[9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization

Sibabrata Sahoo sibabrata.sahoo at oracle.com
Tue Feb 7 09:26:37 UTC 2017


Hi Sean,

Please find the updated webrev at: http://cr.openjdk.java.net/~ssahoo/8168075/webrev.01/

It includes the following changes,
1) valid.policy, uses 'grant codebase "executable jar path"'.
2) In ClassLoaderTest.java, @bug renamed from 8168423 to 8168075.
3) In ClassLoaderTest.java, the code comments has been removed from @summary section. But it retains the same at line: 91-102.

Thanks,
Siba

-----Original Message-----
From: Sean Mullan 
Sent: Friday, January 27, 2017 12:07 AM
To: Sibabrata Sahoo; Adam Petcher; security-dev at openjdk.java.net
Subject: Re: [9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization

Hi Siba,

In valid.policy, use 'grant codeBase "file:${test.classes}/*"' so that only the tests are granted the needed permissions.

In  ClassLoaderTest.java, the @bug should be 8168075. Also, the @summary contains a bunch of lines (29-39) that should probably just be code comments.

Seems fine otherwise.

--Sean


On 1/11/17 10:33 AM, Sibabrata Sahoo wrote:
> Hi Adam/Sean,
>
>
>
> This patch is waiting for your review.
>
>
>
> Thanks,
>
> Siba
>
>
>
> *From:*Sibabrata Sahoo
> *Sent:* Friday, December 02, 2016 6:56 PM
> *To:* Sean Mullan; security-dev at openjdk.java.net
> *Subject:* [9] RFR: 8168423: Test Task: Custom system class loader + 
> security manager + malformed policy file = recursive initialization
>
>
>
> Hi,
>
>
>
> Please review the patch for,
>
>
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8168423
>
> Webrev: http://cr.openjdk.java.net/~ssahoo/8168423/webrev.00/
>
>
>
> Description:
>
> This webrev address all possible cases for Classloader with 
> SecurityManager having combination of valid/malformed policy file. 
> This Test is going to fail until JDK-8168075 get fixed. In the mean 
> time, it can be used to verify the fix for JDK-8168075.
>
>
>
> Here is the generic Logic behind generating all possible Test cases 
> with different combination of policy file, class loader and module types.
>
> for(policyFile : {"NO_POLICY", "VALID", "MALFORMED"}) {
>
>     for(classLoader : {"SystemClassLoader", "CustomClassLoader"}){
>
>        // It uses possible set of regular/modular jars to generate all 
> possible Test cases in -cp and -module-path.
>
>         for(clientModuletype : {"STRICT", "AUTO", "UNKNOWN"}) {
>
>             for(classLoaderModuleType : {"STRICT", "AUTO", "UNKNOWN"}) 
> {
>
>                  Create and run java command line for each possible 
> Test cases and verify result.
>
>             }
>
>         }
>
>     }
>
> }
>
>
>
> Thanks,
>
> Siba
>
>
>



More information about the security-dev mailing list