22 */ |
22 */ |
23 |
23 |
24 /* |
24 /* |
25 * @test |
25 * @test |
26 * @summary Basic checks for SecurityException from body processors APIs |
26 * @summary Basic checks for SecurityException from body processors APIs |
27 * @run testng/othervm/java.security.policy=httpclient.policy FileProcessorPermissionTest |
27 * @run testng/othervm/java.security.policy=allpermissions.policy FileProcessorPermissionTest |
28 */ |
28 */ |
29 |
29 |
|
30 import java.io.File; |
30 import java.io.FilePermission; |
31 import java.io.FilePermission; |
31 import java.nio.file.Path; |
32 import java.nio.file.Path; |
32 import java.nio.file.Paths; |
33 import java.nio.file.Paths; |
33 import java.security.AccessControlContext; |
34 import java.security.AccessControlContext; |
34 import java.security.AccessController; |
35 import java.security.AccessController; |
37 import java.security.PrivilegedActionException; |
38 import java.security.PrivilegedActionException; |
38 import java.security.PrivilegedExceptionAction; |
39 import java.security.PrivilegedExceptionAction; |
39 import java.security.ProtectionDomain; |
40 import java.security.ProtectionDomain; |
40 import java.util.List; |
41 import java.util.List; |
41 import java.net.http.HttpRequest; |
42 import java.net.http.HttpRequest; |
|
43 import java.net.http.HttpRequest.BodyPublishers; |
42 import java.net.http.HttpResponse; |
44 import java.net.http.HttpResponse; |
|
45 import java.net.http.HttpResponse.BodyHandlers; |
43 import org.testng.annotations.Test; |
46 import org.testng.annotations.Test; |
44 import static java.nio.file.StandardOpenOption.*; |
47 import static java.nio.file.StandardOpenOption.*; |
45 import static org.testng.Assert.*; |
48 import static org.testng.Assert.*; |
46 |
49 |
47 public class FileProcessorPermissionTest { |
50 public class FileProcessorPermissionTest { |
68 @Test |
71 @Test |
69 public void test() throws Exception { |
72 public void test() throws Exception { |
70 List<PrivilegedExceptionAction<?>> list = List.of( |
73 List<PrivilegedExceptionAction<?>> list = List.of( |
71 () -> HttpRequest.BodyPublishers.ofFile(fromFilePath), |
74 () -> HttpRequest.BodyPublishers.ofFile(fromFilePath), |
72 |
75 |
73 () -> HttpResponse.BodyHandlers.ofFile(asFilePath), |
76 () -> BodyHandlers.ofFile(asFilePath), |
74 () -> HttpResponse.BodyHandlers.ofFile(asFilePath, CREATE), |
77 () -> BodyHandlers.ofFile(asFilePath, CREATE), |
75 () -> HttpResponse.BodyHandlers.ofFile(asFilePath, CREATE, WRITE), |
78 () -> BodyHandlers.ofFile(asFilePath, CREATE, WRITE), |
76 |
79 |
77 () -> HttpResponse.BodyHandlers.ofFileDownload(CWD), |
80 () -> BodyHandlers.ofFileDownload(CWD), |
78 () -> HttpResponse.BodyHandlers.ofFileDownload(CWD, CREATE), |
81 () -> BodyHandlers.ofFileDownload(CWD, CREATE), |
79 () -> HttpResponse.BodyHandlers.ofFileDownload(CWD, CREATE, WRITE) |
82 () -> BodyHandlers.ofFileDownload(CWD, CREATE, WRITE) |
80 ); |
83 ); |
81 |
84 |
82 // sanity, just run http ( no security manager ) |
85 // TEST 1 - sanity, just run ( no security manager ) |
83 System.setSecurityManager(null); |
86 System.setSecurityManager(null); |
84 try { |
87 try { |
85 for (PrivilegedExceptionAction pa : list) { |
88 for (PrivilegedExceptionAction pa : list) { |
86 AccessController.doPrivileged(pa); |
89 AccessController.doPrivileged(pa); |
87 } |
90 } |
98 fail("UNEXPECTED Exception:" + pae); |
101 fail("UNEXPECTED Exception:" + pae); |
99 pae.printStackTrace(); |
102 pae.printStackTrace(); |
100 } |
103 } |
101 } |
104 } |
102 |
105 |
103 // Run with limited permissions, i.e. just what is required |
106 // TEST 2 - with all file permissions |
|
107 AccessControlContext allFilesACC = withPermissions( |
|
108 new FilePermission("<<ALL FILES>>" , "read,write") |
|
109 ); |
|
110 for (PrivilegedExceptionAction pa : list) { |
|
111 try { |
|
112 assert System.getSecurityManager() != null; |
|
113 AccessController.doPrivileged(pa, allFilesACC); |
|
114 } catch (PrivilegedActionException pae) { |
|
115 fail("UNEXPECTED Exception:" + pae); |
|
116 pae.printStackTrace(); |
|
117 } |
|
118 } |
|
119 |
|
120 // TEST 3 - with limited permissions, i.e. just what is required |
104 AccessControlContext minimalACC = withPermissions( |
121 AccessControlContext minimalACC = withPermissions( |
105 new FilePermission(fromFilePath.toString() , "read"), |
122 new FilePermission(fromFilePath.toString() , "read"), |
106 new FilePermission(asFilePath.toString(), "read,write,delete"), |
123 new FilePermission(asFilePath.toString(), "write"), |
107 new FilePermission(CWD.toString(), "read,write,delete") |
124 // ofFileDownload requires read and write to the dir |
|
125 new FilePermission(CWD.toString(), "read,write"), |
|
126 new FilePermission(CWD.toString() + File.separator + "*", "read,write") |
108 ); |
127 ); |
109 for (PrivilegedExceptionAction pa : list) { |
128 for (PrivilegedExceptionAction pa : list) { |
110 try { |
129 try { |
111 assert System.getSecurityManager() != null; |
130 assert System.getSecurityManager() != null; |
112 AccessController.doPrivileged(pa, minimalACC); |
131 AccessController.doPrivileged(pa, minimalACC); |
114 fail("UNEXPECTED Exception:" + pae); |
133 fail("UNEXPECTED Exception:" + pae); |
115 pae.printStackTrace(); |
134 pae.printStackTrace(); |
116 } |
135 } |
117 } |
136 } |
118 |
137 |
119 // Run with NO permissions, i.e. expect SecurityException |
138 // TEST 4 - with NO permissions, i.e. expect SecurityException |
120 for (PrivilegedExceptionAction pa : list) { |
139 for (PrivilegedExceptionAction pa : list) { |
121 try { |
140 try { |
122 assert System.getSecurityManager() != null; |
141 assert System.getSecurityManager() != null; |
123 AccessController.doPrivileged(pa, noPermissions()); |
142 AccessController.doPrivileged(pa, noPermissions()); |
124 fail("EXPECTED SecurityException"); |
143 fail("EXPECTED SecurityException"); |