001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.securitymgr.ejb;
023:
024: import java.io.File;
025: import java.io.IOException;
026: import java.lang.SecurityManager;
027: import java.lang.reflect.Field;
028: import java.net.ServerSocket;
029: import java.net.Socket;
030: import java.security.Permission;
031: import java.security.Principal;
032: import javax.ejb.CreateException;
033: import javax.ejb.EJBException;
034: import javax.ejb.SessionBean;
035: import javax.ejb.SessionContext;
036:
037: import org.apache.log4j.Category;
038:
039: import org.jboss.security.SecurityAssociation;
040:
041: /** A session bean that attempts operations not allowed by the EJB 2.0
042: spec as a test of running JBoss with a security manager.
043:
044: @author Scott.Stark@jboss.org
045: @version $Revision: 57211 $
046: */
047: public class IOStatelessSessionBean implements SessionBean {
048: static final Category log = Category
049: .getInstance(IOStatelessSessionBean.class);
050:
051: private SessionContext sessionContext;
052:
053: public void ejbCreate() throws CreateException {
054: }
055:
056: public void ejbActivate() {
057: }
058:
059: public void ejbPassivate() {
060: }
061:
062: public void ejbRemove() {
063: }
064:
065: public void setSessionContext(SessionContext context) {
066: sessionContext = context;
067: }
068:
069: /**
070: */
071: public String read(String path) throws IOException {
072: log.debug("read, path=" + path);
073: File tstPath = new File(path);
074: if (tstPath.exists() == false)
075: path = null;
076: return path;
077: }
078:
079: public void write(String path) throws IOException {
080: log.debug("write, path=" + path);
081: File tstPath = new File(path);
082: tstPath.createNewFile();
083: }
084:
085: public void listen(int port) throws IOException {
086: log.debug("Creating server listening port: " + port);
087: ServerSocket ss = new ServerSocket(port);
088: log.debug("Listening");
089: ss.close();
090: }
091:
092: public void connect(String host, int port) throws IOException {
093: log.debug("connect, host: " + host + ", port: " + port);
094: Socket s = new Socket(host, port);
095: log.debug("Connected");
096: s.close();
097: }
098:
099: public void createClassLoader() {
100: log.debug("createClassLoader");
101: // Can't use URLClassLoader.newInstance as this uses a privaledged block
102: ClassLoader cl = new ClassLoader() {
103: };
104: log.debug("Created ClassLoader");
105: }
106:
107: public void getContextClassLoader() {
108: // This will be allowed because the our class loader is an ancestor of the TCL
109: log.debug("Begin getContextClassLoader");
110: ClassLoader cl = Thread.currentThread().getContextClassLoader();
111: log.debug("End getContextClassLoader");
112: }
113:
114: public void setContextClassLoader() {
115: log.debug("Begin setContextClassLoader");
116: ClassLoader cl = null;
117: Thread.currentThread().setContextClassLoader(cl);
118: log.debug("End setContextClassLoader");
119: }
120:
121: public void createSecurityMgr() {
122: log.debug("createSecurityMgr");
123: SecurityManager secmgr = new SecurityManager() {
124: public void checkPermission(Permission p) {
125: }
126: };
127: System.setSecurityManager(secmgr);
128: }
129:
130: /** This will only be disallowed if the current thread belongs to the
131: root thread group and this is rarely true as even the thread that
132: starts main() is not in this group.
133: */
134: public void renameThread() {
135: log.debug("renameThread");
136: Thread t = Thread.currentThread();
137: t.setName("Hijacked name");
138: log.debug("Renamed current thread");
139: }
140:
141: public void createThread() {
142: log.debug("createThread");
143: Thread t = new Thread("IOSession.createThread");
144: t.start();
145: log.debug("Started a thread");
146: }
147:
148: /** This test will only fail if reflection is used on a class that
149: has not been loaded by the same class loader as the IOStatelessSessionBean
150: */
151: public void useReflection() {
152: log.debug("useReflection");
153: try {
154: Field secret = System.class.getDeclaredField("secret");
155: Object value = secret.get(null);
156: } catch (NoSuchFieldException e) {
157: } catch (IllegalAccessException e) {
158: }
159: log
160: .debug("Search for System.secret did not fail with a SecurityException");
161: }
162:
163: public void loadLibrary() {
164: log.debug("loadLibrary");
165: System.loadLibrary("jdwp");
166: log.debug("Called System.loadLibrary");
167: }
168:
169: public void changeSystemOut() {
170: log.debug("changeSystemOut");
171: System.setOut(null);
172: }
173:
174: public void changeSystemErr() {
175: log.debug("changeSystemErr");
176: System.setErr(null);
177: }
178:
179: public void systemExit(int status) {
180: log.debug("systemExit");
181: System.exit(status);
182: }
183:
184: }
|