[ipv6] Regarding 8220673: Add test library support for determining platform IP support

Chris Hegarty chris.hegarty at oracle.com
Tue May 7 11:09:29 UTC 2019



> On 6 May 2019, at 23:55, Martin Buchholz <martinrb at google.com> wrote:
> 
> 
> 
> On Thu, May 2, 2019 at 2:28 AM Daniel Fuchs <daniel.fuchs at oracle.com <mailto:daniel.fuchs at oracle.com>> wrote:
> 
> 1. IPSupport needs to read system properties, attempts
>     to bind sockets etc... I wonder how that might interact
>     with tests that use a security manager, as some of these
>     operations may throw a SecurityException.
>     Maybe some double checking would be in order for those.
> 
> Reading system properties is such a common operation that test library code should simply rely on the security manager allowing it.  Yes, it is sometimes useful to have a DraconianSecurityManager in a test, including one that disallows System.getProperty (I've written such a test myself!) but then the use of that security manager should be scoped to a limited operation that includes no test library code, as in 
> 
>     /**
>      * Runs Runnable r with a security policy that permits precisely
>      * the specified permissions.  If there is no current security
>      * manager, a temporary one is set for the duration of the
>      * Runnable.  We require that any security manager permit
>      * getPolicy/setPolicy.
>      */
>     public void runWithSecurityManagerWithPermissions(Runnable r,
>                                                       Permission... permissions) {
> 
> The same argument might apply to socket operations as well.


Right. It applies to socket operations also.

While I don't disagree with Martin, and it is a little cumbersome to
use test library code in combination with a security manager and a
fine-grained policy set in the jtreg @run tag, it should still work. For
example, the use of jdk.test.lib.net.SimpleSSlContext in one of the HTTP
Client tests [1] [2] [3].

It is almost trivial to add the appropriate privileged blocks to
IPSupport.
  http://cr.openjdk.java.net/~chegar/8220673/webrev.01_draft/test/lib/jdk/test/lib/net/IPSupport.java.html
  
We should just to it while here to avoid any small / trivial tests that
may want to set a security manager using jtreg's support, from even
considering writing their own version of IPSupport.

-Chris.  

[1] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.java#l40
[2] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy#l24
[3] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/lib/jdk/test/lib/net/SimpleSSLContext.java#l54

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20190507/cd646067/attachment.html>


More information about the net-dev mailing list