Source Code Cross Referenced for LocalSecurityManagerTest.java in  » JMX » mx4j » test » javax » management » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         * Copyright (C) The MX4J Contributors.
003:         * All rights reserved.
004:         *
005:         * This software is distributed under the terms of the MX4J License version 1.0.
006:         * See the terms of the MX4J License in the documentation provided with this software.
007:         */
008:
009:        package test.javax.management;
010:
011:        import java.security.AllPermission;
012:        import java.security.CodeSource;
013:        import java.security.Permission;
014:        import java.security.PermissionCollection;
015:        import java.security.Permissions;
016:        import java.security.Policy;
017:        import java.security.ProtectionDomain;
018:        import java.security.SecurityPermission;
019:        import java.util.ArrayList;
020:        import java.util.HashMap;
021:        import java.util.Map;
022:        import javax.management.MBeanPermission;
023:        import javax.management.MBeanServer;
024:        import javax.management.MBeanServerDelegate;
025:        import javax.management.MBeanServerFactory;
026:        import javax.management.MBeanServerPermission;
027:        import javax.management.ObjectName;
028:        import javax.management.loading.ClassLoaderRepository;
029:        import javax.management.loading.MLet;
030:
031:        import junit.framework.TestCase;
032:        import mx4j.log.Log;
033:        import mx4j.server.MX4JMBeanServer;
034:
035:        /**
036:         * @version $Revision: 1.5 $
037:         */
038:        public class LocalSecurityManagerTest extends SecurityManagerTestCase {
039:            static {
040:                // For the way JUnit works, we have one JVM per test class
041:                Policy.setPolicy(new LocalModifiablePolicy());
042:                System.setSecurityManager(new SecurityManager());
043:            }
044:
045:            public LocalSecurityManagerTest(String s) {
046:                super (s);
047:            }
048:
049:            protected void setUp() throws Exception {
050:                // Be sure we have a security manager and the right policy
051:                SecurityManager sm = System.getSecurityManager();
052:                if (sm == null)
053:                    fail();
054:                Policy policy = Policy.getPolicy();
055:                if (!(policy instanceof  LocalModifiablePolicy))
056:                    fail();
057:                ((LocalModifiablePolicy) policy).initialize();
058:            }
059:
060:            protected void addPermission(Permission p) {
061:                LocalModifiablePolicy policy = (LocalModifiablePolicy) Policy
062:                        .getPolicy();
063:                policy.addPermission(p);
064:            }
065:
066:            protected void resetPermissions() {
067:                LocalModifiablePolicy policy = (LocalModifiablePolicy) Policy
068:                        .getPolicy();
069:                policy.initialize();
070:            }
071:
072:            public void testNewMBeanServer() throws Exception {
073:                try {
074:                    MBeanServerFactory.newMBeanServer();
075:                    fail();
076:                } catch (SecurityException ignored) {
077:                }
078:
079:                addPermission(new MBeanServerPermission("newMBeanServer"));
080:                MBeanServerFactory.newMBeanServer();
081:
082:                try {
083:                    MBeanServerFactory.createMBeanServer();
084:                    fail();
085:                } catch (SecurityException ignored) {
086:                }
087:            }
088:
089:            public void testCreateMBeanServer() throws Exception {
090:                try {
091:                    MBeanServerFactory.createMBeanServer();
092:                    fail();
093:                } catch (SecurityException ignored) {
094:                }
095:
096:                addPermission(new MBeanServerPermission("createMBeanServer"));
097:                MBeanServer server = MBeanServerFactory.createMBeanServer();
098:                MBeanServerFactory.newMBeanServer();
099:
100:                try {
101:                    MBeanServerFactory.releaseMBeanServer(server);
102:                    fail();
103:                } catch (SecurityException ignored) {
104:                }
105:
106:                // Clean up
107:                addPermission(new MBeanServerPermission("releaseMBeanServer"));
108:                MBeanServerFactory.releaseMBeanServer(server);
109:            }
110:
111:            public void testReleaseMBeanServer() throws Exception {
112:                addPermission(new MBeanServerPermission("createMBeanServer"));
113:                MBeanServer server = MBeanServerFactory.createMBeanServer();
114:
115:                try {
116:                    MBeanServerFactory.releaseMBeanServer(server);
117:                    fail();
118:                } catch (SecurityException ignored) {
119:                }
120:
121:                addPermission(new MBeanServerPermission("releaseMBeanServer"));
122:                MBeanServerFactory.releaseMBeanServer(server);
123:            }
124:
125:            public void testReleaseMBeanServer2() throws Exception {
126:                addPermission(new MBeanServerPermission(
127:                        "createMBeanServer, releaseMBeanServer"));
128:                MBeanServer server = MBeanServerFactory.createMBeanServer();
129:                MBeanServerFactory.releaseMBeanServer(server);
130:            }
131:
132:            public void testFindMBeanServer() throws Exception {
133:                addPermission(new MBeanServerPermission("createMBeanServer"));
134:                MBeanServer server = MBeanServerFactory.createMBeanServer();
135:
136:                try {
137:                    MBeanServerFactory.findMBeanServer(null);
138:                    fail();
139:                } catch (SecurityException ignored) {
140:                }
141:
142:                addPermission(new MBeanServerPermission("findMBeanServer"));
143:                ArrayList list = MBeanServerFactory.findMBeanServer(null);
144:                if (!list.contains(server))
145:                    fail();
146:
147:                // Clean up
148:                addPermission(new MBeanServerPermission("releaseMBeanServer"));
149:                MBeanServerFactory.releaseMBeanServer(server);
150:            }
151:
152:            public void testAddRemoveNotificationListener() throws Exception {
153:                addPermission(new MBeanServerPermission("newMBeanServer"));
154:                MBeanServer server = MBeanServerFactory.newMBeanServer();
155:                testAddRemoveNotificationListener(server);
156:            }
157:
158:            public void testCreateMBean4Params() throws Exception {
159:                addPermission(new MBeanServerPermission("newMBeanServer"));
160:                MBeanServer server = MBeanServerFactory.newMBeanServer();
161:                testCreateMBean4Params(server);
162:            }
163:
164:            public void testCreateMBean5Params() throws Exception {
165:                addPermission(new MBeanServerPermission("newMBeanServer"));
166:                MBeanServer server = MBeanServerFactory.newMBeanServer();
167:                testCreateMBean5Params(server);
168:            }
169:
170:            public void testGetAttribute() throws Exception {
171:                addPermission(new MBeanServerPermission("newMBeanServer"));
172:                MBeanServer server = MBeanServerFactory.newMBeanServer();
173:                testGetAttribute(server);
174:            }
175:
176:            public void testGetAttributes() throws Exception {
177:                addPermission(new MBeanServerPermission("newMBeanServer"));
178:                MBeanServer server = MBeanServerFactory.newMBeanServer();
179:                testGetAttributes(server);
180:            }
181:
182:            public void testGetDefaultDomain() throws Exception {
183:                addPermission(new MBeanServerPermission("newMBeanServer"));
184:                String domain = "simon";
185:                MBeanServer server = MBeanServerFactory.newMBeanServer(domain);
186:                testGetDefaultDomain(server, domain);
187:            }
188:
189:            public void testGetDomains() throws Exception {
190:                addPermission(new MBeanServerPermission("newMBeanServer"));
191:                MBeanServer server = MBeanServerFactory.newMBeanServer();
192:                testGetDomains(server);
193:            }
194:
195:            public void testGetMBeanCount() throws Exception {
196:                addPermission(new MBeanServerPermission("newMBeanServer"));
197:                MBeanServer server = MBeanServerFactory.newMBeanServer();
198:                testGetMBeanCount(server);
199:            }
200:
201:            public void testGetMBeanInfo() throws Exception {
202:                addPermission(new MBeanServerPermission("newMBeanServer"));
203:                MBeanServer server = MBeanServerFactory.newMBeanServer();
204:                testGetMBeanInfo(server);
205:            }
206:
207:            public void testGetObjectInstance() throws Exception {
208:                addPermission(new MBeanServerPermission("newMBeanServer"));
209:                MBeanServer server = MBeanServerFactory.newMBeanServer();
210:                testGetObjectInstance(server);
211:            }
212:
213:            public void testInstantiate() throws Exception {
214:                addPermission(new MBeanServerPermission("newMBeanServer"));
215:                MBeanServer server = MBeanServerFactory.newMBeanServer();
216:
217:                String className = "java.lang.String";
218:
219:                try {
220:                    server.instantiate(className, null);
221:                    fail();
222:                } catch (SecurityException ignored) {
223:                }
224:
225:                addPermission(new MBeanPermission(className, "instantiate"));
226:                server.instantiate(className, null);
227:
228:                // Check also the overloaded version, we need an MLet
229:                String mletClassName = "javax.management.loading.MLet";
230:                ObjectName name = new ObjectName(server.getDefaultDomain(),
231:                        "mbean", "mlet");
232:                resetPermissions();
233:                addPermission(new MBeanPermission(mletClassName,
234:                        "instantiate, registerMBean"));
235:                addPermission(new RuntimePermission("createClassLoader"));
236:                server.createMBean(mletClassName, name, null);
237:
238:                try {
239:                    server.instantiate(className, null);
240:                    fail();
241:                } catch (SecurityException ignored) {
242:                }
243:
244:                addPermission(new MBeanPermission(className, "instantiate"));
245:                server.instantiate(className, null);
246:            }
247:
248:            public void testInvoke() throws Exception {
249:                addPermission(new MBeanServerPermission("newMBeanServer"));
250:                MBeanServer server = MBeanServerFactory.newMBeanServer();
251:                testInvoke(server);
252:            }
253:
254:            public void testIsInstanceOf() throws Exception {
255:                addPermission(new MBeanServerPermission("newMBeanServer"));
256:                MBeanServer server = MBeanServerFactory.newMBeanServer();
257:                testIsInstanceOf(server);
258:            }
259:
260:            public void testIsRegistered() throws Exception {
261:                addPermission(new MBeanServerPermission("newMBeanServer"));
262:                MBeanServer server = MBeanServerFactory.newMBeanServer();
263:                testIsRegistered(server);
264:            }
265:
266:            public void testQueryMBeans() throws Exception {
267:                addPermission(new MBeanServerPermission("newMBeanServer"));
268:                MBeanServer server = MBeanServerFactory.newMBeanServer();
269:                testQueryMBeans(server);
270:            }
271:
272:            public void testQueryNames() throws Exception {
273:                addPermission(new MBeanServerPermission("newMBeanServer"));
274:                MBeanServer server = MBeanServerFactory.newMBeanServer();
275:                testQueryNames(server);
276:            }
277:
278:            public void testRegisterMBean() throws Exception {
279:                addPermission(new MBeanServerPermission("newMBeanServer"));
280:                MBeanServer server = MBeanServerFactory.newMBeanServer();
281:
282:                MBeanServerDelegate mbean = new MBeanServerDelegate();
283:                ObjectName name = new ObjectName(server.getDefaultDomain(),
284:                        "name", "test");
285:
286:                try {
287:                    server.registerMBean(mbean, name);
288:                    fail();
289:                } catch (SecurityException ignored) {
290:                }
291:
292:                addPermission(new MBeanPermission(mbean.getClass().getName()
293:                        + "[" + name.getCanonicalName() + "]", "registerMBean"));
294:                server.registerMBean(mbean, name);
295:            }
296:
297:            public void testSetAttribute() throws Exception {
298:                addPermission(new MBeanServerPermission("newMBeanServer"));
299:                MBeanServer server = MBeanServerFactory.newMBeanServer();
300:                testSetAttribute(server);
301:            }
302:
303:            public void testSetAttributes() throws Exception {
304:                addPermission(new MBeanServerPermission("newMBeanServer"));
305:                MBeanServer server = MBeanServerFactory.newMBeanServer();
306:                testSetAttributes(server);
307:            }
308:
309:            public void testUnregisterMBean() throws Exception {
310:                addPermission(new MBeanServerPermission("newMBeanServer"));
311:                MBeanServer server = MBeanServerFactory.newMBeanServer();
312:                testUnregisterMBean(server);
313:            }
314:
315:            public void testGetClassLoader() throws Exception {
316:                addPermission(new MBeanServerPermission("newMBeanServer"));
317:                MBeanServer server = MBeanServerFactory.newMBeanServer();
318:
319:                // Needed to create an MLet, which is a ClassLoader
320:                addPermission(new RuntimePermission("createClassLoader"));
321:                ObjectName name = new ObjectName(server.getDefaultDomain(),
322:                        "mbean", "mlet");
323:                MLet mlet = new MLet();
324:                addPermission(new MBeanPermission(mlet.getClass().getName(),
325:                        "registerMBean"));
326:                server.registerMBean(mlet, name);
327:
328:                try {
329:                    server.getClassLoader(null);
330:                    fail();
331:                } catch (SecurityException ignored) {
332:                }
333:
334:                // Dummy class
335:                addPermission(new MBeanPermission("foo["
336:                        + name.getCanonicalName() + "]", "getClassLoader"));
337:
338:                try {
339:                    server.getClassLoader(name);
340:                    fail();
341:                } catch (SecurityException ignored) {
342:                }
343:
344:                addPermission(new MBeanPermission(mlet.getClass().getName()
345:                        + "[" + name.getCanonicalName() + "]", "getClassLoader"));
346:                ClassLoader result = server.getClassLoader(name);
347:                assertSame(result, mlet);
348:            }
349:
350:            public void testGetClassLoaderFor() throws Exception {
351:                addPermission(new MBeanServerPermission("newMBeanServer"));
352:                MBeanServer server = MBeanServerFactory.newMBeanServer();
353:                ObjectName delegate = ObjectName.getInstance(
354:                        "JMImplementation", "type", "MBeanServerDelegate");
355:                try {
356:                    server.getClassLoaderFor(delegate);
357:                    fail();
358:                } catch (SecurityException x) {
359:                }
360:                addPermission(new MBeanPermission("["
361:                        + delegate.getCanonicalName() + "]",
362:                        "getClassLoaderFor"));
363:                ClassLoader loader = server.getClassLoaderFor(delegate);
364:                assertNotNull(loader);
365:            }
366:
367:            public void testGetClassLoaderRepository() throws Exception {
368:                addPermission(new MBeanServerPermission("newMBeanServer"));
369:                MBeanServer server = MBeanServerFactory.newMBeanServer();
370:                try {
371:                    server.getClassLoaderRepository();
372:                    fail();
373:                } catch (SecurityException x) {
374:                }
375:                addPermission(new MBeanPermission("*",
376:                        "getClassLoaderRepository"));
377:                ClassLoaderRepository loader = server
378:                        .getClassLoaderRepository();
379:                assertNotNull(loader);
380:            }
381:
382:            /**
383:             * A modifiable policy that allow permissions to be added at runtime, used for tests purposes only.
384:             */
385:            public static class LocalModifiablePolicy extends Policy {
386:                private final ProtectionDomain testDomain;
387:                private final Map permissionsMap = new HashMap();
388:
389:                public LocalModifiablePolicy() {
390:                    // Here we still have no security manager installed
391:                    testDomain = LocalModifiablePolicy.class
392:                            .getProtectionDomain();
393:
394:                    // Add the permissions needed to run the tests
395:                    CodeSource junitCodeSource = TestCase.class
396:                            .getProtectionDomain().getCodeSource();
397:                    permissionsMap.put(junitCodeSource, createAllPermissions());
398:
399:                    CodeSource mx4jCodeSource = MBeanServerFactory.class
400:                            .getProtectionDomain().getCodeSource();
401:                    permissionsMap.put(mx4jCodeSource, createAllPermissions());
402:
403:                    CodeSource implCodeSource = MX4JMBeanServer.class
404:                            .getProtectionDomain().getCodeSource();
405:                    permissionsMap.put(implCodeSource, createAllPermissions());
406:
407:                    // In the automated tests, the log classes may be taken from the JSR 160 jars.
408:                    CodeSource logCodeSource = Log.class.getProtectionDomain()
409:                            .getCodeSource();
410:                    permissionsMap.put(logCodeSource, createAllPermissions());
411:
412:                    ClassLoader loader = getClass().getClassLoader();
413:
414:                    // BCEL
415:                    try {
416:                        Class cls = loader
417:                                .loadClass("org.apache.bcel.generic.Type");
418:                        CodeSource bcelCodeSource = cls.getProtectionDomain()
419:                                .getCodeSource();
420:                        permissionsMap.put(bcelCodeSource,
421:                                createAllPermissions());
422:                    } catch (ClassNotFoundException ignored) {
423:                    }
424:
425:                    // When we run automated, we need also permissions for Ant jars
426:                    try {
427:                        Class cls = loader
428:                                .loadClass("org.apache.tools.ant.Task");
429:                        CodeSource antCodeSource = cls.getProtectionDomain()
430:                                .getCodeSource();
431:                        permissionsMap.put(antCodeSource,
432:                                createAllPermissions());
433:                        cls = loader
434:                                .loadClass("org.apache.tools.ant.taskdefs.optional.junit.JUnitTask");
435:                        antCodeSource = cls.getProtectionDomain()
436:                                .getCodeSource();
437:                        permissionsMap.put(antCodeSource,
438:                                createAllPermissions());
439:                    } catch (ClassNotFoundException ignored) {
440:                    }
441:
442:                    initialize();
443:                }
444:
445:                private Permissions createAllPermissions() {
446:                    Permissions allPermissions = new Permissions();
447:                    allPermissions.add(new AllPermission());
448:                    return allPermissions;
449:                }
450:
451:                public PermissionCollection getPermissions(CodeSource codesource) {
452:                    Permissions permissions = (Permissions) permissionsMap
453:                            .get(codesource);
454:                    if (permissions == null) {
455:                        permissions = new Permissions();
456:                        permissionsMap.put(codesource, permissions);
457:                    }
458:                    return permissions;
459:                }
460:
461:                public void refresh() {
462:                }
463:
464:                /**
465:                 * For JDK 1.4 overriding this method disables caching of Permissions done by the
466:                 * standard Policy implementation.
467:                 * This is done because we install this policy *before* installing the security manager.
468:                 * By doing so, in JDK 1.4 the permissions granted at the moment of policy installation
469:                 * (no security manager == AllPermission) are cached and will invalidate all tests, since
470:                 * they will become unmodifiable.
471:                 * <p/>
472:                 * The stack trace is when checking a permission is:
473:                 * <p/>
474:                 * SecurityManager.checkPermission()
475:                 * AccessController.checkPermission()
476:                 * AccessControlContext.checkPermission()
477:                 * ProtectionDomain.implies()
478:                 * LocalModifiablePolicy.implies()
479:                 */
480:                public boolean implies(ProtectionDomain domain,
481:                        Permission permission) {
482:                    PermissionCollection perms = getPermissions(domain
483:                            .getCodeSource());
484:                    return perms.implies(permission);
485:                }
486:
487:                /**
488:                 * Adds the given permission to the client (the test in this case) codesource
489:                 */
490:                public void addPermission(Permission p) {
491:                    Permissions permissions = (Permissions) getPermissions(testDomain
492:                            .getCodeSource());
493:                    permissions.add(p);
494:                }
495:
496:                /**
497:                 * Initializes the permissions for the client (the test in this case) codesource
498:                 */
499:                public synchronized void initialize() {
500:                    Permissions permissions = new Permissions();
501:                    permissions.add(new SecurityPermission("getPolicy"));
502:                    permissionsMap.put(testDomain.getCodeSource(), permissions);
503:                }
504:            }
505:        }