/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.axis2.java.security.driver;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import junit.textui.TestRunner;
import org.apache.axis2.AbstractTestCase;
import org.apache.axis2.java.security.AccessController;
import org.apache.axis2.java.security.action.Action;
import org.apache.axis2.java.security.less.LessPermission;
import org.apache.axis2.java.security.less.LessPermissionAccessControlContext;
import org.apache.axis2.java.security.less.LessPermissionPrivilegedExceptionAction;
import org.apache.axis2.java.security.more.MorePermission;
import org.apache.axis2.java.security.more.MorePermissionAccessControlContext;
import org.apache.axis2.java.security.more.MorePermissionPrivilegedExceptionAction;
import java.security.AccessControlException;
import java.security.Permission;
import java.util.Calendar;
import java.util.TimeZone;
/**
* Java2SecTest demostrates the usages of AccessController class and Policy file(s) while Security Manager is enabled:
* 1. testNoPrivilegePassed shows the usage of no AccessController but it still work fine
* because it has all the permissions.
* 2. testNoPrivilegeFailure shows the usage of AccessController with LessPermission.java,
* which is not right approach.
* 3. testDoPrivilegePassed shows the correct practice of java 2 security by granting the appropriate
* permission in the policy file(s0 and wrapping the AccessController calls with MorePermission.java.
* 4. testDoPrivilegeFailure shows the reverse call order of MorePermission and LessPermission
* from testDoPrivilegedPassed.
* 5. testAccessControlContextFailure shows the AccessContext which contains a no-permission class
* on the stack can cause a failure. In our case, the no-permission class is
* LessPermissionAccessControlContext.
*/
public class Java2SecTest extends TestCase {
// Static variable to keep the test result
public static String testResult = "";
// Default constructor
public Java2SecTest() {
super();
System.out.println("\nJava2SecTest ctor 1");
Calendar cal = Calendar.getInstance(TimeZone.getDefault());
String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(DATE_FORMAT);
sdf.setTimeZone(TimeZone.getDefault());
System.out.println("Current time => " + sdf.format(cal.getTime()) + "\n");
}
// Constructor
public Java2SecTest(String arg) {
super(arg);
System.out.println("\nJava2SecTest ctor 2");
Calendar cal = Calendar.getInstance(TimeZone.getDefault());
String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(DATE_FORMAT);
sdf.setTimeZone(TimeZone.getDefault());
System.out.println("Current time => " + sdf.format(cal.getTime()) + "\n");
}
// This method is added for running this test as a pure junit test
public static void main(String[] args) {
TestRunner.run(suite());
}
// This method is added for running this test as a pure junit test
public static Test suite() {
TestSuite suite = new TestSuite(Java2SecTest.class);
return suite;
}
/**
* testNoPrivilegedSuccessed
*/
public void testNoPrivilegeSuccessed() throws Exception {
Java2SecTest.testResult = "testNoPrivilegeSuccessed failed.";
SecurityManager oldSM = null;
String expectedString = "This line is from public.txt.";
System.out.println("\ntestNoPrivilegedSuccessed() begins");
// Check whether the security manager is enabled or not.
// If not, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test WITHOUT AccessController.doPrivileged wrapper
Action dp = new Action("public/public.txt");
MorePermission mp = new MorePermission(dp, false);
LessPermission lp = new LessPermission(mp, false);
lp.takeAction();
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
// Remove extra characters within the result string
testResult = testResult.replaceAll("\\r", "");
testResult = testResult.replaceAll("\\n", "");
System.out.println("Resulting string is " + testResult);
// Verify the test result by comparing the test result with expected string
assertTrue("The string contents do not match.",
expectedString.equalsIgnoreCase(testResult));
System.out.println("\ntestNoPrivilegedSuccessed() ends\n\n");
}
/**
* testNoPrivilegedFailure
*/
public void testNoPrivilegeFailure() throws Exception {
Java2SecTest.testResult = "testNoPrivilegeFailure failed.";
SecurityManager oldSM = null;
System.out.println("\ntestNoPrivilegedFailured() begins");
// Check whether the security is enable or not.
// if it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege wrapper
Action dp = new Action("private/private.txt");
MorePermission mp = new MorePermission(dp, false);
LessPermission lp = new LessPermission(mp, false);
try {
lp.takeAction();
} catch (Exception e) {
// verify the test result
assertTrue("It is not the security exception.",
(e instanceof java.security.AccessControlException));
} finally {
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntesNoPrivilegedFailure() ends\n\n");
}
}
/**
* testDoPrivilegedSuccessed
*/
public void testDoPrivilegeSuccessed() throws Exception {
Java2SecTest.testResult = "testDoPrivilegeSuccessed failed.";
SecurityManager oldSM = null;
String expectedString = "This line is from private.txt.";
System.out.println("\ntestDoPrivilegedSuccessed() begins");
// Check whether the security is enable or not.
// If it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege
Action dp = new Action("private/private.txt");
MorePermission mp = new MorePermission(dp, true);
LessPermission lp = new LessPermission(mp, false);
lp.takeAction();
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
// Remove extra characters within the result string
testResult = testResult.replaceAll("\\r", "");
testResult = testResult.replaceAll("\\n", "");
System.out.println("Resulting string is " + testResult);
// Verify the test result by comparing the test result with expected string
assertTrue("The string contents do not match.",
expectedString.equalsIgnoreCase(testResult));
System.out.println("\ntestDoPrivilegedSuccessed() ends\n\n");
}
/**
* testDoPrivilegedFailure
*/
public void testDoPrivilegeFailure() throws Exception {
Java2SecTest.testResult = "testDoPrivilegeFailure failed.";
SecurityManager oldSM = null;
String expectedString = "This line is from private.txt.";
System.out.println("\ntestDoPrivilegedFailure() begins");
// Check whether the security is enable or not.
// If it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege
Action dp = new Action("private/private.txt");
MorePermission mp = new MorePermission(dp, false);
LessPermission lp = new LessPermission(mp, true);
try {
mp.takeAction();
} catch (Exception e) {
// Verify the test result
assertTrue("It is not the security exception.",
(e instanceof java.security.AccessControlException));
} finally {
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestDoPrivilegedFailure() ends\n\n");
}
}
/**
* testAccessControlContextFailure
*/
public void testAccessControlContextFailure() throws Exception {
Java2SecTest.testResult = "testAccessControlContextFailure failed.";
SecurityManager oldSM = null;
String expectedString = "This line is from private.txt.";
System.out.println("\ntestAccessControlContextFailure() begins");
// Check whether the security is enable or not.
// If it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege
Action dp = new Action("private/private.txt");
MorePermissionAccessControlContext mp = new MorePermissionAccessControlContext(dp, false);
LessPermissionAccessControlContext lp = new LessPermissionAccessControlContext(mp, true);
try {
lp.takeAction();
} catch (Exception e) {
// Verify the test result
assertTrue("It is not the security exception.",
(e instanceof java.security.AccessControlException));
} finally {
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestAccessControlContextFailure() ends\n\n");
}
}
// 2 begins
/**
* testPrivilegedExceptionActionSuccessed
*/
public void testPrivilegedExceptionSuccessed() throws Exception {
Java2SecTest.testResult = "testPrivielgedExceptionSuccessed failed";
SecurityManager oldSM = null;
String expectedString = "This line is from private.txt.";
System.out.println("\ntestPrivilegedExceptionActionSuccessed() begins");
// Check whether the security is enable or not.
// If it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege
Action dp = new Action("private/private.txt");
MorePermissionPrivilegedExceptionAction mp =
new MorePermissionPrivilegedExceptionAction(dp, true);
LessPermissionPrivilegedExceptionAction lp =
new LessPermissionPrivilegedExceptionAction(mp, false);
lp.takeAction();
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
// Remove extra characters within the result string
testResult = testResult.replaceAll("\\r", "");
testResult = testResult.replaceAll("\\n", "");
System.out.println("testDoPrivilege's result string is " + testResult);
// Verify the test result by comparing the test result with expected string
assertTrue("The string contents do not match.",
expectedString.equalsIgnoreCase(testResult));
System.out.println("\ntestDoPrivilegeSuccessed() ends\n\n");
}
/**
* testPrivilegedExceptionActionFailure
*/
public void testPrivilegedExceptionActionFailure() throws Exception {
Java2SecTest.testResult = "testPrivilegedExceptionActionFailure failed.";
SecurityManager oldSM = null;
String expectedString = "This line is from private.txt.";
System.out.println("\ntestPrivilegedExceptionActionFailure() begins");
// Check whether the security is enable or not.
// If it is not enabled, turn it on
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
// Run test with AccessController.doPrivilege
Action dp = new Action("private/private.txt");
MorePermissionPrivilegedExceptionAction mp =
new MorePermissionPrivilegedExceptionAction(dp, false);
LessPermissionPrivilegedExceptionAction lp =
new LessPermissionPrivilegedExceptionAction(mp, true);
try {
mp.takeAction();
} catch (Exception e) {
// Verify the test result
assertTrue("It is not the security exception.",
(e instanceof java.security.PrivilegedActionException));
} finally {
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestPrivilegedExceptionActionFailure() ends\n\n");
}
}
/**
* testCheckPermissionAllowed
*/
public void testCheckPermissionAllowed() throws Exception {
Java2SecTest.testResult = "testCheckPermissionAllowed failed.";
SecurityManager oldSM = null;
System.out.println("\ntestCheckPermissionAllowed() begins.\n");
boolean allowed = false;
String fileName = "public/public.txt";
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
try {
// Print out maven's base,build, and test direcotories
String baseDir = AbstractTestCase.basedir;
System.out.println("basedir => " + baseDir);
// Convert the \ (back slash) to / (forward slash)
String baseDirM = baseDir.replace('\\', '/');
System.out.println("baseDirM => " + baseDirM);
String fs = "/";
// Build the file URL
String fileURL = baseDirM + fs + "test-resources" + fs + "java2sec" + fs + fileName;
Permission perm = new java.io.FilePermission(fileURL, "read");
AccessController.checkPermission(perm);
allowed = true;
} catch (Exception e) {
if (e instanceof AccessControlException) {
e.printStackTrace(System.out);
}
} finally {
assertTrue("Accessing to public.txt file is denied; Test failed.", allowed);
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestCheckPermissionAllowed() ends.\n");
}
}
/**
* testCheckPermissionDenied
*/
public void testCheckPermissionDenied() throws Exception {
Java2SecTest.testResult = "testCheckPermissionDenied failed";
SecurityManager oldSM = null;
System.out.println("\ntestCheckPermissionDenied() begins.\n");
boolean denied = true;
String fileName = "private/private.txt";
oldSM = System.getSecurityManager();
if (oldSM != null) {
System.out.println("\nSecurity Manager is enabled.");
} else {
System.out.println("\nSecurity Manager is disabled.");
System.out.println("Enabling the default Java Security Manager");
System.setSecurityManager(new SecurityManager());
}
try {
// Print out maven's base,build, and test direcotories
String baseDir = AbstractTestCase.basedir;
System.out.println("basedir => " + baseDir);
// Convert the \ (back slash) to / (forward slash)
String baseDirM = baseDir.replace('\\', '/');
System.out.println("baseDirM => " + baseDirM);
String fs = "/";
// Build the file URL
String fileURL = baseDirM + fs + "test-resources" + fs + "java2sec" + fs + fileName;
Permission perm = new java.io.FilePermission(fileURL, "read");
AccessController.checkPermission(perm);
denied = false;
} catch (Exception e) {
if (!(e instanceof AccessControlException)) {
denied = false;
}
e.printStackTrace(System.out);
} finally {
assertTrue("Accessing to private.txt file is allowed; Test failed.", denied);
// Disable security manager if it is enabled by this testcsae
if (System.getSecurityManager() != null && oldSM == null) {
System.setSecurityManager(null);
if (System.getSecurityManager() == null) {
System.out.println("Security Manager is successfully disabled.");
} else {
System.out.println("Security Manager is still enabled");
}
}
System.out.println("\ntestCheckPermissionDenied() ends.\n");
}
}
}