001: /*
002: * Copyright (C) 2006, 2007 XStream Committers.
003: * All rights reserved.
004: *
005: * The software in this package is published under the terms of the BSD
006: * style license a copy of which has been included with this distribution in
007: * the LICENSE.txt file.
008: *
009: * Created on 24. March 2006 by Joerg Schaible
010: */
011: package com.thoughtworks.acceptance;
012:
013: import com.thoughtworks.acceptance.objects.Software;
014: import com.thoughtworks.xstream.XStream;
015: import com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider;
016: import com.thoughtworks.xstream.core.JVM;
017: import com.thoughtworks.xstream.io.xml.DomDriver;
018: import com.thoughtworks.xstream.testutil.DynamicSecurityManager;
019:
020: import junit.framework.TestCase;
021:
022: import java.io.File;
023: import java.io.FilePermission;
024: import java.lang.reflect.ReflectPermission;
025: import java.security.CodeSource;
026: import java.security.Permission;
027: import java.security.Policy;
028: import java.security.cert.Certificate;
029: import java.util.Iterator;
030: import java.util.PropertyPermission;
031:
032: /**
033: * Test XStream with an active SecurityManager. Note, that it is intentional, that this test is
034: * not derived from AbstractAcceptanceTest to avoid loaded classes before the SecurityManager is
035: * in action. Also run each fixture in its own to avoid side-effects.
036: *
037: * @author Jörg Schaible
038: */
039: public class SecurityManagerTest extends TestCase {
040:
041: private XStream xstream;
042: private DynamicSecurityManager securityManager;
043: private CodeSource defaultCodeSource;
044: private File mainClasses;
045: private File testClasses;
046: private File libs;
047: private File libsJDK13;
048:
049: protected void setUp() throws Exception {
050: super .setUp();
051: System.setSecurityManager(null);
052: defaultCodeSource = new CodeSource(null, (Certificate[]) null);
053: mainClasses = new File(new File(new File(System
054: .getProperty("user.dir"), "target"), "classes"), "-");
055: testClasses = new File(new File(new File(System
056: .getProperty("user.dir"), "target"), "test-classes"),
057: "-");
058: libs = new File(
059: new File(System.getProperty("user.dir"), "lib"), "*");
060: if (!JVM.is14()) {
061: libsJDK13 = new File(new File(new File(System
062: .getProperty("user.dir"), "lib"), "jdk1.3"), "*");
063: }
064: securityManager = new DynamicSecurityManager();
065: Policy policy = Policy.getPolicy();
066: securityManager.setPermissions(defaultCodeSource, policy
067: .getPermissions(defaultCodeSource));
068: securityManager.addPermission(defaultCodeSource,
069: new RuntimePermission("setSecurityManager"));
070: }
071:
072: protected void tearDown() throws Exception {
073: System.setSecurityManager(null);
074: super .tearDown();
075: }
076:
077: protected void runTest() throws Throwable {
078: try {
079: super .runTest();
080: } catch (Throwable e) {
081: for (final Iterator iter = securityManager
082: .getFailedPermissions().iterator(); iter.hasNext();) {
083: final Permission permission = (Permission) iter.next();
084: System.out.println("SecurityException: Permission "
085: + permission.toString());
086: }
087: throw e;
088: }
089: }
090:
091: public void testSerializeWithXpp3DriverAndSun14ReflectionProviderAndActiveSecurityManager() {
092: if (JVM.is14()) {
093: securityManager.addPermission(defaultCodeSource,
094: new FilePermission(mainClasses.toString(), "read"));
095: securityManager.addPermission(defaultCodeSource,
096: new FilePermission(testClasses.toString(), "read"));
097: securityManager.addPermission(defaultCodeSource,
098: new FilePermission(libs.toString(), "read"));
099: securityManager.addPermission(defaultCodeSource,
100: new RuntimePermission("accessDeclaredMembers"));
101: securityManager.addPermission(defaultCodeSource,
102: new RuntimePermission(
103: "accessClassInPackage.sun.reflect"));
104: securityManager.addPermission(defaultCodeSource,
105: new RuntimePermission(
106: "accessClassInPackage.sun.misc"));
107: securityManager.addPermission(defaultCodeSource,
108: new RuntimePermission("createClassLoader"));
109: securityManager.addPermission(defaultCodeSource,
110: new RuntimePermission("reflectionFactoryAccess"));
111: securityManager.addPermission(defaultCodeSource,
112: new ReflectPermission("suppressAccessChecks"));
113: // permissions necessary for CGLIBMapper
114: securityManager.addPermission(defaultCodeSource,
115: new PropertyPermission("cglib.debugLocation",
116: "read"));
117: securityManager.addPermission(defaultCodeSource,
118: new RuntimePermission("getProtectionDomain"));
119: securityManager.setReadOnly();
120: System.setSecurityManager(securityManager);
121:
122: // uses implicit Sun14ReflectionProvider in JDK >= 1.4, since it has the appropriate
123: // rights
124: xstream = new XStream();
125:
126: assertBothWays();
127: }
128: }
129:
130: public void testSerializeWithXpp3DriverAndPureJavaReflectionProviderAndActiveSecurityManager() {
131: securityManager.addPermission(defaultCodeSource,
132: new FilePermission(mainClasses.toString(), "read"));
133: securityManager.addPermission(defaultCodeSource,
134: new FilePermission(testClasses.toString(), "read"));
135: securityManager.addPermission(defaultCodeSource,
136: new FilePermission(libs.toString(), "read"));
137: if (libsJDK13 != null) {
138: securityManager.addPermission(defaultCodeSource,
139: new FilePermission(libsJDK13.toString(), "read"));
140: }
141: securityManager.addPermission(defaultCodeSource,
142: new RuntimePermission("accessDeclaredMembers"));
143: securityManager.addPermission(defaultCodeSource,
144: new RuntimePermission("createClassLoader"));
145: securityManager.addPermission(defaultCodeSource,
146: new ReflectPermission("suppressAccessChecks"));
147: // permissions necessary for CGLIBMapper
148: securityManager.addPermission(defaultCodeSource,
149: new PropertyPermission("cglib.debugLocation", "read"));
150: securityManager.addPermission(defaultCodeSource,
151: new RuntimePermission("getProtectionDomain"));
152: securityManager.setReadOnly();
153: System.setSecurityManager(securityManager);
154:
155: xstream = new XStream(new PureJavaReflectionProvider());
156:
157: assertBothWays();
158: }
159:
160: public void testSerializeWithDomDriverAndPureJavaReflectionProviderAndActiveSecurityManager() {
161: securityManager.addPermission(defaultCodeSource,
162: new FilePermission(mainClasses.toString(), "read"));
163: securityManager.addPermission(defaultCodeSource,
164: new FilePermission(testClasses.toString(), "read"));
165: securityManager.addPermission(defaultCodeSource,
166: new FilePermission(libs.toString(), "read"));
167: if (libsJDK13 != null) {
168: securityManager.addPermission(defaultCodeSource,
169: new FilePermission(libsJDK13.toString(), "read"));
170: }
171: securityManager.addPermission(defaultCodeSource,
172: new RuntimePermission("accessDeclaredMembers"));
173: securityManager.addPermission(defaultCodeSource,
174: new RuntimePermission("createClassLoader"));
175: securityManager.addPermission(defaultCodeSource,
176: new ReflectPermission("suppressAccessChecks"));
177: // permissions necessary for CGLIBMapper
178: securityManager.addPermission(defaultCodeSource,
179: new PropertyPermission("cglib.debugLocation", "read"));
180: securityManager.addPermission(defaultCodeSource,
181: new RuntimePermission("getProtectionDomain"));
182: securityManager.setReadOnly();
183: System.setSecurityManager(securityManager);
184:
185: // uses implicit PureJavaReflectionProvider, since Sun14ReflectionProvider cannot be
186: // loaded
187: xstream = new XStream(new DomDriver());
188:
189: assertBothWays();
190: }
191:
192: private void assertBothWays() {
193:
194: xstream.alias("software", Software.class);
195:
196: final Software sw = new Software("jw", "xstr");
197: final String xml = "<software>\n" + " <vendor>jw</vendor>\n"
198: + " <name>xstr</name>\n" + "</software>";
199:
200: String resultXml = xstream.toXML(sw);
201: assertEquals(xml, resultXml);
202: Object resultRoot = xstream.fromXML(resultXml);
203: if (!sw.equals(resultRoot)) {
204: assertEquals("Object deserialization failed",
205: "DESERIALIZED OBJECT\n" + xstream.toXML(sw),
206: "DESERIALIZED OBJECT\n" + xstream.toXML(resultRoot));
207: }
208: }
209: }
|