Specification for java.io.File.mkdirs looks as follows:
-----------------------------
public boolean mkdirs()
................
Throws:
SecurityException - If a security manager exists and its SecurityManager.checkRead(java.lang.String) method does not permit verification of the existence of the named directory and all necessary parent directories; or if the SecurityManager.checkWrite(java.lang.String) method does not permit the named directory and all necessary parent directories to be created
-----------------------------
JDK's implementation of this method looks as follows:
-----------------------------
if (exists()) {
return false;
}
if (mkdir()) {
return true;
}
File canonFile = null;
try {
canonFile = getCanonicalFile();
} catch (IOException e) {
return false;
}
File parent = canonFile.getParentFile();
return (parent != null && (parent.mkdirs() || parent.exists()) &&
canonFile.mkdir());
-----------------------------
Specification of java.io.getCanonicalFile method look as follows:
-----------------------------
public File getCanonicalFile()
throws IOException
..............
Throws:
..............
SecurityException - If a required system property value cannot be accessed, or if a security manager exists and its SecurityManager.checkRead(java.io.FileDescriptor) method denies read access to the file
-----------------------------
Merging all this info together following result is achieved:
java.io.File.mkdirs() invokes getCanonicalFile() which can throw SecurityException "if a required system property value cannot be accessed" (so if current security policy does not allow to read "user.dir" property).
This exception is not caught inside 'mkdirs()' so java.io.File.mkdirs can throw SE if current security policy does not allow to read "user.dir" property.
However such option of SE throwing is not specified for java.io.File.mkdirs method.
It means contradiction between API spec and implementation.
-----------------------------
public boolean mkdirs()
................
Throws:
SecurityException - If a security manager exists and its SecurityManager.checkRead(java.lang.String) method does not permit verification of the existence of the named directory and all necessary parent directories; or if the SecurityManager.checkWrite(java.lang.String) method does not permit the named directory and all necessary parent directories to be created
-----------------------------
JDK's implementation of this method looks as follows:
-----------------------------
if (exists()) {
return false;
}
if (mkdir()) {
return true;
}
File canonFile = null;
try {
canonFile = getCanonicalFile();
} catch (IOException e) {
return false;
}
File parent = canonFile.getParentFile();
return (parent != null && (parent.mkdirs() || parent.exists()) &&
canonFile.mkdir());
-----------------------------
Specification of java.io.getCanonicalFile method look as follows:
-----------------------------
public File getCanonicalFile()
throws IOException
..............
Throws:
..............
SecurityException - If a required system property value cannot be accessed, or if a security manager exists and its SecurityManager.checkRead(java.io.FileDescriptor) method denies read access to the file
-----------------------------
Merging all this info together following result is achieved:
java.io.File.mkdirs() invokes getCanonicalFile() which can throw SecurityException "if a required system property value cannot be accessed" (so if current security policy does not allow to read "user.dir" property).
This exception is not caught inside 'mkdirs()' so java.io.File.mkdirs can throw SE if current security policy does not allow to read "user.dir" property.
However such option of SE throwing is not specified for java.io.File.mkdirs method.
It means contradiction between API spec and implementation.
- relates to
-
JDK-6355300 File.getCanonical{File,Path}() does not always throw SecurityException as documented
-
- Closed
-