From 019a097385e90af952f13de78135153271b1761c Mon Sep 17 00:00:00 2001 From: Daniel Fuchs Date: Tue, 11 Dec 2018 15:09:15 +0000 Subject: [PATCH] 8215008: Clear confusion between URL/URI paths and file system paths Reviewed-by: alanb, chegar, martin --- src/java.base/share/classes/java/net/URI.java | 23 +++++++++++++++++++ src/java.base/share/classes/java/net/URL.java | 23 +++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/src/java.base/share/classes/java/net/URI.java b/src/java.base/share/classes/java/net/URI.java index 2f5ac158d6e..0f784961825 100644 --- a/src/java.base/share/classes/java/net/URI.java +++ b/src/java.base/share/classes/java/net/URI.java @@ -25,6 +25,7 @@ package java.net; +import java.io.File; import java.io.IOException; import java.io.InvalidObjectException; import java.io.ObjectInputStream; @@ -36,6 +37,7 @@ import java.nio.charset.CharsetDecoder; import java.nio.charset.CoderResult; import java.nio.charset.CodingErrorAction; import java.nio.charset.CharacterCodingException; +import java.nio.file.Path; import java.text.Normalizer; import jdk.internal.access.JavaNetUriAccess; import jdk.internal.access.SharedSecrets; @@ -458,6 +460,27 @@ import java.lang.NullPointerException; // for javadoc * resolution as well as the network I/O operations of looking up the host and * opening a connection to the specified resource. * + * @apiNote + * + * Applications working with file paths and file URIs should take great + * care to use the appropriate methods to convert between the two. + * The {@link Path#of(URI)} factory method and the {@link File#File(URI)} + * constructor can be used to create {@link Path} or {@link File} + * objects from a file URI. {@link Path#toUri()} and {@link File#toURI()} + * can be used to create a {@link URI} from a file path. + * Applications should never try to {@linkplain + * #URI(String, String, String, int, String, String, String) + * construct}, {@linkplain #URI(String) parse}, or + * {@linkplain #resolve(String) resolve} a {@code URI} + * from the direct string representation of a {@code File} or {@code Path} + * instance. + *

+ * Some components of a URL or URI, such as userinfo, may + * be abused to construct misleading URLs or URIs. Applications + * that deal with URLs or URIs should take into account + * the recommendations advised in RFC3986, + * Section 7, Security Considerations. * * @author Mark Reinhold * @since 1.4 diff --git a/src/java.base/share/classes/java/net/URL.java b/src/java.base/share/classes/java/net/URL.java index 93de5622ed8..81279425b4c 100644 --- a/src/java.base/share/classes/java/net/URL.java +++ b/src/java.base/share/classes/java/net/URL.java @@ -25,9 +25,11 @@ package java.net; +import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.spi.URLStreamHandlerProvider; +import java.nio.file.Path; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Hashtable; @@ -145,6 +147,27 @@ import sun.security.action.GetPropertyAction; * used, but only for HTML form encoding, which is not the same * as the encoding scheme defined in RFC2396. * + * @apiNote + * + * Applications working with file paths and file URIs should take great + * care to use the appropriate methods to convert between the two. + * The {@link Path#of(URI)} factory method and the {@link File#File(URI)} + * constructor can be used to create {@link Path} or {@link File} + * objects from a file URI. {@link Path#toUri()} and {@link File#toURI()} + * can be used to create a {@link URI} from a file path, which can be + * converted to URL using {@link URI#toURL()}. + * Applications should never try to {@linkplain #URL(String, String, String) + * construct} or {@linkplain #URL(String) parse} a {@code URL} + * from the direct string representation of a {@code File} or {@code Path} + * instance. + *

+ * Some components of a URL or URI, such as userinfo, may + * be abused to construct misleading URLs or URIs. Applications + * that deal with URLs or URIs should take into account + * the recommendations advised in RFC3986, + * Section 7, Security Considerations. + * * @author James Gosling * @since 1.0 */