01: /*
02: jGuard is a security framework based on top of jaas (java authentication and authorization security).
03: it is written for web applications, to resolve simply, access control problems.
04:
05: http://sourceforge.net/projects/jguard/
06:
07: Copyright (C) 2004 Charles GAY
08:
09: This library is free software; you can redistribute it and/or
10: modify it under the terms of the GNU Lesser General Public
11: License as published by the Free Software Foundation; either
12: version 2.1 of the License, or (at your option) any later version.
13:
14: This library is distributed in the hope that it will be useful,
15: but WITHOUT ANY WARRANTY; without even the implied warranty of
16: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17: Lesser General Public License for more details.
18:
19: You should have received a copy of the GNU Lesser General Public
20: License along with this library; if not, write to the Free Software
21: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22:
23:
24: jGuard project home page:
25: http://sourceforge.net/projects/jguard/
26:
27: */
28: package net.sf.jguard.jee.authorization;
29:
30: import groovy.lang.GroovyShell;
31: import groovy.security.GroovyCodeSourcePermission;
32:
33: import java.security.AccessControlContext;
34: import java.security.AccessControlException;
35: import java.security.AccessController;
36: import java.security.PrivilegedAction;
37: import java.security.SecurityPermission;
38: import java.util.HashSet;
39:
40: import net.sf.jguard.core.authorization.policy.AccessControlContextUtils;
41: import net.sf.jguard.core.principals.RolePrincipal;
42:
43: import org.codehaus.groovy.control.CompilationFailedException;
44:
45: import junit.framework.Assert;
46: import junit.framework.TestCase;
47:
48: public class AccessControlContextTest extends TestCase {
49:
50: /*
51: * Test method for 'net.sf.jguard.ext.authorization.AuthorizationUtils.getRestrictedAccessControlContext(Principal)'
52: */
53: public void getRestrictedAccessControlContext() {
54: final String scriptText = "System.exit(0);";
55: final GroovyShell gs = new GroovyShell();
56: AccessControlContext acc = null;
57: RolePrincipal principal = new RolePrincipal("toto", "sdfsdf");
58: principal.setPermissions(new HashSet());
59: principal
60: .addPermission(new GroovyCodeSourcePermission("totos"));
61: principal.addPermission(new SecurityPermission(
62: "createAccessControlContext"));
63:
64: acc = AccessControlContextUtils
65: .getRestrictedAccessControlContext(principal);
66: // System.setSecurityManager(new SecurityManager());
67: try {
68: AccessController.doPrivileged(new PrivilegedAction() {
69: public Object run() {
70: Object scriptResult = null;
71: try {
72: // System.setSecurityManager(new SecurityManager());
73: scriptResult = gs.evaluate(scriptText);
74: } catch (CompilationFailedException e) {
75: TestCase.fail(e.getMessage());
76: }
77: return scriptResult;
78: }
79: }, acc);
80: } catch (AccessControlException ace) {
81: System.out.println(" restricted area! OK");
82:
83: return;
84:
85: }
86:
87: Assert
88: .fail(" an accessControlException should be thrown to prevent security operations done by scripting languages ");
89: }
90:
91: public void testDummy() {
92:
93: }
94: }
|