Friday Jun 21, 2013

JDK 7u25: Solutions to Issues caused by changes to Runtime.exec

The following examples were prepared by Java engineering for the benefit of Java developers who may have faced issues with Runtime.exec on the Windows platform.

Background

In JDK 7u21, the decoding of command strings specified to Runtime.exec(String), Runtime.exec(String,String[]) and Runtime.exec(String,String[],File) methods, has been made more strict. See JDK 7u21 Release Notes for more information.

This caused several issues for applications. The following section describes some of the problems faced by developers and their solutions.


Note: In JDK 7u25, the system property jdk.lang.Process.allowAmbigousCommands can be used to relax the checking process and helps as a workaround for some applications that cannot be changed. The workaround is only effective for applications that are run without a SecurityManager.
See JDK 7u25 Release Notes for more information.

Note:There is a typo in the system property jdk.lang.Process.allowAmbigousCommands; it should have been jdk.lang.Process.allowAmbiguousCommands (missing "u"). This will be addressed in a future JDK release.

Note: To understand the details of the Windows API CreateProcess call, see: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx


There are two forms of Runtime.exec calls:

  1. with the command as string: "Runtime.exec(String command[, ...])"
  2. with the command as string array: "Runtime.exec(String[] cmdarray [, ...] )"

The issues described in this section relate to the first form of call. With the first call form, developers expect the command to be passed "as is" to Windows where the command needs be split into its executable name and arguments parts first. But, in accordance with Java API, the command argument is split into executable name and arguments by spaces.

Problem 1: "The file path for the command includes spaces"

In the call:

Runtime.getRuntime().exec("c:\\Program Files\\do.exe")

the argument is split by spaces to an array of strings as:

c:\\Program, Files\\do.exe

The first element of parsed array is interpreted as the executable name, verified by SecurityManager (if present) and surrounded by quotations to avoid ambiguity in executable path.

This results in the wrong command:

"c:\\Program" "Files\\do.exe"

which will fail.

Solution:

Use the ProcessBuilder class, or the Runtime.exec(String[] cmdarray [, ...] ) call, or quote the executable path.

Where it is not possible to change the application code and where a SecurityManager is not used, the Java property jdk.lang.Process.allowAmbigousCommands could be used by setting its value to "true" from the command line:

-Djdk.lang.Process.allowAmbigousCommands=true

This will relax the checking process to allow ambiguous input.

Examples:

new ProcessBuilder("c:\\Program Files\\do.exe").start()
Runtime.getRuntime().exec(new String[]{"c:\\Program Files\\do.exe"})
Runtime.getRuntime().exec("\"c:\\Program Files\\do.exe\"")

Problem 2: "Shell command/.bat/.cmd IO redirection"

The following implicit cmd.exe calls:

Runtime.getRuntime().exec("dir > temp.txt")
new ProcessBuilder("foo.bat", ">", "temp.txt").start()
Runtime.getRuntime().exec(new String[]{"foo.cmd", ">", "temp.txt"})

lead to the wrong command:

"XXXX" ">" temp.txt

Solution:

To specify the command correctly, use the following options:

Runtime.getRuntime().exec("cmd /C \"dir > temp.txt\"")
new ProcessBuilder("cmd", "/C", "foo.bat > temp.txt").start()
Runtime.getRuntime().exec(new String[]{"cmd", "/C", "foo.cmd > temp.txt"})

or

Process p = new ProcessBuilder("cmd", "/C" "," "XXX").redirectOutput(new File("temp.txt")).start();

Problem 3: "Group execution of shell command and/or .bat/.cmd files"

Due to enforced verification procedure, arguments in the following calls create the wrong commands.:

Runtime.getRuntime().exec("first.bat && second.bat")
new ProcessBuilder("dir", "&&", "second.bat").start()
Runtime.getRuntime().exec(new String[]{"dir", "|", "more"})

Solution:

To specify the command correctly, use the following options:

Runtime.exec("cmd /C \"first.bat && second.bat\"")
new ProcessBuilder("cmd", "/C", "dir && second.bat").start()
Runtime.exec(new String[]{"cmd", "/C", "dir | more"})

The same scenario also works for the "&", "||", "^" operators of the cmd.exe shell.

Problem 4: ".bat/.cmd with special DOS chars in quoted params”

Due to enforced verification, arguments in the following calls will cause exceptions to be thrown.:

Runtime.getRuntime().exec("log.bat \">error<\"")
new ProcessBuilder("log.bat", ">error<").start()
Runtime.getRuntime().exec(new String[]{"log.bat", ">error<"})

Solution:

To specify the command correctly, use the following options:

Runtime.getRuntime().exec("cmd /C log.bat \">error<\"")
new ProcessBuilder("cmd", "/C", "log.bat", ">error<").start()
Runtime.getRuntime().exec(new String[]{"cmd", "/C", "log.bat", ">error<"})

Examples:

Complicated redirection for shell construction:

cmd /c dir /b C:\ > "my lovely spaces.txt"

becomes

Runtime.getRuntime().exec(new String[]{"cmd", "/C", "dir \b >\"my lovely spaces.txt\"" });

The Golden Rule:

In most cases, cmd.exe has two arguments: "/C" and the command for interpretation.

Tuesday Jun 18, 2013

JDK 7u25 and JavaFX 2.2.25 Documentation Updates

We are pleased to announce that the Java Development Kit 7 Update 25 (JDK 7u25) release with JavaFX 2.2.25 is live. You can download it from the Java SE Downloads page. Find more information about the new features in the JDK 7u25 Release Notes.

The JDK 7u25 and JavaFX 2.2.25 releases come with various updates in the Java documentation.

Changes to the Java Rich Internet Applications Development and Deployment Guide:

  • Perform Certificate Checks and Check for Certificate Revocation Using sections describe new options for checking that a signing certificate has not been revoked before an applet or Java Web Start application is run.
  • Preventing a RIA from Being Repurposed describes the new Permissions and Codebase attributes for the JAR file manifest. These attributes are used to defend RIAs against unauthorized code repurposing. If the values in the manifest do not match the values in the JNLP file or the applet tag, the RIA is blocked.
  • Security Dialogs provides information on the prompts that are shown when a RIA is started.

Changes to the Deployment Trail of the Java Tutorials:

The File Chooser chapter of the UI Controls tutorial has become the main addition to the JavaFX documentation set. This chapter explains how to use the FileChooser class of the JavaFX API to enable navigating the file system. The document comes with several samples to explain how to open one or several files with the associated application, configure a file chooser dialog window, and save the application content. You can study the source code of the FileChooserSample application or download the NetBeans project with all the samples available in the JavaFX UI Controls tutorial. The WebView tutorial is reworked by the JavaFX 2.2.25 release to address changes in the WebViewSample application. Find the modified version at docs.oracle.com/javafx.

For all tutorials, guides, and API documentation, see Java SE Technical Documentation and JavaFX 2 Documentation

Wednesday Jun 12, 2013

Java EE 7 Tutorial Released!

The initial release of the Java EE 7 Tutorial has gone live. This June 12th, 2013 (7.0.1) edition of the tutorial builds on the previously released Java EE 6 Tutorial and includes:

  • The new Java EE 7 technologies, Java API for WebSocket (JSR 356), Java API for JSON Processing (JSR 353), Batch Applications for the Java Platform (JSR 352), and Concurrency Utilities for Java EE (JSR 236) are examined, explained, and showcased with 7 new examples.

  • Many current Java EE technologies, including Java Message Service 2.0 (JSR 343), Java API for RESTful Web Services 2.0 (JSR 339), Java Servlet 3.1 (JSR 340), JavaServer Faces 2.2 (JSR 344), and Contexts and Dependency Injection for Java EE 1.1 (JSR 346) received major updates. New features are explained in the tutorial. Examples were either added or updated to show how to implement and use those new features and functionality.

  • The entire example tree has been modernized to use Maven to build, package, deploy, and run the examples. The tutorial examples have previously been based on the Blueprints build structure and used Ant-based scripts. NetBeans 7.3.1 supports Maven and GlassFish 4.0, so our examples can be run from within the IDE or on the command line. The user community asked for Maven support, and we gave it to you.

  • All together, there are 60 new or updated examples!

  • We restructured the content to make some of the information more approachable and easier to find. There is a new part with chapters about basic platform functionality such as resource creation, injection, and packaging. We gave Messaging its own part, making it easier to find. As you read, we hope you'll notice many of the smaller improvements that should make things easier to understand.

Our basic tutorial Your First Cup: An Introduction to the Java EE Platform has also been updated for Java EE 7. The examples have been converted to Maven, use Maven archetypes to make project creation even easier, and have been updated to the new Java EE 7 APIs, including the JAX-RS Client API.

About

Blog about Java technology documentation and news about Java releases.

Search

Categories
Archives
« June 2013 »
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
13
14
15
16
17
19
20
22
23
24
25
26
27
28
29
30
      
Today