Example 1 with SerializablePermission
use of java.io.SerializablePermission in project jdk8u_jdk by JetBrains.
the class GlobalFilterTest method setGlobalFilter.
/**
* If the Global filter is already set, it should always refuse to be
* set again.
* If there is a security manager, setting the serialFilter should fail
* without the appropriate permission.
* If there is no security manager then setting it should work.
*/
@Test()
static void setGlobalFilter() {
SecurityManager sm = System.getSecurityManager();
ObjectInputFilter filter = new SerialFilterTest.Validator();
ObjectInputFilter global = ObjectInputFilter.Config.getSerialFilter();
if (global != null) {
// once set, can never be re-set
try {
ObjectInputFilter.Config.setSerialFilter(filter);
Assert.fail("set only once process-wide filter");
} catch (IllegalStateException ise) {
if (sm != null) {
Assert.fail("wrong exception when security manager is set", ise);
}
} catch (SecurityException se) {
if (sm == null) {
Assert.fail("wrong exception when security manager is not set", se);
}
}
} else {
if (sm == null) {
// no security manager
try {
ObjectInputFilter.Config.setSerialFilter(filter);
// Note once set, it can not be reset; so other tests
System.out.printf("Global Filter set to Validator%n");
} catch (SecurityException se) {
Assert.fail("setGlobalFilter should not get SecurityException", se);
}
try {
// Try to set it again, expecting it to throw
ObjectInputFilter.Config.setSerialFilter(filter);
Assert.fail("set only once process-wide filter");
} catch (IllegalStateException ise) {
// Normal case
}
} else {
// Security manager
SecurityException expectSE = null;
try {
sm.checkPermission(new SerializablePermission("serialFilter"));
} catch (SecurityException se1) {
expectSE = se1;
}
SecurityException actualSE = null;
try {
ObjectInputFilter.Config.setSerialFilter(filter);
} catch (SecurityException se2) {
actualSE = se2;
}
if (expectSE == null | actualSE == null) {
Assert.assertEquals(expectSE, actualSE, "SecurityException");
} else {
Assert.assertEquals(expectSE.getClass(), actualSE.getClass(), "SecurityException class");
}
}
}
}
Also used :
ObjectInputFilter(sun.misc.ObjectInputFilter)
SerializablePermission(java.io.SerializablePermission)
Test(org.testng.annotations.Test)
Example 2 with SerializablePermission
use of java.io.SerializablePermission in project ignite by apache.
the class SecuritySubjectPermissionsTest method beforeTestsStarted.
/**
* {@inheritDoc}
*/
@Override
protected void beforeTestsStarted() throws Exception {
if (System.getSecurityManager() == null) {
Policy.setPolicy(new Policy() {
@Override
public PermissionCollection getPermissions(CodeSource cs) {
Permissions res = new Permissions();
res.add(new RuntimePermission("*"));
res.add(new MBeanServerPermission("*"));
res.add(new MBeanPermission("*", "*"));
res.add(new MBeanTrustPermission("*"));
res.add(new ReflectPermission("*"));
res.add(new SSLPermission("*"));
res.add(new ManagementPermission("monitor"));
res.add(new ManagementPermission("control"));
res.add(new SerializablePermission("*"));
res.add(new SecurityPermission("*"));
res.add(new SocketPermission("*", "connect,accept,listen,resolve"));
res.add(new FilePermission("<<ALL FILES>>", "read,write,delete,execute,readlink"));
res.add(new PropertyPermission("*", "read,write"));
res.add(new TestPermission("common"));
return res;
}
});
System.setSecurityManager(new SecurityManager());
setupSM = true;
}
}
Also used :
Policy(java.security.Policy)
PermissionCollection(java.security.PermissionCollection)
PropertyPermission(java.util.PropertyPermission)
MBeanPermission(javax.management.MBeanPermission)
SocketPermission(java.net.SocketPermission)
ManagementPermission(java.lang.management.ManagementPermission)
SSLPermission(javax.net.ssl.SSLPermission)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
MBeanServerPermission(javax.management.MBeanServerPermission)
MBeanTrustPermission(javax.management.MBeanTrustPermission)
Permissions(java.security.Permissions)
ReflectPermission(java.lang.reflect.ReflectPermission)
SerializablePermission(java.io.SerializablePermission)
SecurityPermission(java.security.SecurityPermission)
Example 3 with SerializablePermission
use of java.io.SerializablePermission in project jPOS by jpos.
the class TransactionManagerTest method testCommitThrowsNullPointerException2.
@Test
public void testCommitThrowsNullPointerException2() throws Throwable {
LogEvent evt = new LogEvent();
try {
transactionManager.commit(1, 100L, new SerializablePermission("testTransactionManagerParam1"), null, true, evt, null);
fail("Expected NullPointerException to be thrown");
} catch (NullPointerException ex) {
if (isJavaVersionAtMost(JAVA_14)) {
assertNull(ex.getMessage(), "ex.getMessage()");
} else {
assertEquals("Cannot invoke \"java.util.List.iterator()\" because \"members\" is null", ex.getMessage(), "ex.getMessage()");
}
}
}
Also used :
LogEvent(org.jpos.util.LogEvent)
SerializablePermission(java.io.SerializablePermission)
Test(org.junit.jupiter.api.Test)
Aggregations
SerializablePermission (java.io.SerializablePermission)3
FilePermission (java.io.FilePermission)1
ManagementPermission (java.lang.management.ManagementPermission)1
ReflectPermission (java.lang.reflect.ReflectPermission)1
SocketPermission (java.net.SocketPermission)1
CodeSource (java.security.CodeSource)1
PermissionCollection (java.security.PermissionCollection)1
Permissions (java.security.Permissions)1
Policy (java.security.Policy)1
SecurityPermission (java.security.SecurityPermission)1
PropertyPermission (java.util.PropertyPermission)1
MBeanPermission (javax.management.MBeanPermission)1
MBeanServerPermission (javax.management.MBeanServerPermission)1
MBeanTrustPermission (javax.management.MBeanTrustPermission)1
SSLPermission (javax.net.ssl.SSLPermission)1
LogEvent (org.jpos.util.LogEvent)1
Test (org.junit.jupiter.api.Test)1
Test (org.testng.annotations.Test)1
ObjectInputFilter (sun.misc.ObjectInputFilter)1
