1 /* 2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package common; 25 26 import java.security.AllPermission; 27 import java.security.Permission; 28 import java.security.Permissions; 29 30 import javax.xml.XMLConstants; 31 import javax.xml.transform.TransformerFactory; 32 import javax.xml.validation.SchemaFactory; 33 import javax.xml.xpath.XPathFactory; 34 35 import jaxp.library.JAXPTestUtilities; 36 37 import org.testng.Assert; 38 import org.testng.annotations.Listeners; 39 import org.testng.annotations.Test; 40 41 /* 42 * @bug 7143711 43 * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode. 44 */ 45 @Listeners({jaxp.library.BasePolicy.class}) 46 public class Bug7143711Test { 47 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 48 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 49 50 private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory"; 51 private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory"; 52 53 // impl specific feature 54 final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism"; 55 56 @Test 57 public void testValidation_SAX_withSM() { 58 System.out.println("Validation using SAX Source with security manager:"); 59 System.setProperty(SAX_FACTORY_ID, "MySAXFactoryImpl"); 60 Permissions granted = new java.security.Permissions(); 61 granted.add(new AllPermission()); 62 System.setSecurityManager(new MySM(granted)); 63 64 try { 65 SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); 66 // should not allow 67 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 68 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 69 Assert.fail("should not override in secure mode"); 70 } 71 } catch (Exception e) { 72 Assert.fail(e.getMessage()); 73 74 } finally { 75 System.clearProperty(SAX_FACTORY_ID); 76 System.setSecurityManager(null); 77 } 78 79 System.setSecurityManager(null); 80 81 } 82 83 @Test(enabled=false) //skipped due to bug JDK-8080097 84 public void testTransform_DOM_withSM() { 85 System.out.println("Transform using DOM Source; Security Manager is set:"); 86 87 Permissions granted = new java.security.Permissions(); 88 granted.add(new AllPermission()); 89 System.setSecurityManager(new MySM(granted)); 90 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 91 92 try { 93 TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", 94 TransformerFactory.class.getClassLoader()); 95 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 96 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 97 Assert.fail("should not override in secure mode"); 98 } 99 100 } catch (Exception e) { 101 Assert.fail(e.getMessage()); 102 } finally { 103 System.clearProperty(DOM_FACTORY_ID); 104 System.setSecurityManager(null); 105 } 106 107 System.clearProperty(DOM_FACTORY_ID); 108 } 109 110 @Test 111 public void testXPath_DOM_withSM() { 112 System.out.println("Evaluate DOM Source; Security Manager is set:"); 113 Permissions granted = new java.security.Permissions(); 114 granted.add(new AllPermission()); 115 System.setSecurityManager(new MySM(granted)); 116 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 117 118 try { 119 XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom", 120 "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null); 121 xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 122 if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 123 Assert.fail("should not override in secure mode"); 124 } 125 126 } catch (Exception e) { 127 Assert.fail(e.getMessage()); 128 } finally { 129 System.clearProperty(DOM_FACTORY_ID); 130 System.setSecurityManager(null); 131 } 132 133 System.clearProperty(DOM_FACTORY_ID); 134 } 135 136 @Test 137 public void testSM() { 138 SecurityManager sm = System.getSecurityManager(); 139 if (System.getSecurityManager() != null) { 140 System.out.println("Security manager not cleared: " + sm.toString()); 141 } else { 142 System.out.println("Security manager cleared: "); 143 } 144 } 145 146 class MySM extends SecurityManager { 147 Permissions granted; 148 149 public MySM(Permissions perms) { 150 granted = perms; 151 } 152 153 @Override 154 public void checkPermission(Permission perm) { 155 if (granted.implies(perm)) { 156 return; 157 } 158 super.checkPermission(perm); 159 } 160 161 } 162 163 }