WindowsFileSystemProvider checkAccess

Alan Bateman Alan.Bateman at oracle.com
Tue Aug 9 13:37:42 PDT 2011


Salter, Thomas A wrote:
>
> I've encountered a problem with WindowsFileSystemProvider checkAccess 
> function.  When I'm running as an administrator, everything is fine, 
> but when I run as an ordinary user (member of the default Users 
> group),  the GetEffectiveRightsFromAcl function fails with an Access 
> Denied (5) error result.  I've tried giving the individual user as 
> well as the Users group "full control", but the only thing that seems 
> to work is running under an administrator account.
>
>  
>
> I'm proven that the user does have access to the file by reading from 
> the file from the same program after isReadable() returns false.  My 
> test program is included below.
>
>  
>
> I'm running on Windows 7 with the FCS version of Java 7 downloaded 
> from the public Java technology site: 
> http://www.oracle.com/technetwork/java/index.html
>
>  
>
> Along the way, I noticed that WindowsNativeDispatcher.c does not test 
> correctly for an error code.  The actual error is returned as the 
> result, not with GetLastError.  My suggested change follows:
>
>  
>
> #if OLD CODE
>
>     if (GetEffectiveRightsFromAcl(pAcl, pTrustee, &access) != 
> ERROR_SUCCESS) {
>
>         throwWindowsException(env, GetLastError());
>
>     }
>
> #else //NEW CODE
>
>     DWORD result = GetEffectiveRightsFromAcl(pAcl, pTrustee, &access);
>
>     if( result != ERROR_SUCCESS) {
>
>         throwWindowsException(env, result );
>
>     }
>
> #endif
>
It might be a few days before I can look into this in detail. One thing 
that would be useful is if you could say whether you are in a domain and 
whether you are logged in with a local account (when using the user 
account). If I can't duplicate this then I might ask you to dump the ACL 
so that we can see whether it accessible by the domain group (cacls.exe 
can be used to print it out, as can the AclEdit sample in the JDK sample 
directory).

On the above code then you are right as we should be use the return 
value as the error code. Looking at this API then I also wonder if we 
should be using the Unicode version (need to check that too).

-Alan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/nio-dev/attachments/20110809/53d32586/attachment.html 


More information about the nio-dev mailing list