[9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization

Sean Mullan sean.mullan at oracle.com
Wed Feb 8 16:30:05 UTC 2017


On 2/7/17 4:26 AM, Sibabrata Sahoo wrote:
> Hi Sean,
>
> Please find the updated webrev at: http://cr.openjdk.java.net/~ssahoo/8168075/webrev.01/
>
> It includes the following changes,
> 1) valid.policy, uses 'grant codebase "executable jar path"'.

Hmm, the use of '.' in the codebase URL is probably not good practice 
here and I'm a little concerned it may not always work. Try this instead:

grant codeBase "file:${test.classes}/-"

A trailing "/-" matches all files (both class and JAR files) in the 
directory and recursively all files in subdirectories contained in that 
directory.

--Sean

> 2) In ClassLoaderTest.java, @bug renamed from 8168423 to 8168075.
> 3) In ClassLoaderTest.java, the code comments has been removed from @summary section. But it retains the same at line: 91-102.
>
> Thanks,
> Siba
>
> -----Original Message-----
> From: Sean Mullan
> Sent: Friday, January 27, 2017 12:07 AM
> To: Sibabrata Sahoo; Adam Petcher; security-dev at openjdk.java.net
> Subject: Re: [9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization
>
> Hi Siba,
>
> In valid.policy, use 'grant codeBase "file:${test.classes}/*"' so that only the tests are granted the needed permissions.
>
> In  ClassLoaderTest.java, the @bug should be 8168075. Also, the @summary contains a bunch of lines (29-39) that should probably just be code comments.
>
> Seems fine otherwise.
>
> --Sean
>
>
> On 1/11/17 10:33 AM, Sibabrata Sahoo wrote:
>> Hi Adam/Sean,
>>
>>
>>
>> This patch is waiting for your review.
>>
>>
>>
>> Thanks,
>>
>> Siba
>>
>>
>>
>> *From:*Sibabrata Sahoo
>> *Sent:* Friday, December 02, 2016 6:56 PM
>> *To:* Sean Mullan; security-dev at openjdk.java.net
>> *Subject:* [9] RFR: 8168423: Test Task: Custom system class loader +
>> security manager + malformed policy file = recursive initialization
>>
>>
>>
>> Hi,
>>
>>
>>
>> Please review the patch for,
>>
>>
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8168423
>>
>> Webrev: http://cr.openjdk.java.net/~ssahoo/8168423/webrev.00/
>>
>>
>>
>> Description:
>>
>> This webrev address all possible cases for Classloader with
>> SecurityManager having combination of valid/malformed policy file.
>> This Test is going to fail until JDK-8168075 get fixed. In the mean
>> time, it can be used to verify the fix for JDK-8168075.
>>
>>
>>
>> Here is the generic Logic behind generating all possible Test cases
>> with different combination of policy file, class loader and module types.
>>
>> for(policyFile : {"NO_POLICY", "VALID", "MALFORMED"}) {
>>
>>     for(classLoader : {"SystemClassLoader", "CustomClassLoader"}){
>>
>>        // It uses possible set of regular/modular jars to generate all
>> possible Test cases in -cp and -module-path.
>>
>>         for(clientModuletype : {"STRICT", "AUTO", "UNKNOWN"}) {
>>
>>             for(classLoaderModuleType : {"STRICT", "AUTO", "UNKNOWN"})
>> {
>>
>>                  Create and run java command line for each possible
>> Test cases and verify result.
>>
>>             }
>>
>>         }
>>
>>     }
>>
>> }
>>
>>
>>
>> Thanks,
>>
>> Siba
>>
>>
>>



More information about the security-dev mailing list