give servlet permission to create file

[tiewknvc9]

Hi!

I am creating a servlet that uploads a file from the users computer to
my servers computer.

When I write the file to the server I am getting continually an access
denied message. Which sux, because Im paying for the space on the
serve, why cant I write to it programatically?!

Anyway Im wondering if there is a certain server setting that I can ask
them to change, or a permission that i should be asking for, or
something. I mean surely other people must want to write files to
their servers, right?

Thanks for any (non-evil) thoughts, including a better hosting service
that is cheap (not making any money off of site).

Thanks! Error message is below.


org.apache.jasper.JasperException: access denied
(java.io.FilePermission /pleaseWork.jb write)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:372)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
sun.reflect.GeneratedMethodAccessor326.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)

 

[tiewknvc9]

and we're using apache tomcat as the server...

 

[Andrew Thompson]

tiewknvc9 wrote:
.....

I am creating a servlet that uploads a file from the users computer to
my servers computer. ....
org.apache.jasper.JasperException: access denied
(java.io.FilePermission /pleaseWork.jb write)

I *suspect*
1) that your host *does* allow writing to files,
but files located within your own directories.
2) Anything pointing to the 'root' e.g. file '/..'
is in *their* directories, rather than yours.

You might try a 'getRealPath' to find where
that file is really (trying) to go.

Andrew T.

 

[tiewknvc9]

I just called my hosting company, who say I have all the appropriate
access priviledges...

Which I would rather not believe, but they say its true...

Here is what my code reads as:

String curDir = application.getRealPath("");
System.out.println(curDir);

File filFile = new File(curDir + "/pleaseWork.txt");

out.println(filFile.getAbsolutePath());
//filFile.createNewFile(); //breaks here!

any idea what IM doing wrong?!?!!

 

[Scott Harper]

When I write the file to the server I am getting continually an access
denied message. Which sux, because Im paying for the space on the
serve, why cant I write to it programatically?!

Anyway Im wondering if there is a certain server setting that I can ask
them to change, or a permission that i should be asking for, or
something. I mean surely other people must want to write files to
their servers, right?

org.apache.jasper.JasperException: access denied
(java.io.FilePermission /pleaseWork.jb write)

We were having very similar issues in our hosted environment. It turned out
that the Tomcat Security Manager had been enabled, and basically denied
everything by default. So they had to go tweak the policies to allow the
things we needed. In addition to file access permissions, we had problems
with sockets and also accessing system properties.

Take a look at the following links... there is probably something similar in
the tomcat 5.x documentation as well.

http://tomcat.apache.org/tomcat-4.1-doc/security-manager-howto.html
http://tomcat.apache.org/tomcat-3.3-doc/tomcat-security.html

The policy files are:

$CATALINA_HOME/conf/catalina.policy
$JAVA_HOME/jre/lib/security/java.policy

Good luck...


scott

 

[Andrew Thompson]

tiewknvc9 wrote:

Please refrain from top-posting - I find it most confusing.

I just called my hosting company, who say I have all the appropriate
access priviledges...

Which I would rather not believe, but they say its true...

I believe them. Their answer does not surprise me.
(I have heard similar answers from my own web-host/s!)

Here is what my code reads as:

String curDir = application.getRealPath("");
System.out.println(curDir);

When I suggested using getRealPath, what I meant was ..

a) Use getRealPath on the string that indicates 'root' - "/".
b) Print the result.
c) Tell *us* that result here...

Andrew T.

 

[tiewknvc9]

Trying to write a file using

FIle x = new File (var + "myNewFile.txt");

where var equals....

BAD -> request.getServletPath()

BAD -> request.getRemoteHost()

BAD -> request.getRemoteAddr()

BAD -> request.getRequestURL()

BAD -> getServletContext().getRealPath("/")



Im at a lose. What am I doing wrong? My hosting company tells me that
I have all the proper permissions.

 

[tiewknvc9]

sorry, I did not print the path that was generated. Since they
restart the server at 3am, I uploaded a new file, outputting the path.
So tomorrow I will be able to write the path here...

 

[Andrew Thompson]

tiewknvc9 wrote:

Noted your next post, but just quickly..

Trying to write ..

Stop! Let's just find out exactly where we are
before anyone tries writing (or even thinking of
writing) anything.

...a file using

FIle x = new File (var + "myNewFile.txt");

Now. Drop the filename for the moment and
try the file name "." to indicate 'the current directory'
as understood by the server at this moment in time.

Then (assuming even that is successful) try
printing it out to ..HTML or whatever.

Also, please refrain from top-posting.
I find it most confusing.

Andrew T.

 

[tiewknvc9]

tiewknvc9 wrote:

Noted your next post, but just quickly..


Stop! Let's just find out exactly where we are
before anyone tries writing (or even thinking of
writing) anything.


Now. Drop the filename for the moment and
try the file name "." to indicate 'the current directory'
as understood by the server at this moment in time.

Then (assuming even that is successful) try
printing it out to ..HTML or whatever.

Also, please refrain from top-posting.
I find it most confusing.

Andrew T.

will try tonight. Will report results tomorrow morning, if I am asleep
before 4am

 

[tiewknvc9]

Problem.

It gets the path to c:\tomcat\, Im on a shared hosting plan. I dont
think that they will tell me what the path is to my home directory...

Ill give it a shot anyway.

Any other ideas?

 

[tiewknvc9]

Problem.

It gets the path to c:\tomcat\, Im on a shared hosting plan. I dont
think that they will tell me what the path is to my home directory...

Oh duh. It links to the current SET working directory! maybe Ill be
lucky

only tried it on my tomcat server, where the home directory was set to
c:\tomcat

 

[tiewknvc9]

I hope its not security!

I actually asked them if I had the proper permissions, and they said
that I did. They could always be screwing with me though.... If I
cant get it to work in the next few days, Im going to have to find a
new host

 

[tiewknvc9]

tiewknvc9 wrote:

Noted your next post, but just quickly..


Stop! Let's just find out exactly where we are
before anyone tries writing (or even thinking of
writing) anything.


Now. Drop the filename for the moment and
try the file name "." to indicate 'the current directory'
as understood by the server at this moment in time.

Then (assuming even that is successful) try
printing it out to ..HTML or whatever.

Also, please refrain from top-posting.
I find it most confusing.

Andrew T.

None of it is working. The second I call myFile.createNewFile(); it
breaks every time.

The closest I think Ive come to a solution is being able to print out
the
this.getServletContext().getRealPath("/")
/var/chroot/home/content/a/d/a/adartie2/html/

where I still cant create a file in that directory.

what a pain in my arse. I feel lost.

 

[Andrew Thompson]

Before I continue I should point out that I am hoping
some of the server-side guru's can jump into this
thread, it's a while since I've uses the server stuff
and I'm a little rusty.
...

....
None of it is working. The second I call myFile.createNewFile(); it
breaks every time.

Like I said - until you're confident you know where you
are in the structure (or perhaps convince *me* that you
are attempting to write into your home directories), writing
is a bit premature.. but..

The closest I think Ive come to a solution is being able to print out
the
this.getServletContext().getRealPath("/")
/var/chroot/home/content/a/d/a/adartie2/html/

OK.. where is that in relation to your site?
If I visit the domain, and end up getting served the
/index.html (or whatever is your default homepage)
...where would that file live, within the path shown above?

I am guessing it is either ..
/var/chroot/home/content/index.html
...or..
/var/chroot/home/content/a/d/a/adartie2/html/index.html

Is either of those correct?

Andrew T.

 

[tiewknvc9]

Before I continue I should point out that I am hoping
some of the server-side guru's can jump into this
thread, it's a while since I've uses the server stuff
and I'm a little rusty.
..

Like I said - until you're confident you know where you
are in the structure (or perhaps convince *me* that you
are attempting to write into your home directories), writing
is a bit premature.. but..


OK.. where is that in relation to your site?
If I visit the domain, and end up getting served the
/index.html (or whatever is your default homepage)
..where would that file live, within the path shown above?

I am guessing it is either ..
/var/chroot/home/content/index.html
..or..
/var/chroot/home/content/a/d/a/adartie2/html/index.html

Is either of those correct?

Andrew T.

Thanks for the response Andrew.

I scoured my hosting company's site, and found this:

"
This is the absolute path for your Linux hosting account:

/home/content/1/2/3/username/html/
Where "/1/2/3/" are the first three letters of your user name and
"username" is the user name you used to set up your hosting account.
For example, if your user name were "johndoe," then your absolute path
would be:

/home/content/j/o/h/johndoe/html
"

so in addition to your suggestions, I tried to write the new file to
/home/content/a/d/a/adartie2/k.txt

still no luck.

 

[Andrew Thompson]

tiewknvc9 wrote:
.....

This is the absolute path for your Linux hosting account:

/home/content/1/2/3/username/html/
Where "/1/2/3/" are the first three letters of your user name and
"username" is the user name you used to set up your hosting account.
For example, if your user name were "johndoe," then your absolute path
would be:

/home/content/j/o/h/johndoe/html
"

so in addition to your suggestions, I tried to write the new file to
/home/content/a/d/a/adartie2/k.txt

That would make it the directory *above* your main homepage
directory.. I am not sure if site users (you) are supposed to be
able to programmatically write files there!

Why not try writing a file in .....
/home/content/a/d/a/adartie2/html/temp/a.txt

(Note the 'temp' directory to keep these file(s) separate
from your real site, make that directory first, manually).

BTW - Did you say something rude to the server people
around here? I am wonderrring why not one of them has
jumped in to point out the errors I am making..

Andrew T.

 

[tiewknvc9]

I got it.... sort of.

my host is only allowing me to write to the \tmp\ directory. Which
sux, but Ill deal with it. I guess im giong to have to email myself
the files as they come in.

That was the problem, Im not allowed to write to my actual account
directory. Isnt that ridiculous? Perhaps I should consider changing
hosts.

Thank you so much for your help! Ive learned a lot from you.

 

[Andrew Thompson]

I got it.... sort of.

my host is only allowing me to write to the \tmp\ directory. Which
sux, but Ill deal with it. I guess im giong to have to email myself
the files as they come in.

That was the problem, Im not allowed to write to my actual account
directory.

It does strike me as 'familiar' that there are only
specific areas into which you can write.
I can't say that 'temp' sounds right, but I'd defer
to the server operators.

..Isnt that ridiculous?

No. Servers are *very* carefully controlled, for good reason.

A problem that allows a malicious or stupid end user, or
faulty code, to (for example) attempt a write of 54Gig might
be something that not only brings your site crashing down,
but probably the server and everyone else's sites!

If they can help avoid that by limiting site owners to writing
in specific dirrectories, it is a benefit to all who have sites
coming off that server.

...Perhaps I should consider changing hosts.

I wold not recommend being so rash. Nothing you
have told me about this host really surprises me,
& I suspect any other host will have similar restrictions.

Thank you so much for your help!

You're welcome.

...Ive learned a lot from you.

....hmmm. Trouble is - I still have a lot to learn about it!

( Have you heard the saying 'the blind leading the blind'?

Andrew T.

 

[tiewknvc9]

( Have you heard the saying 'the blind leading the blind'?

of course, but perhaps that way both will learn how to see.