1 /* 2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package common; 25 26 import static jaxp.library.JAXPTestUtilities.clearSystemProperty; 27 import static jaxp.library.JAXPTestUtilities.setSystemProperty; 28 29 import javax.xml.XMLConstants; 30 import javax.xml.transform.TransformerFactory; 31 import javax.xml.validation.SchemaFactory; 32 import javax.xml.xpath.XPathFactory; 33 34 import org.testng.Assert; 35 import org.testng.annotations.Listeners; 36 import org.testng.annotations.Test; 37 38 /* 39 * @test 40 * @bug 7143711 41 * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest 42 * @run testng/othervm -DrunSecMngr=true common.Bug7143711Test 43 * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode. 44 */ 45 @Listeners({ jaxp.library.BasePolicy.class }) 46 @Test(singleThreaded = true) 47 public class Bug7143711Test { 48 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 49 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 50 51 private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory"; 52 private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory"; 53 54 // impl specific feature 55 final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism"; 56 57 @Test 58 public void testValidation_SAX_withSM() { 59 System.out.println("Validation using SAX Source with security manager:"); 60 setSystemProperty(SAX_FACTORY_ID, "MySAXFactoryImpl"); 61 62 try { 63 SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); 64 // should not allow 65 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 66 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 67 Assert.fail("should not override in secure mode"); 68 } 69 } catch (Exception e) { 70 Assert.fail(e.getMessage()); 71 72 } finally { 73 clearSystemProperty(SAX_FACTORY_ID); 74 } 75 } 76 77 @Test(enabled=false) //skipped due to bug JDK-8080097 78 public void testTransform_DOM_withSM() { 79 System.out.println("Transform using DOM Source; Security Manager is set:"); 80 setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 81 82 try { 83 TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", 84 TransformerFactory.class.getClassLoader()); 85 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 86 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 87 Assert.fail("should not override in secure mode"); 88 } 89 90 } catch (Exception e) { 91 Assert.fail(e.getMessage()); 92 } finally { 93 clearSystemProperty(DOM_FACTORY_ID); 94 } 95 } 96 97 @Test 98 public void testXPath_DOM_withSM() { 99 System.out.println("Evaluate DOM Source; Security Manager is set:"); 100 setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); 101 102 try { 103 XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom", 104 "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null); 105 xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); 106 if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { 107 Assert.fail("should not override in secure mode"); 108 } 109 110 } catch (Exception e) { 111 Assert.fail(e.getMessage()); 112 } finally { 113 clearSystemProperty(DOM_FACTORY_ID); 114 } 115 } 116 } 117