001 /* 002 003 ============================================================================ 004 The Apache Software License, Version 1.1 005 ============================================================================ 006 007 Copyright (C) 1999-2003 The Apache Software Foundation. All rights reserved. 008 009 Redistribution and use in source and binary forms, with or without modifica- 010 tion, are permitted provided that the following conditions are met: 011 012 1. Redistributions of source code must retain the above copyright notice, 013 this list of conditions and the following disclaimer. 014 015 2. Redistributions in binary form must reproduce the above copyright notice, 016 this list of conditions and the following disclaimer in the documentation 017 and/or other materials provided with the distribution. 018 019 3. The end-user documentation included with the redistribution, if any, must 020 include the following acknowledgment: "This product includes software 021 developed by the Apache Software Foundation (http://www.apache.org/)." 022 Alternately, this acknowledgment may appear in the software itself, if 023 and wherever such third-party acknowledgments normally appear. 024 025 4. The names "Batik" and "Apache Software Foundation" must not be 026 used to endorse or promote products derived from this software without 027 prior written permission. For written permission, please contact 028 apache@apache.org. 029 030 5. Products derived from this software may not be called "Apache", nor may 031 "Apache" appear in their name, without prior written permission of the 032 Apache Software Foundation. 033 034 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, 035 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 036 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 037 APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 038 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU- 039 DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 040 OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 041 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 042 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 043 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 044 045 This software consists of voluntary contributions made by many individuals 046 on behalf of the Apache Software Foundation. For more information on the 047 Apache Software Foundation, please see <http://www.apache.org/>. 048 049 */ 050 051 package org.apache.batik.util; 052 053 import org.apache.batik.test.*; 054 055 /** 056 * Validates the operation of the security enforcer class. 057 * 058 * @author <a mailto="vincent.hardy@sun.com">Vincent Hardy</a> 059 * @version $Id: ApplicationSecurityEnforcerTest.java,v 1.4 2003/08/08 11:39:42 vhardy Exp $ 060 */ 061 public class ApplicationSecurityEnforcerTest extends DefaultTestSuite { 062 final static Class APP_MAIN_CLASS = org.apache.batik.apps.svgbrowser.Main.class; 063 final static String APP_SECURITY_POLICY = "org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy"; 064 065 /** 066 * In the constructor, append atomic tests 067 */ 068 public ApplicationSecurityEnforcerTest(){ 069 addTest(new CheckNoSecurityManagerOverride()); 070 addTest(new CheckSecurityEnforcement()); 071 addTest(new CheckSecurityRemoval()); 072 addTest(new CheckNoPolicyFile()); 073 } 074 075 static ApplicationSecurityEnforcer buildTestTarget(){ 076 return new ApplicationSecurityEnforcer(APP_MAIN_CLASS, 077 APP_SECURITY_POLICY); 078 } 079 080 static class CheckNoSecurityManagerOverride extends AbstractTest { 081 public boolean runImplBasic(){ 082 ApplicationSecurityEnforcer aseA 083 = buildTestTarget(); 084 085 aseA.enforceSecurity(true); 086 087 ApplicationSecurityEnforcer aseB 088 = buildTestTarget(); 089 090 boolean passed = false; 091 try { 092 // This should throw a SecurityException 093 aseB.enforceSecurity(true); 094 } catch (SecurityException se){ 095 System.out.println(">>>>>>>>>>>>> got expected SecurityException A"); 096 try { 097 System.out.println(">>>>>>>>>>>>> got expected SecurityException B"); 098 aseB.enforceSecurity(false); 099 } catch (SecurityException se2){ 100 passed = true; 101 } 102 } 103 104 aseA.enforceSecurity(false); 105 106 return passed; 107 } 108 } 109 110 static class CheckSecurityEnforcement extends AbstractTest { 111 public boolean runImplBasic() { 112 ApplicationSecurityEnforcer ase = buildTestTarget(); 113 114 try { 115 ase.enforceSecurity(true); Rate116 SecurityManager sm = System.getSecurityManager(); 117 if (sm == ase.lastSecurityManagerInstalled){ 118 return true; 119 } 120 } finally { 121 System.setSecurityManager(null); 122 } 123 124 return false; 125 } 126 } 127 128 static class CheckSecurityRemoval extends AbstractTest { 129 public boolean runImplBasic() { 130 ApplicationSecurityEnforcer ase = buildTestTarget(); 131 132 try { 133 ase.enforceSecurity(true); 134 ase.enforceSecurity(false); Rate135 SecurityManager sm = System.getSecurityManager(); 136 if (sm == null && ase.lastSecurityManagerInstalled == null) { 137 return true; 138 } 139 } finally { 140 System.setSecurityManager(null); 141 } 142 143 return false; 144 } 145 } 146 147 static class CheckNoPolicyFile extends AbstractTest { 148 public boolean runImplBasic() { 149 ApplicationSecurityEnforcer ase = 150 new ApplicationSecurityEnforcer(APP_MAIN_CLASS, 151 "dont.exist.policy"); 152 153 try { 154 ase.enforceSecurity(true); 155 } catch (NullPointerException se) { 156 return true; 157 } finally { 158 ase.enforceSecurity(false); 159 } 160 return false; 161 } 162 } 163 164 }