Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / November 2005

Tip: Looking for answers? Try searching our database.

using a JSP to do a file read

Thread view: 
Enable EMail AlertsStart New Thread
anikkar@gmail.com - 02 Nov 2005 20:35 GMT
Hi,

I am in the learning stages of using JSPs, and i am tryin to write a
utility which will unzip a file on a server (this is because i have had
to much trouble uploading a folder with the unzip'd contents...i.e.
100s of files).

I quickly found that i don't have read permissions:

exception

org.apache.jasper.JasperException: access denied
(java.io.FilePermission / read)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:372)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    sun.reflect.GeneratedMethodAccessor152.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)

root cause

java.security.AccessControlException: access denied
(java.io.FilePermission / read)
    java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    java.security.AccessController.checkPermission(AccessController.java:427)
    java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

But this doesn't seem to make sense to me, as you would imagine that I
would have read permissions on the server.

Here is the code:

<%@ page import="java.util.Enumeration"%>
<%@ page import="java.io.File"%>
<html>
<body>
<form action="unzip.jsp" method=post>
    <SELECT    NAME="File"    SIZE=4>
        <%  File dir = new File("/");
            for(File tempFile : dir.listFiles()) {    %>
        <OPTION><%=tempFile%></OPTION>
        <% } %>

    </SELECT>
    <INPUT TYPE=SUBMIT VALUE=Press>
</form>
<B>Form Content</B><BR>
<TABLE>
<%  Enumeration parameters = request.getParameterNames();
    while(parameters.hasMoreElements()){
        String parameterName = (String)parameters.nextElement();
        String parameterValue = request.getParameter(parameterName);
%>
        <TR>
            <TD><%=parameterName%></TD>
            <TD><%=parameterValue%></TD>
        </TR>
<%  }   %>
</body>
</html>
Reply to this Message
Shorty - 02 Nov 2005 22:41 GMT
Does the user running the application server have the right to read on
the root ("/") directory on the server ? (I mean based on unix access
rights)
Reply to this Message
anikkar@gmail.com - 02 Nov 2005 23:32 GMT
Not quite sure what you mean by the user running the application? I ran
another JSP which read the system properties, and it listed that the
user.dir = /, user.home = /root, and user.name = root.

so i tried using File("/root"), but that didn't work either
Reply to this Message
Andrew Thompson - 03 Nov 2005 01:34 GMT
>         <%  File dir = new File("/");

When you don't know what is happening, print it out..

out.print( dir + " " + dir.exists() );

..then try, either..
<http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/ServletContext.htm
l#getRealPath(java.lang.String)>
or..
<http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/ServletContext.htm
l#getResource(java.lang.String)>

HTH
Reply to this Message
anikkar@gmail.com - 03 Nov 2005 18:53 GMT
Hi Andrew,

thanks for your suggestion...using the servlet context to get my path
was the trick...my provider never gaver me my path, so i was
accidentally trying to access the root.

thanks again!
Reply to this Message
Andrew Thompson - 03 Nov 2005 23:57 GMT
> thanks for your suggestion...using the servlet context to get my path
> was the trick...my provider never gaver me my path, so i was
> accidentally trying to access the root.

Cool.  I figured you would work it out from the links.

Glad you sorted it.   :-)
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.