RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests

Frank Yuan frank.yuan at oracle.com
Tue Aug 2 10:20:50 UTC 2016

Hi Joe and Daniel

I have finished the rework as your comments, please check http://cr.openjdk.java.net/~fyuan/8067170/webrev.02/

JAXP tests use Policy classes, as well as 3 other patterns provided by JAXPTestUtilities:
1. runWithAllPerm methods, are only used for user setup code, never run jaxp code with them.
2. tryRunWithPolicyManager method, is used to run some test methods with security manager and run the others without security
manager in single test class
3. runWithTmpPermission methods, which may run jaxp code with some limited permissions, those permissions belong to user permissions
and jaxp code won't doPrivileged for them. E.g. PropertyPermission("MyInputFactory", "read") or
FilePermission("/tmp/this/does/not/exist/but/that/is/ok", "read")

Btw, some tests or test methods are disabled or commented sm support temporarily for some known jaxp security bugs.


More information about the core-libs-dev mailing list