RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests
Frank Yuan
frank.yuan at oracle.com
Tue Jul 26 03:24:59 UTC 2016
Hi Joe and Daniel
Thank you very much for your suggestions! Now I fully understand the rule(at least I think so :P)
I will use a runWithAllPerm block surrounding the user setup code as Daniel's way. Btw, Daniel, ThreadLocal should not need Atomic
any more, correct?
Frank
> -----Original Message-----
> From: Daniel Fuchs [mailto:daniel.fuchs at oracle.com]
> Sent: Tuesday, July 26, 2016 8:47 AM
> To: huizhe wang; Frank Yuan
> Cc: 'Amy Lu'; 'core-libs-dev'
> Subject: Re: RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests
>
> On 26/07/16 00:53, huizhe wang wrote:
> > To avoid having to grant the permission, the test may choose to read the
> > property before setting the SecurityManager. You might not be able to
> > use TestNG Listeners in such case, or maybe you can by initializing the
> > properties before the test starts.
>
> Or you can use my trick with an AtomicBoolean for such cases:
>
> set allowAll to true
> try {
> read system property
> } finally {
> set allowAll to false (or to the value it had before)
> }
>
> Adding a ThreadLocal<AtomicBoolean> allowAll to BasePolicy
> for that purpose is very easy :-)
>
> That should ensure that you only need to give those permissions
> to the test that a regular user of the JAXP API would need to
> use the JAXP API.
>
> If the test read/writes an XML document from file, then the
> FilePermission to read/write that document is something that
> a regular user of JAXP would need. So those permission should
> be granted to the test through Policy.
>
> If the test reads/writes a system property or creates a directory
> or create a class loader to set up an initial configuration for
> the test to run, then this is not something a regular user of the
> JAXP API would need - so it would then be legitimate to perform this
> setup inside a block that sets allowAll to true to locally escape
> permissions checks during this setup, thus avoiding to grant those
> permissions to all in the Policy (alternatively you could use your
> tmpPermissions trick to do that as well - but it is a bit more
> complex and adds more clutter than a simple on/off switch).
>
> cheers,
>
> -- daniel
More information about the core-libs-dev
mailing list