Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added in some more filesystem checks, some logging checks, classloader creation, etc 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@769 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Jesse McConnell 2009-08-26 19:45:09 +00:00
parent d12ff9dbf7
commit 8f3e89e664
1 changed files with 154 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
View File

@ -16,6 +16,10 @@ package com.acme;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.PrintStream; import java.io.PrintStream;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.Calendar;
import java.util.GregorianCalendar;
import javax.servlet.ServletConfig; import javax.servlet.ServletConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@ -24,6 +28,8 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.log.Log;
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** Dump Servlet Request. /** Dump Servlet Request.
@ -57,9 +63,13 @@ public class SecureModeServlet extends HttpServlet
try try
{ {
runPropertyChecks(out); runPropertyChecks(out);
runFileSystemChecks(out); runFileSystemChecks(out);
runLoggingChecks(out);
runClassloaderChecks(out);
} }
catch (Exception e) catch (Exception e)
{ {
@ -78,6 +88,67 @@ public class SecureModeServlet extends HttpServlet
} }
} }
private void runClassloaderChecks(ServletOutputStream out) throws Exception
{
out.println(" <h1>Checking Classloader Setup</h1>");
out.println(" <p>");
String userDir = System.getProperty("user.dir");
try
{
out.println("check ability to create classloader<br/>");
URL url = new URL("http://not.going.to.work");
URLClassLoader cl = new URLClassLoader(new URL[]
{ url });
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
out.println(" </p><br/><br/>");
}
private void runLoggingChecks(ServletOutputStream out) throws Exception
{
out.println(" <h1>Checking File System</h1>");
out.println(" <p>");
String userDir = System.getProperty("user.dir");
try
{
out.println("check ability to log<br/>");
Log.info("testing logging");
out.println("status: <b>SUCCESS - expected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - unexpected</b><br/>");
out.println("<table><tr><td>");
e.printStackTrace(new PrintStream(out));
out.println("</td></tr></table>");
}
try
{
Calendar c = new GregorianCalendar();
String logFile = c.get(Calendar.YEAR) + "_" + c.get(Calendar.MONTH) + "_" + c.get(Calendar.DAY_OF_MONTH) + ".request.log";
out.println("check ability to access log file directly<br/>");
File jettyHomeFile = new File(userDir + File.separator + "logs" + File.separator + logFile);
jettyHomeFile.canRead();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
out.println(" </p><br/><br/>");
}
private void runFileSystemChecks(ServletOutputStream out) throws Exception private void runFileSystemChecks(ServletOutputStream out) throws Exception
{ {
out.println(" <h1>Checking File System</h1>"); out.println(" <h1>Checking File System</h1>");
@ -85,13 +156,12 @@ public class SecureModeServlet extends HttpServlet
/* /*
* test the reading and writing of a read only permission * test the reading and writing of a read only permission
*/ */
out.println(" <h3>Declared Read Access - $jetty.home/lib</h3>");
out.println(" <p>"); out.println(" <p>");
String userDir = System.getProperty("user.dir"); String userDir = System.getProperty("user.dir");
try try
{ {
out.println("check read for $jetty.home/lib/policy/jetty.policy <br/>"); out.println("check read for $jetty.home/lib/policy/jetty.policy<br/>");
File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy"); File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy");
jettyHomeFile.canRead(); jettyHomeFile.canRead();
@ -104,9 +174,10 @@ public class SecureModeServlet extends HttpServlet
e.printStackTrace(new PrintStream(out)); e.printStackTrace(new PrintStream(out));
out.println("</td></tr></table>"); out.println("</td></tr></table>");
} }
try try
{ {
out.println("check write permission for $jetty.home/lib/policy/test.tmpfile<br/>"); out.println("check write permission for $jetty.home/lib/policy/jetty.policy<br/>");
File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy"); File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy");
jettyHomeFile.canWrite(); jettyHomeFile.canWrite();
@ -117,6 +188,84 @@ public class SecureModeServlet extends HttpServlet
out.println("status: <b>FAILURE - expected</b><br/>"); out.println("status: <b>FAILURE - expected</b><br/>");
} }
try
{
out.println("check read permission for $jetty.home/lib<br/>");
File jettyHomeFile = new File(userDir + File.separator + "lib");
jettyHomeFile.canRead();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
try
{
out.println("check write permission for $jetty.home/lib<br/>");
File jettyHomeFile = new File(userDir + File.separator + "lib");
jettyHomeFile.canWrite();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
try
{
out.println("check read permission for $jetty.home<br/>");
File jettyHomeFile = new File(userDir + File.separator);
jettyHomeFile.canRead();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
try
{
out.println("check write permission for $jetty.home<br/>");
File jettyHomeFile = new File(userDir + File.separator);
jettyHomeFile.canWrite();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
try
{
out.println("check read permission for $jetty.home/logs<br/>");
File jettyHomeFile = new File(userDir + File.separator + "logs" + File.separator);
jettyHomeFile.canRead();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
try
{
out.println("check read permission for $jetty.home/logs<br/>");
File jettyHomeFile = new File(userDir + File.separator + "logs");
jettyHomeFile.canWrite();
out.println("status: <b>SUCCESS - unexpected</b><br/>");
}
catch (SecurityException e)
{
out.println("status: <b>FAILURE - expected</b><br/>");
}
out.println(" </p><br/><br/>"); out.println(" </p><br/><br/>");
} }