axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sc...@apache.org
Subject svn commit: r469475 - in /webservices/axis2/trunk/java: etc/ modules/kernel/ modules/kernel/src/org/apache/axis2/java/ modules/kernel/src/org/apache/axis2/java/security/ modules/kernel/test-resources/java2sec/ modules/kernel/test-resources/java2sec/pol...
Date Tue, 31 Oct 2006 13:17:44 GMT
Author: scheu
Date: Tue Oct 31 05:17:43 2006
New Revision: 469475

URL: http://svn.apache.org/viewvc?view=rev&rev=469475
Log:
AXIS2-1110
Contributor: Ming Cheung
Java 2 Security AccessController 

Added:
    webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/
    webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/
    webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/AccessController.java
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/java2sectest.policy
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/private.txt
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/
    webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/public.txt
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/Action.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/Java2SecTest.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/Actor.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermission.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionAccessControlContext.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionPrivilegedExceptionAction.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermission.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionAccessControlContext.java
    webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionPrivilegedExceptionAction.java
Modified:
    webservices/axis2/trunk/java/etc/project.properties
    webservices/axis2/trunk/java/etc/project.xml
    webservices/axis2/trunk/java/modules/kernel/maven.xml
    webservices/axis2/trunk/java/modules/kernel/project.properties

Modified: webservices/axis2/trunk/java/etc/project.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/etc/project.properties?view=diff&rev=469475&r1=469474&r2=469475
==============================================================================
--- webservices/axis2/trunk/java/etc/project.properties (original)
+++ webservices/axis2/trunk/java/etc/project.properties Tue Oct 31 05:17:43 2006
@@ -113,6 +113,10 @@
 jibx.version=SNAPSHOT
 junit.version=3.8.2
 maven.itest.plugin.version=1.0
+maven.jar.plugin.version=1.8-SNAPSHOT
+maven.multiproject.plugin.version=1.5-SNAPSHOT
+maven.plugin.plugin.version=1.8-SNAPSHOT
+maven.test.plugin.version=1.8.1-SNAPSHOT
 opensaml.version=1.1
 neethi.version=SNAPSHOT
 servletapi.version=2.3

Modified: webservices/axis2/trunk/java/etc/project.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/etc/project.xml?view=diff&rev=469475&r1=469474&r2=469475
==============================================================================
--- webservices/axis2/trunk/java/etc/project.xml (original)
+++ webservices/axis2/trunk/java/etc/project.xml Tue Oct 31 05:17:43 2006
@@ -91,6 +91,38 @@
             <archive>http://marc.theaimsgroup.com/?l=axis-user&amp;r=1&amp;w=2</archive>
         </mailingList>
     </mailingLists>
+    
+    <dependencies>
+       <dependency>
+        <groupId>maven</groupId>
+        <artifactId>maven-test-plugin</artifactId>
+        <type>plugin</type>
+        <version>${maven.test.plugin.version}</version>
+       </dependency>
+       
+       <dependency>
+        <groupId>maven</groupId>
+        <artifactId>maven-multiproject-plugin</artifactId>
+        <type>plugin</type>
+        <version>${maven.multiproject.plugin.version}</version>
+       </dependency>
+       
+       <dependency>
+        <groupId>maven</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <type>plugin</type>
+        <version>${maven.jar.plugin.version}</version>
+       </dependency>
+       
+       <dependency>
+        <groupId>maven</groupId>
+        <artifactId>maven-plugin-plugin</artifactId>
+        <type>plugin</type>
+        <version>${maven.plugin.plugin.version}</version>
+       </dependency>
+    </dependencies>
+    
+    
     <!-- ========== -->
     <!-- Developers -->
     <!-- ========== -->

Modified: webservices/axis2/trunk/java/modules/kernel/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/maven.xml?view=diff&rev=469475&r1=469474&r2=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/kernel/maven.xml Tue Oct 31 05:17:43 2006
@@ -8,6 +8,7 @@
     xmlns:maven="jelly:maven"
     xmlns:deploy="deploy"
     xmlns:ant="jelly:ant">
+    
     <postGoal name="test:compile">
       <j:if test="${context.getVariable('maven.test.skip') != 'true'}">
         <j:jelly xmlns="jelly:ant">
@@ -19,7 +20,33 @@
             <ant:ant antfile="build.xml" inheritall="true" inheritrefs="true" dir="test-resources/deployment/serviceModule"/>
         </j:jelly>
         <ant:copy file="${basedir}/test-resources/deployment/axis2.xml" tofile="${basedir}/target/test-resources/deployment/axis2.xml"/>
-      </j:if>
+      </j:if>        
+
+      <mkdir dir="${maven.build.dir}/test-resources/java2sec/more"/>        
+      <mkdir dir="${maven.build.dir}/test-resources/java2sec/less"/>        
+
+      <ant:jar destfile="${maven.build.dir}/test-resources/java2sec/more/MorePermission.jar" update="true">
+            <fileset dir="target/test-classes">
+                <include name="org/apache/axis2/java/security/driver/*"/>
+                <include name="org/apache/axis2/java/security/action/*"/>
+                <include name="org/apache/axis2/java/security/interf/*"/>
+                <include name="org/apache/axis2/java/security/more/*"/>
+            </fileset>
+      </ant:jar>
+      
+      <ant:delete dir="${basedir}/target/test-classes/org/apache/axis2/java/security/driver" />   
+      <ant:delete dir="${basedir}/target/test-classes/org/apache/axis2/java/security/more" />
+      <ant:delete dir="${basedir}/target/test-classes/org/apache/axis2/java/security/action" />
+      <ant:delete dir="${basedir}/target/test-classes/org/apache/axis2/java/security/interf" />
+       
+      <ant:jar destfile="${maven.build.dir}/test-resources/java2sec/less/LessPermission.jar" update="true">
+            <fileset dir="target/test-classes">
+                <include name="org/apache/axis2/java/security/less/*"/>
+            </fileset>
+      </ant:jar>
+      
+      <ant:delete dir="${basedir}/target/test-classes/org/apache/axis2/java/security/less" />
+
     </postGoal>
     <preGoal name="itest:compile">
         <u:file var="file" name="${maven.itest.src}"/>

Modified: webservices/axis2/trunk/java/modules/kernel/project.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/project.properties?view=diff&rev=469475&r1=469474&r2=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/project.properties (original)
+++ webservices/axis2/trunk/java/modules/kernel/project.properties Tue Oct 31 05:17:43 2006
@@ -16,3 +16,14 @@
 
 maven.multiproject.type=jar
 
+# These properties are used by Java 2 Security testcase 
+maven.test.classpath=${maven.build.dir}/test-resources/java2sec/less/LessPermission.jar;${maven.build.dir}/test-resources/java2sec/more/MorePermission.jar
+maven.junit.jvmargs=-Djava.security.policy=${base_dir}/test-resources/java2sec/policy/java2sectest.policy
+maven.junit.sysproperties=maven_home_dir base_dir maven_build_dir maven_repo_local maven_installed_root maven_test_dest
+maven_installed_root=${maven.home}
+base_dir=${basedir}
+maven_build_dir=${maven.build.dir}
+maven_test_dest=${maven.test.dest}
+maven_repo_local=${maven.repo.local}
+
+

Added: webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/AccessController.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/AccessController.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/AccessController.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/java/security/AccessController.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,215 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.java.security;
+
+import java.lang.SecurityManager;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * This utility wrapper class is created to support AXIS2 runs
+ * inside of Java 2 Security environment. Due to the access control
+ * checking algorithm, for Java 2 Security to function properly, 
+ * <code>doPrivileged()</code>
+ * is required in cases where there is application code on the stack frame 
+ * accessing the system resources (ie, read/write files, opening ports, and etc). 
+ * This class also improve performance no matther Security Manager is being enabled
+ * or not. 
+ * 
+ * Note: This utility should be used properly, otherwise might introduce
+ * security holes.
+ * 
+ * Usage Example:
+ * <code>
+ *  public void changePassword() {
+ *      ...
+ *      AccessController.doPrivileged(new PrivilegedAction() {
+ *          public Object run() {
+ *              f = Util.openPasswordFile();
+ *              ...
+ *              
+ *          }
+ *      });
+ *      ...
+ *  }
+ * </code>
+ */
+
+
+public class AccessController {
+    
+    /**
+     * Performs the specified <code>PrivilegedAction</code> with privileges
+     * enabled if a security manager is present.
+     * <p>
+     * If the action's <code>run</code> method throws an (unchecked) exception,
+     * it will propagate through this method.
+     *
+     * @param action the action to be performed.
+     * @return the value returned by the action's <code>run</code> method.
+     * @see #doPrivileged(PrivilegedAction,AccessControlContext)
+     * @see #doPrivileged(PrivilegedExceptionAction)
+     */
+    public static Object doPrivileged(PrivilegedAction action) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            return(action.run());
+        } else {
+            return java.security.AccessController.doPrivileged(action);
+        }
+    }
+
+
+    /**
+     * Performs the specified <code>PrivilegedAction</code> with privileges
+     * enabled and restricted by the specified <code>AccessControlContext</code>.
+     * The action is performed with the intersection of the permissions
+     * possessed by the caller's protection domain, and those possessed
+     * by the domains represented by the specified
+     * <code>AccessControlContext</code> if a security manager is present.
+     * <p>
+     *
+     * If the action's <code>run</code> method throws an (unchecked) exception,
+     * it will propagate through this method.
+     *
+     * @param action the action to be performed.
+     * @param context an <i>access control context</i> representing the
+     *            restriction to be applied to the caller's domain's
+     *            privileges before performing the specified action.                   
+     * @return the value returned by the action's <code>run</code> method.
+     * @see #doPrivileged(PrivilegedAction)
+     * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
+     */
+    public static Object doPrivileged(PrivilegedAction action, AccessControlContext context) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            return action.run();
+        } else {
+            return java.security.AccessController.doPrivileged(action, context);
+        }
+    }
+
+    /**
+     * Performs the specified <code>PrivilegedExceptionAction</code> with
+     * privileges enabled.  The action is performed with <i>all</i> of the 
+     * permissions possessed by the caller's protection domain.
+     * <p>
+     * If the action's <code>run</code> method throws an <i>unchecked</i>
+     * exception, it will propagate through this method.
+     *
+     * @param action the action to be performed.
+     * @return the value returned by the action's <code>run</code> method.
+     * @throws PrivilgedActionException the specified action's
+     *         <code>run</code> method threw a <i>checked</i> exception.
+     * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
+     * @see #doPrivileged(PrivilegedAction)
+     */
+    public static Object doPrivileged(PrivilegedExceptionAction action) throws PrivilegedActionException {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            try {
+                return action.run();
+            } catch (java.lang.RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new PrivilegedActionException(e);
+            }
+        } else {
+            return java.security.AccessController.doPrivileged(action);
+        }
+    }
+
+
+    /**
+     * Performs the specified <code>PrivilegedExceptionAction</code> with 
+     * privileges enabled and restricted by the specified
+     * <code>AccessControlContext</code>.  The action is performed with the
+     * intersection of the the permissions possessed by the caller's
+     * protection domain, and those possessed by the domains represented by the
+     * specified <code>AccessControlContext</code>.
+     * <p>
+     * If the action's <code>run</code> method throws an <i>unchecked</i>
+     * exception, it will propagate through this method.
+     *
+     * @param action the action to be performed.
+     * @param context an <i>access control context</i> representing the
+     *            restriction to be applied to the caller's domain's
+     *            privileges before performing the specified action.
+     * @return the value returned by the action's <code>run</code> method.
+     * @throws PrivilegedActionException the specified action's
+     *         <code>run</code> method
+     *         threw a <i>checked</i> exception.
+     * @see #doPrivileged(PrivilegedAction)
+     * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
+     */
+    public static Object doPrivileged(PrivilegedExceptionAction action, AccessControlContext context)
+        throws PrivilegedActionException {
+
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            try {
+                return action.run();
+            } catch (java.lang.RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new PrivilegedActionException(e);
+            }
+        } else {
+            return java.security.AccessController.doPrivileged(action, context);
+        }
+    }
+
+    /** 
+     * This method takes a "snapshot" of the current calling context, which
+     * includes the current Thread's inherited AccessControlContext,
+     * and places it in an AccessControlContext object. This context may then
+     * be checked at a later point, possibly in another thread.
+     *
+     * @see AccessControlContext
+     *
+     * @return the AccessControlContext based on the current context.
+     */
+    public static AccessControlContext getContext() {
+        return java.security.AccessController.getContext();
+    }
+
+    /** 
+     * Determines whether the access request indicated by the
+     * specified permission should be allowed or denied, based on
+     * the security policy currently in effect. 
+     * This method quietly returns if the access request
+     * is permitted, or throws a suitable AccessControlException otherwise. 
+     *
+     * @param perm the requested permission.
+     * 
+     * @exception AccessControlException if the specified permission
+     * is not permitted, based on the current security policy.
+     */
+    public static void checkPermission(Permission perm) throws AccessControlException {
+        java.security.AccessController.checkPermission(perm);
+    }
+
+    /** 
+     * No instantiation allowed
+     */
+    private AccessController() {}
+}

Added: webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/java2sectest.policy
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/java2sectest.policy?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/java2sectest.policy (added)
+++ webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/policy/java2sectest.policy Tue Oct 31 05:17:43 2006
@@ -0,0 +1,60 @@
+grant {
+        permission java.util.PropertyPermission "basedir", "read";
+        permission java.util.PropertyPermission "maven.build.dir", "read";
+        permission java.lang.RuntimePermission "accessDeclaredMembers";
+        permission java.lang.RuntimePermission "exitVM";
+        permission java.lang.RuntimePermission "getProtectionDomain";
+        permission java.lang.RuntimePermission "modifyThreadGroup";
+        permission java.lang.RuntimePermission "setContextClassLoader";
+        permission java.lang.RuntimePermission "setIO";        
+        permission java.lang.RuntimePermission "setSecurityManager";
+                
+        permission java.io.FilePermission "${maven_build_dir}/classes/", "read";
+        permission java.io.FilePermission "${maven_build_dir}/classes/org/apache/axis2/java/security/AccessController.class", "read";
+        permission java.io.FilePermission "${maven_build_dir}/classes/org/apache/xerces/dom/CharacterDataImpl$1.class", "read";     
+ 
+        permission java.io.FilePermission "${maven_build_dir}/test-classes/", "read";
+        permission java.io.FilePermission "${maven_build_dir}/test-classes/org/apache/axis2/java/security/AccessController.class", "read";
+        permission java.io.FilePermission "${maven_build_dir}/test-classes/org/apache/xerces/dom/CDATASectionImpl.class", "read";  
+        permission java.io.FilePermission "${maven_build_dir}/test-classes/org/apache/xerces/dom/CharacterDataImpl$1.class", "read";
+        
+        
+        permission java.io.FilePermission "${maven_build_dir}/test-resources/java2sec/less/LessPermission.jar", "read"; 
+        permission java.io.FilePermission "${maven_build_dir}/test-resources/java2sec/more/MorePermission.jar", "read";
+        
+        permission java.io.FilePermission "${maven_repo_local}/-", "read";
+        permission java.io.FilePermission "${maven_installed_root}/lib/-", "read";
+        
+        permission java.util.PropertyPermission "maven_build_dir", "read";
+        permission java.util.PropertyPermission "maven_test_dest", "read";      
+        
+};
+
+
+grant codeBase "file:${maven_build_dir}/test-resources/java2sec/more/MorePermission.jar" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/private/private.txt", "read";
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+};
+
+grant codeBase "file:${maven_build_dir}/test-resources/java2sec/less/LessPermission.jar" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+};
+
+
+grant codeBase "file:${maven_installed_root}/lib/-" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/private/private.txt", "read";
+};
+
+grant codeBase "file:${maven_build_dir}/test-classes/" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+};
+
+grant codeBase "file:${maven_build_dir}/classes/" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/private/private.txt", "read";
+};
+
+grant codeBase "file:${maven_repo_local}/-" {
+        permission java.io.FilePermission "${base_dir}/test-resources/java2sec/public/public.txt", "read";
+};

Added: webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/private.txt
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/private.txt?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/private.txt (added)
+++ webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/private/private.txt Tue Oct 31 05:17:43 2006
@@ -0,0 +1 @@
+This line is from private.txt.

Added: webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/public.txt
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/public.txt?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/public.txt (added)
+++ webservices/axis2/trunk/java/modules/kernel/test-resources/java2sec/public/public.txt Tue Oct 31 05:17:43 2006
@@ -0,0 +1 @@
+This line is from public.txt.

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/Action.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/Action.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/Action.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/action/Action.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+ 
+package org.apache.axis2.java.security.action;
+
+import org.apache.axis2.java.security.interf.Actor;
+import org.apache.axis2.java.security.driver.Java2SecTest;
+
+import java.io.CharArrayWriter;
+import java.io.FileReader;
+import java.io.IOException;
+
+
+
+/** 
+ * Action reads the data from an input file  
+ * and then saves the file input to Java2SecTest class
+ */
+
+public class Action implements Actor {
+
+    private String fileName;
+    private FileReader fileReader;
+
+    // Constructor
+    public Action(String fileName) {
+        this.fileName = fileName;
+    }
+
+    // Implementing Actor's takeAction method
+    public void takeAction () {
+	try {
+	    // Print out maven's base,build, and test direcotories
+	    String baseDir = System.getProperty("basedir");
+	    System.out.println("basedir => " + baseDir);
+
+	    String buildDir = System.getProperty("maven_build_dir");
+	    System.out.println("buildDir => " + buildDir);
+	    
+	    String testDir = System.getProperty("maven_test_dest");
+	    System.out.println("testDir => " + testDir);
+	    
+	    // Convert the \ (back slash) to / (forward slash)
+	    String baseDirM = baseDir.replace('\\', '/');
+	    System.out.println("baseDirM => "+ baseDirM);
+	    
+	    String fs = "/";
+
+	    // Build the file URL
+	    String fileURL=baseDirM+fs+"test-resources"+fs+"java2sec"+fs+fileName;
+	    System.out.println("File URL => " + fileURL);
+        	
+	    if (fileName != null)
+		    fileReader = new FileReader(fileURL);
+	    else 
+		    fileReader = new FileReader("public.txt");
+        	
+            try {
+                CharArrayWriter caw = new CharArrayWriter();
+                int c;
+		while ((c = fileReader.read()) != -1) {
+                    caw.write(c);
+                }
+		// Set/save the file input as test result onto Java2SecTest
+                Java2SecTest.testResult = caw.toString();
+            }
+            catch (IOException e) {
+		e.printStackTrace(System.out);
+            }
+            finally {
+                try {
+                    fileReader.close();
+                }
+                catch (IOException e) {
+		    e.printStackTrace(System.out);
+                }
+            }
+        }
+        catch (IOException e) {
+	    e.printStackTrace(System.out);
+        }
+    }
+}

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/Java2SecTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/Java2SecTest.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/Java2SecTest.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/driver/Java2SecTest.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,545 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.driver;
+
+import org.apache.axis2.java.security.action.Action;
+import org.apache.axis2.java.security.less.LessPermission;
+import org.apache.axis2.java.security.more.MorePermission;
+import org.apache.axis2.java.security.less.LessPermissionPrivilegedExceptionAction;
+import org.apache.axis2.java.security.more.MorePermissionPrivilegedExceptionAction;
+import org.apache.axis2.java.security.less.LessPermissionAccessControlContext;
+import org.apache.axis2.java.security.more.MorePermissionAccessControlContext;
+import org.apache.axis2.java.security.AccessController;
+
+import junit.framework.TestCase;
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import junit.textui.TestRunner;
+
+import java.util.Calendar;
+import java.util.TimeZone;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Java2SecTest demostrates the usages of AccessController class and Policy file(s) while Security Manager is enabled: 
+ *    1. testNoPrivilegePassed shows the usage of no AccessController but it still work fine
+ *          because it has all the permissions.
+ *    2. testNoPrivilegeFailure shows the usage of AccessController with LessPermission.java, 
+ *          which is not right approach.
+ *    3. testDoPrivilegePassed shows the correct practice of java 2 security by granting the appropriate 
+ *          permission in the policy file(s0 and wrapping the AccessController calls with MorePermission.java. 
+ *    4. testDoPrivilegeFailure shows the reverse call order of MorePermission and LessPermission 
+ *          from testDoPrivilegedPassed.
+ *    5. testAccessControlContextFailure shows the AccessContext which contains a no-permission class 
+ *          on the stack can cause a failure. In our case, the no-permission class is 
+ *          LessPermissionAccessControlContext.
+ *
+ */
+
+public class Java2SecTest extends TestCase {
+    // Static variable to keep the test result 
+    public static String testResult = "";
+    
+    // Default constructor
+    public Java2SecTest() {
+	super();
+	System.out.println("\nJava2SecTest ctor 1");
+	Calendar cal = Calendar.getInstance(TimeZone.getDefault());
+	String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
+	java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(DATE_FORMAT);
+	sdf.setTimeZone(TimeZone.getDefault());     		  
+	System.out.println("Current time => " + sdf.format(cal.getTime()) + "\n");
+    }
+
+    // Constructor
+    public Java2SecTest(String arg) {
+	super(arg);
+	System.out.println("\nJava2SecTest ctor 2");
+	Calendar cal = Calendar.getInstance(TimeZone.getDefault());
+	String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
+	java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(DATE_FORMAT);
+	sdf.setTimeZone(TimeZone.getDefault());     		  
+	System.out.println("Current time => " + sdf.format(cal.getTime()) + "\n");
+    }
+	
+	// This method is added for running this test as a pure junit test
+	 public static void main(String[] args) {
+		  TestRunner.run(suite());
+		 
+	 }
+	 
+	 // This method is added for running this test as a pure junit test
+	 public static Test suite() {
+		  TestSuite suite = new TestSuite(Java2SecTest.class);
+		  
+		  return suite;
+		 
+	 }
+	
+
+
+	 /**
+	  * testNoPrivilegedSuccessed
+	  */
+ 	 
+	 public void testNoPrivilegeSuccessed() throws Exception {
+		 Java2SecTest.testResult = "testNoPrivilegeSuccessed failed.";
+	     SecurityManager oldSM = null;
+	     String expectedString = "This line is from public.txt.";
+
+	     System.out.println("\ntestNoPrivilegedSuccessed() begins");
+	     // Check whether the security manager is enabled or not.
+	     // If not, turn it on
+	     oldSM = System.getSecurityManager();
+	     if (oldSM != null) {
+		 System.out.println("\nSecurity Manager is enabled.");
+	     } else {
+		 System.out.println("\nSecurity Manager is disabled.");
+		 System.out.println("Enabling the default Java Security Manager");
+		 System.setSecurityManager(new SecurityManager());
+	     }
+			    	
+	     // Run test WITHOUT AccessController.doPrivileged wrapper
+	     Action dp= new Action("public/public.txt");
+	     MorePermission mp = new MorePermission(dp, false);
+	     LessPermission lp = new LessPermission(mp, false);		
+	     lp.takeAction();
+			    	
+	     // Disable security manager if it is enabled by this testcsae
+	     if (System.getSecurityManager() != null && oldSM == null) {	
+		 System.setSecurityManager(null);
+		 if (System.getSecurityManager() == null) {
+		     System.out.println("Security Manager is successfully disabled.");
+		 } else {
+		     System.out.println("Security Manager is still enabled");
+		 }
+	     }
+	     // Remove extra characters within the result string
+	     testResult = testResult.replaceAll("\\r", "");
+	     testResult = testResult.replaceAll("\\n", "");
+	     System.out.println("Resulting string is " + testResult);
+			    	
+	     // Verify the test result by comparing the test result with expected string   	    	
+	     assertTrue("The string contents do not match.", expectedString.equalsIgnoreCase(testResult));
+			    	
+	     System.out.println("\ntestNoPrivilegedSuccessed() ends\n\n");      	
+	 }
+	 
+
+    
+	/**
+	 * testNoPrivilegedFailure
+	 */
+	 
+	public void testNoPrivilegeFailure() throws Exception {
+		Java2SecTest.testResult = "testNoPrivilegeFailure failed.";
+	    SecurityManager oldSM = null;
+	    	
+	    System.out.println("\ntestNoPrivilegedFailured() begins");
+	    // Check whether the security is enable or not.
+	    // if it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }	
+	    // Run test with AccessController.doPrivilege wrapper
+	    Action dp= new Action("private/private.txt");
+	    MorePermission mp = new MorePermission(dp, false);
+	    LessPermission lp = new LessPermission(mp, false);
+	    try {
+		lp.takeAction();
+	    } catch (Exception e){
+		// verify the test result
+		assertTrue("It is not the security exception.", (e instanceof java.security.AccessControlException));
+	    } finally {
+		// Disable security manager if it is enabled by this testcsae
+		if (System.getSecurityManager() != null && oldSM == null) {	
+		    System.setSecurityManager(null);
+		    if (System.getSecurityManager() == null) {
+			System.out.println("Security Manager is successfully disabled.");
+		    } else {
+			System.out.println("Security Manager is still enabled");
+		    }
+		}
+		System.out.println("\ntesNoPrivilegedFailure() ends\n\n");
+	    }
+	}
+	 	
+
+
+	/**
+	 * testDoPrivilegedSuccessed
+	 */
+	 
+	public void testDoPrivilegeSuccessed() throws Exception {
+		Java2SecTest.testResult = "testDoPrivilegeSuccessed failed.";
+	    SecurityManager oldSM = null;
+	    String expectedString = "This line is from private.txt.";
+	    	
+	    System.out.println("\ntestDoPrivilegedSuccessed() begins");
+	    // Check whether the security is enable or not.
+	    // If it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Java Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }
+	      
+	    // Run test with AccessController.doPrivilege
+	    Action dp= new Action("private/private.txt");
+	    MorePermission mp = new MorePermission(dp, true);
+	    LessPermission lp = new LessPermission(mp, false);
+	    lp.takeAction();
+
+
+	    // Disable security manager if it is enabled by this testcsae
+	    if (System.getSecurityManager() != null && oldSM == null) {	
+		System.setSecurityManager(null);
+		if (System.getSecurityManager() == null) {
+		    System.out.println("Security Manager is successfully disabled.");
+		} else {
+		    System.out.println("Security Manager is still enabled");
+		}
+	    }
+	    	    	
+	    // Remove extra characters within the result string
+	    testResult = testResult.replaceAll("\\r", "");
+	    testResult = testResult.replaceAll("\\n", "");
+	    System.out.println("Resulting string is " + testResult);          	
+	    
+	    // Verify the test result by comparing the test result with expected string   	    	
+	    assertTrue("The string contents do not match.", expectedString.equalsIgnoreCase(testResult));
+	    System.out.println("\ntestDoPrivilegedSuccessed() ends\n\n");
+	}
+	
+
+
+	/**
+	 * testDoPrivilegedFailure
+	 */
+	 
+	public void testDoPrivilegeFailure() throws Exception {
+		Java2SecTest.testResult = "testDoPrivilegeFailure failed.";
+	    SecurityManager oldSM = null;
+	    String expectedString = "This line is from private.txt.";
+	    	
+	    System.out.println("\ntestDoPrivilegedFailure() begins");
+	    // Check whether the security is enable or not.
+	    // If it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Java Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }
+	      
+	    // Run test with AccessController.doPrivilege
+	    Action dp= new Action("private/private.txt");
+	    MorePermission mp = new MorePermission(dp, false);
+	    LessPermission lp = new LessPermission(mp, true);
+	    try {
+		mp.takeAction();
+	    } catch (Exception e) {
+		// Verify the test result
+		assertTrue("It is not the security exception.", (e instanceof java.security.AccessControlException));
+
+	    } finally {
+		// Disable security manager if it is enabled by this testcsae
+		if (System.getSecurityManager() != null && oldSM == null) {	
+		    System.setSecurityManager(null);
+		    if (System.getSecurityManager() == null) {
+			System.out.println("Security Manager is successfully disabled.");
+		    } else {
+			System.out.println("Security Manager is still enabled");
+		    }
+		}
+		System.out.println("\ntestDoPrivilegedFailure() ends\n\n");
+	    }
+	}
+	
+
+	
+
+	/**
+	 * testAccessControlContextFailure
+	 */
+         
+	public void testAccessControlContextFailure() throws Exception {
+		Java2SecTest.testResult = "testAccessControlContextFailure failed.";
+		SecurityManager oldSM = null;
+	    String expectedString = "This line is from private.txt.";
+	    	
+	    System.out.println("\ntestAccessControlContextFailure() begins");
+	    // Check whether the security is enable or not.
+	    // If it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Java Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }
+	      
+	    // Run test with AccessController.doPrivilege
+	    Action dp= new Action("private/private.txt");
+	    MorePermissionAccessControlContext mp = new MorePermissionAccessControlContext(dp, false);
+	    LessPermissionAccessControlContext lp = new LessPermissionAccessControlContext(mp, true);
+	    try {
+		lp.takeAction();
+	    } catch (Exception e) {
+		// Verify the test result
+		assertTrue("It is not the security exception.", (e instanceof java.security.AccessControlException));
+
+	    } finally {
+		// Disable security manager if it is enabled by this testcsae
+		if (System.getSecurityManager() != null && oldSM == null) {	
+		    System.setSecurityManager(null);
+		    if (System.getSecurityManager() == null) {
+			System.out.println("Security Manager is successfully disabled.");
+		    } else {
+			System.out.println("Security Manager is still enabled");
+		    }
+		}
+		System.out.println("\ntestAccessControlContextFailure() ends\n\n");
+	    }
+	}
+
+	// 2 begins
+	
+	/**
+	 * testPrivilegedExceptionActionSuccessed
+	 */
+	 
+	public void testPrivilegedExceptionSuccessed() throws Exception {
+		Java2SecTest.testResult = "testPrivielgedExceptionSuccessed failed";
+		SecurityManager oldSM = null;
+	    String expectedString = "This line is from private.txt.";
+	    	
+	    System.out.println("\ntestPrivilegedExceptionActionSuccessed() begins");
+	    // Check whether the security is enable or not.
+	    // If it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Java Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }
+	      
+	    // Run test with AccessController.doPrivilege
+	    Action dp= new Action("private/private.txt");
+	    MorePermissionPrivilegedExceptionAction mp = new MorePermissionPrivilegedExceptionAction(dp, true);
+	    LessPermissionPrivilegedExceptionAction lp = new LessPermissionPrivilegedExceptionAction(mp, false);
+	    lp.takeAction();
+
+
+	    // Disable security manager if it is enabled by this testcsae
+	    if (System.getSecurityManager() != null && oldSM == null) {	
+		System.setSecurityManager(null);
+		if (System.getSecurityManager() == null) {
+		    System.out.println("Security Manager is successfully disabled.");
+		} else {
+		    System.out.println("Security Manager is still enabled");
+		}
+	    }
+	    	    	
+	    // Remove extra characters within the result string
+	    testResult = testResult.replaceAll("\\r", "");
+	    testResult = testResult.replaceAll("\\n", "");
+	    System.out.println("testDoPrivilege's result string is " + testResult);          	
+	    
+	    // Verify the test result by comparing the test result with expected string   	    	
+	    assertTrue("The string contents do not match.", expectedString.equalsIgnoreCase(testResult));
+	    System.out.println("\ntestDoPrivilegeSuccessed() ends\n\n");
+	}
+	
+
+
+	/**
+	 * testPrivilegedExceptionActionFailure
+	 */
+	 
+	public void testPrivilegedExceptionActionFailure() throws Exception {
+		Java2SecTest.testResult = "testPrivilegedExceptionActionFailure failed.";
+		SecurityManager oldSM = null;
+	    String expectedString = "This line is from private.txt.";
+	    	
+	    System.out.println("\ntestPrivilegedExceptionActionFailure() begins");
+	    // Check whether the security is enable or not.
+	    // If it is not enabled, turn it on
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+	        System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+	        System.out.println("\nSecurity Manager is disabled.");
+	        System.out.println("Enabling the default Java Security Manager");
+	        System.setSecurityManager(new SecurityManager());
+	    }
+	      
+	    // Run test with AccessController.doPrivilege
+	    Action dp= new Action("private/private.txt");
+	    MorePermissionPrivilegedExceptionAction mp = new MorePermissionPrivilegedExceptionAction(dp, false);
+	    LessPermissionPrivilegedExceptionAction lp = new LessPermissionPrivilegedExceptionAction(mp, true);
+	    try {
+	        mp.takeAction();
+	    } catch (Exception e) {
+	        // Verify the test result
+	        assertTrue("It is not the security exception.", (e instanceof java.security.PrivilegedActionException));
+        } finally {
+		// Disable security manager if it is enabled by this testcsae
+		if (System.getSecurityManager() != null && oldSM == null) {	
+		    System.setSecurityManager(null);
+		    if (System.getSecurityManager() == null) {
+			System.out.println("Security Manager is successfully disabled.");
+		    } else {
+			System.out.println("Security Manager is still enabled");
+		    }
+		}
+		System.out.println("\ntestPrivilegedExceptionActionFailure() ends\n\n");
+	    }
+	}
+
+	/**
+	 * testCheckPermissionAllowed
+	 */
+	
+	public void testCheckPermissionAllowed() throws Exception {
+		Java2SecTest.testResult = "testCheckPermissionAllowed failed.";
+		SecurityManager oldSM = null;
+
+	    System.out.println("\ntestCheckPermissionAllowed() begins.\n");
+	    boolean allowed = false;
+	    String fileName = "public/public.txt";
+
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+		System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+		System.out.println("\nSecurity Manager is disabled.");
+		System.out.println("Enabling the default Java Security Manager");
+		System.setSecurityManager(new SecurityManager());
+	    }
+
+	    try {     
+                // Print out maven's base,build, and test direcotories    
+                String baseDir = System.getProperty("basedir");   
+                System.out.println("basedir => " + baseDir);    
+                // Convert the \ (back slash) to / (forward slash)    
+                String baseDirM = baseDir.replace('\\', '/');    
+                System.out.println("baseDirM => "+ baseDirM);   
+                String fs = "/";
+                
+                // Build the file URL    
+                String fileURL=baseDirM+fs+"test-resources"+fs+"java2sec"+fs+fileName;
+                Permission perm = new java.io.FilePermission(fileURL, "read");   
+                AccessController.checkPermission(perm);
+                allowed = true;
+            } catch (Exception e) {
+                if (e instanceof AccessControlException) {
+                    e.printStackTrace(System.out); 
+                }
+	    } finally {
+                assertTrue("Accessing to public.txt file is denied; Test failed.", allowed);
+		// Disable security manager if it is enabled by this testcsae
+		if (System.getSecurityManager() != null && oldSM == null) {	
+		    System.setSecurityManager(null);
+		    if (System.getSecurityManager() == null) {
+			    System.out.println("Security Manager is successfully disabled.");
+		    } else {
+			    System.out.println("Security Manager is still enabled");
+		    }
+		}
+		System.out.println("\ntestCheckPermissionAllowed() ends.\n");
+	    }
+
+	}
+
+
+	
+	/**
+	 * testCheckPermissionDenied
+	 */
+	
+	public void testCheckPermissionDenied() throws Exception {
+		Java2SecTest.testResult = "testCheckPermissionDenied failed";
+		SecurityManager oldSM = null;
+
+	    System.out.println("\ntestCheckPermissionDenied() begins.\n");
+	    boolean denied = true;
+	    String fileName = "private/private.txt";
+
+	    oldSM = System.getSecurityManager();
+	    if (oldSM != null) {
+	        System.out.println("\nSecurity Manager is enabled.");
+	    } else {
+	        System.out.println("\nSecurity Manager is disabled.");
+	        System.out.println("Enabling the default Java Security Manager");
+	        System.setSecurityManager(new SecurityManager());
+	    }
+
+	    try {
+	        // Print out maven's base,build, and test direcotories
+	        String baseDir = System.getProperty("basedir");
+	        System.out.println("basedir => " + baseDir);
+	    
+	        // Convert the \ (back slash) to / (forward slash)
+	        String baseDirM = baseDir.replace('\\', '/');
+	        System.out.println("baseDirM => "+ baseDirM);
+	    
+	        String fs = "/";
+	    
+	        // Build the file URL
+	        String fileURL=baseDirM+fs+"test-resources"+fs+"java2sec"+fs+fileName;
+	        Permission perm = new java.io.FilePermission(fileURL, "read");
+	        AccessController.checkPermission(perm);
+	        denied = false;
+	    } catch (Exception e) {
+	        if (!(e instanceof AccessControlException)) {
+	            denied = false;
+	        }
+            e.printStackTrace(System.out);    
+	    } finally {
+	        assertTrue("Accessing to private.txt file is allowed; Test failed.", denied);
+
+	        // Disable security manager if it is enabled by this testcsae
+	        if (System.getSecurityManager() != null && oldSM == null) {	
+	            System.setSecurityManager(null);
+	            if (System.getSecurityManager() == null) {
+	                System.out.println("Security Manager is successfully disabled.");
+	            } else {
+	                System.out.println("Security Manager is still enabled");
+	            }
+	        }
+            System.out.println("\ntestCheckPermissionDenied() ends.\n");
+	    }
+	}	
+}

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/Actor.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/Actor.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/Actor.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/interf/Actor.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.interf;
+
+/**
+ * Interface Actor
+ */
+
+public interface Actor {
+   public void takeAction();
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermission.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermission.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermission.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermission.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.less;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedAction;
+
+
+
+/**
+ * LessPermission has no read permission to the private.txt file
+ */
+
+public class LessPermission implements Actor {
+
+    private Actor _actor;
+    private boolean _usingDoPrivilege;
+    
+    // Construtor
+    public LessPermission(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+    }
+	
+    // Implement Actor's takeAction method
+    public void takeAction() {
+   	try {
+	    if (_usingDoPrivilege) {
+		// Use AccessController's doPrivilege
+		AccessController.doPrivileged(
+		    new PrivilegedAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+		    }
+		});       
+	    }
+	    else {  
+		// Use no AccessController's doPrivilege
+		_actor.takeAction();
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionAccessControlContext.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionAccessControlContext.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionAccessControlContext.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionAccessControlContext.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.less;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedAction;
+import java.security.AccessControlContext;
+
+
+
+/**
+ * LessPermission has no read permission to the private.txt file
+ */
+
+public class LessPermissionAccessControlContext implements Actor {
+
+    private Actor _actor;
+    private boolean _usingDoPrivilege;
+    
+    // Construtor
+    public LessPermissionAccessControlContext(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+    }
+	
+    // Implement Actor's takeAction method
+    public void takeAction() {
+   	try {
+	    if (_usingDoPrivilege) {
+		final AccessControlContext acc = AccessController.getContext();
+		// Demostrate the usage of AccessController.doPrivileged(PrivilegeAction action, AccessContext ctx)
+		AccessController.doPrivileged(
+		    new PrivilegedAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+		    }
+		}, acc);       
+	    }
+	    else {  
+		// Use no doPrivileged
+		_actor.takeAction();
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionPrivilegedExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionPrivilegedExceptionAction.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionPrivilegedExceptionAction.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/less/LessPermissionPrivilegedExceptionAction.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.less;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedExceptionAction;
+
+
+
+/**
+ * LessPermission has no read permission to the private.txt file
+ */
+
+public class LessPermissionPrivilegedExceptionAction implements Actor {
+
+    private Actor _actor;
+    private boolean _usingDoPrivilege;
+    
+    // Construtor
+    public LessPermissionPrivilegedExceptionAction(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+    }
+	
+    // Implement Actor's takeAction method
+    public void takeAction() {
+   	try {
+	    if (_usingDoPrivilege) {
+		// Demostrate the usage of AccessController.doPrivileged(PrivilegedExceptionAction action)
+		AccessController.doPrivileged(
+		    new PrivilegedExceptionAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+		    }
+		});       
+	    }
+	    else {  
+		// Use no doPrivileged
+		_actor.takeAction();
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermission.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermission.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermission.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermission.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.more;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedAction;
+
+/**
+ * MorePermission has read permission to both public.txt and private.txt
+ */
+
+public class MorePermission implements Actor {
+    
+    private Actor  _actor;
+    private boolean _usingDoPrivilege;
+
+    // Constructor
+    public MorePermission(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+
+    }
+
+    // Implementing Actor's takeAction method
+    public void takeAction() {
+	try {
+	    if (_usingDoPrivilege) {
+		// Use AccessController's doPrivilege
+		AccessController.doPrivileged(
+		    new PrivilegedAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+			    }
+			});
+	    }
+	    else {
+		// Use no AccessController's doPrivilege
+		_actor.takeAction();   
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }    
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionAccessControlContext.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionAccessControlContext.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionAccessControlContext.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionAccessControlContext.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.more;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedAction;
+import java.security.AccessControlContext;
+import java.security.Permission;
+
+/**
+ * MorePermissionAccessControllerContext has read permission to both public.txt and private.txt
+ */
+
+public class MorePermissionAccessControlContext implements Actor {
+    
+    private Actor  _actor;
+    private boolean _usingDoPrivilege;
+
+    // Constructor
+    public MorePermissionAccessControlContext(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+
+    }
+
+    // Implementing Actor's takeAction method
+    public void takeAction() {
+	try {
+	    if (_usingDoPrivilege) {
+		final AccessControlContext acc = AccessController.getContext();
+		  // Print out maven's base,build, and test direcotories
+		String baseDir = System.getProperty("basedir");
+		System.out.println("basedir => " + baseDir);
+	    
+		// Convert the \ (back slash) to / (forward slash)
+		String baseDirM = baseDir.replace('\\', '/');
+		System.out.println("baseDirM => "+ baseDirM);
+	    
+		String fs = "/";
+		String fileName = "private/private.txt";
+	    
+		// Build the file URL
+		String fileURL=baseDirM+fs+"test-resources"+fs+"java2sec"+fs+fileName;
+		Permission perm = new java.io.FilePermission(fileURL, "read");
+		acc.checkPermission(perm);
+		// Demostrate the usage of AccessController's doPrivilege(PrivilegeAction action, AccessContext ctx)
+		AccessController.doPrivileged(
+		    new PrivilegedAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+			    }
+			}, acc);
+	    }
+	    else {
+		// Use no doPrivileged
+		_actor.takeAction();   
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }    
+}
+

Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionPrivilegedExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionPrivilegedExceptionAction.java?view=auto&rev=469475
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionPrivilegedExceptionAction.java (added)
+++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/java/security/more/MorePermissionPrivilegedExceptionAction.java Tue Oct 31 05:17:43 2006
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2006 International Business Machines Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.axis2.java.security.more;
+
+import org.apache.axis2.java.security.AccessController;
+import org.apache.axis2.java.security.interf.Actor;
+
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * MorePermission has read permission to both public.txt and private.txt
+ */
+
+public class MorePermissionPrivilegedExceptionAction implements Actor {
+    
+    private Actor  _actor;
+    private boolean _usingDoPrivilege;
+
+    // Constructor
+    public MorePermissionPrivilegedExceptionAction(Actor a, boolean usingDoPrivilege) {
+	_actor = a;
+	_usingDoPrivilege = usingDoPrivilege;
+
+    }
+
+    // Implementing Actor's takeAction method
+    public void takeAction() {
+	try {
+	    if (_usingDoPrivilege) {
+		// Demostrate the usage of AccessController.doPrivileged(PrivilegedExceptionAction action) 
+		AccessController.doPrivileged(
+		    new PrivilegedExceptionAction() {
+			public Object run() {
+			    _actor.takeAction();
+			    return null;
+			    }
+			});
+	    }
+	    else {
+		// Use no doPrivilege
+		_actor.takeAction();   
+	    }
+	} catch (Exception e) {
+	    e.printStackTrace(System.out);
+	}
+    }    
+}
+



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message