-
SecureDirectoryStream
-
newDirectoryStream(Object, LinkOption[]): SecureDirectoryStream<Object>
-
newByteChannel(Object, Set<OpenOption>, FileAttribute[]): SeekableByteChannel
-
deleteFile(Object): void
-
deleteDirectory(Object): void
-
move(Object, SecureDirectoryStream<Object>, Object): void
-
getFileAttributeView(Class<FileAttributeView>): FileAttributeView
-
getFileAttributeView(Object, Class<FileAttributeView>, LinkOption[]): FileAttributeView
-
/*
* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.nio.file;
import java.nio.file.attribute.*;
import java.nio.channels.SeekableByteChannel;
import java.util.Set;
import java.io.IOException;
A DirectoryStream that defines operations on files that are located relative to an open directory. A SecureDirectoryStream is intended for use by sophisticated or security sensitive applications requiring to traverse file trees or otherwise operate on directories in a race-free manner. Race conditions can arise when a sequence of file operations cannot be carried out in isolation. Each of the file operations defined by this interface specify a relative path. All access to the file is relative to the open directory irrespective of if the directory is moved or replaced by an attacker while the directory is open. A SecureDirectoryStream may also be used as a virtual working directory.
A SecureDirectoryStream requires corresponding support from the underlying operating system. Where an implementation supports this features then the DirectoryStream returned by the
newDirectoryStream method will be a SecureDirectoryStream and must be cast to that type in order to invoke the methods defined by this interface.
In the case of the default
provider, and a security manager is set, then the permission checks are performed using the path obtained by resolving the given relative path against the original path of the directory (irrespective of if the
directory is moved since it was opened).
Since: 1.7
/**
* A {@code DirectoryStream} that defines operations on files that are located
* relative to an open directory. A {@code SecureDirectoryStream} is intended
* for use by sophisticated or security sensitive applications requiring to
* traverse file trees or otherwise operate on directories in a race-free manner.
* Race conditions can arise when a sequence of file operations cannot be
* carried out in isolation. Each of the file operations defined by this
* interface specify a relative path. All access to the file is relative
* to the open directory irrespective of if the directory is moved or replaced
* by an attacker while the directory is open. A {@code SecureDirectoryStream}
* may also be used as a virtual <em>working directory</em>.
*
* <p> A {@code SecureDirectoryStream} requires corresponding support from the
* underlying operating system. Where an implementation supports this features
* then the {@code DirectoryStream} returned by the {@link Files#newDirectoryStream
* newDirectoryStream} method will be a {@code SecureDirectoryStream} and must
* be cast to that type in order to invoke the methods defined by this interface.
*
* <p> In the case of the default {@link java.nio.file.spi.FileSystemProvider
* provider}, and a security manager is set, then the permission checks are
* performed using the path obtained by resolving the given relative path
* against the <i>original path</i> of the directory (irrespective of if the
* directory is moved since it was opened).
*
* @since 1.7
*/
public interface SecureDirectoryStream<T>
extends DirectoryStream<T>
{
Opens the directory identified by the given path, returning a
SecureDirectoryStream to iterate over the entries in the directory. This method works in exactly the manner specified by the newDirectoryStream method for the case that the path parameter is an absolute path. When the parameter is a relative path then the directory to open is relative to this open directory. The NOFOLLOW_LINKS option may be used to ensure that this method fails if the file is a symbolic link.
The new directory stream, once created, is not dependent upon the
directory stream used to create it. Closing this directory stream has no
effect upon newly created directory stream.
Params: - path –
the path to the directory to open
- options –
options indicating how symbolic links are handled
Throws: - ClosedDirectoryStreamException –
if the directory stream is closed
- NotDirectoryException –
if the file could not otherwise be opened because it is not
a directory (optional specific exception)
- IOException –
if an I/O error occurs
- SecurityException – In the case of the default provider, and a security manager is installed, the
checkRead method is invoked to check read access to the directory.
Returns: a new and open SecureDirectoryStream object
/**
* Opens the directory identified by the given path, returning a {@code
* SecureDirectoryStream} to iterate over the entries in the directory.
*
* <p> This method works in exactly the manner specified by the {@link
* Files#newDirectoryStream(Path) newDirectoryStream} method for the case that
* the {@code path} parameter is an {@link Path#isAbsolute absolute} path.
* When the parameter is a relative path then the directory to open is
* relative to this open directory. The {@link
* LinkOption#NOFOLLOW_LINKS NOFOLLOW_LINKS} option may be used to
* ensure that this method fails if the file is a symbolic link.
*
* <p> The new directory stream, once created, is not dependent upon the
* directory stream used to create it. Closing this directory stream has no
* effect upon newly created directory stream.
*
* @param path
* the path to the directory to open
* @param options
* options indicating how symbolic links are handled
*
* @return a new and open {@code SecureDirectoryStream} object
*
* @throws ClosedDirectoryStreamException
* if the directory stream is closed
* @throws NotDirectoryException
* if the file could not otherwise be opened because it is not
* a directory <i>(optional specific exception)</i>
* @throws IOException
* if an I/O error occurs
* @throws SecurityException
* In the case of the default provider, and a security manager is
* installed, the {@link SecurityManager#checkRead(String) checkRead}
* method is invoked to check read access to the directory.
*/
SecureDirectoryStream<T> newDirectoryStream(T path, LinkOption... options)
throws IOException;
Opens or creates a file in this directory, returning a seekable byte
channel to access the file.
This method works in exactly the manner specified by the Files.newByteChannel method for the case that the path parameter is an absolute path. When the parameter is a relative path then the file to open or create is relative to this open directory. In addition to the options defined by the Files.newByteChannel method, the NOFOLLOW_LINKS option may be used to ensure that this method fails if the file is a symbolic link.
The channel, once created, is not dependent upon the directory stream
used to create it. Closing this directory stream has no effect upon the
channel.
Params: - path –
the path of the file to open or create
- options –
options specifying how the file is opened
- attrs –
an optional list of attributes to set atomically when creating
the file
Throws: - ClosedDirectoryStreamException –
if the directory stream is closed
- IllegalArgumentException –
if the set contains an invalid combination of options
- UnsupportedOperationException –
if an unsupported open option is specified or the array contains
attributes that cannot be set atomically when creating the file
- FileAlreadyExistsException – if a file of that name already exists and the
CREATE_NEW option is specified (optional specific exception) - IOException –
if an I/O error occurs
- SecurityException – In the case of the default provider, and a security manager is installed, the
checkRead method is invoked to check read access to the path if the file is opened for reading. The
checkWrite method is invoked to check write access to the path if the file is opened for writing.
Returns: the seekable byte channel
/**
* Opens or creates a file in this directory, returning a seekable byte
* channel to access the file.
*
* <p> This method works in exactly the manner specified by the {@link
* Files#newByteChannel Files.newByteChannel} method for the
* case that the {@code path} parameter is an {@link Path#isAbsolute absolute}
* path. When the parameter is a relative path then the file to open or
* create is relative to this open directory. In addition to the options
* defined by the {@code Files.newByteChannel} method, the {@link
* LinkOption#NOFOLLOW_LINKS NOFOLLOW_LINKS} option may be used to
* ensure that this method fails if the file is a symbolic link.
*
* <p> The channel, once created, is not dependent upon the directory stream
* used to create it. Closing this directory stream has no effect upon the
* channel.
*
* @param path
* the path of the file to open or create
* @param options
* options specifying how the file is opened
* @param attrs
* an optional list of attributes to set atomically when creating
* the file
*
* @return the seekable byte channel
*
* @throws ClosedDirectoryStreamException
* if the directory stream is closed
* @throws IllegalArgumentException
* if the set contains an invalid combination of options
* @throws UnsupportedOperationException
* if an unsupported open option is specified or the array contains
* attributes that cannot be set atomically when creating the file
* @throws FileAlreadyExistsException
* if a file of that name already exists and the {@link
* StandardOpenOption#CREATE_NEW CREATE_NEW} option is specified
* <i>(optional specific exception)</i>
* @throws IOException
* if an I/O error occurs
* @throws SecurityException
* In the case of the default provider, and a security manager is
* installed, the {@link SecurityManager#checkRead(String) checkRead}
* method is invoked to check read access to the path if the file
* is opened for reading. The {@link SecurityManager#checkWrite(String)
* checkWrite} method is invoked to check write access to the path
* if the file is opened for writing.
*/
SeekableByteChannel newByteChannel(T path,
Set<? extends OpenOption> options,
FileAttribute<?>... attrs)
throws IOException;
Deletes a file.
Unlike the delete() method, this method does not first examine the file to determine if the file is a directory. Whether a directory is deleted by this method is system dependent and therefore not specified. If the file is a symbolic link, then the link itself, not the final target of the link, is deleted. When the parameter is a relative path then the file to delete is relative to this open directory.
Params: - path –
the path of the file to delete
Throws: - ClosedDirectoryStreamException –
if the directory stream is closed
- NoSuchFileException –
if the file does not exist (optional specific exception)
- IOException –
if an I/O error occurs
- SecurityException – In the case of the default provider, and a security manager is installed, the
checkDelete method is invoked to check delete access to the file
/**
* Deletes a file.
*
* <p> Unlike the {@link Files#delete delete()} method, this method does
* not first examine the file to determine if the file is a directory.
* Whether a directory is deleted by this method is system dependent and
* therefore not specified. If the file is a symbolic link, then the link
* itself, not the final target of the link, is deleted. When the
* parameter is a relative path then the file to delete is relative to
* this open directory.
*
* @param path
* the path of the file to delete
*
* @throws ClosedDirectoryStreamException
* if the directory stream is closed
* @throws NoSuchFileException
* if the file does not exist <i>(optional specific exception)</i>
* @throws IOException
* if an I/O error occurs
* @throws SecurityException
* In the case of the default provider, and a security manager is
* installed, the {@link SecurityManager#checkDelete(String) checkDelete}
* method is invoked to check delete access to the file
*/
void deleteFile(T path) throws IOException;
Deletes a directory.
Unlike the delete() method, this method does not first examine the file to determine if the file is a directory. Whether non-directories are deleted by this method is system dependent and therefore not specified. When the parameter is a relative path then the directory to delete is relative to this open directory.
Params: - path –
the path of the directory to delete
Throws: - ClosedDirectoryStreamException –
if the directory stream is closed
- NoSuchFileException –
if the directory does not exist (optional specific exception)
- DirectoryNotEmptyException –
if the directory could not otherwise be deleted because it is
not empty (optional specific exception)
- IOException –
if an I/O error occurs
- SecurityException – In the case of the default provider, and a security manager is installed, the
checkDelete method is invoked to check delete access to the directory
/**
* Deletes a directory.
*
* <p> Unlike the {@link Files#delete delete()} method, this method
* does not first examine the file to determine if the file is a directory.
* Whether non-directories are deleted by this method is system dependent and
* therefore not specified. When the parameter is a relative path then the
* directory to delete is relative to this open directory.
*
* @param path
* the path of the directory to delete
*
* @throws ClosedDirectoryStreamException
* if the directory stream is closed
* @throws NoSuchFileException
* if the directory does not exist <i>(optional specific exception)</i>
* @throws DirectoryNotEmptyException
* if the directory could not otherwise be deleted because it is
* not empty <i>(optional specific exception)</i>
* @throws IOException
* if an I/O error occurs
* @throws SecurityException
* In the case of the default provider, and a security manager is
* installed, the {@link SecurityManager#checkDelete(String) checkDelete}
* method is invoked to check delete access to the directory
*/
void deleteDirectory(T path) throws IOException;
Move a file from this directory to another directory.
This method works in a similar manner to move method when the ATOMIC_MOVE option is specified. That is, this method moves a file as an atomic file system operation. If the srcpath parameter is an
absolute path then it locates the source file. If the parameter is a relative path then it is located relative to this open directory. If the targetpath parameter is absolute then it locates the target file (the targetdir parameter is ignored). If the parameter is a relative path it is located relative to the open directory identified by the targetdir parameter. In all cases, if the target file exists then it is implementation specific if it is replaced or this method fails.
Params: - srcpath –
the name of the file to move
- targetdir –
the destination directory
- targetpath –
the name to give the file in the destination directory
Throws: - ClosedDirectoryStreamException –
if this or the target directory stream is closed
- FileAlreadyExistsException –
if the file already exists in the target directory and cannot
be replaced (optional specific exception)
- AtomicMoveNotSupportedException –
if the file cannot be moved as an atomic file system operation
- IOException –
if an I/O error occurs
- SecurityException – In the case of the default provider, and a security manager is installed, the
checkWrite method is invoked to check write access to both the source and target file.
/**
* Move a file from this directory to another directory.
*
* <p> This method works in a similar manner to {@link Files#move move}
* method when the {@link StandardCopyOption#ATOMIC_MOVE ATOMIC_MOVE} option
* is specified. That is, this method moves a file as an atomic file system
* operation. If the {@code srcpath} parameter is an {@link Path#isAbsolute
* absolute} path then it locates the source file. If the parameter is a
* relative path then it is located relative to this open directory. If
* the {@code targetpath} parameter is absolute then it locates the target
* file (the {@code targetdir} parameter is ignored). If the parameter is
* a relative path it is located relative to the open directory identified
* by the {@code targetdir} parameter. In all cases, if the target file
* exists then it is implementation specific if it is replaced or this
* method fails.
*
* @param srcpath
* the name of the file to move
* @param targetdir
* the destination directory
* @param targetpath
* the name to give the file in the destination directory
*
* @throws ClosedDirectoryStreamException
* if this or the target directory stream is closed
* @throws FileAlreadyExistsException
* if the file already exists in the target directory and cannot
* be replaced <i>(optional specific exception)</i>
* @throws AtomicMoveNotSupportedException
* if the file cannot be moved as an atomic file system operation
* @throws IOException
* if an I/O error occurs
* @throws SecurityException
* In the case of the default provider, and a security manager is
* installed, the {@link SecurityManager#checkWrite(String) checkWrite}
* method is invoked to check write access to both the source and
* target file.
*/
void move(T srcpath, SecureDirectoryStream<T> targetdir, T targetpath)
throws IOException;
Returns a new file attribute view to access the file attributes of this
directory.
The resulting file attribute view can be used to read or update the attributes of this (open) directory. The type parameter specifies the type of the attribute view and the method returns an instance of that type if supported. Invoking this method to obtain a BasicFileAttributeView always returns an instance of that class that is bound to this open directory.
The state of resulting file attribute view is intimately connected to this directory stream. Once the directory stream is closed, then all methods to read or update attributes will throw ClosedDirectoryStreamException.
Params: - type – the
Class object corresponding to the file attribute view
Type parameters: - <V> – The
FileAttributeView type
Returns: a new file attribute view of the specified type bound to this directory stream, or null if the attribute view type is not available
/**
* Returns a new file attribute view to access the file attributes of this
* directory.
*
* <p> The resulting file attribute view can be used to read or update the
* attributes of this (open) directory. The {@code type} parameter specifies
* the type of the attribute view and the method returns an instance of that
* type if supported. Invoking this method to obtain a {@link
* BasicFileAttributeView} always returns an instance of that class that is
* bound to this open directory.
*
* <p> The state of resulting file attribute view is intimately connected
* to this directory stream. Once the directory stream is {@link #close closed},
* then all methods to read or update attributes will throw {@link
* ClosedDirectoryStreamException ClosedDirectoryStreamException}.
*
* @param <V>
* The {@code FileAttributeView} type
* @param type
* the {@code Class} object corresponding to the file attribute view
*
* @return a new file attribute view of the specified type bound to
* this directory stream, or {@code null} if the attribute view
* type is not available
*/
<V extends FileAttributeView> V getFileAttributeView(Class<V> type);
Returns a new file attribute view to access the file attributes of a file
in this directory.
The resulting file attribute view can be used to read or update the attributes of file in this directory. The type parameter specifies the type of the attribute view and the method returns an instance of that type if supported. Invoking this method to obtain a BasicFileAttributeView always returns an instance of that class that is bound to the file in the directory.
The state of resulting file attribute view is intimately connected to this directory stream. Once the directory stream closed, then all methods to read or update attributes will throw ClosedDirectoryStreamException. The file is not required to exist at the time that the file attribute view is created but methods to read or update attributes of the file will fail when invoked and the file does not exist.
Params: - path –
the path of the file
- type – the
Class object corresponding to the file attribute view - options –
options indicating how symbolic links are handled
Type parameters: - <V> – The
FileAttributeView type
Returns: a new file attribute view of the specified type bound to a this directory stream, or null if the attribute view type is not available
/**
* Returns a new file attribute view to access the file attributes of a file
* in this directory.
*
* <p> The resulting file attribute view can be used to read or update the
* attributes of file in this directory. The {@code type} parameter specifies
* the type of the attribute view and the method returns an instance of that
* type if supported. Invoking this method to obtain a {@link
* BasicFileAttributeView} always returns an instance of that class that is
* bound to the file in the directory.
*
* <p> The state of resulting file attribute view is intimately connected
* to this directory stream. Once the directory stream {@link #close closed},
* then all methods to read or update attributes will throw {@link
* ClosedDirectoryStreamException ClosedDirectoryStreamException}. The
* file is not required to exist at the time that the file attribute view
* is created but methods to read or update attributes of the file will
* fail when invoked and the file does not exist.
*
* @param <V>
* The {@code FileAttributeView} type
* @param path
* the path of the file
* @param type
* the {@code Class} object corresponding to the file attribute view
* @param options
* options indicating how symbolic links are handled
*
* @return a new file attribute view of the specified type bound to a
* this directory stream, or {@code null} if the attribute view
* type is not available
*
*/
<V extends FileAttributeView> V getFileAttributeView(T path,
Class<V> type,
LinkOption... options);
}