commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t.@apache.org
Subject svn commit: r1606029 - in /commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security: DummyClass.java SecurityForbiddenTestCase.java
Date Fri, 27 Jun 2014 11:10:16 GMT
Author: tn
Date: Fri Jun 27 11:10:16 2014
New Revision: 1606029

URL: http://svn.apache.org/r1606029
Log:
[LOGGING-37] Add testcase when calling Thread.getCurrentThread().getContextClassLoader() results
in a SecurityException.

Added:
    commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/DummyClass.java
Modified:
    commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java

Added: commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/DummyClass.java
URL: http://svn.apache.org/viewvc/commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/DummyClass.java?rev=1606029&view=auto
==============================================================================
--- commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/DummyClass.java
(added)
+++ commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/DummyClass.java
Fri Jun 27 11:10:16 2014
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
agreements. See the NOTICE
+ * file distributed with this work for additional information regarding copyright ownership.
The ASF licenses this file
+ * to You under the Apache License, Version 2.0 (the "License"); you may not use this file
except in compliance with the
+ * License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by
+ * applicable law or agreed to in writing, software distributed under the License is distributed
on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.apache.commons.logging.security;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class DummyClass {
+
+    public DummyClass() {
+        Log log = LogFactory.getLog(DummyClass.class);
+        log.info("Some log message");
+    }
+}

Modified: commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
URL: http://svn.apache.org/viewvc/commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java?rev=1606029&r1=1606028&r2=1606029&view=diff
==============================================================================
--- commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
(original)
+++ commons/proper/logging/trunk/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java
Fri Jun 27 11:10:16 2014
@@ -47,6 +47,7 @@ import org.apache.commons.logging.Pathab
 public class SecurityForbiddenTestCase extends TestCase
 {
     private SecurityManager oldSecMgr;
+    private ClassLoader otherClassLoader;
 
     // Dummy special hashtable, so we can tell JCL to use this instead of
     // the standard one.
@@ -75,6 +76,12 @@ public class SecurityForbiddenTestCase e
     public void setUp() {
         // save security manager so it can be restored in tearDown
         oldSecMgr = System.getSecurityManager();
+        
+        PathableClassLoader classLoader = new PathableClassLoader(null);
+        classLoader.addLogicalLib("commons-logging");
+        classLoader.addLogicalLib("testclasses");
+        
+        otherClassLoader = classLoader;
     }
 
     public void tearDown() {
@@ -131,4 +138,54 @@ public class SecurityForbiddenTestCase e
             fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString());
         }
     }
+
+    /**
+     * Test what happens when JCL is run with absolutely no security
+     * privileges at all and a class loaded with a different classloader
+     * than the context classloader of the current thread tries to log something. 
+     */
+    public void testContextClassLoader() {
+        System.setProperty(
+                LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
+                CustomHashtable.class.getName());
+        MockSecurityManager mySecurityManager = new MockSecurityManager();
+
+        System.setSecurityManager(mySecurityManager);
+
+        try {
+            // load a dummy class with another classloader
+            // to force a SecurityException when the LogFactory calls
+            // Thread.getCurrentThread().getContextClassLoader()
+            loadClass("org.apache.commons.logging.security.DummyClass", otherClassLoader);
+
+            System.setSecurityManager(oldSecMgr);
+            assertEquals(0, mySecurityManager.getUntrustedCodeCount());
+        } catch(Throwable t) {
+            // Restore original security manager so output can be generated; the
+            // PrintWriter constructor tries to read the line.separator
+            // system property.
+            System.setSecurityManager(oldSecMgr);
+            StringWriter sw = new StringWriter();
+            PrintWriter pw = new PrintWriter(sw);
+            t.printStackTrace(pw);
+            fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString());
+        }
+    }
+
+    /**
+     * Loads a class with the given classloader.
+     */
+    private Object loadClass(String name, ClassLoader classLoader) {
+        try {
+            Class clazz = classLoader.loadClass(name);
+            Object obj = clazz.newInstance();
+            return obj;
+        } catch ( Exception e ) {
+            StringWriter sw = new StringWriter();
+            PrintWriter pw = new PrintWriter(sw);
+            e.printStackTrace(pw);
+            fail("Unexpected exception:" + e.getMessage() + ":" + sw.toString());
+        }
+        return null;
+    }
 }



Mime
View raw message