Author: skitching Date: Thu Jul 20 14:52:52 2006 New Revision: 424078 URL: http://svn.apache.org/viewvc?rev=424078&view=rev Log: Only count security exceptions before a message is actually logged, as j.u.logging does (and should) generate security exceptions.
Modified: jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java Modified: jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java?rev=424078&r1=424077&r2=424078&view=diff ============================================================================== --- jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java (original) +++ jakarta/commons/proper/logging/trunk/src/test/org/apache/commons/logging/security/SecurityTestCaseAllowed.java Thu Jul 20 14:52:52 2006 @@ -93,6 +93,19 @@ "org.apache.commons.logging.LogFactory"); Method m = c.getMethod("getLog", new Class[] {Class.class}); Log log = (Log) m.invoke(null, new Object[] {this.getClass()}); + + // Check whether we had any security exceptions so far (which were + // caught by the code). We should not, as every secure operation + // should be wrapped in an AccessController. Any security exceptions + // indicate a path that is missing an appropriate AccessController. + // + // We don't wait until after the log.info call to get this count + // because java.util.logging tries to load a resource bundle, which + // requires permission accessClassInPackage. JCL explicitly does not + // wrap calls to log methods in AccessControllers because writes to + // a log file *should* only be permitted if the original caller is + // trusted to access that file. + int untrustedCodeCount = mySecurityManager.getUntrustedCodeCount(); log.info("testing"); // check that the default map implementation was loaded, as JCL was @@ -104,7 +117,7 @@ assertNotNull(factoryTable); assertEquals(CustomHashtable.class.getName(), factoryTable.getClass().getName()); - assertEquals(0, mySecurityManager.getUntrustedCodeCount()); + assertEquals(0, untrustedCodeCount); } catch(Throwable t) { // Restore original security manager so output can be generated; the // PrintWriter constructor tries to read the line.separator --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]