1 /*
2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package validation;
25
26 import java.io.FilePermission;
27 import java.net.URL;
28
29 import javax.xml.XMLConstants;
30 import javax.xml.validation.Schema;
31 import javax.xml.validation.SchemaFactory;
32 import javax.xml.validation.Validator;
33
34 import jaxp.library.JAXPTestUtilities;
35
36 import org.testng.Assert;
37 import org.testng.annotations.Test;
38 import org.xml.sax.SAXParseException;
39
40 /*
41 * @bug 6483188
42 * @summary Test Schema Validator can handle element with having large maxOccurs, but doesn't accept sequence with having large maxOccurs in FEATURE_SECURE_PROCESSING mode.
43 */
44 @Test(singleThreaded = true)
45 public class Bug6483188 {
46 SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
47
48 public void runWithSecurityManager() throws Exception {
49 JAXPTestUtilities.tryRunWithPolicyManager(() -> {
50 testLargeElementNoSecurity();
51 testLargeElementWithSecurity();
52 testLargeSequenceWithSecurity();
53 }, new FilePermission(System.getProperty("test.src") + "/-", "read"));
54 }
55
56 public void runWithoutSecurityManager() throws Exception {
57 testLargeElementNoSecurity();
58 testLargeElementWithSecurity();
59 testLargeSequenceWithSecurity();
60 }
61
62 private void testLargeElementNoSecurity() {
63 if (System.getSecurityManager() != null)
64 return; // jaxp secure feature can not be turned off when security
65 // manager is present
66 try {
67 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.FALSE);
68 URL url = getClass().getResource("test-element.xsd");
69 Schema s = sf.newSchema(url);
70 Validator v = s.newValidator();
71 } catch (Exception e) {
72 Assert.fail(e.getMessage());
73 }
74 }
75
76 private void testLargeElementWithSecurity() {
77 try {
78 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
79 URL url = getClass().getResource("test-element.xsd");
80 Schema s = sf.newSchema(url);
81 Validator v = s.newValidator();
82 } catch (Exception e) {
83 Assert.fail(e.getMessage());
84 }
85 }
86
87 private void testLargeSequenceWithSecurity() {
88 try {
89 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
90 URL url = getClass().getResource("test-sequence.xsd");
91 Schema s = sf.newSchema(url);
92 Validator v = s.newValidator();
93 Assert.fail("Schema was accepted even with secure processing enabled.");
94 } catch (SAXParseException e) {
95 // falls through - exception expected
96 } catch (Exception e) {
97 Assert.fail(e.getMessage());
98 }
99 }
100
101 }