1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 package org.apache.commons.logging.security;
21
22 import java.io.PrintWriter;
23 import java.io.StringWriter;
24 import java.lang.reflect.Field;
25 import java.lang.reflect.Method;
26 import java.security.AllPermission;
27 import java.util.Hashtable;
28
29 import junit.framework.Test;
30 import junit.framework.TestCase;
31
32 import org.apache.commons.logging.Log;
33 import org.apache.commons.logging.LogFactory;
34 import org.apache.commons.logging.PathableClassLoader;
35 import org.apache.commons.logging.PathableTestSuite;
36
37 /**
38 * Tests for logging with a security policy that allows JCL access to everything.
39 * <p>
40 * This class has only one unit test, as we are (in part) checking behaviour in
41 * the static block of the LogFactory class. As that class cannot be unloaded after
42 * being loaded into a classloader, the only workaround is to use the
43 * PathableClassLoader approach to ensure each test is run in its own
44 * classloader, and use a separate testcase class for each test.
45 */
46 public class SecurityAllowedTestCase extends TestCase
47 {
48 private SecurityManager oldSecMgr;
49
50 // Dummy special hashtable, so we can tell JCL to use this instead of
51 // the standard one.
52 public static class CustomHashtable extends Hashtable {
53 }
54
55 /**
56 * Return the tests included in this test suite.
57 */
58 public static Test suite() throws Exception {
59 PathableClassLoader parent = new PathableClassLoader(null);
60 parent.useExplicitLoader("junit.", Test.class.getClassLoader());
61 parent.addLogicalLib("commons-logging");
62 parent.addLogicalLib("testclasses");
63
64 Class testClass = parent.loadClass(
65 "org.apache.commons.logging.security.SecurityAllowedTestCase");
66 return new PathableTestSuite(testClass, parent);
67 }
68
69 public void setUp() {
70 // save security manager so it can be restored in tearDown
71 oldSecMgr = System.getSecurityManager();
72 }
73
74 public void tearDown() {
75 // Restore, so other tests don't get stuffed up if a test
76 // sets a custom security manager.
77 System.setSecurityManager(oldSecMgr);
78 }
79
80 /**
81 * Test what happens when JCL is run with all permissions enabled. Custom
82 * overrides should take effect.
83 */
84 public void testAllAllowed() {
85 System.setProperty(
86 LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
87 CustomHashtable.class.getName());
88 MockSecurityManager mySecurityManager = new MockSecurityManager();
89 mySecurityManager.addPermission(new AllPermission());
90 System.setSecurityManager(mySecurityManager);
91
92 try {
93 // Use reflection so that we can control exactly when the static
94 // initialiser for the LogFactory class is executed.
95 Class c = this.getClass().getClassLoader().loadClass(
96 "org.apache.commons.logging.LogFactory");
97 Method m = c.getMethod("getLog", new Class[] {Class.class});
98 Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
99
100 // Check whether we had any security exceptions so far (which were
101 // caught by the code). We should not, as every secure operation
102 // should be wrapped in an AccessController. Any security exceptions
103 // indicate a path that is missing an appropriate AccessController.
104 //
105 // We don't wait until after the log.info call to get this count
106 // because java.util.logging tries to load a resource bundle, which
107 // requires permission accessClassInPackage. JCL explicitly does not
108 // wrap calls to log methods in AccessControllers because writes to
109 // a log file *should* only be permitted if the original caller is
110 // trusted to access that file.
111 int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
112 log.info("testing");
113
114 // check that the default map implementation was loaded, as JCL was
115 // forbidden from reading the HASHTABLE_IMPLEMENTATION_PROPERTY property.
116 System.setSecurityManager(null);
117 Field factoryField = c.getDeclaredField("factories");
118 factoryField.setAccessible(true);
119 Object factoryTable = factoryField.get(null);
120 assertNotNull(factoryTable);
121 assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
122
123 assertEquals(0, untrustedCodeCount);
124 } catch(Throwable t) {
125 // Restore original security manager so output can be generated; the
126 // PrintWriter constructor tries to read the line.separator
127 // system property.
128 System.setSecurityManager(oldSecMgr);
129 StringWriter sw = new StringWriter();
130 PrintWriter pw = new PrintWriter(sw);
131 t.printStackTrace(pw);
132 fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString());
133 }
134 }
135 }