Hi!
See my comments inline!
> For example, I have a bean, that after downloading a compressed file, uses
> the unix program 'gunzip' to uncompress it:
>
>
> String[] cmd = {"gunzip", "-f", file2};
> Process proc = Runtime.getRuntime().exec(cmd);
> BufferedWriter output = new BufferedWriter(new
> OutputStreamWriter(proc.getOutputStream()));
> BufferedReader input = new BufferedReader(new
> InputStreamReader(proc.getInputStream()));
> BufferedReader error = new BufferedReader(new
> InputStreamReader(proc.getErrorStream()));
>
> blah blah.
>
> in my catalina.policy file I have this following section:
>
>
> grant {
> permission java.io.FilePermission "<<ALL FILES>>", "read";
> permission java.io.FilePermission "<<ALL FILES>>", "write";
> permission java.io.FilePermission "/bin/gunzip", "execute";
> permission java.io.FilePermission "/usr/bin/gunzip", "execute";
> };
>
I have to admit that I'm not really deep into that permission stuff, but
shouldn't it read as
grant codeBase "http://yourhost/pathToBean/-"; {
... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ...
}
?
So maybe the problem is that "codeBase ..." is missing and that catalina
can't map the permissions you set to the path you want!?
> As you can see I am currently restricing ANY execution to the possible
> gunzip file my bean could be using.
>
> The catalina.out log file indeed logs the failure in execution in the
method
> that's trying to use gunzip..
>
> Mar 20, 2003 1:52:23 PM org.apache.coyote.http11.Http11Protocol start
> INFO: Starting Coyote HTTP/1.1 on port 80
> java.security.AccessControlException: access denied
(java.io.FilePermission
> <<ALL FILES>> execute)
> at
>
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:270)
> at
> java.security.AccessController.checkPermission(AccessController.java:401)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
> at java.lang.SecurityManager.checkExec(SecurityManager.java:799)
> at java.lang.Runtime.exec(Runtime.java:563)
> at java.lang.Runtime.exec(Runtime.java:491)
> at java.lang.Runtime.exec(Runtime.java:457)
> at
> edu.northwestern.ls.monster.UploadBean2.pdbDownload(UploadBean2.java:283)
>
> But that's besides the question, WHY does the execution of gunzip fail
when
> i have it safely listed in catalina.policy??
Just to rephrase Eric "Why don't you use the java.util.zip package?". It
gives you *OS-independent* ZIP support without the need to set extra
permissions.
HTH!
-mw
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
