//--------------------------------------------------------------
Frank Lawlor wrote:
>
> Not sure, but I think Tomcat restricts your access to WEB-INF.
If this is the case, then how can I create a directory structure outside
of WEB-INF so that my programmers/developers can take advantage of the
much needed reloadable feature (server.xml-<Context>-reloadable) AND be
sandboxed into their own subdirectories so that their servlets cannot
write anywhere outside their own particular subdirectory?
Joe
//------------------------
>
> In general, your web app should restrict itself to created directories under
> its
> context. Your can give each user/client their own subdir. This works fine.
>
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.
//-----------------------------------------------------------
> Joe Flowers wrote:
> >
> > I am trying to grant a servlet in the
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/joe/"
> > directory write permissions to the "/test.txt" file.
> >
> > //---------------------------------------------------------------------------
> >
> > The following code snippet from my tomcat.policy file seems to work
> > correctly;
> > I can write to the "/test.txt" file just fine with my servlet.
> >
> > grant codeBase "file:/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/-" {
> > permission java.io.FilePermission "/test.txt", "write";
> > };
> >
> > //---------------------------------------------------------------------------
> >
> > BUT, the following code snippet does NOT work correctly.
> >
> > grant codeBase
> > "file:/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/-" {
> > permission java.io.FilePermission "/test.txt", "write";
> > };
> >
> > I get the following error message :-((
> >
> > Error: 500
> > Location: /servlet/joe.joe1
> > Internal Servlet Error:
> > java.security.AccessControlException: access denied
> > (java.io.FilePermission /test.txt write)
> > at
> > java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
> > at
> > java.security.AccessController.checkPermission(AccessController.java:399)
> > at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
> > at
> > java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
> > at java.io.FileOutputStream.(FileOutputStream.java:96)
> > at java.io.FileWriter.(FileWriter.java:52)
> > at joe.joe1.doGet(joe1.java:64)
> > ...
> > etc.
> > //---------------------------------------------------------------------------
> >
> > What the heck?!?!
> >
> > Anyone have any ideas for me to try?
> >
> > I want to create a bunch of user/programmer subdirectories like
> >
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/joe/"
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/tom/"
> > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/henry/"
> > etc.
> >
> > so that I can grant all servlets in these directories and subdirectories
> > read/write access to their own separate directory structure so they
> > won't be able to write over anyone elses files, including the "system"
> > files, of course.
> >
> > This is a wierd one.
> >
> > Thanks for any help!
> >
> > Joe
