@Override protected void after() { System.setSecurityManager( originalSecurityManager ); }
public void testExistsThrowsSecurityException() throws IOException, URISyntaxException { SecurityManager oldSecurityManager = System.getSecurityManager(); try { doTestExistsThrowsSecurityException(); } finally { System.setSecurityManager(oldSecurityManager); } }
@After public void tearDown() { env.remove(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME); System.setSecurityManager(originalSecurityManager); }
private void before() { securityManagerBefore = System.getSecurityManager(); System.setSecurityManager(securityManager); } };
/** * Tests that the use of a {@link FinalizableReferenceQueue} does not subsequently prevent the * loader of that class from being garbage-collected. */ public void testUnloadableWithoutSecurityManager() throws Exception { if (isJdk9OrHigher()) { return; } SecurityManager oldSecurityManager = System.getSecurityManager(); try { System.setSecurityManager(null); doTestUnloadable(); } finally { System.setSecurityManager(oldSecurityManager); } }
public CallbacksSecurityTests() { // setup security if (System.getSecurityManager() == null) { Policy policy = Policy.getPolicy(); URL policyURL = getClass() .getResource( "/org/springframework/beans/factory/support/security/policy.all"); System.setProperty("java.security.policy", policyURL.toString()); System.setProperty("policy.allowSystemProperty", "true"); policy.refresh(); System.setSecurityManager(new SecurityManager()); } }
@Override protected void before() { originalSecurityManager = System.getSecurityManager(); TestSecurityManager testSecurityManager = new TestSecurityManager( originalSecurityManager ); System.setSecurityManager( testSecurityManager ); }
@After public void tearDown() { System.setSecurityManager( oldSecurityManager ); sysOutContent = null; sysErrContent = null; mockRepositoriesMeta = null; mockRepositoryMeta = null; mockRepository = null; mockRepositoryDirectory = null; }
System.setSecurityManager( new SecurityManager() { @Override assertEquals(oldName, Thread.currentThread().getName()); } finally { System.setSecurityManager(null);
@Before public void setUp() throws KettleException { KettleEnvironment.init(); oldSecurityManager = System.getSecurityManager(); sysOutContent = new ByteArrayOutputStream(); sysErrContent = new ByteArrayOutputStream(); System.setSecurityManager( new MySecurityManager( oldSecurityManager ) ); mockRepositoriesMeta = mock( RepositoriesMeta.class ); mockRepositoryMeta = mock( RepositoryMeta.class ); mockRepository = mock( Repository.class ); mockRepositoryDirectory = mock( RepositoryDirectoryInterface.class ); }
@Test public void testPermissionManager() throws Exception { try { PatternRuleLoader loader = new PatternRuleLoader(); // do not crash if Authenticator.setDefault() is forbidden, // see https://github.com/languagetool-org/languagetool/issues/255 loader.getRules(new ByteArrayInputStream("<rules lang='xx'></rules>".getBytes("utf-8")), "fakeName"); } finally { System.setSecurityManager(null); } }
@Test public void systemPropertiesSecurityManager() { AnnotationConfigApplicationContext ac = new AnnotationConfigApplicationContext(); GenericBeanDefinition bd = new GenericBeanDefinition(); bd.setBeanClass(TestBean.class); bd.getPropertyValues().add("country", "#{systemProperties.country}"); ac.registerBeanDefinition("tb", bd); SecurityManager oldSecurityManager = System.getSecurityManager(); try { System.setProperty("country", "NL"); SecurityManager securityManager = new SecurityManager() { @Override public void checkPropertiesAccess() { throw new AccessControlException("Not Allowed"); } @Override public void checkPermission(Permission perm) { // allow everything else } }; System.setSecurityManager(securityManager); ac.refresh(); TestBean tb = ac.getBean("tb", TestBean.class); assertEquals("NL", tb.getCountry()); } finally { System.setSecurityManager(oldSecurityManager); System.getProperties().remove("country"); } }
public void testUnloadableInStaticFieldIfClosed() throws Exception { if (isJdk9OrHigher()) { return; } Policy oldPolicy = Policy.getPolicy(); SecurityManager oldSecurityManager = System.getSecurityManager(); try { Policy.setPolicy(new PermissivePolicy()); System.setSecurityManager(new SecurityManager()); WeakReference<ClassLoader> loaderRef = doTestUnloadableInStaticFieldIfClosed(); GcFinalization.awaitClear(loaderRef); } finally { System.setSecurityManager(oldSecurityManager); Policy.setPolicy(oldPolicy); } }
System.setSecurityManager(securityManager); System.setSecurityManager(oldSecurityManager); getModifiableSystemEnvironment().remove(ALLOWED_PROPERTY_NAME); getModifiableSystemEnvironment().remove(DISALLOWED_PROPERTY_NAME);
/** * Tests that the use of a {@link FinalizableReferenceQueue} does not subsequently prevent the * loader of that class from being garbage-collected even if there is a {@link SecurityManager}. * The {@link SecurityManager} environment makes such leaks more likely because when you create a * {@link URLClassLoader} with a {@link SecurityManager}, the creating code's {@link * java.security.AccessControlContext} is captured, and that references the creating code's {@link * ClassLoader}. */ public void testUnloadableWithSecurityManager() throws Exception { if (isJdk9OrHigher()) { return; } Policy oldPolicy = Policy.getPolicy(); SecurityManager oldSecurityManager = System.getSecurityManager(); try { Policy.setPolicy(new PermissivePolicy()); System.setSecurityManager(new SecurityManager()); doTestUnloadable(); } finally { System.setSecurityManager(oldSecurityManager); Policy.setPolicy(oldPolicy); } }
System.setSecurityManager(disallowFilesSecurityManager); try { file.exists();
@Test public void securityManagerDisallowsAccessToSystemEnvironmentButAllowsAccessToIndividualKeys() { SecurityManager securityManager = new SecurityManager() { @Override public void checkPermission(Permission perm) { // Disallowing access to System#getenv means that our // ReadOnlySystemAttributesMap will come into play. if ("getenv.*".equals(perm.getName())) { throw new AccessControlException("Accessing the system environment is disallowed"); } } }; System.setSecurityManager(securityManager); DefaultListableBeanFactory bf = new DefaultListableBeanFactory(); AnnotatedBeanDefinitionReader reader = new AnnotatedBeanDefinitionReader(bf); reader.register(C1.class); assertThat(bf.containsBean("c1"), is(true)); }
/** * Runs Runnable r with a security policy that permits precisely the specified permissions. If * there is no current security manager, the runnable is run twice, both with and without a * security manager. We require that any security manager permit getPolicy/setPolicy. */ public void runWithPermissions(Runnable r, Permission... permissions) { SecurityManager sm = System.getSecurityManager(); if (sm == null) { r.run(); Policy savedPolicy = Policy.getPolicy(); try { Policy.setPolicy(permissivePolicy()); System.setSecurityManager(new SecurityManager()); runWithPermissions(r, permissions); } finally { System.setSecurityManager(null); Policy.setPolicy(savedPolicy); } } else { Policy savedPolicy = Policy.getPolicy(); AdjustablePolicy policy = new AdjustablePolicy(permissions); Policy.setPolicy(policy); try { r.run(); } finally { policy.addPermission(new SecurityPermission("setPolicy")); Policy.setPolicy(savedPolicy); } } }
@Test public void securityManagerDisallowsAccessToSystemEnvironmentAndDisallowsAccessToIndividualKey() { SecurityManager securityManager = new SecurityManager() { @Override public void checkPermission(Permission perm) { // Disallowing access to System#getenv means that our // ReadOnlySystemAttributesMap will come into play. if ("getenv.*".equals(perm.getName())) { throw new AccessControlException("Accessing the system environment is disallowed"); } // Disallowing access to the spring.profiles.active property means that // the BeanDefinitionReader won't be able to determine which profiles are // active. We should see an INFO-level message in the console about this // and as a result, any components marked with a non-default profile will // be ignored. if (("getenv." + AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME).equals(perm.getName())) { throw new AccessControlException( format("Accessing system environment variable [%s] is disallowed", AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME)); } } }; System.setSecurityManager(securityManager); DefaultListableBeanFactory bf = new DefaultListableBeanFactory(); AnnotatedBeanDefinitionReader reader = new AnnotatedBeanDefinitionReader(bf); reader.register(C1.class); assertThat(bf.containsBean("c1"), is(false)); }
@BeforeClass public static void startup() throws Exception { Policy.setPolicy(new MyPolicy()); System.setSecurityManager(new SecurityManager()); }