Allow to use additional properties with security manager/4323

core-common/src/main/java/org/glassfish/jersey/internal/config/SystemPropertiesConfigurationModel.java

@@ -16,29 +16,45 @@
 
 package org.glassfish.jersey.internal.config;
 
-import org.glassfish.jersey.CommonProperties;
-import org.glassfish.jersey.internal.LocalizationMessages;
-import org.glassfish.jersey.internal.util.PropertiesHelper;
-import org.glassfish.jersey.internal.util.ReflectionHelper;
-import org.glassfish.jersey.spi.ExternalConfigurationModel;
-
-import javax.ws.rs.RuntimeType;
-import javax.ws.rs.core.Feature;
 import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.function.Function;
 import java.util.logging.Logger;
 
+import javax.ws.rs.RuntimeType;
+import javax.ws.rs.core.Feature;
+
+import org.glassfish.jersey.CommonProperties;
+import org.glassfish.jersey.internal.LocalizationMessages;
+import org.glassfish.jersey.internal.util.PropertiesHelper;
+import org.glassfish.jersey.internal.util.ReflectionHelper;
+import org.glassfish.jersey.spi.ExternalConfigurationModel;
+
 
 class SystemPropertiesConfigurationModel implements ExternalConfigurationModel<Void> {
 
     private static final Logger log = Logger.getLogger(SystemPropertiesConfigurationModel.class.getName());
+    static final List<String> PROPERTY_CLASSES = Arrays.asList(
+            "org.glassfish.jersey.server.ServerProperties",
+            "org.glassfish.jersey.client.ClientProperties",
+            "org.glassfish.jersey.servlet.ServletProperties",
+            "org.glassfish.jersey.internal.InternalProperties",
+            "org.glassfish.jersey.message.MessageProperties",
+            "org.glassfish.jersey.server.internal.InternalServerProperties",
+            "org.glassfish.jersey.apache.connector.ApacheClientProperties",
+            "org.glassfish.jersey.jdk.connector.JdkConnectorProperties",
+            "org.glassfish.jersey.jetty.connector.JettyClientProperties",
+            "org.glassfish.jersey.media.multipart.MultiPartProperties",
+            "org.glassfish.jersey.server.oauth1.OAuth1ServerProperties");
 
 
     private static final Map<Class, Function> converters = new HashMap<>();
@@ -118,26 +134,15 @@ public Map<String, Object> getProperties() {
     }
 
     private Map<String, Object> getExpectedSystemProperties() {
-
-
         final Map<String, Object> result = new HashMap<>();
-
         mapFieldsToProperties(result, CommonProperties.class);
-
-
-
-        mapFieldsToProperties(result,
-                AccessController.doPrivileged(
-                        ReflectionHelper.classForNamePA("org.glassfish.jersey.server.ServerProperties")
-                )
-        );
-
-        mapFieldsToProperties(result,
-                AccessController.doPrivileged(
-                        ReflectionHelper.classForNamePA("org.glassfish.jersey.client.ClientProperties")
-                )
-        );
-
+        for (String propertyClass : PROPERTY_CLASSES) {
+            mapFieldsToProperties(result,
+                    AccessController.doPrivileged(
+                            ReflectionHelper.classForNamePA(propertyClass)
+                    )
+            );
+        }
 
         return  result;
     }
@@ -152,7 +157,7 @@ private <T> void mapFieldsToProperties(Map<String, Object> properties, Class<T>
         );
 
         for (final Field field : fields) {
-            if (field.getType().isAssignableFrom(String.class)) {
+            if (Modifier.isStatic(field.getModifiers()) && field.getType().isAssignableFrom(String.class)) {
                 final String propertyValue = getPropertyNameByField(field);
                 properties.put(propertyValue, PropertiesHelper.getSystemProperty(propertyValue));
             }

tests/integration/property-check/pom.xml

@@ -89,6 +89,11 @@
             <artifactId>jersey-media-sse</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

tests/integration/property-check/src/test/java/org/glassfish/jersey/internal/config/SystemPropertiesConfigurationModelTest.java

@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jersey.internal.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.reflect.ClassPath;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import org.glassfish.jersey.CommonProperties;
+import org.glassfish.jersey.apache.connector.ApacheClientProperties;
+import org.glassfish.jersey.client.ClientProperties;
+import org.glassfish.jersey.internal.InternalProperties;
+import org.glassfish.jersey.internal.util.PropertiesClass;
+import org.glassfish.jersey.internal.util.Property;
+import org.glassfish.jersey.jetty.connector.JettyClientProperties;
+import org.glassfish.jersey.media.multipart.MultiPartProperties;
+import org.glassfish.jersey.message.MessageProperties;
+import org.glassfish.jersey.server.ServerProperties;
+import org.glassfish.jersey.server.internal.InternalServerProperties;
+import org.glassfish.jersey.server.oauth1.OAuth1ServerProperties;
+import org.glassfish.jersey.servlet.ServletProperties;
+import org.glassfish.jersey.test.TestProperties;
+import org.junit.Test;
+
+public class SystemPropertiesConfigurationModelTest {
+
+    private static final String ROOT_PACKAGE = "org.glassfish.jersey";
+    private static final List<String> BLACK_LIST_CLASSES = Arrays.asList("org.glassfish.jersey.internal.OsgiRegistry",
+        "org.glassfish.jersey.internal.jsr166.SubmissionPublisher", "org.glassfish.jersey.internal.jsr166.Flow");
+
+    @Test
+    public void allPropertyClassLoaded() throws IOException {
+        /*
+         *  It doesn't work for higher JDKs because it is using different classloader
+         *  (jdk.internal.loader.ClassLoaders$AppClassLoader) that current Guava version doesn't support.
+         */
+        String version = System.getProperty("java.version");
+        if (version.startsWith("1.8")) {
+            Predicate<Class<?>> containsAnnotation = clazz -> clazz.getAnnotation(PropertiesClass.class) != null
+                    || clazz.getAnnotation(Property.class) != null;
+            Predicate<Class<?>> notCommon = clazz -> clazz != CommonProperties.class;
+            Predicate<Class<?>> notTestProperties = clazz -> clazz != TestProperties.class;
+            List<String> propertyClasses = getClassesWithPredicate(ROOT_PACKAGE, notCommon, notTestProperties,
+                    containsAnnotation).stream().map(Class::getName).collect(Collectors.toList());
+            assertFalse(propertyClasses.isEmpty());
+            propertyClasses.removeAll(SystemPropertiesConfigurationModel.PROPERTY_CLASSES);
+            assertEquals("New properties have been found. "
+                    + "Make sure you add next classes in SystemPropertiesConfigurationModel.PROPERTY_CLASSES: "
+                    + propertyClasses, 0, propertyClasses.size());
+        }
+    }
+
+    @Test
+    public void propertyLoadedWhenSecurityException() {
+        SecurityManager sm = System.getSecurityManager();
+        String policy = System.getProperty("java.security.policy");
+        try {
+            System.setProperty(CommonProperties.ALLOW_SYSTEM_PROPERTIES_PROVIDER, "true");
+            SystemPropertiesConfigurationModel model = new SystemPropertiesConfigurationModel();
+            assertTrue(model.as(CommonProperties.ALLOW_SYSTEM_PROPERTIES_PROVIDER, Boolean.class));
+            String securityPolicy = SystemPropertiesConfigurationModelTest.class.getResource("/server.policy").getFile();
+            System.setProperty("java.security.policy", securityPolicy);
+            System.setSecurityManager(null);
+            SecurityManager manager = new SecurityManager();
+            System.setSecurityManager(manager);
+            Map<String, Object> properties = model.getProperties();
+            assertTrue(properties.containsKey(CommonProperties.FEATURE_AUTO_DISCOVERY_DISABLE));
+            assertTrue(properties.containsKey(ServerProperties.APPLICATION_NAME));
+            assertTrue(properties.containsKey(ClientProperties.ASYNC_THREADPOOL_SIZE));
+            assertTrue(properties.containsKey(ServletProperties.FILTER_CONTEXT_PATH));
+            assertTrue(properties.containsKey(InternalProperties.JSON_FEATURE));
+            assertTrue(properties.containsKey(MessageProperties.DEFLATE_WITHOUT_ZLIB));
+            assertTrue(properties.containsKey(ApacheClientProperties.CONNECTION_MANAGER));
+            assertTrue(properties.containsKey(JettyClientProperties.DISABLE_COOKIES));
+            assertTrue(properties.containsKey(MultiPartProperties.BUFFER_THRESHOLD));
+            assertTrue(properties.containsKey(OAuth1ServerProperties.ACCESS_TOKEN_URI));
+        } finally {
+            System.setSecurityManager(null);
+            if (policy != null) {
+                System.setProperty("java.security.policy", policy);
+            }
+            System.setSecurityManager(sm);
+        }
+    }
+
+    private List<Class<?>> getClassesWithPredicate(String packageRoot, Predicate<Class<?>>... predicates)
+            throws IOException {
+        ClassLoader loader = Thread.currentThread().getContextClassLoader();
+        ClassPath classpath = ClassPath.from(loader);
+        Stream<Class<?>> steam = classpath.getTopLevelClassesRecursive(packageRoot).stream()
+                .filter(classInfo -> !BLACK_LIST_CLASSES.contains(classInfo.getName()))
+                .map(classInfo -> {
+                    try {
+                        return Class.forName(classInfo.getName());
+                    } catch (ClassNotFoundException e) {
+                        return Void.class;
+                    }
+                });
+        for (Predicate<Class<?>> predicate : predicates) {
+            steam = steam.filter(predicate);
+        }
+        return steam.collect(Collectors.toList());
+    }
+
+}

tests/integration/property-check/src/test/resources/server.policy

@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+
+grant {
+	permission java.util.PropertyPermission "jersey.config.allowSystemPropertiesProvider", "read";
+    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+    permission java.lang.reflect.ReflectPermission "*";
+  	permission java.lang.RuntimePermission "*";
+  	permission java.net.NetPermission "specifyStreamHandler";
+	permission java.net.SocketPermission "*", "accept,listen,connect,resolve";
+};