Security error with JUnit 5
mikera opened this issue · 10 comments
I'm getting an unusual security exception when using JUnit 5 (tested with JUnit 5.6.1 and 5.7.0-M1), which is causing a subset of tests to fail (I think all those using junit-quickcheck)
"java.lang.SecurityException: class "org.junit.runners.model.JUnitQuickcheckTestClass"'s signer information does not match signer information of other classes in the same package"
It appears the problem is the class being in the a package already defined by JUnit.
Is there fix / workaround for this?
@mikera Thanks for reporting this. Which version of junit-quickcheck are you using?
I've been terrible about verifying junit-quickcheck against newer versions of JUnit and the JDK. I'll see about replicating and resolving your issue.
Thanks @pholser ! I'm using 0.9.2 which I think is the latest? Happy to test any updates you have
@mikera Thanks Mike -- 0.9.3 should be available shortly, but I doubt it'll address your issue. Still digging.
@mikera Wow, that is really weird...I wonder why I had JUnitQuickcheckTestClass in package org.junit.runners.model in junit-quickcheck. No wonder it's popping such an error. Let me see if repackaging that class in junit-quickcheck 1) breaks anything, and if not, 2) solves the issue you're having.
Thinking back on it, I wonder if I did this to sneakily get access to stuff I couldn't override. 8^(
Ah, there we go:
* This is a member of a JUnit package so that it has access to
* {@link FrameworkField}.
Looks like a good explanation, thanks for looking into this! I'm not enough of an expert in the security / package / module system to suggest a good workaround sadly. Currently I'm sticking with the JUnit4 runner.
@mikera JUnit team suggests constructing the FrameworkFields via reflection. Let me see if this helps, and is possible without triggering illegal accesses in JDKs beyond 8.
@mikera This should be available on 0.9-branch now ... give it a spin and see how it works for you?
I'll probably cut a 0.9.4 release soon.