The AccessDeniedExceptions are not a java security mechanism. It is a OS mechanism and i think it is good that java reveals all information also available with native access (i.e. if you have no 'x' permission on a dir you cannot enter it but you can see it (as long asmyou have read permission on the parent).
The only issue is here that the walker should be able to skip or resume walking in such a scenario. (Itmsounds like this is the problem/question here?) Gruss Bernd -- http://bernd.eckenfels.net -----Original Message----- From: timo.kinnu...@gmail.com To: Andrew Haley <a...@redhat.com>, Gilles Habran <gilleshab...@gmail.com>, "core-libs-dev@openjdk.java.net" <core-libs-dev@openjdk.java.net> Sent: Di., 24 Mai 2016 21:40 Subject: RE: Fwd: Files.walk() is unusable because of AccessDeniedException Hi, The API documentation makes the point that if there is a security manager installed which denies access to some entries amongst the visited files and directories then those entries are silently skipped, their presence not being disclosed by the walk terminating early due to an access denied exception. This is reasonable and follows the principle that information about privileged information is also privileged information. However Files::walk doesn’t follow that principle consistently. There’s no mention of the java.nio.file.attribute package or the AclEntryPermission enum, for example. It is not clear to me if, as an extreme example, the presence of an ACL on a file which denies read access to the file’s ACL (READ_ACL) would be leaked by Files::walk. What Files::walk could do is support all access control mechanisms in the JDK in equal measure. As is it is, currently it is only those protected files that are unknown to the security manager and unknowable to Java that are being revealed to unprivileged users. This seems like the exact opposite of how it should be. -- Have a nice day, Timo Sent from Mail for Windows 10 From: Andrew Haley
