Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8294592

Some syntax checks performed by URL.openConnection() could be performed earlier, at URL construction

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 20
    • core-libs
    • None
    • behavioral
    • medium
    • Hide
      Exceptions are raised earlier rather than later.
      A system property may be set to revert to the old behavior.
      Only applications relying on JDK built-in handlers are affected. Applications relying on custom third party `URLStreamHandlers` implementations should remain unaffected.
      Show
      Exceptions are raised earlier rather than later. A system property may be set to revert to the old behavior. Only applications relying on JDK built-in handlers are affected. Applications relying on custom third party `URLStreamHandlers` implementations should remain unaffected.
    • Java API, System or security property
    • JDK

      Summary

      Throw MalformedURLException earlier, at java.net.URL construction time, rather than delay until openConnection or connect are called, if it can be determined that the URL contains illegal/malformed data that will cause connection attempts to always reject the URL and raise exceptions.

      Problem

      The java.net.URL class dates back from java 1.0 and has many shortcomings. Notably, because of the way it interacts with URLStreamHandler classes, it makes it possible to construct instances of URL that are not functional.

      Many built-in URL Handlers perform additional syntax checking on the URL when URLStreamHandler::openConnection or URLConnection::connect is called. In some cases, some of these checks, could be also performed earlier, at construction time, when URLStreamHandler::parseURL is called.

      Solution

      Because URLStreamHandler::parseURL is called during URL construction, throwing a MalformedURLException in parseURL would avoid letting the caller construct an URL that is guaranteed to later fail when invoking URL::openConnection or URLConnection::connect.

      This change proposes to extend the checks that are performed on the authority components at URL construction time, notably in URLStreamHandler::parseURL, so that exceptions will be raised earlier, in URL constructors.

      To mitigate risks of regression, the new behavior will only affect built-in protocol URLStreamHandler subclasses present in the JDK. Custom third party handlers should remain unaffected.

      In addition a new JDK specific system property is introduced that will make it possible for applications to temporarily revert to the previous behavior, in case of unexpected regressions caused by the new behavior.

      Specification

      This fix proposes to slightly modify the behavior of JDK built-in URL handlers to perform more checks early, typically generic checks that can be performed on authority components, and throw MalformedURLException earlier, at URL construction time, when that is possible, instead of delaying until URL::openConnection or URLConnection::connect are called.

      Because java.net.URL constructors are already specified to throw MalformedURLException in such cases no API documentation changes are necessary. This is a pure behavioral change.

      A new JDK specific system property -Djdk.net.url.delayParsing or -Djdk.net.url.delayParsing=true can be specified on the command line to revert to the previous behavior. By default, the property is not set, and the new behavior is in place. The property can be specified on the java command line if unexpected regressions are observed.

      The new property will be documented in release notes, and may be removed in a future release.

            dfuchs Daniel Fuchs
            dfuchs Daniel Fuchs
            Alan Bateman, Jaikiran Pai, Michael McMahon
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: