Adding secureMode servlet checker to demo and the granting permissions to jetty.policy file

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@756 7e9141cc-0065-0410-87d8-b60c137991c4
2009-08-24 17:19:59 +00:00 · 2009-08-24 17:19:59 +00:00 · 1bffa7e0ca
parent e06d6b979a
commit 1bffa7e0ca
4 changed files with 201 additions and 19 deletions
--- a/jetty-policy/src/main/config/lib/policy/jetty.policy
+++ b/jetty-policy/src/main/config/lib/policy/jetty.policy
@ -123,6 +123,10 @@ grant codeBase "file:${jetty.home}/lib/-" {
   
    // jsp support   
   permission java.net.SocketPermission "java.sun.com:80", "connect,resolve";
+   
+   // TEST WEBAPP PERMISSIONS
+   permission java.util.PropertyPermission "__ALLOWED_READ_PROPERTY", "read";   
+   permission java.util.PropertyPermission "__ALLOWED_WRITE_PROPERTY", "read, write";
 	 
 };

@ -138,7 +142,11 @@ grant codeBase "file:${java.io.tmpdir}/-" {
   permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read";
   permission java.util.PropertyPermission "org.eclipse.jetty.util.log.class", "read";   
   permission java.util.PropertyPermission "org.eclipse.jetty.util.log.IGNORED", "read";   
-   permission java.util.PropertyPermission "org.eclipse.jetty.util.log.stderr.DEBUG", "read";  
+   permission java.util.PropertyPermission "org.eclipse.jetty.util.log.stderr.DEBUG", "read";
+   
+   // TEST WEBAPP PERMISSIONS
+   permission java.util.PropertyPermission "__ALLOWED_READ_PROPERTY", "read";   
+   permission java.util.PropertyPermission "__ALLOWED_WRITE_PROPERTY", "read, write";  
 };

 //
--- a/jetty-policy/src/main/java/org/eclipse/jetty/policy/JettyPolicy.java
+++ b/jetty-policy/src/main/java/org/eclipse/jetty/policy/JettyPolicy.java
@ -216,6 +216,7 @@ public class JettyPolicy extends Policy
        }
    }

+    @Override
    public boolean implies(ProtectionDomain domain, Permission permission) {
        PermissionCollection pc;

@ -227,7 +228,7 @@ public class JettyPolicy extends Policy
        }

        synchronized (_cache) {
-            pc = (PermissionCollection)_cache.get(domain);
+            pc = _cache.get(domain);
        }

        if (pc != null) {
@ -247,6 +248,7 @@ public class JettyPolicy extends Policy
        return pc.implies(permission);
    }
    
+
    private static boolean validate(Principal[] permCerts, Principal[] classCerts)
    {
        if (classCerts == null)
@ -285,6 +287,12 @@ public class JettyPolicy extends Policy
            {
                initialize();
            }
+            
+            for (Iterator<Object> i = _cache.keySet().iterator(); i.hasNext();)
+            {
+                System.out.println(i.next().toString());
+            }
+            

            if (__DEBUG)
            {
@ -304,27 +312,11 @@ public class JettyPolicy extends Policy
            {
                _grants.clear();
                _grants.addAll(clean);
-
-                //for (Iterator<PermissionCollection> i = _cache.values().iterator(); i.hasNext();)
-                //{
-                //    i.next().toString();
-                //}
-
                _cache.clear();
            }

            if (__DEBUG)
            {
-                // System.setSecurityManager(null);
-                // Policy.setPolicy(null);
-                // Policy.setPolicy(this);
-                // System.setSecurityManager(new SecurityManager());
-
-                // System.setSecurityManager(null);
-                // Policy.setPolicy(null);
-                // Policy.setPolicy(this);
-                // System.setSecurityManager(new SecurityManager());
-
                System.out.println("finished reloading policies");
            }

@ -347,7 +339,7 @@ public class JettyPolicy extends Policy
            return;
        }

-        List scanDirs = new ArrayList();
+        List<File> scanDirs = new ArrayList<File>();

        for (Iterator<String> i = _policies.iterator(); i.hasNext();)
        {
--- a/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
+++ b/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
@ -0,0 +1,169 @@
+// ========================================================================
+// Copyright (c) 1996-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at 
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses. 
+// ========================================================================
+
+package com.acme;
+import java.io.IOException;
+import java.io.PrintStream;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.SingleThreadModel;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+/* ------------------------------------------------------------ */
+/** Dump Servlet Request.
+ * 
+ */
+public class SecureModeServlet extends HttpServlet implements SingleThreadModel
+{
+    /* ------------------------------------------------------------ */
+    @Override
+    public void init(ServletConfig config) throws ServletException
+    {
+    	super.init(config);
+    }
+
+    /* ------------------------------------------------------------ */
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+    {
+        doGet(request, response);
+    }
+
+    /* ------------------------------------------------------------ */
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+    {
+         
+        response.setContentType("text/html");
+        ServletOutputStream out = response.getOutputStream();
+        out.println("<html>");
+        out.println("  <title>Secure Jetty Test Webapp</title>");
+        out.println("    <h1>Checking Properties</h1>");
+
+        /*
+         * test the reading and writing of a read only permission
+         */
+        out.println("    <h3>Declared Property - read</h3>");
+        out.println("      <p>");
+        try
+        {
+            out.println("check read permission for __ALLOWED_READ_PROPERTY <br/>");
+            String value = System.getProperty("__ALLOWED_READ_PROPERTY");
+            out.println("status: <b>SUCCESS - expected</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - unexpected</b><br/>");
+            out.println("<table><tr><td>");
+            e.printStackTrace(new PrintStream(out));
+            out.println("</td></tr></table>");
+        }
+        try
+        {
+            out.println("check write permission for __ALLOWED_READ_PROPERTY<br/>");
+            System.setProperty("__ALLOWED_READ_PROPERTY","SUCCESS - unexpected");
+            String value = System.getProperty("__ALLOWED_READ_PROPERTY");
+            out.println("status: <b>" + value + "</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - expected</b><br/>");
+        }
+
+        out.println("      </p><br/><br/>");
+        
+        /*
+         * test the reading and writing of a read/write permission
+         */
+        out.println("    <h3>Declared Property - read/write</h3>");
+        out.println("      <p>");
+        try
+        {
+            out.println("check read permission for __ALLOWED_WRITE_PROPERTY<br/>");
+            String value = System.getProperty("__ALLOWED_WRITE_PROPERTY");
+            out.println("Status: <b>SUCCESS - expected</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - unexpected</b><br/>");
+            out.println("<table><tr><td>");
+            e.printStackTrace(new PrintStream(out));
+            out.println("</td></tr></table>");
+        }
+        try
+        {
+            out.println("check write permission for __ALLOWED_WRITE_PROPERTY<br/>");
+            System.setProperty("__ALLOWED_WRITE_PROPERTY","SUCCESS - expected");
+            String value = System.getProperty("__ALLOWED_WRITE_PROPERTY");
+            out.println("status: <b>" + value + "</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - unexpected</b><br/>");
+            out.println("<table><tr><td>");
+            e.printStackTrace(new PrintStream(out));
+            out.println("</td></tr></table>");
+        }
+
+        out.println("      </p><br/><br/>");
+
+        /*
+         * test the reading and writing of an undeclared property
+         */
+        out.println("    <h3>checking forbidden properties</h3>");
+        out.println("      <p>");
+        try
+        {
+            out.println("check read permission for __UNDECLARED_PROPERTY: <br/>");
+            String value = System.getProperty("__UNDECLARED_PROPERTY");
+            out.println("status: <b>SUCCESS - expected</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - expected</b><br/>");
+        }
+        try
+        {
+            out.println("check write permission for __UNDECLARED_PROPERTY: <br/>");
+            System.setProperty("__UNDECLARED_PROPERTY","SUCCESS - unexpected");
+            String value = System.getProperty("__UNDECLARED_PROPERTY");
+            out.println("status: <b>" + value + "</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - expected</b><br/>");
+        }
+
+        out.println("      </p><br/><br/>");
+        out.println("</html>");
+        out.flush();
+        
+        try
+        {
+            Thread.sleep(200);
+        }
+        catch (InterruptedException e)
+        {
+            getServletContext().log("exception",e);
+        }
+    }
+
+    
+ 
+    
+}
--- a/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
@ -176,6 +176,19 @@
    <url-pattern>/chat/*</url-pattern>
  </servlet-mapping>
  
+  
+  <servlet>
+    <servlet-name>SecureMode</servlet-name>
+    <servlet-class>com.acme.SecureModeServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+
+  <servlet-mapping>
+    <servlet-name>SecureMode</servlet-name>
+    <url-pattern>/secureMode/*</url-pattern>
+  </servlet-mapping>
+  
+  
  <servlet>
    <servlet-name>TransparentProxy</servlet-name>
    <servlet-class>org.eclipse.jetty.servlets.ProxyServlet$Transparent</servlet-class>