Hi,
Oooh, it's been a while since someone raised an exec() solution on the
ilst, so it's worth bringing up a few points ;)
>I'm not sure if getRuntime().exec(String cmdline) is synchronous or
not.
It's a non-blocking call. What you get back is a java.lang.Process
object. You can read from this process (using the getInputStream
method), write to it (getOutputStream), and check its status. It's
common to use the waitFor method to wait until the process is done in
order to achieve a close equivalent to a synchronous or blocking exec
call.
Of course, using waitFor to lock up your request processing thread is
not that good an idea ;) But it's possible and doable.
Security concerns abound. You want to make sure the command executed by
exec is not related to the request parameters, or you will be an easy
target for hackers (or unhappy coworkers in the case of an intranet).
Consider:
Runtime.getRuntime.exec("someScript -employeeId=" +
req.getParameter("employeeId"));
What happens if someone calls your servlet with
http://yourhost:yourport/yourwebapp/yourservlet?employeeId=1;rm%20*
? ;)
The SecurityManager's checkExec method is invoked before execution, so
it's a good idea to run with a SecurityManager and setup the exec
permissions carefully.
Yoav
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
