1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.commons.logging.security;
19
20 import java.io.PrintWriter;
21 import java.io.StringWriter;
22 import java.lang.reflect.Field;
23 import java.lang.reflect.Method;
24 import java.security.AllPermission;
25 import java.util.Hashtable;
26
27 import junit.framework.Test;
28 import junit.framework.TestCase;
29
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.commons.logging.PathableClassLoader;
33 import org.apache.commons.logging.PathableTestSuite;
34
35
36
37
38
39
40
41
42
43
44 public class SecurityAllowedTestCase extends TestCase {
45
46
47
48 public static class CustomHashtable extends Hashtable {
49
50
51
52
53 private static final long serialVersionUID = 8941017300059246720L;
54 }
55
56
57
58
59 public static Test suite() throws Exception {
60 final PathableClassLoader parent = new PathableClassLoader(null);
61 parent.useExplicitLoader("junit.", Test.class.getClassLoader());
62 parent.addLogicalLib("commons-logging");
63 parent.addLogicalLib("testclasses");
64
65 final Class testClass = parent.loadClass(
66 "org.apache.commons.logging.security.SecurityAllowedTestCase");
67 return new PathableTestSuite(testClass, parent);
68 }
69
70 private SecurityManager oldSecMgr;
71
72 @Override
73 public void setUp() {
74
75 oldSecMgr = System.getSecurityManager();
76 }
77
78 @Override
79 public void tearDown() {
80
81
82 System.setSecurityManager(oldSecMgr);
83 }
84
85
86
87
88
89 public void testAllAllowed() {
90
91 if (System.getProperty("java.version").startsWith("21.")) {
92 return;
93 }
94 System.setProperty(
95 LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY,
96 CustomHashtable.class.getName());
97 final MockSecurityManager mySecurityManager = new MockSecurityManager();
98 mySecurityManager.addPermission(new AllPermission());
99 System.setSecurityManager(mySecurityManager);
100
101 try {
102
103
104 final Class c = this.getClass().getClassLoader().loadClass(
105 "org.apache.commons.logging.LogFactory");
106 final Method m = c.getMethod("getLog", Class.class);
107 final Log log = (Log) m.invoke(null, this.getClass());
108
109
110
111
112
113
114
115
116
117
118
119
120 final int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
121 log.info("testing");
122
123
124
125 System.setSecurityManager(null);
126 final Field factoryField = c.getDeclaredField("factories");
127 factoryField.setAccessible(true);
128 final Object factoryTable = factoryField.get(null);
129 assertNotNull(factoryTable);
130 assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
131
132
133
134 assertEquals("Untrusted code count", untrustedCodeCount, mySecurityManager.getUntrustedCodeCount());
135 } catch (final Throwable t) {
136
137
138
139 System.setSecurityManager(oldSecMgr);
140 final StringWriter sw = new StringWriter();
141 final PrintWriter pw = new PrintWriter(sw);
142 t.printStackTrace(pw);
143 fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString());
144 }
145 }
146 }