288 }
289 }),
290 // (15) check that user provided unprivileged code running on a worker
291 // thread does not gain ungranted privileges.
292 test(false, () -> { //Policy 12
293 URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
294 HttpRequest request = HttpRequest.newBuilder(u).GET().build();
295 HttpResponse.BodyHandler<String> sth = asString();
296
297 CompletableFuture<HttpResponse<String>> cf =
298 client.sendAsync(request, new HttpResponse.BodyHandler<String>() {
299 @Override
300 public HttpResponse.BodyProcessor<String> apply(int status, HttpHeaders responseHeaders) {
301 final HttpResponse.BodyProcessor<String> stproc = sth.apply(status, responseHeaders);
302 return new HttpResponse.BodyProcessor<String>() {
303 @Override
304 public CompletionStage<String> getBody() {
305 return stproc.getBody();
306 }
307 @Override
308 public void onNext(ByteBuffer item) {
309 SecurityManager sm = System.getSecurityManager();
310 // should succeed.
311 sm.checkPermission(new RuntimePermission("foobar"));
312 // do some mischief here
313 System.setSecurityManager(null);
314 System.setSecurityManager(sm);
315 // problem if we get this far
316 stproc.onNext(item);
317 }
318 @Override
319 public void onSubscribe(Flow.Subscription subscription) {
320 stproc.onSubscribe(subscription);
321 }
322 @Override
323 public void onError(Throwable throwable) {
324 stproc.onError(throwable);
325 }
326 @Override
327 public void onComplete() {
328 stproc.onComplete();
|
288 }
289 }),
290 // (15) check that user provided unprivileged code running on a worker
291 // thread does not gain ungranted privileges.
292 test(false, () -> { //Policy 12
293 URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
294 HttpRequest request = HttpRequest.newBuilder(u).GET().build();
295 HttpResponse.BodyHandler<String> sth = asString();
296
297 CompletableFuture<HttpResponse<String>> cf =
298 client.sendAsync(request, new HttpResponse.BodyHandler<String>() {
299 @Override
300 public HttpResponse.BodyProcessor<String> apply(int status, HttpHeaders responseHeaders) {
301 final HttpResponse.BodyProcessor<String> stproc = sth.apply(status, responseHeaders);
302 return new HttpResponse.BodyProcessor<String>() {
303 @Override
304 public CompletionStage<String> getBody() {
305 return stproc.getBody();
306 }
307 @Override
308 public void onNext(List<ByteBuffer> item) {
309 SecurityManager sm = System.getSecurityManager();
310 // should succeed.
311 sm.checkPermission(new RuntimePermission("foobar"));
312 // do some mischief here
313 System.setSecurityManager(null);
314 System.setSecurityManager(sm);
315 // problem if we get this far
316 stproc.onNext(item);
317 }
318 @Override
319 public void onSubscribe(Flow.Subscription subscription) {
320 stproc.onSubscribe(subscription);
321 }
322 @Override
323 public void onError(Throwable throwable) {
324 stproc.onError(throwable);
325 }
326 @Override
327 public void onComplete() {
328 stproc.onComplete();
|