jdk-sandbox: test/jdk/java/net/httpclient/security/filePerms/FileProcessorPermissionTest.java@82a9340bdda6 (annotated)

48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	1	/*
56138 4f92b988600e http-client-branch: HTTP Client file publishers, handlers, and subscribers as capability objects chegar parents: 56089 diff changeset	2	* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	4	*
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	7	* published by the Free Software Foundation.
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	8	*
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	13	* accompanied this code).
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	14	*
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	18	*
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	21	* questions.
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	22	*/
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	23
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	24	/*
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	25	* @test
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	26	* @summary Basic checks for SecurityException from body processors APIs
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	27	* @run testng/othervm/java.security.policy=allpermissions.policy FileProcessorPermissionTest
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	28	*/
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	29
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	30	import java.io.File;
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	31	import java.io.FilePermission;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	32	import java.nio.file.Path;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	33	import java.nio.file.Paths;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	34	import java.security.AccessControlContext;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	35	import java.security.AccessController;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	36	import java.security.Permission;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	37	import java.security.Permissions;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	38	import java.security.PrivilegedActionException;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	39	import java.security.PrivilegedExceptionAction;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	40	import java.security.ProtectionDomain;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	41	import java.util.List;
56089 42208b2f224e http-client-branch: move to standard package and module name chegar parents: 48083 diff changeset	42	import java.net.http.HttpRequest;
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	43	import java.net.http.HttpRequest.BodyPublishers;
56089 42208b2f224e http-client-branch: move to standard package and module name chegar parents: 48083 diff changeset	44	import java.net.http.HttpResponse;
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	45	import java.net.http.HttpResponse.BodyHandlers;
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	46	import org.testng.annotations.Test;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	47	import static java.nio.file.StandardOpenOption.*;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	48	import static org.testng.Assert.*;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	49
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	50	public class FileProcessorPermissionTest {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	51
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	52	static final String testSrc = System.getProperty("test.src", ".");
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	53	static final Path fromFilePath = Paths.get(testSrc, "FileProcessorPermissionTest.java");
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	54	static final Path asFilePath = Paths.get(testSrc, "asFile.txt");
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	55	static final Path CWD = Paths.get(".");
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	56	static final Class<SecurityException> SE = SecurityException.class;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	57
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	58	static AccessControlContext withPermissions(Permission... perms) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	59	Permissions p = new Permissions();
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	60	for (Permission perm : perms) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	61	p.add(perm);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	62	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	63	ProtectionDomain pd = new ProtectionDomain(null, p);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	64	return new AccessControlContext(new ProtectionDomain[]{ pd });
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	65	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	66
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	67	static AccessControlContext noPermissions() {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	68	return withPermissions(/empty/);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	69	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	70
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	71	@Test
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	72	public void test() throws Exception {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	73	List<PrivilegedExceptionAction<?>> list = List.of(
56167 96fa4f49a9ff http-client-branch: CSR review commet - outboard pre-defined BP/BH/BS chegar parents: 56138 diff changeset	74	() -> HttpRequest.BodyPublishers.ofFile(fromFilePath),
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	75
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	76	() -> BodyHandlers.ofFile(asFilePath),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	77	() -> BodyHandlers.ofFile(asFilePath, CREATE),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	78	() -> BodyHandlers.ofFile(asFilePath, CREATE, WRITE),
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	79
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	80	() -> BodyHandlers.ofFileDownload(CWD),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	81	() -> BodyHandlers.ofFileDownload(CWD, CREATE),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	82	() -> BodyHandlers.ofFileDownload(CWD, CREATE, WRITE)
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	83	);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	84
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	85	// TEST 1 - sanity, just run ( no security manager )
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	86	System.setSecurityManager(null);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	87	try {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	88	for (PrivilegedExceptionAction pa : list) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	89	AccessController.doPrivileged(pa);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	90	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	91	} finally {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	92	System.setSecurityManager(new SecurityManager());
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	93	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	94
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	95	// Run with all permissions, i.e. no further restrictions than test's AllPermission
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	96	for (PrivilegedExceptionAction pa : list) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	97	try {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	98	assert System.getSecurityManager() != null;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	99	AccessController.doPrivileged(pa, null, new Permission[] { });
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	100	} catch (PrivilegedActionException pae) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	101	fail("UNEXPECTED Exception:" + pae);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	102	pae.printStackTrace();
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	103	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	104	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	105
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	106	// TEST 2 - with all file permissions
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	107	AccessControlContext allFilesACC = withPermissions(
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	108	new FilePermission("<<ALL FILES>>" , "read,write")
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	109	);
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	110	for (PrivilegedExceptionAction pa : list) {
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	111	try {
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	112	assert System.getSecurityManager() != null;
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	113	AccessController.doPrivileged(pa, allFilesACC);
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	114	} catch (PrivilegedActionException pae) {
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	115	fail("UNEXPECTED Exception:" + pae);
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	116	pae.printStackTrace();
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	117	}
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	118	}
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	119
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	120	// TEST 3 - with limited permissions, i.e. just what is required
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	121	AccessControlContext minimalACC = withPermissions(
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	122	new FilePermission(fromFilePath.toString() , "read"),
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	123	new FilePermission(asFilePath.toString(), "write"),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	124	// ofFileDownload requires read and write to the dir
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	125	new FilePermission(CWD.toString(), "read,write"),
82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	126	new FilePermission(CWD.toString() + File.separator + "*", "read,write")
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	127	);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	128	for (PrivilegedExceptionAction pa : list) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	129	try {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	130	assert System.getSecurityManager() != null;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	131	AccessController.doPrivileged(pa, minimalACC);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	132	} catch (PrivilegedActionException pae) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	133	fail("UNEXPECTED Exception:" + pae);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	134	pae.printStackTrace();
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	135	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	136	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	137
56257 82a9340bdda6 http-client-branch: rework file permissions to use limited doPriv chegar parents: 56167 diff changeset	138	// TEST 4 - with NO permissions, i.e. expect SecurityException
48083 b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	139	for (PrivilegedExceptionAction pa : list) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	140	try {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	141	assert System.getSecurityManager() != null;
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	142	AccessController.doPrivileged(pa, noPermissions());
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	143	fail("EXPECTED SecurityException");
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	144	} catch (SecurityException expected) {
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	145	System.out.println("Caught expected SE:" + expected);
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	146	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	147	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	148	}
b1c1b4ef4be2 8191494: Refresh incubating HTTP Client chegar parents: diff changeset	149	}

author	chegar
	Wed, 07 Mar 2018 14:06:39 +0000
branch	http-client-branch
changeset 56257	82a9340bdda6
parent 56167	96fa4f49a9ff
child 56451	9585061fdb04
permissions	-rw-r--r--