You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by sk...@apache.org on 2006/07/20 23:52:53 UTC
svn commit: r424078 -
/jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
Author: skitching
Date: Thu Jul 20 14:52:52 2006
New Revision: 424078
URL: http://svn.apache.org/viewvc?rev=424078&view=rev
Log:
Only count security exceptions before a message is actually logged, as j.u.logging
does (and should) generate security exceptions.
Modified:
jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
Modified: jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java?rev=424078&r1=424077&r2=424078&view=diff
==============================================================================
--- jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java (original)
+++ jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java Thu Jul 20 14:52:52 2006
@@ -93,6 +93,19 @@
"org.apache.commons.logging.LogFactory");
Method m = c.getMethod("getLog", new Class[] {Class.class});
Log log = (Log) m.invoke(null, new Object[] {this.getClass()});
+
+ // Check whether we had any security exceptions so far (which were
+ // caught by the code). We should not, as every secure operation
+ // should be wrapped in an AccessController. Any security exceptions
+ // indicate a path that is missing an appropriate AccessController.
+ //
+ // We don't wait until after the log.info call to get this count
+ // because java.util.logging tries to load a resource bundle, which
+ // requires permission accessClassInPackage. JCL explicitly does not
+ // wrap calls to log methods in AccessControllers because writes to
+ // a log file *should* only be permitted if the original caller is
+ // trusted to access that file.
+ int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount();
log.info("testing");
// check that the default map implementation was loaded, as JCL was
@@ -104,7 +117,7 @@
assertNotNull(factoryTable);
assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName());
- assertEquals(0, mySecurityManager.getUntrustedCodeCount());
+ assertEquals(0, untrustedCodeCount);
} catch(Throwable t) {
// Restore original security manager so output can be generated; the
// PrintWriter constructor tries to read the line.separator
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org