jdk-sandbox: jdk/test/java/security/AccessController/LimitedDoPrivilegedWithThread.java@b0ea3c0bfb81 (annotated)

26638 30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	1	/*
45028 b0ea3c0bfb81 8179889: Fix typographic errors in copyright headers ihse parents: 26638 diff changeset	2	* Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
26638 30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	4	*
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	7	* published by the Free Software Foundation.
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	8	*
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	13	* accompanied this code).
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	14	*
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	18	*
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	21	* questions.
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	22	*/
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	23
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	24	/*
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	25	* @test
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	26	* @bug 8050281
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	27	* @summary Test limited doprivileged action with trhead calls.
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	28	* @run main/othervm/policy=policy LimitedDoPrivilegedWithThread
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	29	*/
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	30	import java.io.FilePermission;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	31	import java.security.AccessControlContext;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	32	import java.security.AccessControlException;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	33	import java.security.AccessController;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	34	import java.security.Permission;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	35	import java.security.PrivilegedAction;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	36	import java.security.ProtectionDomain;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	37	import java.util.PropertyPermission;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	38
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	39	public class LimitedDoPrivilegedWithThread {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	40
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	41	private static final Permission PROPERTYPERM
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	42	= new PropertyPermission("user.name", "read");
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	43	private static final Permission FILEPERM
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	44	= new FilePermission("*", "read");
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	45	private static final AccessControlContext ACC
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	46	= new AccessControlContext(
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	47	new ProtectionDomain[]{new ProtectionDomain(null, null)});
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	48
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	49	public static void main(String args[]) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	50	//parent thread without any permission
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	51	AccessController.doPrivileged(
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	52	(PrivilegedAction) () -> {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	53	Thread ct = new Thread(
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	54	new ChildThread(PROPERTYPERM, FILEPERM));
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	55	ct.start();
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	56	try {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	57	ct.join();
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	58	} catch (InterruptedException ie) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	59	Thread.currentThread().interrupt();
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	60	ie.printStackTrace();
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	61	throw new RuntimeException("Unexpected InterruptedException");
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	62	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	63	return null;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	64	}, ACC);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	65	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	66	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	67
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	68	class ChildThread implements Runnable {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	69
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	70	private final Permission P1;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	71	private final Permission P2;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	72	private boolean catchACE = false;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	73
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	74	public ChildThread(Permission p1, Permission p2) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	75	this.P1 = p1;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	76	this.P2 = p2;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	77	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	78
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	79	@Override
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	80	public void run() {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	81	//Verified that child thread has permission p1,
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	82	runTest(null, P1, false, 1);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	83	//Verified that child thread inherits parent thread's access control context
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	84	AccessControlContext childAcc = AccessController.getContext();
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	85	runTest(childAcc, P1, true, 2);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	86	//Verified that we can give permision p2 to limit the "privilege" of the
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	87	//class calling doprivileged action, stack walk will continue
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	88	runTest(null, P2, true, 3);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	89
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	90	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	91
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	92	public void runTest(AccessControlContext acc, Permission perm,
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	93	boolean expectACE, int id) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	94
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	95	AccessController.doPrivileged(
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	96	(PrivilegedAction) () -> {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	97	try {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	98	AccessController.getContext().checkPermission(P1);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	99	} catch (AccessControlException ace) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	100	catchACE = true;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	101	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	102	if (catchACE ^ expectACE) {
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	103	throw new RuntimeException("test" + id + " failed");
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	104	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	105	return null;
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	106	}, acc, perm);
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	107	}
30d15650259e 8050281: New permission tests for JEP 140 mullan parents: diff changeset	108	}

author	ihse
	Tue, 09 May 2017 12:57:30 +0200
changeset 45028	b0ea3c0bfb81
parent 26638	30d15650259e
permissions	-rw-r--r--