commit 264e498f54a20f7d299daaf2533d043f880e6a8b Author: Karsten Loesing <karsten.loesing@gmx.net> Date: Thu Dec 12 09:44:06 2019 +0100 Stop using a security manager for executing tests. A while ago we started using a security manager for executing tests in order to prevent them from bothering production servers. However, keeping the security policy up to date for testing new functionality is becoming difficult: - The recently extended CollecTor module for indexing files asynchronously and creating hard links broke tests in unexpected way by requiring permission java.nio.file.LinkPermission "hard"; - Turns out that parallel streams used for sanitizing web server logs internally create threads that do not have the permissions as defined in our custom security policy. All in all it seems better to throw out the security manager at all and prevent tests from bothering production servers simply by not executing them on production servers. --- java/base.xml | 2 -- java/junittest.policy | 21 --------------------- 2 files changed, 23 deletions(-) diff --git a/java/base.xml b/java/base.xml index 6cb1693..6eb3f63 100644 --- a/java/base.xml +++ b/java/base.xml @@ -185,8 +185,6 @@ haltonfailure="true" printsummary="on"> <jvmarg value="-DLOGBASE=${generated}/test-logs"/> - <jvmarg value="-Djava.security.policy=${buildresources}/junittest.policy"/> - <jvmarg value="-Djava.security.manager"/> <classpath refid="test.classpath"/> <formatter type="plain" usefile="false"/> <batchtest> diff --git a/java/junittest.policy b/java/junittest.policy deleted file mode 100644 index 156938e..0000000 --- a/java/junittest.policy +++ /dev/null @@ -1,21 +0,0 @@ -/* Prevent tests from bothering production servers. */ - -grant { - permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, execute"; - permission java.util.PropertyPermission "*", "read, write"; - permission java.lang.RuntimePermission "setIO"; - permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.fs"; - permission java.lang.RuntimePermission "accessDeclaredMembers"; - permission java.lang.RuntimePermission "getFileStoreAttributes"; - permission java.lang.RuntimePermission "getStackTrace"; - permission java.lang.RuntimePermission "modifyThread"; - permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; - permission java.lang.RuntimePermission "shutdownHooks"; - permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; - permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.http"; - permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.lang.RuntimePermission "getProtectionDomain"; - permission java.lang.RuntimePermission "reflectionFactoryAccess"; - permission java.lang.RuntimePermission "setFactory"; - permission java.nio.file.LinkPermission "hard"; -};