1 /* 2 * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package validation; 25 26 import java.net.URL; 27 28 import javax.xml.XMLConstants; 29 import javax.xml.validation.Schema; 30 import javax.xml.validation.SchemaFactory; 31 import javax.xml.validation.Validator; 32 33 import org.testng.Assert; 34 import org.testng.annotations.Test; 35 import org.xml.sax.SAXParseException; 36 37 /* 38 * @bug 6483188 39 * @summary Test Schema Validator can handle element with having large maxOccurs, but doesn't accept sequence with having large maxOccurs in FEATURE_SECURE_PROCESSING mode. 40 */ 41 public class Bug6483188 { 42 static boolean _isSecureMode = false; 43 static { 44 if (System.getSecurityManager() != null) { 45 _isSecureMode = true; 46 System.out.println("Security Manager is present"); 47 } else { 48 System.out.println("Security Manager is NOT present"); 49 } 50 } 51 52 SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); 53 54 @Test 55 public void testLargeElementNoSecurity() { 56 if (_isSecureMode) 57 return; // jaxp secure feature can not be turned off when security 58 // manager is present 59 try { 60 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.FALSE); 61 URL url = getClass().getResource("test-element.xsd"); 62 Schema s = sf.newSchema(url); 63 Validator v = s.newValidator(); 64 } catch (Exception e) { 65 Assert.fail(e.getMessage()); 66 } 67 } 68 69 @Test 70 public void testLargeElementWithSecurity() { 71 try { 72 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); 73 URL url = getClass().getResource("test-element.xsd"); 74 Schema s = sf.newSchema(url); 75 Validator v = s.newValidator(); 76 } catch (Exception e) { 77 Assert.fail(e.getMessage()); 78 } 79 } 80 81 @Test 82 public void testLargeSequenceWithSecurity() { 83 try { 84 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); 85 URL url = getClass().getResource("test-sequence.xsd"); 86 Schema s = sf.newSchema(url); 87 Validator v = s.newValidator(); 88 Assert.fail("Schema was accepted even with secure processing enabled."); 89 } catch (SAXParseException e) { 90 // falls through - exception expected 91 } catch (Exception e) { 92 Assert.fail(e.getMessage()); 93 } 94 } 95 96 } | 1 /* 2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package validation; 25 26 import java.io.FilePermission; 27 import java.net.URL; 28 29 import javax.xml.XMLConstants; 30 import javax.xml.validation.Schema; 31 import javax.xml.validation.SchemaFactory; 32 import javax.xml.validation.Validator; 33 34 import jaxp.library.JAXPTestUtilities; 35 36 import org.testng.Assert; 37 import org.testng.annotations.Test; 38 import org.xml.sax.SAXParseException; 39 40 /* 41 * @bug 6483188 42 * @summary Test Schema Validator can handle element with having large maxOccurs, but doesn't accept sequence with having large maxOccurs in FEATURE_SECURE_PROCESSING mode. 43 */ 44 @Test(singleThreaded = true) 45 public class Bug6483188 { 46 SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); 47 48 public void runWithSecurityManager() throws Exception { 49 JAXPTestUtilities.tryRunWithPolicyManager(() -> { 50 testLargeElementNoSecurity(); 51 testLargeElementWithSecurity(); 52 testLargeSequenceWithSecurity(); 53 }, new FilePermission(System.getProperty("test.src") + "/-", "read")); 54 } 55 56 public void runWithoutSecurityManager() throws Exception { 57 testLargeElementNoSecurity(); 58 testLargeElementWithSecurity(); 59 testLargeSequenceWithSecurity(); 60 } 61 62 private void testLargeElementNoSecurity() { 63 if (System.getSecurityManager() != null) 64 return; // jaxp secure feature can not be turned off when security 65 // manager is present 66 try { 67 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.FALSE); 68 URL url = getClass().getResource("test-element.xsd"); 69 Schema s = sf.newSchema(url); 70 Validator v = s.newValidator(); 71 } catch (Exception e) { 72 Assert.fail(e.getMessage()); 73 } 74 } 75 76 private void testLargeElementWithSecurity() { 77 try { 78 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); 79 URL url = getClass().getResource("test-element.xsd"); 80 Schema s = sf.newSchema(url); 81 Validator v = s.newValidator(); 82 } catch (Exception e) { 83 Assert.fail(e.getMessage()); 84 } 85 } 86 87 private void testLargeSequenceWithSecurity() { 88 try { 89 sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); 90 URL url = getClass().getResource("test-sequence.xsd"); 91 Schema s = sf.newSchema(url); 92 Validator v = s.newValidator(); 93 Assert.fail("Schema was accepted even with secure processing enabled."); 94 } catch (SAXParseException e) { 95 // falls through - exception expected 96 } catch (Exception e) { 97 Assert.fail(e.getMessage()); 98 } 99 } 100 101 } |