From 99ef156102a4d10df6ec2d5905a7fc26390b700d Mon Sep 17 00:00:00 2001 From: Jason Tedor Date: Sun, 11 Sep 2016 21:20:22 -0400 Subject: [PATCH 2/2] Remove policy in throwable proxy security test This commit simplifies the test ThrowableProxyTest#testLogStackTraceWithClassThatWillCauseSecurityException by removing the need for a policy. The reason for this is because ideally the policy should be restored at the end of the test. The problem with this is that this requires storing the policy away, which means loading the default policy, which will ruin the permissions needed during the test. This commit refactors the handling of the security manager here so that a policy is not needed. --- .../log4j/core/impl/ThrowableProxyTest.java | 65 ++++++++++------------ 1 file changed, 28 insertions(+), 37 deletions(-) diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/impl/ThrowableProxyTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/impl/ThrowableProxyTest.java index 9c0b861..95476b0 100644 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/impl/ThrowableProxyTest.java +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/impl/ThrowableProxyTest.java @@ -31,10 +31,7 @@ import java.net.BindException; import java.net.InetSocketAddress; import java.net.SocketPermission; import java.nio.channels.ServerSocketChannel; -import java.security.CodeSource; -import java.security.PermissionCollection; -import java.security.Permissions; -import java.security.Policy; +import java.security.Permission; import java.util.HashMap; import java.util.Map; import java.util.Stack; @@ -133,41 +130,35 @@ public class ThrowableProxyTest { @Test public void testLogStackTraceWithClassThatWillCauseSecurityException() throws IOException { - class SimplePolicy extends Policy { - - private final Permissions permissions; - - public SimplePolicy(final Permissions permissions) { - this.permissions = permissions; - } - - @Override - public PermissionCollection getPermissions(final CodeSource codesource) { - return permissions; - } - - } - final SecurityManager sm = System.getSecurityManager(); try { - final Permissions permissions = new Permissions(); - - // you know, for binding - permissions.add(new SocketPermission("localhost:9300", "listen,resolve")); - - /** - * the JUnit test runner uses reflection to invoke the test; while leaving this - * permission out would display the same issue, it's clearer to grant this - * permission and show the real issue that would arise - */ - // TODO: other JDKs might need a different permission here - permissions.add(new RuntimePermission("accessClassInPackage.sun.reflect")); - - // for restoring the security manager after test execution - permissions.add(new RuntimePermission("setSecurityManager")); - - Policy.setPolicy(new SimplePolicy(permissions)); - System.setSecurityManager(new SecurityManager()); + System.setSecurityManager(new SecurityManager() { + @Override + public void checkPermission(Permission perm) { + if (perm instanceof SocketPermission) { + // you know, for binding + return; + } else if (perm instanceof RuntimePermission) { + switch (perm.getName()) { + case "accessClassInPackage.sun.reflect": + /** + * the JUnit test runner uses reflection to invoke the test; while leaving this + * permission out would display the same issue, it's clearer to grant this + * permission and show the real issue that would arise + */ + // TODO: other JDKs might need a different permission here + case "loadLibrary.net": + case "loadLibrary.nio": + case "selectorProvider": + case "setSecurityManager": + // for restoring the security manager after test execution + return; + default: + super.checkPermission(perm); + } + } + } + }); ServerSocketChannel.open().socket().bind(new InetSocketAddress("localhost", 9300)); ServerSocketChannel.open().socket().bind(new InetSocketAddress("localhost", 9300)); fail("expected a java.net.BindException"); -- 2.9.3