8050281: New permission tests for JEP 140
authormullan
Thu, 18 Sep 2014 15:36:38 -0400
changeset 26638 30d15650259e
parent 26635 2038308888ac
child 26639 a58e059dc53e
8050281: New permission tests for JEP 140 Reviewed-by: mullan Contributed-by: amanda.jiang@oracle.com
jdk/test/java/security/AccessController/LimitedDoPrivilegedWithNullPerms.java
jdk/test/java/security/AccessController/LimitedDoPrivilegedWithThread.java
jdk/test/java/security/AccessController/policy
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/AccessController/LimitedDoPrivilegedWithNullPerms.java	Thu Sep 18 15:36:38 2014 -0400
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2013,2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050281
+ * @summary Test that NullPointerException is thrown if any element of perms
+ * parameter is null
+ * @run testng LimitedDoPrivilegedWithNullPerms
+ */
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.PropertyPermission;
+import org.testng.annotations.Test;
+
+public class LimitedDoPrivilegedWithNullPerms {
+
+    AccessControlContext acc = AccessController.getContext();
+    Permission p1 = new PropertyPermission("user.name", "read");
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test1() {
+        AccessController.doPrivileged(
+                (PrivilegedAction<Void>) () -> null, acc, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test2() {
+        AccessController.doPrivileged(
+                (PrivilegedAction<Void>) () -> null, acc, p1, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test3() {
+        AccessController.doPrivilegedWithCombiner(
+                (PrivilegedAction<Void>) () -> null, acc, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test4() {
+        AccessController.doPrivilegedWithCombiner(
+                (PrivilegedAction<Void>) () -> null, acc, p1, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test5() throws PrivilegedActionException {
+        AccessController.doPrivileged(
+                (PrivilegedExceptionAction<Void>) () -> null,
+                acc, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test6() throws PrivilegedActionException {
+        AccessController.doPrivileged(
+                (PrivilegedExceptionAction<Void>) () -> null,
+                acc, p1, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test7() throws PrivilegedActionException {
+        AccessController.doPrivilegedWithCombiner(
+                (PrivilegedExceptionAction<Void>) () -> null,
+                acc, null);
+    }
+
+    @Test(expectedExceptions = NullPointerException.class)
+    public void test8() throws PrivilegedActionException {
+        AccessController.doPrivilegedWithCombiner(
+                (PrivilegedExceptionAction<Void>) () -> null,
+                acc, p1, null);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/AccessController/LimitedDoPrivilegedWithThread.java	Thu Sep 18 15:36:38 2014 -0400
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2013,2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050281
+ * @summary Test limited doprivileged action with trhead calls.
+ * @run main/othervm/policy=policy LimitedDoPrivilegedWithThread
+ */
+import java.io.FilePermission;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
+
+public class LimitedDoPrivilegedWithThread {
+
+    private static final Permission PROPERTYPERM
+            = new PropertyPermission("user.name", "read");
+    private static final Permission FILEPERM
+            = new FilePermission("*", "read");
+    private static final AccessControlContext ACC
+            = new AccessControlContext(
+                    new ProtectionDomain[]{new ProtectionDomain(null, null)});
+
+    public static void main(String args[]) {
+        //parent thread without any permission
+        AccessController.doPrivileged(
+                (PrivilegedAction) () -> {
+                    Thread ct = new Thread(
+                            new ChildThread(PROPERTYPERM, FILEPERM));
+                    ct.start();
+                    try {
+                        ct.join();
+                    } catch (InterruptedException ie) {
+                        Thread.currentThread().interrupt();
+                        ie.printStackTrace();
+                        throw new RuntimeException("Unexpected InterruptedException");
+                    }
+                    return null;
+                }, ACC);
+    }
+}
+
+class ChildThread implements Runnable {
+
+    private final Permission P1;
+    private final Permission P2;
+    private boolean catchACE = false;
+
+    public ChildThread(Permission p1, Permission p2) {
+        this.P1 = p1;
+        this.P2 = p2;
+    }
+
+    @Override
+    public void run() {
+        //Verified that child thread has permission p1,
+        runTest(null, P1, false, 1);
+        //Verified that child thread inherits parent thread's access control context
+        AccessControlContext childAcc = AccessController.getContext();
+        runTest(childAcc, P1, true, 2);
+        //Verified that we can give permision p2 to limit the "privilege" of the
+        //class calling doprivileged action, stack walk will continue
+        runTest(null, P2, true, 3);
+
+    }
+
+    public void runTest(AccessControlContext acc, Permission perm,
+            boolean expectACE, int id) {
+
+        AccessController.doPrivileged(
+                (PrivilegedAction) () -> {
+                    try {
+                        AccessController.getContext().checkPermission(P1);
+                    } catch (AccessControlException ace) {
+                        catchACE = true;
+                    }
+                    if (catchACE ^ expectACE) {
+                        throw new RuntimeException("test" + id + " failed");
+                    }
+                    return null;
+                }, acc, perm);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/AccessController/policy	Thu Sep 18 15:36:38 2014 -0400
@@ -0,0 +1,4 @@
+grant{
+	permission java.util.PropertyPermission "user.name", "read";
+ 	permission java.io.FilePermission "*", "read";
+};