1 /* 2 * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package common; 25 26 import java.security.AllPermission; 27 import java.security.Permission; 28 import java.security.Permissions; 29 30 import javax.xml.XMLConstants; 31 import javax.xml.transform.TransformerFactory; 32 import javax.xml.validation.SchemaFactory; 33 import javax.xml.xpath.XPathFactory; 34 35 import org.testng.Assert; 36 import org.testng.annotations.Test; 37 38 /* 39 * @bug 7143711 40 * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode. 41 */ 42 public class Bug7143711Test { 43 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 44 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 45 46 private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory"; 47 private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory"; 48 49 // impl specific feature 50 final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism"; 51 52 @Test 53 public void testValidation_SAX_withSM() { 54 System.out.println("Validation using SAX Source with security manager:"); 55 System.setProperty(SAX_FACTORY_ID, "MySAXFactoryImpl"); 56 Permissions granted = new java.security.Permissions(); 57 granted.add(new AllPermission()); 58 System.setSecurityManager(new MySM(granted)); 59 60 try { 61 SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); 62 // should not allow 63 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 64 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 65 Assert.fail("should not override in secure mode"); 66 } 67 } catch (Exception e) { 68 Assert.fail(e.getMessage()); 69 70 } finally { 71 System.clearProperty(SAX_FACTORY_ID); 72 System.setSecurityManager(null); 73 } 74 75 System.setSecurityManager(null); 76 77 } 78 79 @Test(enabled=false) //skipped due to bug JDK-8080097 80 public void testTransform_DOM_withSM() { 81 System.out.println("Transform using DOM Source; Security Manager is set:"); 82 83 Permissions granted = new java.security.Permissions(); 84 granted.add(new AllPermission()); 85 System.setSecurityManager(new MySM(granted)); 86 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 87 88 try { 89 TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", 90 TransformerFactory.class.getClassLoader()); 91 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 92 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 93 Assert.fail("should not override in secure mode"); 94 } 95 96 } catch (Exception e) { 97 Assert.fail(e.getMessage()); 98 } finally { 99 System.clearProperty(DOM_FACTORY_ID); 100 System.setSecurityManager(null); 101 } 102 103 System.clearProperty(DOM_FACTORY_ID); 104 } 105 106 @Test 107 public void testXPath_DOM_withSM() { 108 System.out.println("Evaluate DOM Source; Security Manager is set:"); 109 Permissions granted = new java.security.Permissions(); 110 granted.add(new AllPermission()); 111 System.setSecurityManager(new MySM(granted)); 112 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 113 114 try { 115 XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom", 116 "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null); 117 xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 118 if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 119 Assert.fail("should not override in secure mode"); 120 } 121 122 } catch (Exception e) { 123 Assert.fail(e.getMessage()); 124 } finally { 125 System.clearProperty(DOM_FACTORY_ID); 126 System.setSecurityManager(null); 127 } 128 129 System.clearProperty(DOM_FACTORY_ID); 130 } 131 132 @Test 133 public void testSM() { 134 SecurityManager sm = System.getSecurityManager(); 135 if (System.getSecurityManager() != null) { 136 System.out.println("Security manager not cleared: " + sm.toString()); 137 } else { 138 System.out.println("Security manager cleared: "); 139 } 140 } 141 142 class MySM extends SecurityManager { 143 Permissions granted; 144 145 public MySM(Permissions perms) { 146 granted = perms; 147 } 148 149 @Override 150 public void checkPermission(Permission perm) { 151 if (granted.implies(perm)) { 152 return; 153 } 154 super.checkPermission(perm); 155 } 156 157 } 158 159 }