priviliged action for security exception

senivam · senivam · commit 5794b7a2da9b · 2021-02-23T08:34:30.000+01:00
Signed-off-by: Maxim Nesen &lt;maxim.nesen@oracle.com&gt;
diff --git a/core-common/src/main/java/org/glassfish/jersey/message/internal/Utils.java b/core-common/src/main/java/org/glassfish/jersey/message/internal/Utils.java
@@ -19,6 +19,10 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * Utility class.
@@ -47,9 +51,23 @@ static void throwIllegalArgumentExceptionIfNull(final Object toCheck, final Stri
      * @throws IOException if a file could not be created.
      */
     public static File createTempFile() throws IOException {
-        final File file = Files.createTempFile("rep", "tmp").toFile();
-        // Make sure the file is deleted when JVM is shutdown at last.
-        file.deleteOnExit();
+        final List<IOException> exs = new ArrayList<>();
+        final File file = AccessController.doPrivileged(new PrivilegedAction<File>() {
+            public File run() {
+                File tempFile = null;
+                try {
+                    tempFile = Files.createTempFile("rep", "tmp").toFile();
+                    // Make sure the file is deleted when JVM is shutdown at last.
+                    tempFile.deleteOnExit();
+                } catch (IOException e) {
+                    exs.add(e);
+                }
+                return tempFile;
+            }
+        });
+        if (!exs.isEmpty()) {
+            throw exs.get(0);
+        }
         return file;
     }
 
diff --git a/core-common/src/test/java/org/glassfish/jersey/message/internal/UtilsTest.java b/core-common/src/test/java/org/glassfish/jersey/message/internal/UtilsTest.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jersey.message.internal;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.BufferedOutputStream;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class UtilsTest {
+
+    @Test
+    public void createTempFile() throws IOException {
+        final File file = Utils.createTempFile();
+        final OutputStream stream = new BufferedOutputStream(new FileOutputStream(file));
+
+        try {
+            final ByteArrayInputStream entityStream = new ByteArrayInputStream("Test stream byte input".getBytes());
+            ReaderWriter.writeTo(entityStream, stream);
+        } finally {
+            stream.close();
+        }
+        Assert.assertTrue(file.exists());
+    }
+
+}
diff --git a/core-common/src/test/resources/surefire.policy b/core-common/src/test/resources/surefire.policy
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2019 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2021 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -30,6 +30,7 @@ grant codebase "file:${project.build.directory}/test-classes/-" {
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
   permission java.lang.RuntimePermission "modifyThread";
   permission java.util.PropertyPermission "*", "write";
+  permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc.*";
@@ -43,6 +44,7 @@ grant codebase "file:${project.build.directory}/classes/-" {
   permission java.lang.RuntimePermission "modifyThread";
   permission java.util.PropertyPermission "*", "read";
   permission java.io.FilePermission "<<ALL FILES>>", "read";
+  permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc.*";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
