File Doc Category Size Date Package
JavaIoObjectInputStreamTest.java API Doc Android 1.5 API 8377 Wed May 06 22:41:06 BST 2009 tests.security.permissions

JavaIoObjectInputStreamTest

java.lang.Object
- junit.framework.Assert
  - junit.framework.TestCase

public class JavaIoObjectInputStreamTest extends TestCase

Fields Summary
SecurityManager
old
Constructors Summary
Methods Summary
protected void setUp()
old = System.getSecurityManager(); super.setUp();
protected void tearDown()
System.setSecurityManager(old); super.tearDown();
public void test_ObjectInputStream()
class TestSecurityManager extends SecurityManager { boolean called; Permission permission; void reset(){ called = false; permission = null; } @Override public void checkPermission(Permission permission){ if(permission instanceof SerializablePermission){ called = true; this.permission = permission; } } } // TestObjectInputStream is necessary in order to call protected // method enableResolveObject class TestObjectInputStream extends ObjectInputStream { TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { super(s); } @Override public boolean enableResolveObject(boolean enable) throws SecurityException { return super.enableResolveObject(enable); } } long id = new java.util.Date().getTime(); String filename = "SecurityPermissionsTest_"+id; File f = File.createTempFile(filename, null); ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f)); oos.writeObject(new Node()); oos.flush(); oos.close(); f.deleteOnExit(); TestObjectInputStream ois = new TestObjectInputStream(new FileInputStream(f)); TestSecurityManager s = new TestSecurityManager(); System.setSecurityManager(s); s.reset(); ois.enableResolveObject(true); assertTrue("ObjectInputStream.enableResolveObject(boolean) must call checkPermission on security manager", s.called); assertEquals("Name of SerializablePermission is not correct", "enableSubstitution", s.permission.getName());
public void test_ObjectInputStream2()
class TestSecurityManager extends SecurityManager { boolean called; Permission permission; void reset(){ called = false; permission = null; } @Override public void checkPermission(Permission permission){ if(permission instanceof SerializablePermission){ called = true; this.permission = permission; } } } // Beginning with J2SE 1.4.0, ObjectInputStream's public one-argument // constructor requires the "enableSubclassImplementation" SerializablePermission // when invoked (either directly or indirectly) by a subclass which overrides // ObjectInputStream.readFields or ObjectInputStream.readUnshared. class TestObjectInputStream extends ObjectInputStream { TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { super(s); } } class TestObjectInputStream_readFields extends ObjectInputStream { TestObjectInputStream_readFields(InputStream s) throws StreamCorruptedException, IOException { super(s); } @Override public GetField readFields() throws IOException, ClassNotFoundException, NotActiveException { return super.readFields(); } } class TestObjectInputStream_readUnshared extends ObjectInputStream { TestObjectInputStream_readUnshared(InputStream s) throws StreamCorruptedException, IOException { super(s); } @Override public Object readUnshared() throws IOException, ClassNotFoundException { return super.readUnshared(); } } long id = new java.util.Date().getTime(); String filename = "SecurityPermissionsTest_"+id; File f = File.createTempFile(filename, null); ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f)); oos.writeObject(new Node()); oos.flush(); oos.close(); f.deleteOnExit(); TestSecurityManager s = new TestSecurityManager(); System.setSecurityManager(s); s.reset(); new ObjectInputStream(new FileInputStream(f)); assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); s.reset(); new TestObjectInputStream(new FileInputStream(f)); assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); s.reset(); new TestObjectInputStream_readFields(new FileInputStream(f)); assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readFields", s.called); assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); s.reset(); new TestObjectInputStream_readUnshared(new FileInputStream(f)); assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readUnshared", s.called); assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName());