harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasily Zakharov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-2910) [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
Date Tue, 19 Jun 2007 18:53:26 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506265
] 

Vasily Zakharov commented on HARMONY-2910:
------------------------------------------

Also I've noticed that two security tests are failing with the latest patch applied:

org.apache.harmony.security.tests.PolicyEntryTest.testImpliesCodeSource()
tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission()

I investigated the first failure, checked the way CodeSource methods are used in PolicyEntryTest.testImpliesCodeSource()
and PolicyEntry.impliesCodeSource() and found out that in this respect Harmony implementation
works identically to RI. In particular, the following asserions fail on RI also:

        assertTrue(pe.impliesCodeSource(cs2));
        assertTrue(pe.impliesCodeSource(new CodeSource(new URL("file://-"), (Certificate[])null)));

Does it mean that PolicyUtils.normalizeURL() works incorrectly, or PolicyEntry.impliesCodeSource()
logic is not right (for example, why codeSource is normalized while cs is not?), or the two
asserions above should be changed to assertFalse() ?


> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
>                 Key: HARMONY-2910
>                 URL: https://issues.apache.org/jira/browse/HARMONY-2910
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: Ruth Cao
>            Assignee: Stepan Mishura
>         Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff,
regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest  with the argument and the policy
file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {	
> 	public static void main(String[] args) throws Exception {
> 		Policy p = Policy.getPolicy();
> 		ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> 				"file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> 		PermissionCollection pCollection = p.getPermissions(pd);
> 		Enumeration<Permission> elements = pCollection.elements();
> 		while (elements.hasMoreElements()) {
> 			if(elements.nextElement().equals(new AllPermission())){
> 				System.out.println("contains AllPermission");
> 			}
> 		}
> 	}
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
>    permission java.security.AllPermission; 
> }; 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message