Hi Frank,
I see that in order to be able to run the tests, you were forced
to add a few permissions that the test/test infrastructure need
to setup things:
107 addPermission(new SecurityPermission("getPolicy"));
108 addPermission(new SecurityPermission("setPolicy"));
109 addPermission(new RuntimePermission("getClassLoader"));
110 addPermission(new RuntimePermission("createClassLoader"));
111 addPermission(new RuntimePermission("setSecurityManager"));
112 addPermission(new RuntimePermission("createSecurityManager"));
113 addPermission(new RuntimePermission("modifyThread"));
114 addPermission(new PropertyPermission("*", "read, write"));
115 addPermission(new ReflectPermission("suppressAccessChecks"));
116 addPermission(new RuntimePermission("setIO"));
117 addPermission(new RuntimePermission("setContextClassLoader"));
118 addPermission(new RuntimePermission("accessDeclaredMembers"));
These are quite powerful permissions, and adding them by default
also means that you might miss a bug - if e.g. a doPrivileged is
missing somewhere in the JAXP code when jaxp tries to e.g. get/create
a classloader, or read a system property, you might not see
it.
I had a similar issue when writing logging test, were I wanted
to temporarily disable permission checking in the middle of a test
to perform an infrastructure configuration.
So what I did is use an ThreadLocal<AtomicBoolean> to temporarily
disable permission checking - which allows me in my tests to do things
like:
boolean before = allowAll.get().get();
allowAll.get().set(true);
try {
do something that requires a permission
} finally {
allowAll.get().set(before);
}
My implementation of Policy::implies also checks for
if (allowAll.get().get()) return true;
This allows me to control more tightly the set of permissions
I want my test to run under, while still being able to
perform any action I want to set up things without having
to give the same permission to all.
Hope this helps,
-- daniel
On 22/07/16 07:59, Frank Yuan wrote:
According to Amy's suggestion, re-generate a webrev
http://cr.openjdk.java.net/~fyuan/8067170/webrev.01/ as well as fix some issues,
please check.
Thanks
Frank
-----Original Message-----
From: Amy Lu [mailto:amy...@oracle.com]
Sent: Monday, July 18, 2016 5:42 PM
To: Frank Yuan; 'core-libs-dev'
Subject: Re: RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests
On 7/18/16 5:32 PM, Frank Yuan wrote:
Btw, I moved internaltest into unittest because it's unnecessary to separate
them.
Maybe you'd like to regenerate the webrev with hg move for those files?
Thanks,
Amy
