[162] Enable running the test suite with the security manager enabled…

…. Fixes to get the tests passing. Signed-off-by: James R. Perkins <[email protected]>
resteasy · Mar 14, 2023 · 908738b · 908738b
1 parent acbbd62
commit 908738b
Show file tree

Hide file tree

Showing 23 changed files with 196 additions and 172 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -66,14 +66,14 @@ jobs:
 
   additional-profiles:
     name: Test with ${{ matrix.profile }} - JDK ${{ matrix.java }} - WildFly ${{ matrix.wildfly-version }}
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
     timeout-minutes: 30
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, windows-latest ]
         java: [ '11', '17' ]
         profile:
+          - "'-Dsecurity.manager'"
           - "'-Dprovision.preview'"
         wildfly-version: ['27.0.1.Final']
 
@@ -93,13 +93,13 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
       # Since we need to pass the test.java.home we need different runs for Linux and Windows
-      - name: Test with Java ${{ matrix.java }} - ${{ matrix.os }} ${{ matrix.profile }}
+      - name: Test with Java ${{ matrix.java }} - ${{ matrix.profile }}
         run: |
           mvn clean install -U -B -fae ${{ matrix.profile }} -Pci '-Dversion.org.wildfly=${{ matrix.wildfly-version }}'
       - uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: surefire-reports-${{ matrix.os }}-${{ matrix.java }}
+          name: surefire-reports-${{ matrix.profile }}-${{ matrix.java }}
           path: '**/surefire-reports/*.txt'
 
   format-check:

diff --git a/...ient-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientBuilderImpl.java b/...ient-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientBuilderImpl.java
@@ -268,7 +268,7 @@ public <T> T build(Class<T> aClass, ClientHttpEngine httpEngine)
 
         builderDelegate.register(new ExceptionMapping(localProviderInstances), 1);
 
-        ClassLoader classLoader = aClass.getClassLoader();
+        ClassLoader classLoader = getClassLoader(aClass);
 
         T actualClient;
         ResteasyClient client;
@@ -427,7 +427,13 @@ private boolean useURLConnection() {
     }
 
     private Optional<InetSocketAddress> selectHttpProxy() {
-        return ProxySelector.getDefault().select(baseURI).stream()
+        final ProxySelector selector;
+        if (System.getSecurityManager() == null) {
+            selector = ProxySelector.getDefault();
+        } else {
+            selector = AccessController.doPrivileged((PrivilegedAction<ProxySelector>) ProxySelector::getDefault);
+        }
+        return selector.select(baseURI).stream()
                 .filter(proxy -> proxy.type() == java.net.Proxy.Type.HTTP)
                 .map(java.net.Proxy::address)
                 .map(InetSocketAddress.class::cast)
@@ -844,6 +850,13 @@ private static Method[] resolveMethods(final Class<?> type) {
         return type.getMethods();
     }
 
+    private static ClassLoader getClassLoader(final Class<?> type) {
+        if (System.getSecurityManager() == null) {
+            return type.getClassLoader();
+        }
+        return AccessController.doPrivileged((PrivilegedAction<ClassLoader>) type::getClassLoader);
+    }
+
     private final MpClientBuilderImpl builderDelegate;
 
     private final ConfigurationWrapper configurationWrapper;

diff --git a/...ent-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientDelegateBean.java b/...ent-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientDelegateBean.java
@@ -30,9 +30,11 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.security.AccessController;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -133,7 +135,14 @@ public Set<InjectionPoint> getInjectionPoints() {
 
     @Override
     public Object create(CreationalContext<Object> creationalContext) {
-        RestClientBuilder builder = RestClientBuilder.newBuilder();
+        RestClientBuilder builder;
+        // This can be removed once the below issue is resolved. However, for now we can handle this safely here.
+        // See https://github.com/eclipse/microprofile-rest-client/issues/353
+        if (System.getSecurityManager() == null) {
+            builder = RestClientBuilder.newBuilder();
+        } else {
+            builder = AccessController.doPrivileged((PrivilegedAction<RestClientBuilder>) RestClientBuilder::newBuilder);
+        }
 
         configureUri(builder);
 

diff --git a/...client-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientListeners.java b/...client-base/src/main/java/org/jboss/resteasy/microprofile/client/RestClientListeners.java
@@ -19,12 +19,14 @@
 
 package org.jboss.resteasy.microprofile.client;
 
-import java.util.ArrayList;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 import java.util.ServiceLoader;
 import java.util.WeakHashMap;
+import java.util.stream.Collectors;
 
 import org.eclipse.microprofile.rest.client.spi.RestClientListener;
 
@@ -41,14 +43,31 @@ private RestClientListeners() {
             .synchronizedMap(new WeakHashMap<>());
 
     public static Collection<RestClientListener> get() {
-        ClassLoader loader = Thread.currentThread().getContextClassLoader();
-        Collection<RestClientListener> c;
-        c = map.get(loader);
-        if (c == null) {
-            c = new ArrayList<>();
-            ServiceLoader.load(RestClientListener.class, loader).forEach(c::add);
-            map.put(loader, Collections.unmodifiableCollection(c));
+        ClassLoader loader = getClassLoader();
+        if (loader == null) {
+            return Collections.emptyList();
         }
-        return c;
+        final PrivilegedAction<Collection<RestClientListener>> action = () -> ServiceLoader
+                .load(RestClientListener.class, loader)
+                .stream()
+                .map(ServiceLoader.Provider::get)
+                .collect(Collectors.toUnmodifiableList());
+        return map.computeIfAbsent(loader, classLoader -> {
+            if (System.getSecurityManager() == null) {
+                return action.run();
+            }
+            return AccessController.doPrivileged(action);
+        });
+    }
+
+    private static ClassLoader getClassLoader() {
+        if (System.getSecurityManager() == null) {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+            return cl == null ? RestClientListeners.class.getClassLoader() : cl;
+        }
+        return AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+            return cl == null ? RestClientListeners.class.getClassLoader() : cl;
+        });
     }
 }
diff --git a/...se/src/main/java/org/jboss/resteasy/microprofile/client/header/ClientHeaderProviders.java b/...se/src/main/java/org/jboss/resteasy/microprofile/client/header/ClientHeaderProviders.java
@@ -20,6 +20,8 @@
 package org.jboss.resteasy.microprofile.client.header;
 
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.Optional;
 import java.util.ServiceLoader;
@@ -139,15 +141,20 @@ private static ClientHeadersFactory construct(final Class<? extends ClientHeader
     }
 
     static {
-        ServiceLoader<HeaderFillerFactory> fillerFactories = ServiceLoader.load(HeaderFillerFactory.class);
-        int highestPrio = Integer.MIN_VALUE;
-        HeaderFillerFactory result = null;
-        for (HeaderFillerFactory factory : fillerFactories) {
-            if (factory.getPriority() > highestPrio) {
-                highestPrio = factory.getPriority();
-                result = factory;
+        final PrivilegedAction<HeaderFillerFactory> action = () -> {
+            ServiceLoader<HeaderFillerFactory> fillerFactories = ServiceLoader.load(HeaderFillerFactory.class);
+            int highestPrio = Integer.MIN_VALUE;
+            HeaderFillerFactory result = null;
+            for (HeaderFillerFactory factory : fillerFactories) {
+                if (factory.getPriority() > highestPrio) {
+                    highestPrio = factory.getPriority();
+                    result = factory;
+                }
             }
-        }
+            return result;
+        };
+        final HeaderFillerFactory result = System.getSecurityManager() == null ? action.run()
+                : AccessController.doPrivileged(action);
         if (result == null) {
             throw new IllegalStateException("Unable to find a HeaderFillerFactory implementation");
         } else {

diff --git a/resteasy-microprofile-test-bom/pom.xml b/resteasy-microprofile-test-bom/pom.xml
@@ -230,6 +230,19 @@
                 </exclusions>
             </dependency>
 
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>arquillian-utils</artifactId>
+                <version>${version.org.jboss.resteasy}</version>
+                <scope>test</scope>
+                <exclusions>
+                    <exclusion>
+                        <groupId>*</groupId>
+                        <artifactId>*</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
             <dependency>
                 <groupId>org.jboss.resteasy</groupId>
                 <artifactId>resteasy-undertow</artifactId>

diff --git a/testsuite/integration-tests/pom.xml b/testsuite/integration-tests/pom.xml
@@ -47,6 +47,8 @@
         <feature.pack.groupId>org.jboss.resteasy.microprofile</feature.pack.groupId>
         <feature.pack.artifactId>galleon-feature-pack</feature.pack.artifactId>
         <feature.pack.version>${project.version}</feature.pack.version>
+
+        <jboss.arguments/>
     </properties>
 
     <dependencies>
@@ -139,6 +141,11 @@
             <artifactId>resteasy-json-p-provider</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>arquillian-utils</artifactId>
+            <scope>test</scope>
+        </dependency>
 
         <dependency>
             <groupId>org.jboss.resteasy.microprofile</groupId>
@@ -276,6 +283,17 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>security.manager</id>
+            <activation>
+                <property>
+                    <name>security.manager</name>
+                </property>
+            </activation>
+            <properties>
+                <jboss.arguments>-secmgr</jboss.arguments>
+            </properties>
+        </profile>
         <profile>
             <id>provision.preview.server</id>
             <activation>

diff --git a/...icroprofile/test/client/exception/ClientWebApplicationExceptionMicroProfileProxyTest.java b/...icroprofile/test/client/exception/ClientWebApplicationExceptionMicroProfileProxyTest.java
@@ -20,6 +20,7 @@
 package org.jboss.resteasy.microprofile.test.client.exception;
 
 import java.net.URL;
+import java.util.PropertyPermission;
 
 import jakarta.ws.rs.RedirectionException;
 import jakarta.ws.rs.WebApplicationException;
@@ -35,6 +36,7 @@
 import org.jboss.resteasy.microprofile.test.client.exception.resource.ClientWebApplicationExceptionMicroProfileProxyResource;
 import org.jboss.resteasy.microprofile.test.client.exception.resource.ClientWebApplicationExceptionProxyResourceInterface;
 import org.jboss.resteasy.microprofile.test.util.TestEnvironment;
+import org.jboss.resteasy.utils.PermissionUtil;
 import org.jboss.shrinkwrap.api.Archive;
 import org.jboss.shrinkwrap.api.asset.StringAsset;
 import org.junit.Assert;
@@ -78,7 +80,10 @@ public static Archive<?> deploy() throws Exception {
                         "       xsi:schemaLocation=\"https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd\"\n"
                         +
                         "       version=\"3.0\" bean-discovery-mode=\"all\">\n" +
-                        "</beans>"), "beans.xml");
+                        "</beans>"), "beans.xml")
+                .addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
+                        new PropertyPermission("resteasy.original.webapplicationexception.behavior", "write")),
+                        "permissions.xml");
     }
 
     @Before

diff --git a/...ava/org/jboss/resteasy/microprofile/test/config/ConfigSourceDefaultOrdinalFilterTest.java b/...ava/org/jboss/resteasy/microprofile/test/config/ConfigSourceDefaultOrdinalFilterTest.java
@@ -23,7 +23,6 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Map;
-import java.util.PropertyPermission;
 
 import jakarta.ws.rs.client.Client;
 import jakarta.ws.rs.client.ClientBuilder;
@@ -34,12 +33,13 @@
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.as.arquillian.api.ServerSetup;
 import org.jboss.resteasy.microprofile.config.FilterConfigSource;
 import org.jboss.resteasy.microprofile.config.ServletContextConfigSource;
 import org.jboss.resteasy.microprofile.test.config.resource.MicroProfileConfigFilter;
 import org.jboss.resteasy.microprofile.test.config.resource.MicroProfileConfigResource;
 import org.jboss.resteasy.microprofile.test.config.resource.TestConfigApplication;
-import org.jboss.resteasy.microprofile.test.util.PermissionUtil;
+import org.jboss.resteasy.microprofile.test.util.MicroProfileConfigSystemPropertySetupTask;
 import org.jboss.resteasy.microprofile.test.util.TestEnvironment;
 import org.jboss.shrinkwrap.api.Archive;
 import org.jboss.shrinkwrap.api.asset.EmptyAsset;
@@ -56,6 +56,7 @@
  */
 @RunWith(Arquillian.class)
 @RunAsClient
+@ServerSetup(MicroProfileConfigSystemPropertySetupTask.class)
 public class ConfigSourceDefaultOrdinalFilterTest {
 
     static Client client;
@@ -68,9 +69,7 @@ public static Archive<?> deploy() {
         return TestEnvironment.createWar(ConfigSourceDefaultOrdinalFilterTest.class)
                 .addClasses(TestConfigApplication.class, MicroProfileConfigFilter.class, MicroProfileConfigResource.class)
                 .setWebXML(ConfigSourceDefaultOrdinalFilterTest.class.getPackage(), "web_default_ordinal_filter.xml")
-                .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml")
-                .addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
-                        new PropertyPermission("system", "write")), "permissions.xml");
+                .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
     }
 
     @BeforeClass

diff --git a/...steasy/microprofile/test/config/ConfigSourceDefaultOrdinalServletContextListenerTest.java b/...steasy/microprofile/test/config/ConfigSourceDefaultOrdinalServletContextListenerTest.java
@@ -23,7 +23,6 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Map;
-import java.util.PropertyPermission;
 
 import jakarta.ws.rs.client.Client;
 import jakarta.ws.rs.client.ClientBuilder;
@@ -34,12 +33,13 @@
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.as.arquillian.api.ServerSetup;
 import org.jboss.resteasy.microprofile.config.ServletConfigSource;
 import org.jboss.resteasy.microprofile.config.ServletContextConfigSource;
 import org.jboss.resteasy.microprofile.test.config.resource.MicroProfileConfigFilter;
 import org.jboss.resteasy.microprofile.test.config.resource.MicroProfileConfigResource;
 import org.jboss.resteasy.microprofile.test.config.resource.TestConfigApplication;
-import org.jboss.resteasy.microprofile.test.util.PermissionUtil;
+import org.jboss.resteasy.microprofile.test.util.MicroProfileConfigSystemPropertySetupTask;
 import org.jboss.resteasy.microprofile.test.util.TestEnvironment;
 import org.jboss.shrinkwrap.api.Archive;
 import org.jboss.shrinkwrap.api.asset.EmptyAsset;
@@ -56,6 +56,7 @@
  */
 @RunWith(Arquillian.class)
 @RunAsClient
+@ServerSetup(MicroProfileConfigSystemPropertySetupTask.class)
 public class ConfigSourceDefaultOrdinalServletContextListenerTest {
 
     static Client client;
@@ -69,9 +70,7 @@ public static Archive<?> deploy() {
                 .addClasses(TestConfigApplication.class, MicroProfileConfigFilter.class, MicroProfileConfigResource.class)
                 .setWebXML(ConfigSourceDefaultOrdinalServletContextListenerTest.class.getPackage(),
                         "web_default_ordinal_servlet_context_listener.xml")
-                .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml")
-                .addAsManifestResource(PermissionUtil.createPermissionsXmlAsset(
-                        new PropertyPermission("system", "write")), "permissions.xml");
+                .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
     }
 
     @BeforeClass