HADOOP-6452 Hadoop JSP pages don't work under a security manager

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@893490 13f79535-47bb-0310-9956-ffa450edef68
2009-12-23 12:11:51 +00:00 · 2009-12-23 12:11:51 +00:00 · cc2f077d43
parent 583c41bfac
commit cc2f077d43
2 changed files with 90 additions and 7 deletions
--- a/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
+++ b/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
@ -22,6 +22,8 @@ import java.security.PermissionCollection;
 import java.security.Policy;
 import java.security.Principal;
 import java.security.ProtectionDomain;
+import java.security.CodeSource;
+import java.security.Permissions;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@ -77,6 +79,19 @@ public class ConfiguredPolicy extends Policy implements Configurable {
    return super.implies(domain, permission);
  }

+  /**
+   * {@inheritDoc}
+   * @return a writable permission collection
+   */
+  @Override
+  public PermissionCollection getPermissions(CodeSource codesource) {
+    return new Permissions();
+  }
+
+  /**
+   * {@inheritDoc}
+   * @return a writable permission collection
+   */
  @Override
  public PermissionCollection getPermissions(ProtectionDomain domain) {
    PermissionCollection permissionCollection = super.getPermissions(domain);
@ -153,4 +168,14 @@ public class ConfiguredPolicy extends Policy implements Configurable {
      LOG.debug("Policy - Adding  " + permission + " to " + principal);
    }
  }
+
+  /**
+   * For debugging: identify ourselves and the policyproviders 
+   *
+   * @return a string representation of the object.
+   */
+  @Override
+  public String toString() {
+    return "Hadoop ConfiguredPolicy " + super.toString() + " Policy provider "+ policyProvider;
+  }
 }
--- a/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
+++ b/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
@ -17,7 +17,13 @@
 */
 package org.apache.hadoop.security.authorize;

-import java.security.Permission;
+import java.security.CodeSource;
+import java.security.CodeSigner;
+import java.security.PermissionCollection;
+import java.security.ProtectionDomain;
+import java.net.URL;
+import java.net.NetPermission;
+import java.net.MalformedURLException;

 import javax.security.auth.Subject;

@ -36,7 +42,7 @@ public class TestConfiguredPolicy extends TestCase {
  
  private static final String KEY_1 = "test.policy.1";
  private static final String KEY_2 = "test.policy.2";
-  
+
  public static class Protocol1 {
    int i;
  }
@ -55,11 +61,7 @@ public class TestConfiguredPolicy extends TestCase {
  }
  
  public void testConfiguredPolicy() throws Exception {
-    Configuration conf = new Configuration();
-    conf.set(KEY_1, AccessControlList.WILDCARD_ACL_VALUE);
-    conf.set(KEY_2, USER1 + " " + GROUPS1[0]);
-    
-    ConfiguredPolicy policy = new ConfiguredPolicy(conf, new TestPolicyProvider());
+    ConfiguredPolicy policy = createConfiguredPolicy();
    SecurityUtil.setPolicy(policy);
    
    Subject user1 = 
@ -79,4 +81,60 @@ public class TestConfiguredPolicy extends TestCase {
    }
    assertTrue(failed);
  }
+
+  /**
+   * Create a configured policy with some keys
+   * @return a new configured policy
+   */
+  private ConfiguredPolicy createConfiguredPolicy() {
+    Configuration conf = new Configuration();
+    conf.set(KEY_1, AccessControlList.WILDCARD_ACL_VALUE);
+    conf.set(KEY_2, USER1 + " " + GROUPS1[0]);
+
+    return new ConfiguredPolicy(conf, new TestPolicyProvider());
+  }
+
+  /**
+   * Create a test code source against a test URL
+   * @return a new code source
+   * @throws MalformedURLException
+   */
+  private CodeSource createCodeSource() throws MalformedURLException {
+    return new CodeSource(new URL("http://hadoop.apache.org"),
+        (CodeSigner[]) null);
+  }
+
+  /**
+   * Assert that a permission collection can have new permissions added
+   * @param permissions the collection to check
+   */
+  private void assertWritable(PermissionCollection permissions) {
+    assertFalse(permissions.isReadOnly());
+    NetPermission netPermission = new NetPermission("something");
+    permissions.add(netPermission);
+  }
+
+  /**
+   * test that the {@link PermissionCollection} returned by
+   * {@link ConfiguredPolicy#getPermissions(CodeSource)} is writeable
+   * @throws Throwable on any failure
+   */
+  public void testPolicyWritable() throws Throwable {
+    ConfiguredPolicy policy = createConfiguredPolicy();
+    CodeSource source = createCodeSource();
+    PermissionCollection permissions = policy.getPermissions(source);
+    assertWritable(permissions);
+  }
+
+  /**
+   * test that the {@link PermissionCollection} returned by
+   * {@link ConfiguredPolicy#getPermissions(CodeSource)} is writeable
+   * @throws Throwable on any failure
+   */
+  public void testProtectionDomainPolicyWritable() throws Throwable {
+    ConfiguredPolicy policy = createConfiguredPolicy();
+    CodeSource source = createCodeSource();
+    PermissionCollection permissions = policy.getPermissions(new ProtectionDomain(source, null));
+    assertWritable(permissions);
+  }
 }