Java SE 7 Update 25 Mit den üblichen Security-Udates und sonst noch ein paar Änderungen: Nicht uninteressant finde ich folgendes, was die Kompatibilität von existierenden Anwendungen beeinflussen könnte:

Changes to Runtime.exec

On the Windows platform, the decoding of command strings specified tojava.lang.ProcessBuilder and the exec methods defined by java.lang.Runtime, has been made stricter since JDK 7u21. This may cause problems for applications that are using one or more of these methods with commands that contain spaces in the program name, or are invoking these methods with commands that are not quoted correctly. For more information see JDK 7u21 Release Notes.

In JDK 7u25, the system property jdk.lang.Process.allowAmbigousCommands can be used to relax the checking process and may be used as a workaround for some applications that are impacted by the stricter validation. The workaround is only effective for applications that are run without a security manager. To use this workaround, either the command line should be updated to include -Djdk.lang.Process.allowAmbigousCommands=true or the java application should set the system property jdk.lang.Process.allowAmbigousCommands to true.

Quoting and escaping commands on Windows platform is complicated. The following examples may be useful to developers if they are impacted by the stricter validation.

Example 1: The application needs to be launched with C:\Program Files\foo.exe.

Here are 3 possible ways:

Process p = new ProcessBuilder("c:\\Program File\\foo.exe").start();
Process p = Runtime.getRuntime().exec(new String[] { "c:\\Program File\\foo.exe" });
Process p = Runtime.getRuntime().exec("\"c:\\Program File\\foo.exe\"");

Where it is not possible to change the application to use one of the above approaches, then the system property jdk.lang.Process.allowAmbigousCommands may be used as a workaround.

Example 2: The application needs to launch "dir > dir.out".
This case requires launching cmd.exe, and also it needs the output to be redirected to a file. The best approach is to use the ProcessBuilder as shown in the following example:

Process p = new ProcessBuilder("cmd", "/C", "dir").redirectOutput(new File("dir.out")).start();

Where it not possible to change code to use ProcessBuilder or redirectOutput, then the following approaches can also be used:

Process p = new ProcessBuilder("cmd", "/C", "dir > dir.out").start();
Process p = Runtime.getRuntime().exec("cmd /C \"dir > dir.out\"");

Example 3: The application wants to launch a command with parameters that require special quoting; for example "log.bat \">error<\"".
Here are 3 possible ways to do this:

Process p = new ProcessBuilder("cmd", "/C", "log.bat", ">error<").start();
Process p = Runtime.getRuntime().exec(new String[] { "cmd", "/C", "log.bat", ">error<" })
Process p = Runtime.getRuntime().exec("cmd /C log.bat \">error<\"");

Ähnliche Beiträge

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert