8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission
Alan Bateman
Alan.Bateman at oracle.com
Wed Nov 13 08:16:18 PST 2013
On 13/11/2013 16:01, Martin Buchholz wrote:
> If you compare with the analogous code in createSymbolicLink, one
> would expect in addition a call to link.checkRead, since this is
> "reading the contents of a file". Users expect their security
> manager's checkRead method to be called here.
It is specified to check the readlink action rather than read because
read also grants permission to the final target of the link (there is
awkwardness here due to problems with the way that FilePermission was
original designed, it just doesn't mesh well with symbolic links).
-Alan.
More information about the nio-dev
mailing list