Handle PR comemnt to add test case with actual request

Author: joviegas

http-clients/apache-client/src/test/java/software/amazon/awssdk/http/apache/ApacheSecurityManagerHttpCallTest.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.apache;
+
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.http.SdkHttpClientSecurityManagerTestSuite;
+
+@EnabledForJreRange(max = JRE.JAVA_17)
+class ApacheSecurityManagerHttpCallTest extends SdkHttpClientSecurityManagerTestSuite {
+
+    @Override
+    protected SdkHttpClient createHttpClient() {
+        return ApacheHttpClient.builder().build();
+    }
+
+    @Override
+    protected String getPolicyFileUrl() {
+        return getClass().getResource("security-manager-test.policy").toExternalForm();
+    }
+}

http-clients/apache-client/src/test/resources/software/amazon/awssdk/http/apache/security-manager-test.policy

@@ -0,0 +1,8 @@
+grant {
+    permission java.util.PropertyPermission "*", "read,write";
+    permission java.lang.RuntimePermission "modifyThread";
+    permission java.lang.RuntimePermission "setContextClassLoader";
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.net.SocketPermission "*", "connect,accept";
+};

…pache5HttpClientSecurityManagerTest.java …e5SecurityManagerClientCreationTest.javahttp-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5HttpClientSecurityManagerTest.java renamed to http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5SecurityManagerClientCreationTest.java http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5HttpClientSecurityManagerTest.java renamed to http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5SecurityManagerClientCreationTest.java

@@ -39,7 +39,7 @@
  * denies jdk.net.NetworkPermission for TCP keepalive extended options.
  */
 @EnabledForJreRange(max = JRE.JAVA_17)
-class Apache5HttpClientSecurityManagerTest {
+class Apache5SecurityManagerClientCreationTest {
 
     @AfterEach
     void tearDown() {
@@ -50,7 +50,7 @@ void tearDown() {
 
     @Test
     void buildWithDefaults_whenStandardPermissionsGrantedButNetworkPermissionMissing_shouldThrowIllegalStateException() {
-        System.setProperty("java.security.policy", "=" + getPolicyUrl("security-manager-test.policy"));
+        System.setProperty("java.security.policy", "=" + getPolicyUrl());
         java.security.Policy.getPolicy().refresh();
         System.setSecurityManager(new SecurityManager());
 
@@ -59,19 +59,8 @@ void buildWithDefaults_whenStandardPermissionsGrantedButNetworkPermissionMissing
             .hasMessageContaining("jdk.net.NetworkPermission");
     }
 
-    @Test
-    void buildWithDefaults_whenPolicyGrantsNetworkPermissions_shouldSucceed() {
-        System.setProperty("java.security.policy", "=" + getPolicyUrl("security-manager-test-with-network-permissions.policy"));
-        java.security.Policy.getPolicy().refresh();
-        System.setSecurityManager(new SecurityManager());
-
-        assertThatNoException().isThrownBy(() -> {
-            Apache5HttpClient.builder().build().close();
-        });
-    }
-
-    private String getPolicyUrl(String policyFileName) {
-        return getClass().getResource(policyFileName).toExternalForm();
+    private String getPolicyUrl() {
+        return getClass().getResource("security-manager-test.policy").toExternalForm();
     }
 
     @Test

http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5SecurityManagerHttpCallTest.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.apache5;
+
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.http.SdkHttpClientSecurityManagerTestSuite;
+
+@EnabledForJreRange(max = JRE.JAVA_17)
+class Apache5SecurityManagerHttpCallTest extends SdkHttpClientSecurityManagerTestSuite {
+
+    @Override
+    protected SdkHttpClient createHttpClient() {
+        return Apache5HttpClient.builder().build();
+    }
+
+    @Override
+    protected String getPolicyFileUrl() {
+        return getClass().getResource("security-manager-test-with-http-call.policy").toExternalForm();
+    }
+}

http-clients/apache5-client/src/test/resources/software/amazon/awssdk/http/apache5/security-manager-test-with-http-call.policy

@@ -0,0 +1,13 @@
+grant {
+    permission java.util.PropertyPermission "*", "read,write";
+    permission java.lang.RuntimePermission "modifyThread";
+    permission java.lang.RuntimePermission "setContextClassLoader";
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.net.SocketPermission "*", "connect,accept";
+
+    // Required by Apache HC5 for TCP socket options (not needed by Apache HC4)
+    permission jdk.net.NetworkPermission "setOption.TCP_KEEPIDLE";
+    permission jdk.net.NetworkPermission "setOption.TCP_KEEPINTERVAL";
+    permission jdk.net.NetworkPermission "setOption.TCP_KEEPCOUNT";
+};

http-clients/apache5-client/src/test/resources/software/amazon/awssdk/http/apache5/security-manager-test-with-network-permissions.policy

@@ -0,0 +1,95 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.get;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.github.tomakehurst.wiremock.WireMockServer;
+import java.net.URI;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
+
+/**
+ * Base test suite that verifies an HTTP client can construct and execute requests
+ * under a SecurityManager with the appropriate permissions granted via a policy file.
+ *
+ * <p>Subclasses provide the HTTP client implementation and a policy file path.
+ * The policy file for Apache 4.x does not need jdk.net.NetworkPermission entries,
+ * while Apache 5.x requires them for TCP_KEEPIDLE/KEEPINTERVAL/KEEPCOUNT.</p>
+ */
+@EnabledForJreRange(max = JRE.JAVA_17)
+public abstract class SdkHttpClientSecurityManagerTestSuite {
+
+    private WireMockServer server;
+
+    @BeforeEach
+    void setUpServer() {
+        server = new WireMockServer(wireMockConfig().dynamicPort());
+        server.start();
+        server.stubFor(get(urlPathEqualTo("/"))
+                           .willReturn(aResponse().withStatus(200).withBody("ok")));
+    }
+
+    @AfterEach
+    void tearDownServer() {
+        System.setSecurityManager(null);
+        System.clearProperty("java.security.policy");
+        java.security.Policy.getPolicy().refresh();
+        server.stop();
+    }
+
+    /**
+     * Creates the HTTP client to test.
+     */
+    protected abstract SdkHttpClient createHttpClient();
+
+    /**
+     * Returns the policy file URL to use. Subclasses load from their own resource path.
+     */
+    protected abstract String getPolicyFileUrl();
+
+    @Test
+    void httpCall_whenSecurityManagerActiveWithCorrectPermissions_shouldSucceed() throws Exception {
+        System.setProperty("java.security.policy", "=" + getPolicyFileUrl());
+        java.security.Policy.getPolicy().refresh();
+        System.setSecurityManager(new SecurityManager());
+
+        SdkHttpClient client = createHttpClient();
+        try {
+            SdkHttpFullRequest request = SdkHttpFullRequest.builder()
+                                                           .uri(URI.create("http://localhost:" + server.port() + "/"))
+                                                           .method(SdkHttpMethod.GET)
+                                                           .build();
+            HttpExecuteResponse response = client.prepareRequest(
+                HttpExecuteRequest.builder().request(request).build()).call();
+
+            assertThat(response.httpResponse().statusCode()).isEqualTo(200);
+        } finally {
+            client.close();
+        }
+    }
+
+    protected int serverPort() {
+        return server.port();
+    }
+}