Hi All, I have created web application which we can use for security manager tests. With this rest service we can perform basic security tests like file copy, delete, system property read etc. Also added sample Jmeter test case to verify its functionality. You need to deploy this in tenant space and call rest APIs as follows. As we have planned to implement test cases for security manager and test products with security manager decided to add this source[1] to git repo.
[1] https://github.com/sanjeewa-malalgoda/test-apps/tree/master/security-check Requests should be send with following format: HTTP GET - Read file (complete file path) https://test.com/t/xxx.xxx/webapps/security-check/directFile?fileName=repository/conf/axis2/axis2.xml HTTP POST - Create file (complete file path) https://test.com/t/xxx.xxx/webapps/security-check/directFile?fileName=repository/conf/axis2/axis2.xml-dummy HTTP DELETE - Delete file in Server (complete file path) https://test.com/t/xxx.xxx/webapps/security-check/directFile?fileName=repository/conf/axis2/axis2.xml-dummy HTTP GET - Read file (file path from carbon server home) https://test.com/t/xxx.xxx/webapps/security-check/file?fileName=repository/conf/axis2/axis2.xml HTTP POST - Create file (file path from carbon server home) https://test.com/t/xxx.xxx/webapps/security-check/file?fileName=repository/conf/axis2/axis2.xml-dummy HTTP DELETE - Delete file in Server (file path from carbon server home) https://test.com/t/xxx.xxx/webapps/security-check/file?fileName=repository/conf/axis2/axis2.xml-dummy HTTP GET - Read system property https://test.com/t/xxx.xxx/webapps/security-check/systemProperty/java.home HTTP POST - Copy files in server using carbon Utility methods https://test.com/t/xxx.xxx/webapps/security-check/fileCopy?source=repository/conf/axis2/axis2.xml&destination=repository/conf/axis2/axis2.xml-dummy HTTP POST - Delete files in server using carbon Utils https://test.com/t/xxx.xxx/webapps/security-check/fileDelete?path=repository/conf/axis2/axis2.xml_PT HTTP POST - Get registryDBConfig as string https://test.com/t/xxx.xxx/webapps/security-check/registryDBConfig HTTP POST - Get userManagerDBConfig config as string https://test.com/t/xxx.xxx/webapps/security-check/userManagerDBConfig HTTP GET - Get network configs as string https://test.com/t/xxx.xxx/webapps/security-check/networkConfigs HTTP GET - Get server configuration as string https://test.com/t/xxx.xxx/webapps/security-check/serverConfiguration HTTP POST - Get network configs as string https://test.com/t/xxx.xxx/webapps/security-check/networkConfigs?hostName=test.org&mgtHostName=test1.org ============Following operations will not be covered using Java security Manager========= HTTP POST - Generate OOM https://test.com/t/xxx.xxx/webapps/security-check/memory?operation=oom HTTP POST - Generate high CPU https://test.com/t/xxx.xxx/webapps/security-check/memory?operation=cpu HTTP POST - Generate system call https://test.com/t/xxx.xxx/webapps/security-check/memory?operation=kill Thanks, sanjeewa. -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
