SecurityForbiddenTestCase xref


1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */ 
19   
20  package org.apache.commons.logging.security;
21  
22  import java.io.PrintWriter;
23  import java.io.StringWriter;
24  import java.lang.reflect.Field;
25  import java.lang.reflect.Method;
26  import java.util.Hashtable;
27  
28  import junit.framework.Test;
29  import junit.framework.TestCase;
30  
31  import org.apache.commons.logging.Log;
32  import org.apache.commons.logging.LogFactory;
33  import org.apache.commons.logging.PathableClassLoader;
34  import org.apache.commons.logging.PathableTestSuite;
35  
36  /**
37   * Tests for logging with a security policy that forbids JCL access to anything.
38   * <p>
39   * Performing tests with security permissions disabled is tricky, as building error
40   * messages on failure requires certain security permissions. If the security manager
41   * blocks these, then the test can fail without the error messages being output.
42   * <p>
43   * This class has only one unit test, as we are (in part) checking behaviour in
44   * the static block of the LogFactory class. As that class cannot be unloaded after
45   * being loaded into a classloader, the only workaround is to use the 
46   * PathableClassLoader approach to ensure each test is run in its own
47   * classloader, and use a separate testcase class for each test.
48   */
49  public class SecurityForbiddenTestCase extends TestCase
50  {
51      private SecurityManager oldSecMgr;
52  
53      // Dummy special hashtable, so we can tell JCL to use this instead of
54      // the standard one.
55      public static class CustomHashtable extends Hashtable {
56      }
57  
58      /**
59       * Return the tests included in this test suite.
60       */
61      public static Test suite() throws Exception {
62          PathableClassLoader parent = new PathableClassLoader(null);
63          parent.useExplicitLoader("junit.", Test.class.getClassLoader());
64          parent.addLogicalLib("commons-logging");
65          parent.addLogicalLib("testclasses");
66  
67          Class testClass = parent.loadClass(
68              "org.apache.commons.logging.security.SecurityForbiddenTestCase");
69          return new PathableTestSuite(testClass, parent);
70      }
71  
72      public void setUp() {
73          // save security manager so it can be restored in tearDown
74          oldSecMgr = System.getSecurityManager();
75      }
76      
77      public void tearDown() {
78          // Restore, so other tests don't get stuffed up if a test
79          // sets a custom security manager.
80          System.setSecurityManager(oldSecMgr);
81      }
82  
83      /**
84       * Test what happens when JCL is run with absolutely no security
85       * priveleges at all, including reading system properties. Everything
86       * should fall back to the built-in defaults.
87       */
88      public void testAllForbidden() {
89          System.setProperty(
90                  LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
91                  CustomHashtable.class.getName());
92          MockSecurityManager mySecurityManager = new MockSecurityManager();
93          System.setSecurityManager(mySecurityManager);
94  
95          try {
96              // Use reflection so that we can control exactly when the static
97              // initialiser for the LogFactory class is executed.
98              Class c = this.getClass().getClassLoader().loadClass(
99                      "org.apache.commons.logging.LogFactory");
100             Method m = c.getMethod("getLog", new Class[] {Class.class});
101             Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
102             log.info("testing");
103             
104             // check that the default map implementation was loaded, as JCL was
105             // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
106             //
107             // The default is either the java Hashtable class (java < 1.2) or the
108             // JCL WeakHashtable (java >= 1.3).
109             System.setSecurityManager(oldSecMgr);
110             Field factoryField = c.getDeclaredField("factories");
111             factoryField.setAccessible(true);
112             Object factoryTable = factoryField.get(null); 
113             assertNotNull(factoryTable);
114             String ftClassName = factoryTable.getClass().getName();
115             assertTrue("Custom hashtable unexpectedly used", 
116                     !CustomHashtable.class.getName().equals(ftClassName));
117 
118             assertEquals(0, mySecurityManager.getUntrustedCodeCount());
119         } catch(Throwable t) {
120             // Restore original security manager so output can be generated; the
121             // PrintWriter constructor tries to read the line.separator
122             // system property.
123             System.setSecurityManager(oldSecMgr);
124             StringWriter sw = new StringWriter();
125             PrintWriter pw = new PrintWriter(sw);
126             t.printStackTrace(pw);
127             fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString());
128         }
129     }
130 }