You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@avalon.apache.org by ni...@apache.org on 2004/01/19 22:47:45 UTC
cvs commit: avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/grant CodeSecurityDisabledTestCase.java CodeSecurityEnabledTestCase.java CodeSecurityTestCase.java
niclas 2004/01/19 13:47:45
Modified: merlin INSTALL.TXT
merlin/activation/impl/src/test/org/apache/avalon/activation/appliance
AbstractTestCase.java
Added: merlin/activation/impl/src/test/conf security.policy
merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/grant
CodeSecurityDisabledTestCase.java
CodeSecurityEnabledTestCase.java
Removed: merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/grant
CodeSecurityTestCase.java
Log:
Testcases for code level security in activation. These are just a starting point, which needs a lot of additional work.
Revision Changes Path
1.7 +99 -99 avalon/merlin/INSTALL.TXT
Index: INSTALL.TXT
===================================================================
RCS file: /home/cvs/avalon/merlin/INSTALL.TXT,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- INSTALL.TXT 13 Jan 2004 11:41:22 -0000 1.6
+++ INSTALL.TXT 19 Jan 2004 21:47:45 -0000 1.7
@@ -1,99 +1,99 @@
-
-PROJECT: Merlin @VERSION@
-====================================================================
-
-DESCRIPTION:
-------------
-
-This directory contains the merlin system installation and related
-resources.
-
- /merlin
- /bin
- /config
- /system
- README.TXT
- LICENSE.TXT
- INSTALL.TXT
- /plugins
- @META_PLUGIN_JAR@
- @MERLIN_PLUGIN_JAR@
-
-
-Installing Merlin.
-------------------
-
-To use Merlin command line support or the Merlin NT Service
-you will need to define the MERLIN_HOME environment
-variable for your system and include MERLIN_HOME/bin in
-your system path. The MERLIN_HOME environment variable
-should point to the merlin directory.
-
-Under Windows you can set environment variables by selecting the
-Environment Tab from the System Control Panel.
-
-Under Lunix you can do this as follows:
-
- $ echo '
- > # set location of merlin
- > export MERLIN_HOME=/opt/merlin
- > # include it in the path
- > export PATH=$PATH:$MERLIN_HOME/bin
- > ' >> ~/.bash_profile
- $ source ~/.bash_profile
-
-Versions of Merlin prior to the 3.2-dev 20031210 build maintained
-a local repository of jar files under the %MERLIN_HOME%/repository
-directory. As of the 20031210 build the repository is maintained
-under AVALON_HOME which defaults to ${user.home}/.avalon. To
-override this behaviour you can either define a AVALON_HOME
-environment variable or you can add a merlin.properties file to
-${user.home} containing the "merlin.repository" property key and
-a value point to you preferred repository location.
-
-To confirm that your environment variables are correct, you
-should open a new command window and invoke the Merlin
-CLI application.
-
-Under DOS:
-
- $ merlin -version
-
-Under Lunix:
-
- $ merlin.sh -version
-
-The installation of Merlin is now complete, however, two plugins are
-provided with the installation supporting merlin development under the
-Maven platform. These plugins should be placed in the Maven plugin
-directory (${maven.home.local}\plugins).
-
- [YOUR-MAVEN-HOME]\plugins\@META_PLUGIN_JAR@
- [YOUR-MAVEN-HOME]\plugins\@MERLIN_PLUGIN_JAR@
-
-Please note that if you are upgrading an existing installation you must
-delete the following two directories:
-
- [YOUR-MAVEN-HOME]\plugins\avalon-meta-plugin-*
- [YOUR-MAVEN-HOME]\plugins\merlin-plugin-*
-
-Replace the existing avalon-meta and merlin plugin jar files with the supplied
-versions. Finally, delete all *.cache files in the Maven plugin directory.
-
-You now have everything in place to start using the Merlin Tutorial or
-building you own components. If you have any problems, please subscribe
-and post a message to users@avalon.apache.org.
-
-Special Note for JRE 1.3 and earlier.
--------------------------------------
-
-Some applications assume that XML parsing classes are available withing
-the JRE. This is not the case with JDK 1.3 and earlier. To resolve this
-you can copy the following files to the JAVAHOME/lib/ext directory or
-declare an alternative directory as a JVM argument under the
-MERLIN_JVM_OPTS environment variable, i.e. -Djava.ext.dir=someDirectory
-
- system/xml-apis/jars/xml-apis-2.0.2.jar
- system/xml-apis/jars/xmlParserAPIs-2.0.2.jar
- system/xerces/jars/xerces-2.4.0.jar
-
+
+PROJECT: Merlin @VERSION@
+====================================================================
+
+DESCRIPTION:
+------------
+
+This directory contains the merlin system installation and related
+resources.
+
+ /merlin
+ /bin
+ /config
+ /system
+ README.TXT
+ LICENSE.TXT
+ INSTALL.TXT
+ /plugins
+ @META_PLUGIN_JAR@
+ @MERLIN_PLUGIN_JAR@
+
+
+Installing Merlin.
+------------------
+
+To use Merlin command line support or the Merlin NT Service
+you will need to define the MERLIN_HOME environment
+variable for your system and include MERLIN_HOME/bin in
+your system path. The MERLIN_HOME environment variable
+should point to the merlin directory.
+
+Under Windows you can set environment variables by selecting the
+Environment Tab from the System Control Panel.
+
+Under Lunix you can do this as follows:
+
+ $ echo '
+ > # set location of merlin
+ > export MERLIN_HOME=/opt/merlin
+ > # include it in the path
+ > export PATH=$PATH:$MERLIN_HOME/bin
+ > ' >> ~/.bash_profile
+ $ source ~/.bash_profile
+
+Versions of Merlin prior to the 3.2-dev 20031210 build maintained
+a local repository of jar files under the %MERLIN_HOME%/repository
+directory. As of the 20031210 build the repository is maintained
+under AVALON_HOME which defaults to ${user.home}/.avalon. To
+override this behaviour you can either define a AVALON_HOME
+environment variable or you can add a merlin.properties file to
+${user.home} containing the "merlin.repository" property key and
+a value point to you preferred repository location.
+
+To confirm that your environment variables are correct, you
+should open a new command window and invoke the Merlin
+CLI application.
+
+Under DOS:
+
+ $ merlin -version
+
+Under Lunix:
+
+ $ merlin.sh -version
+
+The installation of Merlin is now complete, however, two plugins are
+provided with the installation supporting merlin development under the
+Maven platform. These plugins should be placed in the Maven plugin
+directory (${maven.home.local}\plugins).
+
+ [YOUR-MAVEN-HOME]\plugins\@META_PLUGIN_JAR@
+ [YOUR-MAVEN-HOME]\plugins\@MERLIN_PLUGIN_JAR@
+
+Please note that if you are upgrading an existing installation you must
+delete the following two directories:
+
+ [YOUR-MAVEN-HOME]\plugins\avalon-meta-plugin-*
+ [YOUR-MAVEN-HOME]\plugins\merlin-plugin-*
+
+Replace the existing avalon-meta and merlin plugin jar files with the supplied
+versions. Finally, delete all *.cache files in the Maven plugin directory.
+
+You now have everything in place to start using the Merlin Tutorial or
+building you own components. If you have any problems, please subscribe
+and post a message to users@avalon.apache.org.
+
+Special Note for JRE 1.3 and earlier.
+-------------------------------------
+
+Some applications assume that XML parsing classes are available withing
+the JRE. This is not the case with JDK 1.3 and earlier. To resolve this
+you can copy the following files to the JAVAHOME/lib/ext directory or
+declare an alternative directory as a JVM argument under the
+MERLIN_JVM_OPTS environment variable, i.e. -Djava.ext.dir=someDirectory
+
+ system/xml-apis/jars/xml-apis-2.0.2.jar
+ system/xml-apis/jars/xmlParserAPIs-2.0.2.jar
+ system/xerces/jars/xerces-2.4.0.jar
+
1.1 avalon/merlin/activation/impl/src/test/conf/security.policy
Index: security.policy
===================================================================
grant {
permission java.security.AllPermission;
};
1.9 +10 -2 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/AbstractTestCase.java
Index: AbstractTestCase.java
===================================================================
RCS file: /home/cvs/avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/AbstractTestCase.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- AbstractTestCase.java 19 Jan 2004 18:12:43 -0000 1.8
+++ AbstractTestCase.java 19 Jan 2004 21:47:45 -0000 1.9
@@ -86,6 +86,8 @@
protected ContainmentModel m_model;
protected SystemContext m_system;
+
+ protected boolean m_secured;
//-------------------------------------------------------
// constructor
@@ -93,12 +95,18 @@
public AbstractTestCase( )
{
- this( "data" );
+ this( "data", false );
}
public AbstractTestCase( String name )
{
+ this( name, false );
+ }
+
+ public AbstractTestCase( String name, boolean secured )
+ {
super( name );
+ m_secured = secured;
}
//-------------------------------------------------------
@@ -145,7 +153,7 @@
File local = new File( base, "repository" );
m_system =
DefaultSystemContext.createSystemContext(
- base, local, ConsoleLogger.LEVEL_INFO );
+ base, local, ConsoleLogger.LEVEL_INFO, m_secured );
m_logger = m_system.getLogger();
//
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/grant/CodeSecurityDisabledTestCase.java
Index: CodeSecurityDisabledTestCase.java
===================================================================
/*
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2002 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Jakarta", "Apache Avalon", "Avalon Framework" and
"Apache Software Foundation" must not be used to endorse or promote
products derived from this software without prior written
permission. For written permission, please contact apache@apache.org.
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation. For more information on the
Apache Software Foundation, please see <http://www.apache.org/>.
*/
package org.apache.avalon.activation.appliance.grant;
import org.apache.avalon.activation.appliance.Appliance;
import org.apache.avalon.activation.appliance.Block;
import org.apache.avalon.activation.appliance.impl.DefaultBlock;
import org.apache.avalon.activation.appliance.AbstractTestCase;
import org.apache.avalon.util.exception.ExceptionHelper;
import org.apache.avalon.activation.appliance.grant.components.TestService;
public class CodeSecurityDisabledTestCase extends AbstractTestCase
{
//-------------------------------------------------------
// constructor
//-------------------------------------------------------
public CodeSecurityDisabledTestCase( )
{
this( "secure" );
}
public CodeSecurityDisabledTestCase( String name )
{
super( name, false );
}
//-------------------------------------------------------
// setup
//-------------------------------------------------------
/**
* Setup the model using a source balock in the conf
* directory.
* @exception Exception if things don't work out
*/
public void setUp() throws Exception
{
super.setUp( "secure.xml" );
}
//-------------------------------------------------------
// test
//-------------------------------------------------------
/**
* Create, assembly, deploy and decommission the block
* defined by getPath().
*/
public void testCodeSecurity() throws Exception
{
TestService test = setupTestService();
try
{
test.doPrimary(); // test something in component
}
catch( Throwable e )
{
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
test.doSecondary(); // test something in component
}
catch( Throwable e )
{
final String error = "CodeSecurityTest secondary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
}
private TestService setupTestService() throws Exception
{
m_model.assemble();
Block block = new DefaultBlock( m_model );
block.deploy();
Appliance appliance = block.locate( "/test" );
Object test = appliance.resolve();
return (TestService) appliance.resolve();
}
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/appliance/grant/CodeSecurityEnabledTestCase.java
Index: CodeSecurityEnabledTestCase.java
===================================================================
/*
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2002 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Jakarta", "Apache Avalon", "Avalon Framework" and
"Apache Software Foundation" must not be used to endorse or promote
products derived from this software without prior written
permission. For written permission, please contact apache@apache.org.
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation. For more information on the
Apache Software Foundation, please see <http://www.apache.org/>.
*/
package org.apache.avalon.activation.appliance.grant;
import org.apache.avalon.activation.appliance.Appliance;
import org.apache.avalon.activation.appliance.Block;
import org.apache.avalon.activation.appliance.impl.DefaultBlock;
import org.apache.avalon.activation.appliance.AbstractTestCase;
import org.apache.avalon.util.exception.ExceptionHelper;
import org.apache.avalon.activation.appliance.grant.components.TestService;
public class CodeSecurityEnabledTestCase extends AbstractTestCase
{
//-------------------------------------------------------
// constructor
//-------------------------------------------------------
public CodeSecurityEnabledTestCase( )
{
this( "secure" );
}
public CodeSecurityEnabledTestCase( String name )
{
super( name, true );
}
//-------------------------------------------------------
// setup
//-------------------------------------------------------
/**
* Setup the model using a source balock in the conf
* directory.
* @exception Exception if things don't work out
*/
public void setUp() throws Exception
{
super.setUp( "secure.xml" );
}
//-------------------------------------------------------
// test
//-------------------------------------------------------
/**
* Create, assembly, deploy and decommission the block
* defined by getPath().
*/
public void testInterfaceMethods() throws Exception
{
TestService test = setupTestService();
try
{
test.doPrimary(); // test something in component
fail( "CodeSecurityTest primary failure: This operation should not be allowed." );
}
catch( Exception e )
{
// ignore, expected
}
try
{
test.doSecondary(); // test something in component
fail( "CodeSecurityTest secondary failure: This operation should not be allowed." );
}
catch( Exception e )
{
// ignore, expected
}
}
private TestService setupTestService() throws Exception
{
m_model.assemble();
Block block = new DefaultBlock( m_model );
block.deploy();
Appliance appliance = block.locate( "/test" );
Object test = appliance.resolve();
return (TestService) appliance.resolve();
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@avalon.apache.org
For additional commands, e-mail: cvs-help@avalon.apache.org