8010464: Evolve java networking same origin policy
Reviewed-by: alanb, chegar, dsamersoff, weijun
diff --git a/test/java/net/HttpURLPermission/URLTest.java b/test/java/net/HttpURLPermission/URLTest.java
new file mode 100644
index 0000000..8aef8a1
--- /dev/null
+++ b/test/java/net/HttpURLPermission/URLTest.java
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.net.HttpURLPermission;
+/*
+ * Run the tests once without security manager and once with
+ *
+ * @test
+ * @bug 8010464
+ * @compile ../../../com/sun/net/httpserver/SimpleSSLContext.java
+ * @run main/othervm/policy=policy.1 URLTest one
+ * @run main/othervm URLTest one
+ * @run main/othervm/policy=policy.2 URLTest two
+ * @run main/othervm URLTest two
+ * @run main/othervm/policy=policy.3 URLTest three
+ * @run main/othervm URLTest three
+ */
+
+import java.net.*;
+import java.io.*;
+import java.util.*;
+import java.util.concurrent.*;
+import java.util.logging.*;
+import com.sun.net.httpserver.*;
+import javax.net.ssl.*;
+
+public class URLTest {
+ static boolean failed = false;
+
+ public static void main (String[] args) throws Exception {
+ boolean no = false, yes = true;
+
+ if (System.getSecurityManager() == null) {
+ yes = false;
+ }
+ createServers();
+ InetSocketAddress addr1 = httpServer.getAddress();
+ int port1 = addr1.getPort();
+ InetSocketAddress addr2 = httpsServer.getAddress();
+ int port2 = addr2.getPort();
+
+ // each of the following cases is run with a different policy file
+
+ switch (args[0]) {
+ case "one":
+ String url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ String url2 = "https://127.0.0.1:"+ port2 + "/foo.html";
+ String url3 = "http://127.0.0.1:"+ port1 + "/bar.html";
+ String url4 = "https://127.0.0.1:"+ port2 + "/bar.html";
+
+ // simple positive test. Should succceed
+ test(url1, "GET", "X-Foo", no);
+ test(url1, "GET", "Z-Bar", "X-Foo", no);
+ test(url1, "GET", "X-Foo", "Z-Bar", no);
+ test(url1, "GET", "Z-Bar", no);
+ test(url2, "POST", "X-Fob", no);
+
+ // reverse the methods, should fail
+ test(url1, "POST", "X-Foo", yes);
+ test(url2, "GET", "X-Fob", yes);
+
+ // different URLs, should fail
+ test(url3, "GET", "X-Foo", yes);
+ test(url4, "POST", "X-Fob", yes);
+ break;
+
+ case "two":
+ url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ url2 = "https://127.0.0.1:"+ port2 + "/foo.html";
+ url3 = "http://127.0.0.1:"+ port1 + "/bar.html";
+ url4 = "https://127.0.0.1:"+ port2 + "/bar.html";
+
+ // simple positive test. Should succceed
+ test(url1, "GET", "X-Foo", no);
+ test(url2, "POST", "X-Fob", no);
+ test(url3, "GET", "X-Foo", no);
+ test(url4, "POST", "X-Fob", no);
+ break;
+
+ case "three":
+ url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ url2 = "https://127.0.0.1:"+ port2 + "/a/c/d/e/foo.html";
+ url3 = "http://127.0.0.1:"+ port1 + "/a/b/c";
+ url4 = "https://127.0.0.1:"+ port2 + "/a/b/c";
+
+ test(url1, "GET", "X-Foo", yes);
+ test(url2, "POST", "X-Zxc", no);
+ test(url3, "DELETE", "Y-Foo", no);
+ test(url4, "POST", "Y-Foo", yes);
+ break;
+ }
+ shutdown();
+ if (failed) {
+ throw new RuntimeException("Test failed");
+ }
+ }
+
+ public static void test (
+ String u, String method,
+ String header, boolean exceptionExpected
+ )
+ throws Exception
+ {
+ test(u, method, header, null, exceptionExpected);
+ }
+
+ public static void test (
+ String u, String method,
+ String header1, String header2, boolean exceptionExpected
+ )
+ throws Exception
+ {
+ URL url = new URL(u);
+ System.out.println ("url=" + u + " method="+method + " header1="+header1
+ +" header2 = " + header2
+ +" exceptionExpected="+exceptionExpected);
+ HttpURLConnection urlc = (HttpURLConnection)url.openConnection();
+ if (urlc instanceof HttpsURLConnection) {
+ HttpsURLConnection ssl = (HttpsURLConnection)urlc;
+ ssl.setHostnameVerifier(new HostnameVerifier() {
+ public boolean verify(String host, SSLSession sess) {
+ return true;
+ }
+ });
+ ssl.setSSLSocketFactory (ctx.getSocketFactory());
+ }
+ urlc.setRequestMethod(method);
+ if (header1 != null) {
+ urlc.addRequestProperty(header1, "foo");
+ }
+ if (header2 != null) {
+ urlc.addRequestProperty(header2, "bar");
+ }
+ try {
+ int g = urlc.getResponseCode();
+ if (exceptionExpected) {
+ failed = true;
+ System.out.println ("FAIL");
+ return;
+ }
+ if (g != 200) {
+ String s = Integer.toString(g);
+ throw new RuntimeException("unexpected response "+ s);
+ }
+ InputStream is = urlc.getInputStream();
+ int c,count=0;
+ byte[] buf = new byte[1024];
+ while ((c=is.read(buf)) != -1) {
+ count += c;
+ }
+ is.close();
+ } catch (RuntimeException e) {
+ if (! (e instanceof SecurityException) &&
+ !(e.getCause() instanceof SecurityException) ||
+ !exceptionExpected)
+ {
+ System.out.println ("FAIL");
+ //e.printStackTrace();
+ failed = true;
+ }
+ }
+ System.out.println ("OK");
+ }
+
+ static HttpServer httpServer;
+ static HttpsServer httpsServer;
+ static HttpContext c, cs;
+ static ExecutorService e, es;
+ static SSLContext ctx;
+
+ // These ports need to be hard-coded until we support port number
+ // ranges in the permission class
+
+ static final int PORT1 = 12567;
+ static final int PORT2 = 12568;
+
+ static void createServers() throws Exception {
+ InetSocketAddress addr1 = new InetSocketAddress (PORT1);
+ InetSocketAddress addr2 = new InetSocketAddress (PORT2);
+ httpServer = HttpServer.create (addr1, 0);
+ httpsServer = HttpsServer.create (addr2, 0);
+
+ MyHandler h = new MyHandler();
+
+ c = httpServer.createContext ("/", h);
+ cs = httpsServer.createContext ("/", h);
+ e = Executors.newCachedThreadPool();
+ es = Executors.newCachedThreadPool();
+ httpServer.setExecutor (e);
+ httpsServer.setExecutor (es);
+
+ // take the keystore from elsewhere in test hierarchy
+ String keysdir = System.getProperty("test.src")
+ + "/../../../com/sun/net/httpserver/";
+ ctx = new SimpleSSLContext(keysdir).get();
+ httpsServer.setHttpsConfigurator(new HttpsConfigurator (ctx));
+
+ httpServer.start();
+ httpsServer.start();
+ }
+
+ static void shutdown() {
+ httpServer.stop(1);
+ httpsServer.stop(1);
+ e.shutdown();
+ es.shutdown();
+ }
+
+ static class MyHandler implements HttpHandler {
+
+ MyHandler() {
+ }
+
+ public void handle(HttpExchange x) throws IOException {
+ x.sendResponseHeaders(200, -1);
+ x.close();
+ }
+ }
+
+}