[JBEAP-10146] added permissions to testcases

resteasy · Jul 26, 2017 · cac2886 · cac2886
1 parent 2a6135e
commit cac2886
Show file tree

Hide file tree

Showing 17 changed files with 340 additions and 49 deletions.
diff --git a/...t/java/org/jboss/resteasy/test/spring/deployment/AddSpringResteasyAsResourceRootTest.java b/...t/java/org/jboss/resteasy/test/spring/deployment/AddSpringResteasyAsResourceRootTest.java
@@ -1,8 +1,13 @@
 package org.jboss.resteasy.test.spring.deployment;
 
 import java.io.File;
+import java.io.FilePermission;
 import java.io.IOException;
+import java.lang.reflect.ReflectPermission;
 import java.nio.charset.StandardCharsets;
+import java.security.SecurityPermission;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
 
 import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
@@ -19,6 +24,7 @@
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.resteasy.plugins.spring.SpringContextLoaderListener;
 import org.jboss.resteasy.test.spring.deployment.resource.TestResource;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.PortProviderUtil;
 import org.jboss.resteasy.utils.TestUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
@@ -77,6 +83,18 @@ private static WebArchive createDeploymentWithSpringMvcDispatcher() {
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "mvc-dispatcher-servlet/web.xml", "web.xml")
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "mvc-dispatcher-servlet/mvc-dispatcher-servlet.xml", "mvc-dispatcher-servlet.xml")
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "mvc-dispatcher-servlet/applicationContext.xml", "applicationContext.xml");
+
+        // PropertyPermission needed for "arquillian.debug" to run
+        // remaining permissions needed to run springframework
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            //new PropertyPermission("arquillian.*", "read"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         archive.as(ZipExporter.class).exportTo(new File("target", deploymentWithSpringMvcDispatcherSpringIncluded + ".war"), true);
         return archive;
@@ -103,6 +121,14 @@ private static Archive<?> createDeploymentWithSpringContextLoaderListener() {
                 .addClass(TestResource.class)
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "web.xml", "web.xml")
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "applicationContext.xml", "applicationContext.xml");
+
+        // remaining permissions needed to run springframework
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new RuntimePermission("accessDeclaredMembers"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         archive.as(ZipExporter.class).exportTo(new File("target", deploymentWithSpringContextLoaderListenerSpringIncluded + ".war"), true);
         return archive;
@@ -130,6 +156,7 @@ private static Archive<?> createDeploymentWithoutSpringMvcDispatcherOrListener()
         WebArchive archive = TestUtil.prepareArchive(deploymentWithoutSpringMvcDispatcherOrListenerSpringIncluded);
         archive.addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "web-no-mvc-no-listener.xml", "web.xml")
                 .addAsWebInfResource(AddSpringResteasyAsResourceRootTest.class.getPackage(), "applicationContext.xml", "applicationContext.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         archive.as(ZipExporter.class).exportTo(new File("target", deploymentWithoutSpringMvcDispatcherOrListenerSpringIncluded + ".war"), true);
         return TestUtil.finishContainerPrepare(archive, null, TestResource.class);
@@ -178,53 +205,4 @@ private void assertResponse(String deploymentName) throws IOException, HttpExcep
         Assert.assertEquals("The server resource didn't send correct response", TestResource.TEST_RESPONSE, responseString);
         httpget.releaseConnection();
     }
-
-   /* private static void addSpringLibraries(WebArchive archive, String springVersion) {
-        if (springDependenciesInDeployment()) {
-            archive.addAsLibraries(resolveSpringDependencies(springVersion));
-        } else {
-            // you need to use the 'meta-inf' attribute to import the contents of meta-inf so spring can find the correct namespace handlers
-            if (isDefinedSystemProperty("use-jboss-deployment-structure")) {
-                archive.addAsManifestResource("jboss-deployment-structure.xml");
-            } else {
-                archive.addAsManifestResource(new StringAsset("Dependencies: org.springframework.spring meta-inf\n"), "MANIFEST.MF");
-            }
-        }
-    }
-
-    private static File[] resolveSpringDependencies(String springVersion) {
-        MavenUtil mavenUtil;
-        mavenUtil = MavenUtil.create(true);
-        List<File> runtimeDependencies = new ArrayList<>();
-
-        try {
-            runtimeDependencies.addAll(mavenUtil.createMavenGavRecursiveFiles("org.springframework:spring-core:" + springVersion));
-            runtimeDependencies.addAll(mavenUtil.createMavenGavRecursiveFiles("org.springframework:spring-web:" + springVersion));
-            runtimeDependencies.addAll(mavenUtil.createMavenGavRecursiveFiles("org.springframework:spring-webmvc:" + springVersion));
-        } catch (Exception e) {
-            throw new RuntimeException("Unable to get artifacts from maven via Aether library", e);
-        }
-
-        File[] dependencies = runtimeDependencies.toArray(new File []{});
-        return dependencies;
-    }
-
-    private static boolean springDependenciesInDeployment() {
-        return true;
-    }
-
-    private static String getSpringVersion() {
-        return readSystemProperty("version.org.springframework", defaultSpringVersion);
-    }
-
-    private static String readSystemProperty(String name, String defaultValue) {
-        String value = System.getProperty(name);
-        return (value == null) ? defaultValue : value;
-    }
-
-    private static boolean isDefinedSystemProperty(String name) {
-        String value = System.getProperty(name);
-        return (value != null);
-    }*/
-
 }
diff --git a/.../java/org/jboss/resteasy/test/spring/deployment/ContactsDependenciesInDeploymentTest.java b/.../java/org/jboss/resteasy/test/spring/deployment/ContactsDependenciesInDeploymentTest.java
@@ -12,6 +12,7 @@
 import org.jboss.resteasy.test.spring.deployment.resource.Contacts;
 import org.jboss.resteasy.test.spring.deployment.resource.ContactsResource;
 import org.jboss.resteasy.util.HttpHeaderNames;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.PortProviderUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
 import org.jboss.shrinkwrap.api.Archive;
@@ -21,13 +22,20 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import javax.management.MBeanPermission;
+import javax.management.MBeanServerPermission;
+import javax.management.MBeanTrustPermission;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
 
 /**
  * @tpSubChapter Spring
@@ -68,6 +76,25 @@ private static Archive<?> deploy() {
                 .addClass(ContactsDependenciesInDeploymentTest.class)
                 .addAsWebInfResource(ContactsDependenciesInDeploymentTest.class.getPackage(), "contacts/web.xml", "web.xml")
                 .addAsWebInfResource(ContactsDependenciesInDeploymentTest.class.getPackage(), "contacts/springmvc-servlet.xml", "springmvc-servlet.xml");
+
+        // spring specific permissions needed.
+        // Permission  accessClassInPackage.sun.reflect.annotation is required in order
+        // for spring to introspect annotations.  Security exception is eaten by spring
+        // and not posted via the server.
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new MBeanServerPermission("createMBeanServer"),
+            new MBeanPermission("org.springframework.context.support.LiveBeansView#-[liveBeansView:application=/ContactsDependenciesInDeploymentTest]", "registerMBean,unregisterMBean"),
+            new MBeanTrustPermission("register"),
+            new PropertyPermission("spring.liveBeansView.mbeanDomain", "read"),
+            new RuntimePermission("getenv.spring.liveBeansView.mbeanDomain"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new RuntimePermission("accessClassInPackage.sun.reflect.annotation"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         return archive;
     }

diff --git a/...org/jboss/resteasy/test/spring/deployment/ContextRefreshDependenciesInDeploymentTest.java b/...org/jboss/resteasy/test/spring/deployment/ContextRefreshDependenciesInDeploymentTest.java
@@ -6,6 +6,7 @@
 import org.jboss.resteasy.category.NotForWildFly9;
 import org.jboss.resteasy.test.spring.deployment.resource.ContextRefreshResource;
 import org.jboss.resteasy.test.spring.deployment.resource.ContextRefreshTrigger;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
 import org.jboss.shrinkwrap.api.Archive;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
@@ -15,7 +16,12 @@
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.springframework.web.context.WebApplicationContext;
+
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
 import java.util.Enumeration;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
 
 
 /**
@@ -40,6 +46,18 @@ private static Archive<?> deploy() {
                 .addClass(NotForWildFly9.class) //required as this test is not @RunAsClient annotated
                 .addAsWebInfResource(ContextRefreshDependenciesInDeploymentTest.class.getPackage(), "web.xml", "web.xml")
                 .addAsWebInfResource(ContextRefreshDependenciesInDeploymentTest.class.getPackage(), "contextRefresh/applicationContext.xml", "applicationContext.xml");
+
+        // PropertyPermission for test to run in arquillian
+        // remaining permissions needed to run springframework
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new PropertyPermission("arquillian.*", "read"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         return archive;
     }

diff --git a/...ava/org/jboss/resteasy/test/spring/deployment/JavaConfigDependenciesInDeploymentTest.java b/...ava/org/jboss/resteasy/test/spring/deployment/JavaConfigDependenciesInDeploymentTest.java
@@ -8,6 +8,7 @@
 import org.jboss.resteasy.test.spring.deployment.resource.JavaConfigResource;
 import org.jboss.resteasy.test.spring.deployment.resource.JavaConfigService;
 import org.jboss.resteasy.util.HttpResponseCodes;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.PortProviderUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
 import org.jboss.shrinkwrap.api.Archive;
@@ -20,6 +21,10 @@
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Response;
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
 
 /**
  * @tpSubChapter Spring
@@ -45,6 +50,22 @@ private static Archive<?> deploy() {
                 .addClass(JavaConfigService.class)
                 .addClass(JavaConfigBeanConfiguration.class)
                 .addAsWebInfResource(JavaConfigDependenciesInDeploymentTest.class.getPackage(), "javaConfig/web.xml", "web.xml");
+
+        // Permission needed for "arquillian.debug" to run
+        // "suppressAccessChecks" required for access to arquillian-core.jar
+        // remaining permissions needed to run springframework
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new PropertyPermission("arquillian.*", "read"),
+            new PropertyPermission("cglib.debugLocation", "read"),
+            new RuntimePermission("accessClassInPackage.sun.reflect.annotation"),
+            new RuntimePermission("getProtectionDomain"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         return archive;
     }

diff --git a/...yment/src/test/java/org/jboss/resteasy/test/spring/deployment/JaxrsWithSpringMVCTest.java b/...yment/src/test/java/org/jboss/resteasy/test/spring/deployment/JaxrsWithSpringMVCTest.java
@@ -1,7 +1,9 @@
 package org.jboss.resteasy.test.spring.deployment;
 
+import java.security.AllPermission;
 import javax.json.JsonArray;
 
+import javax.xml.ws.WebServicePermission;
 import org.apache.http.HttpEntity;
 import org.apache.http.util.EntityUtils;
 import org.jboss.arquillian.container.test.api.Deployment;
@@ -11,6 +13,7 @@
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.test.spring.deployment.resource.*;
 import org.jboss.resteasy.util.HttpResponseCodes;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.PortProviderUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
 import org.jboss.shrinkwrap.api.Archive;
@@ -21,12 +24,20 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+
+import javax.management.MBeanPermission;
+import javax.management.MBeanServerPermission;
+import javax.management.MBeanTrustPermission;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Response;
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
 import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
 
 /**
  * Test that springframework MVC works in conjuction with jaxrs Application subclass.
@@ -50,6 +61,25 @@ private static Archive<?> deploy() {
         archive.addClass(Greeting.class);
         archive.addClass(NumbersResource.class);
         archive.addClass(JaxrsApplication.class);
+
+        // spring specific permissions needed.
+        // Permission  accessClassInPackage.sun.reflect.annotation is required in order
+        // for spring to introspect annotations.  Security exception is eaten by spring
+        // and not posted via the server.
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new MBeanServerPermission("createMBeanServer"),
+            new MBeanPermission("org.springframework.context.support.LiveBeansView#-[liveBeansView:application=/JaxrsWithSpringMVCTest]", "registerMBean,unregisterMBean"),
+            new MBeanTrustPermission("register"),
+            new PropertyPermission("spring.liveBeansView.mbeanDomain", "read"),
+            new RuntimePermission("getenv.spring.liveBeansView.mbeanDomain"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new RuntimePermission("accessClassInPackage.sun.reflect.annotation"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         return archive;
     }

diff --git a/.../jboss/resteasy/test/spring/deployment/RequestScopedBeanDependenciesInDeploymentTest.java b/.../jboss/resteasy/test/spring/deployment/RequestScopedBeanDependenciesInDeploymentTest.java
@@ -12,6 +12,7 @@
 import org.jboss.resteasy.test.spring.deployment.resource.RequestScopedBeanBean;
 import org.jboss.resteasy.test.spring.deployment.resource.RequestScopedBeanTestBeanResource;
 import org.jboss.resteasy.test.spring.deployment.resource.RequestScopedBeanBeanFactoryBean;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.resteasy.utils.PortProviderUtil;
 import org.jboss.resteasy.utils.TestUtilSpring;
 import org.jboss.shrinkwrap.api.Archive;
@@ -25,6 +26,11 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
+import java.util.PropertyPermission;
+import java.util.logging.LoggingPermission;
+
 import static org.junit.Assert.assertEquals;
 
 /**
@@ -50,6 +56,19 @@ private static Archive<?> deploy() {
         archive.addClass(RequestScopedBeanBean.class);
         archive.addClass(RequestScopedBeanTestBeanResource.class);
         archive.addClass(RequestScopedBeanBeanFactoryBean.class);
+
+        // Permission needed for "arquillian.debug" to run
+        // "suppressAccessChecks" required for access to arquillian-core.jar
+        // remaining permissions needed to run springframework
+        archive.addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+            new PropertyPermission("arquillian.*", "read"),
+            new ReflectPermission("suppressAccessChecks"),
+            new RuntimePermission("accessDeclaredMembers"),
+            new RuntimePermission("getClassLoader"),
+            new FilePermission("<<ALL FILES>>", "read"),
+            new LoggingPermission("control", "")
+        ), "permissions.xml");
+
         TestUtilSpring.addSpringLibraries(archive);
         return archive;
     }