Mercurial > hg > jdk9-shenandoah > jaxp
view test/javax/xml/jaxp/unittest/transform/SecureProcessingTest.java @ 779:2b61bfcaa586
8132660: Change jaxp unit test package name to be different with jaxp api
Reviewed-by: joehw
Contributed-by: frank.yuan@oracle.com
| author | joehw |
|---|---|
| date | Mon, 10 Aug 2015 09:52:32 -0700 |
| parents | |
| children |
line wrap: on
line source
/* * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package transform; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; import javax.xml.transform.stream.StreamResult; import javax.xml.transform.stream.StreamSource; import org.testng.Assert; import org.testng.annotations.Test; import org.w3c.dom.Document; import org.xml.sax.SAXException; /* * @summary Test XSLT shall report TransformerException for unsafe xsl when FEATURE_SECURE_PROCESSING is true. */ public class SecureProcessingTest { static boolean _isSecureMode = false; static { if (System.getSecurityManager() != null) { _isSecureMode = true; System.out.println("Security Manager is present"); } else { System.out.println("Security Manager is NOT present"); } } @Test public final void testSecureProcessing() { // SECURE_PROCESSING == false // the style sheet InputStream xslStream = this.getClass().getResourceAsStream("SecureProcessingTest.xsl"); StreamSource xslSource = new StreamSource(xslStream); // the xml source InputStream xmlStream = this.getClass().getResourceAsStream("SecureProcessingTest.xml"); StreamSource xmlSource = new StreamSource(xmlStream); // the xml result StringWriter xmlResultString = new StringWriter(); StreamResult xmlResultStream = new StreamResult(xmlResultString); // the transformer TransformerFactory transformerFactory = null; Transformer transformer = null; // transform with a non-secure Transformer // expect success String xmlResult; if (!_isSecureMode) { // jaxp secure feature can not be turned off when // security manager is present try { transformerFactory = TransformerFactory.newInstance(); transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false); transformer = transformerFactory.newTransformer(xslSource); transformer.transform(xmlSource, xmlResultStream); } catch (TransformerConfigurationException ex) { ex.printStackTrace(); Assert.fail(ex.toString()); } catch (TransformerException ex) { ex.printStackTrace(); Assert.fail(ex.toString()); } // expected success // and the result is ... xmlResult = xmlResultString.toString(); System.out.println("Transformation result (SECURE_PROCESSING == false) = \"" + xmlResult + "\""); } // now do same transformation but with SECURE_PROCESSING == true // expect Exception boolean exceptionCaught = false; // the style sheet xslStream = this.getClass().getResourceAsStream("SecureProcessingTest.xsl"); xslSource = new StreamSource(xslStream); // the xml source xmlStream = this.getClass().getResourceAsStream("SecureProcessingTest.xml"); xmlSource = new StreamSource(xmlStream); // the xml result xmlResultString = new StringWriter(); xmlResultStream = new StreamResult(xmlResultString); // the transformer transformerFactory = null; transformer = null; // transform with a secure Transformer try { transformerFactory = TransformerFactory.newInstance(); transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); transformer = transformerFactory.newTransformer(xslSource); transformer.transform(xmlSource, xmlResultStream); } catch (TransformerConfigurationException ex) { ex.printStackTrace(); Assert.fail(ex.toString()); } catch (TransformerException ex) { // expected failure System.out.println("expected failure: " + ex.toString()); ex.printStackTrace(System.out); exceptionCaught = true; } // unexpected success? if (!exceptionCaught) { // and the result is ... xmlResult = xmlResultString.toString(); System.err.println("Transformation result (SECURE_PROCESSING == true) = \"" + xmlResult + "\""); Assert.fail("SECURITY_PROCESSING == true, expected failure but got result: \"" + xmlResult + "\""); } } }