WindowsFileSystemProvider checkAccess
Alan Bateman
Alan.Bateman at oracle.com
Tue Aug 9 13:37:42 PDT 2011
Salter, Thomas A wrote:
>
> I've encountered a problem with WindowsFileSystemProvider checkAccess
> function. When I'm running as an administrator, everything is fine,
> but when I run as an ordinary user (member of the default Users
> group), the GetEffectiveRightsFromAcl function fails with an Access
> Denied (5) error result. I've tried giving the individual user as
> well as the Users group "full control", but the only thing that seems
> to work is running under an administrator account.
>
>
>
> I'm proven that the user does have access to the file by reading from
> the file from the same program after isReadable() returns false. My
> test program is included below.
>
>
>
> I'm running on Windows 7 with the FCS version of Java 7 downloaded
> from the public Java technology site:
> http://www.oracle.com/technetwork/java/index.html
>
>
>
> Along the way, I noticed that WindowsNativeDispatcher.c does not test
> correctly for an error code. The actual error is returned as the
> result, not with GetLastError. My suggested change follows:
>
>
>
> #if OLD CODE
>
> if (GetEffectiveRightsFromAcl(pAcl, pTrustee, &access) !=
> ERROR_SUCCESS) {
>
> throwWindowsException(env, GetLastError());
>
> }
>
> #else //NEW CODE
>
> DWORD result = GetEffectiveRightsFromAcl(pAcl, pTrustee, &access);
>
> if( result != ERROR_SUCCESS) {
>
> throwWindowsException(env, result );
>
> }
>
> #endif
>
It might be a few days before I can look into this in detail. One thing
that would be useful is if you could say whether you are in a domain and
whether you are logged in with a local account (when using the user
account). If I can't duplicate this then I might ask you to dump the ACL
so that we can see whether it accessible by the domain group (cacls.exe
can be used to print it out, as can the AclEdit sample in the JDK sample
directory).
On the above code then you are right as we should be use the return
value as the error code. Looking at this API then I also wonder if we
should be using the Unicode version (need to check that too).
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/nio-dev/attachments/20110809/53d32586/attachment.html
More information about the nio-dev
mailing list