< prev index next >

test/javax/xml/jaxp/unittest/transform/SecureProcessingTest.java

Print this page


   1 /*
   2  * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 package transform;
  25 
  26 import java.io.IOException;
  27 import java.io.InputStream;
  28 import java.io.StringWriter;
  29 
  30 import javax.xml.XMLConstants;
  31 import javax.xml.parsers.DocumentBuilder;
  32 import javax.xml.parsers.DocumentBuilderFactory;
  33 import javax.xml.parsers.ParserConfigurationException;
  34 import javax.xml.transform.Transformer;
  35 import javax.xml.transform.TransformerConfigurationException;
  36 import javax.xml.transform.TransformerException;
  37 import javax.xml.transform.TransformerFactory;
  38 import javax.xml.transform.stream.StreamResult;
  39 import javax.xml.transform.stream.StreamSource;
  40 


  41 import org.testng.Assert;
  42 import org.testng.annotations.Test;
  43 import org.w3c.dom.Document;
  44 import org.xml.sax.SAXException;
  45 
  46 /*
  47  * @summary Test XSLT shall report TransformerException for unsafe xsl when FEATURE_SECURE_PROCESSING is true.
  48  */

  49 public class SecureProcessingTest {
  50     static boolean _isSecureMode = false;
  51     static {
  52         if (System.getSecurityManager() != null) {
  53             _isSecureMode = true;
  54             System.out.println("Security Manager is present");
  55         } else {
  56             System.out.println("Security Manager is NOT present");
  57         }
  58     }
  59 



  60 
  61 
  62     @Test
  63     public final void testSecureProcessing() {
  64 
  65         // SECURE_PROCESSING == false
  66 
  67         // the style sheet
  68         InputStream xslStream = this.getClass().getResourceAsStream("SecureProcessingTest.xsl");
  69         StreamSource xslSource = new StreamSource(xslStream);
  70 
  71         // the xml source
  72         InputStream xmlStream = this.getClass().getResourceAsStream("SecureProcessingTest.xml");
  73         StreamSource xmlSource = new StreamSource(xmlStream);
  74 
  75         // the xml result
  76         StringWriter xmlResultString = new StringWriter();
  77         StreamResult xmlResultStream = new StreamResult(xmlResultString);
  78 
  79         // the transformer
  80         TransformerFactory transformerFactory = null;
  81         Transformer transformer = null;
  82 
  83         // transform with a non-secure Transformer
  84         // expect success


   1 /*
   2  * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 package transform;
  25 
  26 import java.io.FilePermission;
  27 import java.io.InputStream;
  28 import java.io.StringWriter;
  29 
  30 import javax.xml.XMLConstants;



  31 import javax.xml.transform.Transformer;
  32 import javax.xml.transform.TransformerConfigurationException;
  33 import javax.xml.transform.TransformerException;
  34 import javax.xml.transform.TransformerFactory;
  35 import javax.xml.transform.stream.StreamResult;
  36 import javax.xml.transform.stream.StreamSource;
  37 
  38 import jaxp.library.JAXPTestUtilities;
  39 
  40 import org.testng.Assert;
  41 import org.testng.annotations.Test;


  42 
  43 /*
  44  * @summary Test XSLT shall report TransformerException for unsafe xsl when FEATURE_SECURE_PROCESSING is true.
  45  */
  46 @Test(singleThreaded = true)
  47 public class SecureProcessingTest {
  48     public void runWithSecurityManager() throws Exception {
  49         JAXPTestUtilities.tryRunWithPolicyManager(() -> testSecureProcessing(),
  50                 new FilePermission(System.getProperty("test.src") + "/-", "read"));





  51     }
  52 
  53     public void runWithoutSecurityManager() throws Exception {
  54         testSecureProcessing();
  55     }
  56 
  57     private final void testSecureProcessing() {
  58         boolean _isSecureMode = System.getSecurityManager() != null;


  59         // SECURE_PROCESSING == false
  60 
  61         // the style sheet
  62         InputStream xslStream = this.getClass().getResourceAsStream("SecureProcessingTest.xsl");
  63         StreamSource xslSource = new StreamSource(xslStream);
  64 
  65         // the xml source
  66         InputStream xmlStream = this.getClass().getResourceAsStream("SecureProcessingTest.xml");
  67         StreamSource xmlSource = new StreamSource(xmlStream);
  68 
  69         // the xml result
  70         StringWriter xmlResultString = new StringWriter();
  71         StreamResult xmlResultStream = new StreamResult(xmlResultString);
  72 
  73         // the transformer
  74         TransformerFactory transformerFactory = null;
  75         Transformer transformer = null;
  76 
  77         // transform with a non-secure Transformer
  78         // expect success


< prev index next >