[ipv6] Regarding 8220673: Add test library support for determining platform IP support
Chris Hegarty
chris.hegarty at oracle.com
Tue May 7 11:09:29 UTC 2019
> On 6 May 2019, at 23:55, Martin Buchholz <martinrb at google.com> wrote:
>
>
>
> On Thu, May 2, 2019 at 2:28 AM Daniel Fuchs <daniel.fuchs at oracle.com <mailto:daniel.fuchs at oracle.com>> wrote:
>
> 1. IPSupport needs to read system properties, attempts
> to bind sockets etc... I wonder how that might interact
> with tests that use a security manager, as some of these
> operations may throw a SecurityException.
> Maybe some double checking would be in order for those.
>
> Reading system properties is such a common operation that test library code should simply rely on the security manager allowing it. Yes, it is sometimes useful to have a DraconianSecurityManager in a test, including one that disallows System.getProperty (I've written such a test myself!) but then the use of that security manager should be scoped to a limited operation that includes no test library code, as in
>
> /**
> * Runs Runnable r with a security policy that permits precisely
> * the specified permissions. If there is no current security
> * manager, a temporary one is set for the duration of the
> * Runnable. We require that any security manager permit
> * getPolicy/setPolicy.
> */
> public void runWithSecurityManagerWithPermissions(Runnable r,
> Permission... permissions) {
>
> The same argument might apply to socket operations as well.
Right. It applies to socket operations also.
While I don't disagree with Martin, and it is a little cumbersome to
use test library code in combination with a security manager and a
fine-grained policy set in the jtreg @run tag, it should still work. For
example, the use of jdk.test.lib.net.SimpleSSlContext in one of the HTTP
Client tests [1] [2] [3].
It is almost trivial to add the appropriate privileged blocks to
IPSupport.
http://cr.openjdk.java.net/~chegar/8220673/webrev.01_draft/test/lib/jdk/test/lib/net/IPSupport.java.html
We should just to it while here to avoid any small / trivial tests that
may want to set a security manager using jtreg's support, from even
considering writing their own version of IPSupport.
-Chris.
[1] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.java#l40
[2] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy#l24
[3] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/lib/jdk/test/lib/net/SimpleSSLContext.java#l54
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20190507/cd646067/attachment.html>
More information about the net-dev
mailing list