# HG changeset patch # User michaelm # Date 1389006012 0 # Node ID 09df5383d1df3469b3a43e33aa318400133ececc # Parent ff3bfe024b5fd13ec944ad180202869058246c8e 8029354: URLPermission. throws llegalArgumentException: Invalid characters in hostname Reviewed-by: alanb, chegar diff -r ff3bfe024b5f -r 09df5383d1df jdk/src/share/classes/java/net/URLPermission.java --- a/jdk/src/share/classes/java/net/URLPermission.java Sun Jan 05 21:02:57 2014 -0800 +++ b/jdk/src/share/classes/java/net/URLPermission.java Mon Jan 06 11:00:12 2014 +0000 @@ -47,7 +47,7 @@ * class. * authority is specified as: * 
- *     authority = hostrange [ : portrange ]
+ *     authority = [ userinfo @ ] hostrange [ : portrange ]
  *     portrange = portnumber | -portnumber | portnumber-[portnumber] | *
  *     hostrange = ([*.] dnsname) | IPv4address | IPv6address
  *
@@ -65,6 +65,9 @@ * (default 443). No default is assumed for other schemes. A wildcard may be specified * which means all ports. *

+ * userinfo is optional. A userinfo component if present, is ignored when + * creating a URLPermission, and has no effect on any other methods defined by this class. + *

* The path component comprises a sequence of path segments, * separated by '/' characters. path may also be empty. The path is specified * in a similar way to the path in {@link java.io.FilePermission}. There are @@ -473,7 +476,12 @@ HostPortrange p; Authority(String scheme, String authority) { - p = new HostPortrange(scheme, authority); + int at = authority.indexOf('@'); + if (at == -1) { + p = new HostPortrange(scheme, authority); + } else { + p = new HostPortrange(scheme, authority.substring(at+1)); + } } boolean implies(Authority other) { diff -r ff3bfe024b5f -r 09df5383d1df jdk/test/java/net/URLPermission/OpenURL.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/java/net/URLPermission/OpenURL.java Mon Jan 06 11:00:12 2014 +0000 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8029354 + * @run main/othervm OpenURL + */ + +import java.net.*; +import java.io.*; + +public class OpenURL { + + public static void main (String[] args) throws Exception { + + System.setSecurityManager(new SecurityManager()); + + try { + URL url = new URL ("http://joe@127.0.0.1/a/b"); + HttpURLConnection urlc = (HttpURLConnection)url.openConnection(); + InputStream is = urlc.getInputStream(); + // error will throw exception other than SecurityException + } catch (SecurityException e) { + System.out.println("OK"); + } + } +} diff -r ff3bfe024b5f -r 09df5383d1df jdk/test/java/net/URLPermission/URLPermissionTest.java --- a/jdk/test/java/net/URLPermission/URLPermissionTest.java Sun Jan 05 21:02:57 2014 -0800 +++ b/jdk/test/java/net/URLPermission/URLPermissionTest.java Mon Jan 06 11:00:12 2014 +0000 @@ -26,7 +26,7 @@ /** * @test - * @bug 8010464 8027570 8027687 + * @bug 8010464 8027570 8027687 8029354 */ public class URLPermissionTest { @@ -37,7 +37,30 @@ abstract boolean execute(); }; + // Instantiation: should succeed + static class CreateTest extends Test { + String arg; + CreateTest(String arg) { + this.arg = arg; + } + + @Override + boolean execute() { + try { + URLPermission p = new URLPermission(arg); + return true; + } catch (Exception e) { + return false; + } + } + }; + + static CreateTest createtest(String arg) { + return new CreateTest(arg); + } + // Should throw an IAE on construction + static class ExTest extends Test { String arg; ExTest(String arg) { @@ -262,6 +285,7 @@ imtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), imtest("https://www.foo.com:200-500/a/b", "https://www.foo.com/a/b", true), imtest("http://www.foo.com:*/a/b", "http://www.foo.com:1-12345/a/b", true), + imtest("http://host/a/b", "http://HOST/a/b", true), // misc imtest("https:*", "http://www.foo.com", false), @@ -297,6 +321,16 @@ eqtest("http://www.foo.com/a/b", "http://www.foo.com:82/a/b", false), eqtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), eqtest("https://www.foo.com/a/b", "https://www.foo.com:444/a/b", false), + eqtest("http://michael@foo.com/bar","http://michael@foo.com/bar", true), + eqtest("http://Michael@foo.com/bar","http://michael@goo.com/bar",false), + eqtest("http://michael@foo.com/bar","http://george@foo.com/bar", true), + eqtest("http://@foo.com/bar","http://foo.com/bar", true) + }; + + static Test[] createTests = { + createtest("http://user@foo.com/a/b/c"), + createtest("http://user:pass@foo.com/a/b/c"), + createtest("http://user:@foo.com/a/b/c") }; static boolean failed = false; @@ -386,6 +420,17 @@ } } + for (int i=0; i