Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Message-ID: <1400878082.1252568517685.JavaMail.jira@brutus>
Date: Thu, 10 Sep 2009 00:41:57 -0700 (PDT)
From: =?utf-8?Q?Ortwin_Gl=C3=BCck_=28JIRA=29?= <jira@apache.org>
To: dev@hc.apache.org
Subject: [jira] Resolved: (HTTPCLIENT-876) Calling httpClient.execute(post)
 on a shared server causes security error (WRITE not allowed to protected
 area on disk)
In-Reply-To: <1695641338.1252531822891.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-876?page=3Dcom.atla=
ssian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ortwin Gl=C3=BCck resolved HTTPCLIENT-876.
-------------------------------------

    Resolution: Invalid

Please speak to the Tomcat project. There is nothing we can do here.

> Calling httpClient.execute(post) on a shared server causes security error=
 (WRITE not allowed to protected area on disk)
> -------------------------------------------------------------------------=
----------------------------------------------
>
>                 Key: HTTPCLIENT-876
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-876
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.0 Final
>         Environment: Java 5.0, Tomcat
>            Reporter: Clifford
>   Original Estimate: 4h
>  Remaining Estimate: 4h
>
> I run my JSP modules on a shared server at GoDaddy.com, one of the larges=
t hosting companies in the USA.  They have strict security on the servers w=
hich disallows writing to any disk files unless they are in the /temp direc=
tory.
> =20
> When I first tried to execute a module I wrote using HttpClient, I got a =
security write-not-allowed error.  I looked at the stack trace and found ou=
t that org.apache.http.impl.client.DefaultHttpClient.java (at source line 1=
97) calls org.apache.http.util.VersionInfo method loadVersionInfo, and that=
 class (at source line 248) tries to do a FILE WRITE after not finding a pr=
operty file containing the version#.  That WRITE is disallowed by my hostin=
g, thus causing my HttpClient call to fail.  I can provide more details if =
you like.
> =20
> I worked around the problem by commenting out the call to loadVersionInfo=
 and recompiling DefaultHttpClient, but MANY MANY programmers will run into=
 this issue, so I would label it an urgent bug that needs to be fixed.  Sug=
gestions for the fix could be 1) hard-code the version in a new final stati=
c variable of DefaultHttpClient, or 2) Write the Properties file containing=
 the HttpClient version# to a directory within /temp.
> The stack trace (transcribed from a printout) is:
> java.security.AccessControlException: access denied (java.io.FilePermissi=
on /web/tomcat/work/hosting/dir.dotgreen.org/.../loader/META-INF write) at =
... 5 levels of java.security.* then
> java.io.File.mkdir
> WebappClassLoader.findResourceInternal
> WebappClassLoader.findResource
> WebappClassLoader.getResourceAsStream
> VersionInfo.loadVersionInfo (line 244)
> DefaultHttpClient.createHttpParams (line 197)
> AbstractHttpClient.getParams (line 293)
> DefaultHttpClient.createClient (line 2)
> AbstractHttpClient.getConnectionManager (line 312)
> DefaultHttpClient.createHttpContext (line 254)
> AbstractHttpClient.execute (line 618)
> AbstractHttpClient.execute (line 576)
> AbstractHttpClient.execute (line 554)
> then a dozen JSP/catalina locations that are irrelevant

--=20
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org