test/src/jdk/nashorn/api/scripting/ScriptEngineSecurityTest.java

Print this page 







 254 
 255         e.put("name", ScriptEngineSecurityTest.class.getName());
 256         e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
 257         e.put("intfs", new Class[] { Runnable.class });
 258 
 259         final String getClass = "Java.type(name + '$FakeProxy').makeProxyClass(cl, intfs);";
 260 
 261         // Should not be able to call static methods of Proxy via fake subclass
 262         try {
 263             final Class<?> c = (Class<?>)e.eval(getClass);
 264             fail("should have thrown SecurityException");
 265         } catch (final Exception exp) {
 266             if (! (exp instanceof SecurityException)) {
 267                 fail("SecurityException expected, got " + exp);
 268             }
 269         }
 270     }
 271 
 272     @Test
 273     public static void proxyStaticAccessCheckTest() throws ScriptException {





 274         final ScriptEngineManager m = new ScriptEngineManager();
 275         final ScriptEngine e = m.getEngineByName("nashorn");
 276         final Runnable r = (Runnable)Proxy.newProxyInstance(
 277             ScriptEngineTest.class.getClassLoader(),
 278             new Class[] { Runnable.class },
 279             new InvocationHandler() {
 280                 @Override
 281                 public Object invoke(final Object p, final Method m, final Object[] a) {
 282                     return null;
 283                 }
 284             });
 285 
 286         e.put("rc", r.getClass());
 287         e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
 288         e.put("intfs", new Class[] { Runnable.class });
 289 
 290         // make sure static methods of Proxy is not accessible via subclass
 291         try {
 292             e.eval("rc.static.getProxyClass(cl, intfs)");
 293             fail("Should have thrown SecurityException");
 294         } catch (final Exception exp) {
 295             if (! (exp instanceof SecurityException)) {
 296                 fail("SecurityException expected, got " + exp);
 297             }
 298         }







































 299     }
 300 }



 254 
 255         e.put("name", ScriptEngineSecurityTest.class.getName());
 256         e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
 257         e.put("intfs", new Class[] { Runnable.class });
 258 
 259         final String getClass = "Java.type(name + '$FakeProxy').makeProxyClass(cl, intfs);";
 260 
 261         // Should not be able to call static methods of Proxy via fake subclass
 262         try {
 263             final Class<?> c = (Class<?>)e.eval(getClass);
 264             fail("should have thrown SecurityException");
 265         } catch (final Exception exp) {
 266             if (! (exp instanceof SecurityException)) {
 267                 fail("SecurityException expected, got " + exp);
 268             }
 269         }
 270     }
 271 
 272     @Test
 273     public static void proxyStaticAccessCheckTest() throws ScriptException {
 274         if (System.getSecurityManager() == null) {
 275             // pass vacuously
 276             return;
 277         }
 278 
 279         final ScriptEngineManager m = new ScriptEngineManager();
 280         final ScriptEngine e = m.getEngineByName("nashorn");
 281         final Runnable r = (Runnable)Proxy.newProxyInstance(
 282             ScriptEngineTest.class.getClassLoader(),
 283             new Class[] { Runnable.class },
 284             new InvocationHandler() {
 285                 @Override
 286                 public Object invoke(final Object p, final Method m, final Object[] a) {
 287                     return null;
 288                 }
 289             });
 290 
 291         e.put("rc", r.getClass());
 292         e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
 293         e.put("intfs", new Class[] { Runnable.class });
 294 
 295         // make sure static methods of Proxy is not accessible via subclass
 296         try {
 297             e.eval("rc.static.getProxyClass(cl, intfs)");
 298             fail("Should have thrown SecurityException");
 299         } catch (final Exception exp) {
 300             if (! (exp instanceof SecurityException)) {
 301                 fail("SecurityException expected, got " + exp);
 302             }
 303         }
 304     }
 305 
 306 
 307     @Test
 308     public void nashornConfigSecurityTest() {
 309         if (System.getSecurityManager() == null) {
 310             // pass vacuously
 311             return;
 312         }
 313 
 314         final NashornScriptEngineFactory fac = new NashornScriptEngineFactory();
 315         try {
 316             fac.getScriptEngine(new ClassFilter() {
 317                @Override
 318                public boolean exposeToScripts(final String name) {
 319                    return true;
 320                }
 321             });
 322             fail("SecurityException should have been thrown");
 323         } catch (final SecurityException exp) {}
 324     }
 325 
 326     @Test
 327     public void nashornConfigSecurityTest2() {
 328         if (System.getSecurityManager() == null) {
 329             // pass vacuously
 330             return;
 331         }
 332 
 333         final NashornScriptEngineFactory fac = new NashornScriptEngineFactory();
 334         try {
 335             fac.getScriptEngine(new String[0], null, new ClassFilter() {
 336                @Override
 337                public boolean exposeToScripts(final String name) {
 338                    return true;
 339                }
 340             });
 341             fail("SecurityException should have been thrown");
 342         } catch (final SecurityException exp) {}
 343     }
 344 }