/* * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package p; import java.security.AccessControlContext; import java.security.AccessControlException; import java.security.AccessController; import java.security.AllPermission; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.util.ServiceConfigurationError; import java.util.ServiceLoader; import java.util.ServiceLoader.Provider; import static java.security.AccessController.doPrivileged; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import org.testng.annotations.BeforeTest; import static org.testng.Assert.*; /** * Tests ServiceLoader when running with a security manager, specifically * tests to ensure that provider code is run with permissions restricted by * the creater of ServiceLoader, and also testing of exceptions thrown * when loading or initializing a provider. */ public class Tests { static final Permission PERM = new RuntimePermission("eatMuffin"); static PrivilegedAction> loadAction(Class service) { return () -> ServiceLoader.load(service); } static AccessControlContext withPermissions(Permission... perms) { Permissions p = new Permissions(); for (Permission perm : perms) { p.add(perm); } ProtectionDomain pd = new ProtectionDomain(null, p); return new AccessControlContext(new ProtectionDomain[]{ pd }); } static AccessControlContext noPermissions() { return withPermissions(/*empty*/); } @BeforeTest public void setSecurityManager() { class Policy extends java.security.Policy { private final Permissions perms; public Policy(Permission... permissions) { perms = new Permissions(); for (Permission permission : permissions) { perms.add(permission); } } public PermissionCollection getPermissions(CodeSource cs) { return perms; } public PermissionCollection getPermissions(ProtectionDomain pd) { return perms; } public boolean implies(ProtectionDomain pd, Permission p) { return perms.implies(p); } public void refresh() { } } Policy policy = new Policy(new AllPermission()); Policy.setPolicy(policy); System.setSecurityManager(new SecurityManager()); } @Test public void testConstructorUsingIteratorWithPermission() { ServiceLoader sl = doPrivileged(loadAction(S1.class), withPermissions(PERM)); S1 obj = sl.iterator().next(); } @Test public void testConstructorUsingStreamWithPermission() { ServiceLoader sl = doPrivileged(loadAction(S1.class), withPermissions(PERM)); assertTrue(sl.stream().map(Provider::get).count() == 1); } @Test public void testConstructorUsingIteratorNoPermission() { ServiceLoader sl = doPrivileged(loadAction(S1.class), noPermissions()); try { sl.iterator().next(); assertTrue(false); } catch (ServiceConfigurationError e) { assertTrue(e.getCause() instanceof AccessControlException); } } @Test public void testConstructorUsingStreamNoPermission() { ServiceLoader sl = doPrivileged(loadAction(S1.class), noPermissions()); try { sl.stream().map(Provider::get).count(); assertTrue(false); } catch (ServiceConfigurationError e) { assertTrue(e.getCause() instanceof AccessControlException); } } @Test public void testFactoryMethodUsingIteratorWithPermission() { ServiceLoader sl = doPrivileged(loadAction(S2.class), withPermissions(PERM)); S2 obj = sl.iterator().next(); } @Test public void testFactoryMethodUsingStreamWithPermission() { ServiceLoader sl = doPrivileged(loadAction(S2.class), withPermissions(PERM)); assertTrue(sl.stream().map(Provider::get).count() == 1); } @Test public void testFactoryMethodUsingIteratorNoPermission() { ServiceLoader sl = doPrivileged(loadAction(S2.class), noPermissions()); try { sl.iterator().next(); assertTrue(false); } catch (ServiceConfigurationError e) { assertTrue(e.getCause() instanceof AccessControlException); } } @Test public void testFactoryMethodUsingStreamNoPermission() { ServiceLoader sl = doPrivileged(loadAction(S2.class), noPermissions()); try { sl.stream().map(Provider::get).count(); assertTrue(false); } catch (ServiceConfigurationError e) { assertTrue(e.getCause() instanceof AccessControlException); } } @DataProvider(name = "failingServices") public Object[][] failingServices() { return new Object[][] { { S3.class, P3.Error3.class }, { S4.class, P4.Error4.class }, { S5.class, P5.Error5.class }, { S6.class, P6.Error6.class }, }; } @Test(dataProvider = "failingServices") public void testFailingService(Class service, Class errorClass) { ServiceLoader sl = ServiceLoader.load(service); try { sl.iterator().next(); assertTrue(false); } catch (ServiceConfigurationError e) { assertTrue(e.getCause().getClass() == errorClass); } } // service types and implementations public static interface S1 { } public static interface S2 { } public static interface S3 { } public static interface S4 { } public static interface S5 { } public static interface S6 { } public static class P1 implements S1 { public P1() { AccessController.getContext().checkPermission(PERM); } } public static class P2 implements S2 { private P2() { AccessController.getContext().checkPermission(PERM); } public static S2 provider() { return new P2(); } } public static class P3 implements S3 { static class Error3 extends Error { } static { if (1==1) throw new Error3(); // fail } public P3() { } } public static class P4 implements S4 { static class Error4 extends Error { } static { if (1==1) throw new Error4(); // fail } public static S4 provider() { return new P4(); } } public static class P5 implements S5 { static class Error5 extends Error { } public P5() { throw new Error5(); // fail } } public static class P6 implements S6 { static class Error6 extends Error { } public static S6 provider() { throw new Error6(); // fail } } }