P4 | Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2152931 | OpenJDK6 | Chris Hegarty | P3 | Resolved | Fixed | b01 |
URLClassLoader:getPermissions() RI behavior inconsistent
with a spec in case non-localhost file URLs
From the spec:
=======URLClassLoader (6 rc-b93)==========
If the protocol of this URL is "jar", then the permission granted
is based on the permission that is required by the URL of the Jar file.
If the protocol is "file" and the path specifies a file, then permission
to read that file is granted. If protocol is "file" and the path is a
directory, permission is granted to read all files and (recursively) all
files and subdirectories contained in that directory.
If the protocol is not "file", then to connect to and accept connections
from the URL's host is granted.
===========================================
Let's consider the next URL:
file://vms.host.edu/dir/file.txt.
This is correct file URL (file URLs format is described in the RFC1738 3.10)
****************** RFC1738 *****************
3.10
..............
A file URL takes the form:
file://<host>/<path>
where <host> is the fully qualified domain name of the system on
which the <path> is accessible, and <path> is a hierarchical
directory path of the form <directory>/<directory>/.../<name>.
........................
********************************************
The protocol of this URL is "file", path ("dir/file.txt") specifies a file. So, according
to spec, permission to read that file should be granted. Instead RI returns
SocketPermission to connect to and accept connections from the URL's host.
The following sample illustrates the problem. Sample output follows the code.
======= GetPermissionsBug.java =============
import java.net.URL;
import java.net.URLClassLoader;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class GetPermissionsBug {
private String URLDIR = "file://vms.host.edu/dir/file.txt";
public static void main(String argv[]) throws Exception {
(new GetPermissionsBug()).run();
}
public void run() throws Exception {
URL url = new URL(URLDIR);
System.out.println("url="+url);
TestURLClassLoader ucl = new TestURLClassLoader(new URL[] {});
CodeSource cs = new CodeSource(url, new Certificate[] {});
System.out.println("cs=" + cs);
System.out.println("Calling getPermissions with a 'cs'. Permission to read file should be granted....");
Enumeration uclEnum = ucl.getPermissionsCall(cs).elements();
while (uclEnum.hasMoreElements()) {
System.out.println(uclEnum.nextElement());
}
System.out.println("OOPS, instead we have socket permisssion to connect and to accept connections.");
}
private class TestURLClassLoader extends URLClassLoader {
public TestURLClassLoader(URL[] urls) {
super(urls);
}
public PermissionCollection getPermissionsCall(CodeSource codesource) {
return super.getPermissions(codesource);
}
}
}
======== Output (1.6.0-rc-b95) ==============
url=file://vms.host.edu/dir/file.txt
cs=(file://vms.host.edu/dir/file.txt <no signer certificates>)
OKAY. Permission to read file should be granted....
(java.net.SocketPermission vms.host.edu connect,accept,resolve)
OOPS, instead we have socket permisssion to connect to and accept connections from the URL's host
=============================================
with a spec in case non-localhost file URLs
From the spec:
=======URLClassLoader (6 rc-b93)==========
If the protocol of this URL is "jar", then the permission granted
is based on the permission that is required by the URL of the Jar file.
If the protocol is "file" and the path specifies a file, then permission
to read that file is granted. If protocol is "file" and the path is a
directory, permission is granted to read all files and (recursively) all
files and subdirectories contained in that directory.
If the protocol is not "file", then to connect to and accept connections
from the URL's host is granted.
===========================================
Let's consider the next URL:
file://vms.host.edu/dir/file.txt.
This is correct file URL (file URLs format is described in the RFC1738 3.10)
****************** RFC1738 *****************
3.10
..............
A file URL takes the form:
file://<host>/<path>
where <host> is the fully qualified domain name of the system on
which the <path> is accessible, and <path> is a hierarchical
directory path of the form <directory>/<directory>/.../<name>.
........................
********************************************
The protocol of this URL is "file", path ("dir/file.txt") specifies a file. So, according
to spec, permission to read that file should be granted. Instead RI returns
SocketPermission to connect to and accept connections from the URL's host.
The following sample illustrates the problem. Sample output follows the code.
======= GetPermissionsBug.java =============
import java.net.URL;
import java.net.URLClassLoader;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class GetPermissionsBug {
private String URLDIR = "file://vms.host.edu/dir/file.txt";
public static void main(String argv[]) throws Exception {
(new GetPermissionsBug()).run();
}
public void run() throws Exception {
URL url = new URL(URLDIR);
System.out.println("url="+url);
TestURLClassLoader ucl = new TestURLClassLoader(new URL[] {});
CodeSource cs = new CodeSource(url, new Certificate[] {});
System.out.println("cs=" + cs);
System.out.println("Calling getPermissions with a 'cs'. Permission to read file should be granted....");
Enumeration uclEnum = ucl.getPermissionsCall(cs).elements();
while (uclEnum.hasMoreElements()) {
System.out.println(uclEnum.nextElement());
}
System.out.println("OOPS, instead we have socket permisssion to connect and to accept connections.");
}
private class TestURLClassLoader extends URLClassLoader {
public TestURLClassLoader(URL[] urls) {
super(urls);
}
public PermissionCollection getPermissionsCall(CodeSource codesource) {
return super.getPermissions(codesource);
}
}
}
======== Output (1.6.0-rc-b95) ==============
url=file://vms.host.edu/dir/file.txt
cs=(file://vms.host.edu/dir/file.txt <no signer certificates>)
OKAY. Permission to read file should be granted....
(java.net.SocketPermission vms.host.edu connect,accept,resolve)
OOPS, instead we have socket permisssion to connect to and accept connections from the URL's host
=============================================
- backported by
-
JDK-2152931 URLClassLoader:getPermissions() RI behavior inconsistent with a spec in case non-localhost file URLs
-
- Resolved
-