tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Flowers <flow...@social.chass.ncsu.edu>
Subject Re: tomcat.policy limitation?
Date Fri, 20 Jul 2001 18:02:13 GMT
//--------------------------------------------------------------
Frank Lawlor wrote:
> 
> Not sure, but I think Tomcat restricts your access to WEB-INF.


If this is the case, then how can I create a directory structure outside
of WEB-INF so that my programmers/developers can take advantage of the
much needed reloadable feature (server.xml-<Context>-reloadable) AND be
sandboxed into their own subdirectories so that their servlets cannot
write anywhere outside their own particular subdirectory?

Joe
//------------------------



> 
> In general, your web app should restrict itself to created directories under
> its
> context.  Your can give each user/client their own subdir.  This works fine.
> 
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.

//-----------------------------------------------------------

> Joe Flowers wrote:
> > 
> > I am trying to grant a servlet in the
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/joe/"
> > directory write permissions to the "/test.txt" file.
> > 
> > //---------------------------------------------------------------------------
> > 
> > The following code snippet from my tomcat.policy file seems to work
> > correctly;
> > I can write to the "/test.txt" file just fine with my servlet.
> > 
> > grant codeBase "file:/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/-" {
> >   permission java.io.FilePermission "/test.txt", "write";
> > };
> > 
> > //---------------------------------------------------------------------------
> > 
> > BUT, the following code snippet does NOT work correctly.
> > 
> > grant codeBase
> > "file:/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/-" {
> >   permission java.io.FilePermission "/test.txt", "write";
> > };
> > 
> > I get the following error message :-((
> > 
> > Error: 500
> > Location: /servlet/joe.joe1
> > Internal Servlet Error:
> > java.security.AccessControlException: access denied
> > (java.io.FilePermission /test.txt write)
> >         at
> > java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
> >         at
> > java.security.AccessController.checkPermission(AccessController.java:399)
> >         at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
> >         at
> > java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
> >         at java.io.FileOutputStream.(FileOutputStream.java:96)
> >         at java.io.FileWriter.(FileWriter.java:52)
> >         at joe.joe1.doGet(joe1.java:64)
> > ...
> > etc.
> > //---------------------------------------------------------------------------
> > 
> > What the heck?!?!
> > 
> > Anyone have any ideas for me to try?
> > 
> > I want to create a bunch of user/programmer subdirectories like
> > 
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/joe/"
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/tom/"
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/henry/"
> > etc.
> > 
> > so that I can grant all servlets in these directories and subdirectories
> > read/write access to their own separate directory structure so they
> > won't be able to write over anyone elses files, including the "system"
> > files, of course.
> > 
> > This is a wierd one.
> > 
> > Thanks for any help!
> > 
> > Joe

Mime
View raw message