1 /*
2 * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package test.javafx.concurrent;
27
28 import java.security.Permission;
29 import org.junit.Ignore;
30 import org.junit.runner.RunWith;
31 import org.junit.runners.BlockJUnit4ClassRunner;
32 import org.junit.runners.model.FrameworkMethod;
33 import org.junit.runners.model.InitializationError;
34 import org.junit.runners.model.Statement;
35 import sun.awt.AWTSecurityManager;
36
37 /**
38 * A test for the Service lifecycle methods with a security manager installed.
39 * The security manager installed lets privileged code run (most of the time)
40 * and otherwise lets the tests do what they need to but restricts the
41 * runtime from doing more or less anything else other than load library.
42 * It is ad-hoc, a more rigorous analysis on what the permissions should be
43 * would be great, and then we could add the ability to do security manager
44 * related tests on lots of different unit tests.
45 */
46 @RunWith(ServiceWithSecurityManagerTest.ServiceTestRunner.class)
47 @Ignore("This class doesn't appear to run correctly, often s.evaluate isn't called. Likely bogus test at present.")
48 public class ServiceWithSecurityManagerTest extends ServiceLifecycleTest {
49
50 public static final class ServiceTestRunner extends BlockJUnit4ClassRunner {
51 private ThreadGroup mainThreadGroup;
52
53 public ServiceTestRunner(Class<?> klass) throws InitializationError {
54 super(klass);
55 }
56
57 @Override protected Statement methodBlock(FrameworkMethod method) {
58 final Statement s = super.methodBlock(method);
59 return new Statement() {
60 Throwable throwable;
61 @Override public void evaluate() throws Throwable {
62 SecurityManager original = System.getSecurityManager();
63 try {
64 mainThreadGroup = new ThreadGroup(Thread.currentThread().getThreadGroup(), "FX Test Thread Group");
65 Thread thread = new Thread(mainThreadGroup, () -> {
66 try {
67 s.evaluate();
68 } catch (Throwable t) {
69 throwable = t;
70 }
71 });
72
73 System.setSecurityManager(new StrictSecurityManager());
74 thread.start();
75 thread.join();
76 } finally {
77 System.setSecurityManager(original);
78 mainThreadGroup = null;
79 if (throwable != null) {
80 throw throwable;
81 }
82 }
83 }
84 };
85 }
86
87 /**
88 */
89 private final class StrictSecurityManager extends AWTSecurityManager {
90 // If you create a Thread that is a child of mainThreadGroup, that is OK.
91 // If you create a ThreadGroup that is a child of mainThreadGroup, then that is bad.
92 private ThreadGroup securityThreadGroup = new ThreadGroup("Security Thread Group");
93
94 @Override public void checkPermission(Permission permission) {
95 if (isPrivileged()) return; // OK
96 if (permission instanceof RuntimePermission) {
97 if ("setSecurityManager".equals(permission.getName())) {
98 return; // OK
99 }
100 if ("accessClassInPackage.sun.util.logging".equals(permission.getName())) {
101 return; // OK
102 }
103 }
104 super.checkPermission(permission);
105 }
106
107 @Override public void checkAccess(ThreadGroup g) {
108 if (g == securityThreadGroup) return;
109 if (!isPrivileged()) throw new SecurityException("ThreadGroup doesn't have permissions");
110 super.checkAccess(g);
111 }
112
113 @Override public ThreadGroup getThreadGroup() {
114 return securityThreadGroup;
115 }
116
117 private boolean isPrivileged() {
118 StackTraceElement[] stack = Thread.currentThread().getStackTrace();
119 for (StackTraceElement e : stack) {
120 if (e.getClassName().equals("java.security.AccessController")
121 && e.getMethodName().equals("doPrivileged")) {
122 return true;
123 }
124 }
125 return false;
126 }
127 }
128 }
129 }