap.java (revision 1378465)
|
| +++ solr/core/src/java/org/apache/solr/core/JmxMonitoredMap.java (working copy)
|
| @@ -61,6 +61,13 @@
|
| |
| public JmxMonitoredMap(String coreName, String coreHashCode, |
| final JmxConfiguration jmxConfig) { |
| + this(coreName, coreHashCode, jmxConfig, null); |
| + } |
| + |
| + // TODO: Make public? Move Map<String,?> env to environment? |
| + // Currently the map is needed to bind to localhost |
| + JmxMonitoredMap(String coreName, String coreHashCode, |
| + final JmxConfiguration jmxConfig, Map<String,?> env) { |
| this.coreHashCode = coreHashCode; |
| jmxRootName = (null != jmxConfig.rootName ? |
| jmxConfig.rootName |
| @@ -94,7 +101,7 @@
|
| server = MBeanServerFactory.newMBeanServer(); |
| JMXConnectorServer connector = JMXConnectorServerFactory |
| .newJMXConnectorServer(new JMXServiceURL(jmxConfig.serviceUrl), |
| - null, server); |
| + env, server); |
| connector.start(); |
| LOG.info("JMX monitoring is enabled at " + jmxConfig.serviceUrl); |
| } catch (Exception e) { |
| Index: solr/core/src/test/org/apache/solr/cloud/TestMultiCoreConfBootstrap.java
|
| ===================================================================
|
| --- solr/core/src/test/org/apache/solr/cloud/TestMultiCoreConfBootstrap.java (revision 1378465)
|
| +++ solr/core/src/test/org/apache/solr/cloud/TestMultiCoreConfBootstrap.java (working copy)
|
| @@ -25,9 +25,7 @@
|
| import org.apache.solr.util.AbstractSolrTestCase; |
| import org.apache.solr.util.ExternalPaths; |
| import org.junit.After; |
| -import org.junit.AfterClass; |
| import org.junit.Before; |
| -import org.junit.BeforeClass; |
| import org.junit.Test; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| @@ -36,27 +34,25 @@
|
| protected static Logger log = LoggerFactory.getLogger(TestMultiCoreConfBootstrap.class); |
| protected CoreContainer cores = null; |
| private String home; |
| - |
| - protected static ZkTestServer zkServer; |
| - protected static String zkDir; |
| |
| - @BeforeClass |
| - public static void beforeClass() { |
| - createTempDir(); |
| - } |
| + protected File dataDir2; |
| + protected ZkTestServer zkServer; |
| + protected String zkDir; |
| |
| - @AfterClass |
| - public static void afterClass() { |
| - zkServer = null; |
| - zkDir = null; |
| - } |
| - |
| @Override |
| @Before |
| public void setUp() throws Exception { |
| super.setUp(); |
| + |
| + createTempDir(); |
| + dataDir2 = new File(TEMP_DIR, getSimpleClassName() + "-core1-" |
| + + System.currentTimeMillis()); |
| + dataDir2.mkdirs(); |
| + |
| home = ExternalPaths.EXAMPLE_MULTICORE_HOME; |
| System.setProperty("solr.solr.home", home); |
| + System.setProperty( "solr.core0.data.dir", dataDir.getCanonicalPath() ); |
| + System.setProperty( "solr.core1.data.dir", dataDir2.getCanonicalPath() ); |
| |
| zkDir = dataDir.getAbsolutePath() + File.separator |
| + "zookeeper/server1/data"; |
| @@ -82,14 +78,11 @@
|
| |
| zkServer.shutdown(); |
| |
| - File dataDir1 = new File(home + File.separator + "core0","data"); |
| - File dataDir2 = new File(home + File.separator + "core1","data"); |
| - |
| String skip = System.getProperty("solr.test.leavedatadir"); |
| if (null != skip && 0 != skip.trim().length()) { |
| log.info("NOTE: per solr.test.leavedatadir, dataDir will not be removed: " + dataDir.getAbsolutePath()); |
| } else { |
| - if (!AbstractSolrTestCase.recurseDelete(dataDir1)) { |
| + if (!AbstractSolrTestCase.recurseDelete(dataDir)) { |
| log.warn("!!!! WARNING: best effort to remove " + dataDir.getAbsolutePath() + " FAILED !!!!!"); |
| } |
| if (!AbstractSolrTestCase.recurseDelete(dataDir2)) { |
| @@ -97,6 +90,9 @@
|
| } |
| } |
| |
| + zkServer = null; |
| + zkDir = null; |
| + |
| super.tearDown(); |
| } |
| |
| Index: solr/core/src/test/org/apache/solr/core/TestJmxMonitoredMap.java
|
| ===================================================================
|
| --- solr/core/src/test/org/apache/solr/core/TestJmxMonitoredMap.java (revision 1378465)
|
| +++ solr/core/src/test/org/apache/solr/core/TestJmxMonitoredMap.java (working copy)
|
| @@ -30,10 +30,15 @@
|
| import javax.management.remote.JMXConnector; |
| import javax.management.remote.JMXConnectorFactory; |
| import javax.management.remote.JMXServiceURL; |
| +import javax.management.remote.rmi.RMIConnectorServer; |
| +import java.io.IOException; |
| +import java.net.InetSocketAddress; |
| +import java.net.Socket; |
| import java.net.ServerSocket; |
| import java.net.URL; |
| -import java.rmi.RemoteException; |
| import java.rmi.registry.LocateRegistry; |
| +import java.rmi.server.RMIServerSocketFactory; |
| +import java.util.Collections; |
| import java.util.Set; |
| |
| import static org.hamcrest.CoreMatchers.allOf; |
| @@ -61,33 +66,38 @@
|
| public void setUp() throws Exception { |
| |
| super.setUp(); |
| - |
| - int retries = 5; |
| - for (int i = 0; i < retries; i++) { |
| - try { |
| - ServerSocket server = new ServerSocket(0); |
| - try { |
| - port = server.getLocalPort(); |
| - } finally { |
| - server.close(); |
| + String oldHost = System.getProperty("java.rmi.server.hostname"); |
| + try { |
| + // this stupid sysprop thing is needed, because remote stubs use the |
| + // hostname to connect, which does not work with server bound to 127.0.0.1 |
| + // See: http://weblogs.java.net/blog/emcmanus/archive/2006/12/multihomed_comp.html |
| + System.setProperty("java.rmi.server.hostname", "127.0.0.1"); |
| + class LocalhostRMIServerSocketFactory implements RMIServerSocketFactory { |
| + ServerSocket socket; |
| + |
| + @Override |
| + public ServerSocket createServerSocket(int port) throws IOException { |
| + socket = new ServerSocket(); |
| + socket.bind(new InetSocketAddress("127.0.0.1", port)); |
| + return socket; |
| } |
| - // System.out.println("Using port: " + port); |
| - try { |
| - LocateRegistry.createRegistry(port); |
| - } catch (RemoteException e) { |
| - throw e; |
| - } |
| - String url = "service:jmx:rmi:///jndi/rmi://:" + port + "/solrjmx"; |
| - JmxConfiguration config = new JmxConfiguration(true, null, url, null); |
| - monitoredMap = new JmxMonitoredMap<String, SolrInfoMBean>("", "", config); |
| - JMXServiceURL u = new JMXServiceURL(url); |
| - connector = JMXConnectorFactory.connect(u); |
| - mbeanServer = connector.getMBeanServerConnection(); |
| - break; |
| - } catch (Exception e) { |
| - if(retries == (i + 1)) { |
| - throw e; |
| - } |
| + }; |
| + LocalhostRMIServerSocketFactory factory = new LocalhostRMIServerSocketFactory(); |
| + LocateRegistry.createRegistry(0, null, factory); |
| + port = factory.socket.getLocalPort(); |
| + //System.out.println("Using port: " + port); |
| + String url = "service:jmx:rmi://127.0.0.1:"+port+"/jndi/rmi://127.0.0.1:"+port+"/solrjmx"; |
| + JmxConfiguration config = new JmxConfiguration(true, null, url, null); |
| + monitoredMap = new JmxMonitoredMap<String, SolrInfoMBean>("", "", config, |
| + Collections.singletonMap(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, factory)); |
| + JMXServiceURL u = new JMXServiceURL(url); |
| + connector = JMXConnectorFactory.connect(u); |
| + mbeanServer = connector.getMBeanServerConnection(); |
| + } finally { |
| + if (oldHost == null) { |
| + System.clearProperty("java.rmi.server.hostname"); |
| + } else { |
| + System.setProperty("java.rmi.server.hostname", oldHost); |
| } |
| } |
| } |