265 lines
10 KiB
Java
Raw Normal View History

/*
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
2007-12-01 00:00:00 +00:00
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
2007-12-01 00:00:00 +00:00
*/
2007-12-01 00:00:00 +00:00
/* @test
* @bug 4179055
* @summary Some java apps need to have access to read "accessClassInPackage.sun.rmi.server"
* @author Laird Dornin
*
* @library ../../../testlibrary
* @modules java.base/sun.security.provider
* java.rmi/sun.rmi.registry
* java.rmi/sun.rmi.server
* java.rmi/sun.rmi.transport
* java.rmi/sun.rmi.transport.tcp
* java.base/sun.nio.ch
* @build TestLibrary RMID ActivationLibrary RMIDSelectorProvider
* CanCreateStubs StubClassesPermitted_Stub
* @run main/othervm/java.security.policy=security.policy/secure=java.lang.SecurityManager/timeout=240 StubClassesPermitted
2007-12-01 00:00:00 +00:00
*/
8142968: Module System implementation Initial integration of JEP 200, JEP 260, JEP 261, and JEP 282 Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Chris Hegarty <chris.hegarty@oracle.com> Co-authored-by: Alexandr Scherbatiy <alexandr.scherbatiy@oracle.com> Co-authored-by: Amy Lu <amy.lu@oracle.com> Co-authored-by: Calvin Cheung <calvin.cheung@oracle.com> Co-authored-by: Daniel Fuchs <daniel.fuchs@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: Harold Seigel <harold.seigel@oracle.com> Co-authored-by: Jaroslav Bachorik <jaroslav.bachorik@oracle.com> Co-authored-by: Jean-Francois Denise <jean-francois.denise@oracle.com> Co-authored-by: Jan Lahoda <jan.lahoda@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Lois Foltan <lois.foltan@oracle.com> Co-authored-by: Miroslav Kos <miroslav.kos@oracle.com> Co-authored-by: Huaming Li <huaming.li@oracle.com> Co-authored-by: Sean Mullan <sean.mullan@oracle.com> Co-authored-by: Naoto Sato <naoto.sato@oracle.com> Co-authored-by: Masayoshi Okutsu <masayoshi.okutsu@oracle.com> Co-authored-by: Peter Levart <peter.levart@gmail.com> Co-authored-by: Philip Race <philip.race@oracle.com> Co-authored-by: Claes Redestad <claes.redestad@oracle.com> Co-authored-by: Sergey Bylokhov <sergey.bylokhov@oracle.com> Co-authored-by: Alexandre Iline <alexandre.iline@oracle.com> Co-authored-by: Volker Simonis <volker.simonis@gmail.com> Co-authored-by: Staffan Larsen <staffan.larsen@oracle.com> Co-authored-by: Stuart Marks <stuart.marks@oracle.com> Co-authored-by: Semyon Sadetsky <semyon.sadetsky@oracle.com> Co-authored-by: Serguei Spitsyn <serguei.spitsyn@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Co-authored-by: Valerie Peng <valerie.peng@oracle.com> Co-authored-by: Vincent Ryan <vincent.x.ryan@oracle.com> Co-authored-by: Weijun Wang <weijun.wang@oracle.com> Co-authored-by: Yuri Nesterenko <yuri.nesterenko@oracle.com> Co-authored-by: Yekaterina Kantserova <yekaterina.kantserova@oracle.com> Co-authored-by: Alexander Kulyakthin <alexander.kulyakhtin@oracle.com> Co-authored-by: Felix Yang <felix.yang@oracle.com> Co-authored-by: Andrei Eremeev <andrei.eremeev@oracle.com> Co-authored-by: Frank Yuan <frank.yuan@oracle.com> Co-authored-by: Sergei Pikalev <sergei.pikalev@oracle.com> Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com> Co-authored-by: Tiantian Du <tiantian.du@oracle.com> Co-authored-by: Sha Jiang <sha.jiang@oracle.com> Reviewed-by: alanb, mchung, naoto, rriggs, psandoz, plevart, mullan, ascarpino, vinnie, prr, sherman, dfuchs, mhaupt
2016-03-17 19:04:16 +00:00
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.rmi.MarshalledObject;
import java.rmi.RemoteException;
import java.rmi.activation.Activatable;
import java.rmi.activation.ActivationDesc;
import java.rmi.activation.ActivationGroup;
import java.rmi.activation.ActivationGroupDesc;
import java.rmi.activation.ActivationGroupDesc.CommandEnvironment;
import java.rmi.activation.ActivationGroupID;
import java.rmi.activation.ActivationID;
import java.rmi.activation.ActivationSystem;
2007-12-01 00:00:00 +00:00
import java.rmi.registry.Registry;
import java.util.Properties;
/**
* The RMI activation system needs to explicitly allow itself to
* create the following sun.* classes on behalf of code that runs with
* user privileges and needs to make use of RMI activation:
*
* sun.rmi.server.Activation$ActivationMonitorImpl_Stub
* sun.rmi.server.Activation$ActivationSystemImpl_Stub
* sun.rmi.registry.RegistryImpl_Stub
*
* The test causes the activation system to need to create each of
* these classes in turn. The test will fail if the activation system
* does not allow these classes to be created.
2007-12-01 00:00:00 +00:00
*/
public class StubClassesPermitted
extends Activatable implements Runnable, CanCreateStubs
{
public static boolean sameGroup = false;
private static int registryPort = -1;
2007-12-01 00:00:00 +00:00
private static CanCreateStubs canCreateStubs = null;
private static Registry registry = null;
public static void main(String args[]) {
sameGroup = true;
RMID rmid = null;
System.err.println("\nRegression test for bug/rfe 4179055\n");
try {
TestLibrary.suggestSecurityManager("java.lang.SecurityManager");
registry = TestLibrary.createRegistryOnUnusedPort();
registryPort = TestLibrary.getRegistryPort(registry);
// must run with java.lang.SecurityManager or the test
// result will be nullified if running with a build where
// 4180392 has not been fixed.
String smClassName =
System.getSecurityManager().getClass().getName();
if (!smClassName.equals("java.lang.SecurityManager")) {
TestLibrary.bomb("Test must run with java.lang.SecurityManager");
}
// start an rmid.
RMID.removeLog();
rmid = RMID.createRMIDOnEphemeralPort();
rmid.start();
//rmid.addOptions(new String[] {"-C-Djava.rmi.server.logCalls=true"});
// Ensure that activation groups run with the correct
// security manager.
//
Properties p = new Properties();
p.put("java.security.policy",
TestParams.defaultGroupPolicy);
p.put("java.security.manager",
"java.lang.SecurityManager");
// This action causes the following classes to be created
// in this VM (RMI must permit the creation of these classes):
//
// sun.rmi.server.Activation$ActivationSystemImpl_Stub
// sun.rmi.server.Activation$ActivationMonitorImpl_Stub
//
System.err.println("Create activation group, in a new VM");
8142968: Module System implementation Initial integration of JEP 200, JEP 260, JEP 261, and JEP 282 Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Chris Hegarty <chris.hegarty@oracle.com> Co-authored-by: Alexandr Scherbatiy <alexandr.scherbatiy@oracle.com> Co-authored-by: Amy Lu <amy.lu@oracle.com> Co-authored-by: Calvin Cheung <calvin.cheung@oracle.com> Co-authored-by: Daniel Fuchs <daniel.fuchs@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: Harold Seigel <harold.seigel@oracle.com> Co-authored-by: Jaroslav Bachorik <jaroslav.bachorik@oracle.com> Co-authored-by: Jean-Francois Denise <jean-francois.denise@oracle.com> Co-authored-by: Jan Lahoda <jan.lahoda@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Lois Foltan <lois.foltan@oracle.com> Co-authored-by: Miroslav Kos <miroslav.kos@oracle.com> Co-authored-by: Huaming Li <huaming.li@oracle.com> Co-authored-by: Sean Mullan <sean.mullan@oracle.com> Co-authored-by: Naoto Sato <naoto.sato@oracle.com> Co-authored-by: Masayoshi Okutsu <masayoshi.okutsu@oracle.com> Co-authored-by: Peter Levart <peter.levart@gmail.com> Co-authored-by: Philip Race <philip.race@oracle.com> Co-authored-by: Claes Redestad <claes.redestad@oracle.com> Co-authored-by: Sergey Bylokhov <sergey.bylokhov@oracle.com> Co-authored-by: Alexandre Iline <alexandre.iline@oracle.com> Co-authored-by: Volker Simonis <volker.simonis@gmail.com> Co-authored-by: Staffan Larsen <staffan.larsen@oracle.com> Co-authored-by: Stuart Marks <stuart.marks@oracle.com> Co-authored-by: Semyon Sadetsky <semyon.sadetsky@oracle.com> Co-authored-by: Serguei Spitsyn <serguei.spitsyn@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Co-authored-by: Valerie Peng <valerie.peng@oracle.com> Co-authored-by: Vincent Ryan <vincent.x.ryan@oracle.com> Co-authored-by: Weijun Wang <weijun.wang@oracle.com> Co-authored-by: Yuri Nesterenko <yuri.nesterenko@oracle.com> Co-authored-by: Yekaterina Kantserova <yekaterina.kantserova@oracle.com> Co-authored-by: Alexander Kulyakthin <alexander.kulyakhtin@oracle.com> Co-authored-by: Felix Yang <felix.yang@oracle.com> Co-authored-by: Andrei Eremeev <andrei.eremeev@oracle.com> Co-authored-by: Frank Yuan <frank.yuan@oracle.com> Co-authored-by: Sergei Pikalev <sergei.pikalev@oracle.com> Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com> Co-authored-by: Tiantian Du <tiantian.du@oracle.com> Co-authored-by: Sha Jiang <sha.jiang@oracle.com> Reviewed-by: alanb, mchung, naoto, rriggs, psandoz, plevart, mullan, ascarpino, vinnie, prr, sherman, dfuchs, mhaupt
2016-03-17 19:04:16 +00:00
CommandEnvironment cmd = new ActivationGroupDesc.CommandEnvironment(null,
new String[] {
"--add-exports=java.base/sun.security.provider=ALL-UNNAMED",
"--add-exports=java.rmi/sun.rmi.registry=ALL-UNNAMED",
"--add-exports=java.rmi/sun.rmi.server=ALL-UNNAMED",
"--add-exports=java.rmi/sun.rmi.transport=ALL-UNNAMED",
"--add-exports=java.rmi/sun.rmi.transport.tcp=ALL-UNNAMED" });
8142968: Module System implementation Initial integration of JEP 200, JEP 260, JEP 261, and JEP 282 Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Chris Hegarty <chris.hegarty@oracle.com> Co-authored-by: Alexandr Scherbatiy <alexandr.scherbatiy@oracle.com> Co-authored-by: Amy Lu <amy.lu@oracle.com> Co-authored-by: Calvin Cheung <calvin.cheung@oracle.com> Co-authored-by: Daniel Fuchs <daniel.fuchs@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: Harold Seigel <harold.seigel@oracle.com> Co-authored-by: Jaroslav Bachorik <jaroslav.bachorik@oracle.com> Co-authored-by: Jean-Francois Denise <jean-francois.denise@oracle.com> Co-authored-by: Jan Lahoda <jan.lahoda@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Lois Foltan <lois.foltan@oracle.com> Co-authored-by: Miroslav Kos <miroslav.kos@oracle.com> Co-authored-by: Huaming Li <huaming.li@oracle.com> Co-authored-by: Sean Mullan <sean.mullan@oracle.com> Co-authored-by: Naoto Sato <naoto.sato@oracle.com> Co-authored-by: Masayoshi Okutsu <masayoshi.okutsu@oracle.com> Co-authored-by: Peter Levart <peter.levart@gmail.com> Co-authored-by: Philip Race <philip.race@oracle.com> Co-authored-by: Claes Redestad <claes.redestad@oracle.com> Co-authored-by: Sergey Bylokhov <sergey.bylokhov@oracle.com> Co-authored-by: Alexandre Iline <alexandre.iline@oracle.com> Co-authored-by: Volker Simonis <volker.simonis@gmail.com> Co-authored-by: Staffan Larsen <staffan.larsen@oracle.com> Co-authored-by: Stuart Marks <stuart.marks@oracle.com> Co-authored-by: Semyon Sadetsky <semyon.sadetsky@oracle.com> Co-authored-by: Serguei Spitsyn <serguei.spitsyn@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Co-authored-by: Valerie Peng <valerie.peng@oracle.com> Co-authored-by: Vincent Ryan <vincent.x.ryan@oracle.com> Co-authored-by: Weijun Wang <weijun.wang@oracle.com> Co-authored-by: Yuri Nesterenko <yuri.nesterenko@oracle.com> Co-authored-by: Yekaterina Kantserova <yekaterina.kantserova@oracle.com> Co-authored-by: Alexander Kulyakthin <alexander.kulyakhtin@oracle.com> Co-authored-by: Felix Yang <felix.yang@oracle.com> Co-authored-by: Andrei Eremeev <andrei.eremeev@oracle.com> Co-authored-by: Frank Yuan <frank.yuan@oracle.com> Co-authored-by: Sergei Pikalev <sergei.pikalev@oracle.com> Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com> Co-authored-by: Tiantian Du <tiantian.du@oracle.com> Co-authored-by: Sha Jiang <sha.jiang@oracle.com> Reviewed-by: alanb, mchung, naoto, rriggs, psandoz, plevart, mullan, ascarpino, vinnie, prr, sherman, dfuchs, mhaupt
2016-03-17 19:04:16 +00:00
ActivationGroupDesc groupDesc =
8142968: Module System implementation Initial integration of JEP 200, JEP 260, JEP 261, and JEP 282 Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Chris Hegarty <chris.hegarty@oracle.com> Co-authored-by: Alexandr Scherbatiy <alexandr.scherbatiy@oracle.com> Co-authored-by: Amy Lu <amy.lu@oracle.com> Co-authored-by: Calvin Cheung <calvin.cheung@oracle.com> Co-authored-by: Daniel Fuchs <daniel.fuchs@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: Harold Seigel <harold.seigel@oracle.com> Co-authored-by: Jaroslav Bachorik <jaroslav.bachorik@oracle.com> Co-authored-by: Jean-Francois Denise <jean-francois.denise@oracle.com> Co-authored-by: Jan Lahoda <jan.lahoda@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Lois Foltan <lois.foltan@oracle.com> Co-authored-by: Miroslav Kos <miroslav.kos@oracle.com> Co-authored-by: Huaming Li <huaming.li@oracle.com> Co-authored-by: Sean Mullan <sean.mullan@oracle.com> Co-authored-by: Naoto Sato <naoto.sato@oracle.com> Co-authored-by: Masayoshi Okutsu <masayoshi.okutsu@oracle.com> Co-authored-by: Peter Levart <peter.levart@gmail.com> Co-authored-by: Philip Race <philip.race@oracle.com> Co-authored-by: Claes Redestad <claes.redestad@oracle.com> Co-authored-by: Sergey Bylokhov <sergey.bylokhov@oracle.com> Co-authored-by: Alexandre Iline <alexandre.iline@oracle.com> Co-authored-by: Volker Simonis <volker.simonis@gmail.com> Co-authored-by: Staffan Larsen <staffan.larsen@oracle.com> Co-authored-by: Stuart Marks <stuart.marks@oracle.com> Co-authored-by: Semyon Sadetsky <semyon.sadetsky@oracle.com> Co-authored-by: Serguei Spitsyn <serguei.spitsyn@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Co-authored-by: Valerie Peng <valerie.peng@oracle.com> Co-authored-by: Vincent Ryan <vincent.x.ryan@oracle.com> Co-authored-by: Weijun Wang <weijun.wang@oracle.com> Co-authored-by: Yuri Nesterenko <yuri.nesterenko@oracle.com> Co-authored-by: Yekaterina Kantserova <yekaterina.kantserova@oracle.com> Co-authored-by: Alexander Kulyakthin <alexander.kulyakhtin@oracle.com> Co-authored-by: Felix Yang <felix.yang@oracle.com> Co-authored-by: Andrei Eremeev <andrei.eremeev@oracle.com> Co-authored-by: Frank Yuan <frank.yuan@oracle.com> Co-authored-by: Sergei Pikalev <sergei.pikalev@oracle.com> Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com> Co-authored-by: Tiantian Du <tiantian.du@oracle.com> Co-authored-by: Sha Jiang <sha.jiang@oracle.com> Reviewed-by: alanb, mchung, naoto, rriggs, psandoz, plevart, mullan, ascarpino, vinnie, prr, sherman, dfuchs, mhaupt
2016-03-17 19:04:16 +00:00
new ActivationGroupDesc(p, cmd);
ActivationSystem system = ActivationGroup.getSystem();
ActivationGroupID groupID = system.registerGroup(groupDesc);
System.err.println("register activatable");
// Fix for: 4271615: make sure activation group runs in a new VM
ActivationDesc desc = new ActivationDesc
(groupID, "StubClassesPermitted", null, null);
canCreateStubs = (CanCreateStubs) Activatable.register(desc);
// ensure registry stub can be passed in a remote call
System.err.println("getting the registry");
registry = canCreateStubs.getRegistry();
// make sure a client cant load just any sun.* class, just
// as a sanity check, try to create a class we are not
// allowed to access but which was passed in a remote call
try {
System.err.println("accessing forbidden class");
Object secureRandom = canCreateStubs.getForbiddenClass();
TestLibrary.bomb("test allowed to access forbidden class," +
" sun.security.provider.SecureRandom");
} catch (java.security.AccessControlException e) {
// Make sure we received a *local* AccessControlException
ByteArrayOutputStream bout = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bout);
e.printStackTrace(ps);
ps.flush();
String trace = new String(bout.toByteArray());
if ((trace.indexOf("exceptionReceivedFromServer") >= 0) ||
trace.equals(""))
2007-12-01 00:00:00 +00:00
{
throw e;
}
System.err.println("received expected local access control exception");
}
// make sure that an ActivationGroupID can be passed in a
// remote call; this is slightly more inclusive than
// just passing a reference to the activation system
System.err.println("returning group desc");
canCreateStubs.returnGroupID();
// Clean up object
System.err.println
("Deactivate object via method call");
canCreateStubs.shutdown();
System.err.println
("\nsuccess: StubClassesPermitted test passed ");
} catch (Exception e) {
TestLibrary.bomb("\nfailure: unexpected exception ", e);
} finally {
try {
Thread.sleep(4000);
} catch (InterruptedException e) {
}
canCreateStubs = null;
rmid.cleanup();
System.err.println("rmid shut down");
}
2007-12-01 00:00:00 +00:00
}
2007-12-01 00:00:00 +00:00
static ActivationGroupID GroupID = null;
/**
* implementation of CanCreateStubs
2007-12-01 00:00:00 +00:00
*/
public StubClassesPermitted
(ActivationID id, MarshalledObject mo) throws RemoteException
2007-12-01 00:00:00 +00:00
{
// register/export anonymously
super(id, 0);
2007-12-01 00:00:00 +00:00
// obtain reference to the test registry
registry = java.rmi.registry.LocateRegistry.
getRegistry(registryPort);
2007-12-01 00:00:00 +00:00
}
2007-12-01 00:00:00 +00:00
/**
* Spawns a thread to deactivate the object.
*/
public void shutdown() throws Exception {
(new Thread(this,"StubClassesPermitted")).start();
2007-12-01 00:00:00 +00:00
}
/**
* Thread to deactivate object. First attempts to make object
* inactive (via the inactive method). If that fails (the
* object may still have pending/executing calls), then
* unexport the object forcibly.
*/
public void run() {
ActivationLibrary.deactivate(this, getID());
2007-12-01 00:00:00 +00:00
}
/**
* Return a reference to the RMI registry, to make sure that
* the stub for it can be deserialized in the test client VM.
*/
public Registry getRegistry() throws RemoteException {
if (sameGroup) {
System.out.println("in same group");
} else {
System.out.println("not in same group");
}
return registry;
2007-12-01 00:00:00 +00:00
}
/**
* Remote call to create and return a random serializable sun.*
* class, the test should get a local security exception when
* trying to create the class. Ensure that not all sun.* classes
* can be resolved in a remote call.
*/
public Object getForbiddenClass() throws RemoteException {
System.err.println("creating sun class");
return new sun.security.provider.SecureRandom();
2007-12-01 00:00:00 +00:00
}
/**
* Ensures that an activation group id can be passed in a remote
* call (class may contain a remote reference to the activation
* system implementation).
*/
public ActivationGroupID returnGroupID() throws RemoteException {
return ActivationGroup.currentGroupID();
2007-12-01 00:00:00 +00:00
}
}