< prev index next >

test/java/net/httpclient/security/Security.java

Print this page 







 288                 }
 289             }),
 290             // (15) check that user provided unprivileged code running on a worker
 291             //      thread does not gain ungranted privileges.
 292             test(false, () -> { //Policy 12
 293                 URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
 294                 HttpRequest request = HttpRequest.newBuilder(u).GET().build();
 295                 HttpResponse.BodyHandler<String> sth = asString();
 296 
 297                 CompletableFuture<HttpResponse<String>> cf =
 298                     client.sendAsync(request, new HttpResponse.BodyHandler<String>() {
 299                         @Override
 300                         public HttpResponse.BodyProcessor<String> apply(int status, HttpHeaders responseHeaders)  {
 301                             final HttpResponse.BodyProcessor<String> stproc = sth.apply(status, responseHeaders);
 302                             return new HttpResponse.BodyProcessor<String>() {
 303                                 @Override
 304                                 public CompletionStage<String> getBody() {
 305                                     return stproc.getBody();
 306                                 }
 307                                 @Override
 308                                 public void onNext(ByteBuffer item) {
 309                                     SecurityManager sm = System.getSecurityManager();
 310                                     // should succeed.
 311                                     sm.checkPermission(new RuntimePermission("foobar"));
 312                                     // do some mischief here
 313                                     System.setSecurityManager(null);
 314                                     System.setSecurityManager(sm);
 315                                     // problem if we get this far
 316                                     stproc.onNext(item);
 317                                 }
 318                                 @Override
 319                                 public void onSubscribe(Flow.Subscription subscription) {
 320                                     stproc.onSubscribe(subscription);
 321                                 }
 322                                 @Override
 323                                 public void onError(Throwable throwable) {
 324                                     stproc.onError(throwable);
 325                                 }
 326                                 @Override
 327                                 public void onComplete() {
 328                                     stproc.onComplete();






 288                 }
 289             }),
 290             // (15) check that user provided unprivileged code running on a worker
 291             //      thread does not gain ungranted privileges.
 292             test(false, () -> { //Policy 12
 293                 URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
 294                 HttpRequest request = HttpRequest.newBuilder(u).GET().build();
 295                 HttpResponse.BodyHandler<String> sth = asString();
 296 
 297                 CompletableFuture<HttpResponse<String>> cf =
 298                     client.sendAsync(request, new HttpResponse.BodyHandler<String>() {
 299                         @Override
 300                         public HttpResponse.BodyProcessor<String> apply(int status, HttpHeaders responseHeaders)  {
 301                             final HttpResponse.BodyProcessor<String> stproc = sth.apply(status, responseHeaders);
 302                             return new HttpResponse.BodyProcessor<String>() {
 303                                 @Override
 304                                 public CompletionStage<String> getBody() {
 305                                     return stproc.getBody();
 306                                 }
 307                                 @Override
 308                                 public void onNext(List<ByteBuffer> item) {
 309                                     SecurityManager sm = System.getSecurityManager();
 310                                     // should succeed.
 311                                     sm.checkPermission(new RuntimePermission("foobar"));
 312                                     // do some mischief here
 313                                     System.setSecurityManager(null);
 314                                     System.setSecurityManager(sm);
 315                                     // problem if we get this far
 316                                     stproc.onNext(item);
 317                                 }
 318                                 @Override
 319                                 public void onSubscribe(Flow.Subscription subscription) {
 320                                     stproc.onSubscribe(subscription);
 321                                 }
 322                                 @Override
 323                                 public void onError(Throwable throwable) {
 324                                     stproc.onError(throwable);
 325                                 }
 326                                 @Override
 327                                 public void onComplete() {
 328                                     stproc.onComplete();







< prev index next >