Test Security : Security « Servlets « Java






  1. Java
  2. Servlets
  3. Security

Test Security

import  java.io.*;
import  java.net.*;
import  javax.servlet.*;
import  javax.servlet.http.*;

public class TestSecurity extends HttpServlet {
    String h2o = "<H2>";
    String h2c = "</H2>";
    String p = "<p>";

    /**
     * put your documentation comment here
     * @param req
     * @param res
     * @exception ServletException, IOException
     */
    public void doGet (HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
        res.setContentType("text/html");
        PrintWriter out = res.getWriter();
        out.println("<HTML>");
        out.println("<HEAD><TITLE>Hello World</TITLE></HEAD>");
        out.println("<BODY>");
        out.println("<BIG>Test Security</BIG>");
        try {
            out.println(h2o + "Information..." + h2c);
            out.println("  Security Manager: " + getSecurityManager().getClass().getName()
                    + p);
            out.println("  ClassLoader: " + this.getClass().getClassLoader()
                    + p);
            //            weblogic.utils.classloaders.GenericClassLoader gcl = (weblogic.utils.classloaders.GenericClassLoader)this.getClass().getClassLoader();
            //            gcl.setDebug( true );
            out.println("  CodeSource: " + this.getClass().getProtectionDomain().getCodeSource().getLocation()
                    + p);
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        /*
         try
         {
         out.println( h2o + "Trying some dangerous J2EE calls..." + h2c );
         String hack = request.getParameter( "hack" );
         Cookie[] cookies = request.getCookies();
         out.println( " -- allowed -- " + p );
         int x = 1 + 2 + 3;
         out.println( hack );  // use it
         int y = 1 + 2 + 3;
         out.println( cookies );  // use it
         String m = "COOKIE: " + cookies[0]; // use it again
         cookies = new Cookie[10]; // reset it
         String n = "COOKIE: " + cookies[5]; // use it again
         }
         catch( Exception e ) { out.println( " -- rejected -- " + e.getMessage() + p ); }
         */
        try {
            out.println(h2o + "Attempting file write to d:/Java..." + h2c);
            File f = new File("d:/Java/blah.txt");
            FileWriter fw = new FileWriter(f);
            fw.write("test\n");
            fw.close();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting file write to d:/Java/TestServlet..."
                    + h2c);
            File f = new File("d:/Java/TestServlet/blah.txt");
            FileWriter fw = new FileWriter(f);
            fw.write("test\n");
            fw.close();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting file read to c:/Ntdetect..." + h2c);
            File f = new File("c:/Ntdetect.com");
            FileReader fr = new FileReader(f);
            int c = fr.read();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting file read to c:/weblogic/weblogic.properties..."
                    + h2c);
            File f = new File("c:/weblogic/weblogic.properties");
            FileReader fr = new FileReader(f);
            int c = fr.read();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting to connect to yahoo.com..." + h2c);
            Socket s = new Socket("yahoo.com", 8080);
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting to connect to hacker.com..." + h2c);
            Socket s = new Socket("hacker.com", 8080);
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting to listen on port 37337..." + h2c);
            ServerSocket s = new ServerSocket(37337);
            Socket c = s.accept();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting to listen on port 7001..." + h2c);
            ServerSocket s = new ServerSocket(7001);
            Socket c = s.accept();
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        /*
         try
         {
         out.println( h2o + "Attempting native call..." + h2c );
         native0( 1 );
         out.println( " -- allowed -- " + p );
         }           
         catch( Exception e ) { out.println( " -- rejected -- " + e.getMessage() + p ); }
         */
        try {
            out.println(h2o + "Attempting exec..." + h2c);
            Runtime.getRuntime().exec("dir");
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        try {
            out.println(h2o + "Attempting system exit..." + h2c);
            out.println(" -- allowed -- " + p);
        } catch (Exception e) {
            out.println(" -- rejected -- " + e.getMessage() + p);
        }
        out.println("</BODY></HTML>");
    }
}








Related examples in the same category

1.Password Servlet
2.Restrict User IP