jdk-sandbox: comparison src/java.net.http/share/classes/jdk/internal/net/http/ResponseSubscribers.java

equal deleted inserted replaced

-:0fe17c3f9b4f
+:82a9340bdda6
 */
 package jdk.internal.net.http;
 import java.io.BufferedReader;
+import java.io.FilePermission;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.lang.System.Logger.Level;
 import java.nio.ByteBuffer;
 result.complete(null);
 }
 }
+/**
+* A Subscriber that writes the flow of data to a given file.
+*
+* Privileged actions are performed within a limited doPrivileged that only
+* asserts the specific, write, file permissions that were checked during
+* the construction of this PathSubscriber.
+*/
 public static class PathSubscriber implements BodySubscriber<Path> {
+private static final FilePermission[] EMPTY_FILE_PERMISSIONS = new FilePermission[0];
 private final Path file;
+private final OpenOption[] options;
+private final FilePermission[] filePermissions;
 private final CompletableFuture<Path> result = new MinimalFuture<>();
-private final OpenOption[] options;
 private volatile Flow.Subscription subscription;
 private volatile FileChannel out;
-public PathSubscriber(Path file, List<OpenOption> options) {
+private static final String pathForSecurityCheck(Path path) {
+return path.toFile().getPath();
+}
+/**
+* Factory for creating PathSubscriber.
+*
+* Permission checks are performed here before construction of the
+* PathSubscriber. Permission checking and construction are deliberately
+* and tightly co-located.
+*/
+public static PathSubscriber create(Path file,
+List<OpenOption> options) {
+FilePermission filePermission = null;
+SecurityManager sm = System.getSecurityManager();
+if (sm != null) {
+String fn = pathForSecurityCheck(file);
+FilePermission writePermission = new FilePermission(fn, "write");
+sm.checkPermission(writePermission);
+filePermission = writePermission;
+}
+return new PathSubscriber(file, options, filePermission);
+}
+// pp so handler implementations in the same package can construct
+/*package-private*/ PathSubscriber(Path file,
+List<OpenOption> options,
+FilePermission... filePermissions) {
 this.file = file;
 this.options = options.stream().toArray(OpenOption[]::new);
+this.filePermissions =
+filePermissions == null ? EMPTY_FILE_PERMISSIONS : filePermissions;
 }
 @Override
 public void onSubscribe(Flow.Subscription subscription) {
 this.subscription = subscription;
-try {
+if (System.getSecurityManager() == null) {
-PrivilegedExceptionAction<FileChannel> pa =
+try {
-() -> FileChannel.open(file, options);
+out = FileChannel.open(file, options);
-out = AccessController.doPrivileged(pa);
+} catch (IOException ioe) {
-} catch (PrivilegedActionException pae) {
+result.completeExceptionally(ioe);
-Throwable t = pae.getCause() != null ? pae.getCause() : pae;
+return;
-result.completeExceptionally(t);
+}
-subscription.cancel();
+} else {
-return;
+try {
+PrivilegedExceptionAction<FileChannel> pa =
+() -> FileChannel.open(file, options);
+out = AccessController.doPrivileged(pa, null, filePermissions);
+} catch (PrivilegedActionException pae) {
+Throwable t = pae.getCause() != null ? pae.getCause() : pae;
+result.completeExceptionally(t);
+subscription.cancel();
+return;
+}
 }
 subscription.request(1);
 }
 @Override

branch	http-client-branch
changeset 56257	82a9340bdda6
parent 56159	039ab5a71a5c
child 56405	3642d0ef7755