1 package net.sf.jguard.jee.authorization; 2 3 import groovy.lang.GroovyShell; 4 import groovy.security.GroovyCodeSourcePermission; 5 6 import java.security.AccessControlContext ; 7 import java.security.AccessControlException ; 8 import java.security.AccessController ; 9 import java.security.PrivilegedAction ; 10 import java.security.SecurityPermission ; 11 import java.util.HashSet ; 12 13 import net.sf.jguard.core.authorization.policy.AccessControlContextUtils; 14 import net.sf.jguard.core.principals.RolePrincipal; 15 16 import org.codehaus.groovy.control.CompilationFailedException; 17 18 import junit.framework.Assert; 19 import junit.framework.TestCase; 20 21 public class AccessControlContextTest extends TestCase { 22 23 24 27 public void getRestrictedAccessControlContext() { 28 final String scriptText = "System.exit(0);"; 29 final GroovyShell gs = new GroovyShell(); 30 AccessControlContext acc = null; 31 RolePrincipal principal = new RolePrincipal("toto","sdfsdf"); 32 principal.setPermissions(new HashSet ()); 33 principal.addPermission(new GroovyCodeSourcePermission("totos")); 34 principal.addPermission(new SecurityPermission ("createAccessControlContext")); 35 36 acc = AccessControlContextUtils.getRestrictedAccessControlContext(principal); 37 try{ 39 AccessController.doPrivileged( 40 new PrivilegedAction () { 41 public Object run() { 42 Object scriptResult = null; 43 try { 44 scriptResult = gs.evaluate(scriptText); 46 } catch (CompilationFailedException e) { 47 TestCase.fail(e.getMessage()); 48 } 49 return scriptResult; 50 } 51 },acc); 52 }catch(AccessControlException ace){ 53 System.out.println(" restricted area! OK"); 54 55 return; 56 57 } 58 59 Assert.fail(" an accessControlException should be thrown to prevent security operations done by scripting languages "); 60 } 61 62 public void testDummy(){ 63 64 } 65 } 66 | Popular Tags |