Simon Brooke wrote:
On Monday 02 Dec 2002 5:01 pm, Jeanfrancois Arcand wrote:Because they probably runs Tomcat without the security manager, so they can read/write from any context :-)
That's the proper behaviour. By default, a web application is only ableOK, this raises another issue. The problem arose because my servlet makes use of the maybeupload package <URL: http://www.weft.co.uk/library/maybeupload/ >
to read under the context under which it was deployed. If you want to
grant access to the /tmp !*be carefull*!, add the following in your
catalina.policy file:
grant codeBase "file:${catalina.home}/webapps/<<your context>>/-" {
permission java.io.FilePermission "/tmp", "read";
};
which I wrote and maintain, but which is also used in a number of other people's code including Cocoon 2, so it's moderately important that it doesn't do stupid things.
MaybeUploadServlet checks in it's init method that it's upload directory exists and is writable:
uploadDir = new File( uploadDirPath);
if ( ! uploadDir.isDirectory() || ! uploadDir.canWrite())
throw new UnavailableException( "Cannot write to upload directory " + uploadDirPath);
UploadDirPath is a runtime configurable parameter, expected to be picked up from the web.xml:
uploadDirPath = getStringParameterValue( "upload_dir_path", config, uploadDirPath);
However, if no value is specified in the web.xml, then currently the hard-coded default is /tmp; the thinking being this is it's usually a safe place to write stuff.
Clearly, though, as you point out, this is the wrong thing to do. The obvious solution is to alter MaybeUploadServlet so that if no upload_dir_path is specified in the web.xml, to switch off the upload facility altogether, possibly appending a warning to the log. However I don't know who else's code this will hurt (and, indeed, it's interesting that I haven't had anyone else report this to me as a bug).
Have you try the solution proposed by Yoav? This is probably the best solution if you want a "tmp" directory for each web-app. If you only want 1 directory, then the /tmp is fine (but works only on Unix).
Could anyone suggest a means of getting a 'safe' directory path for UploadDirPath to default to, or should I go for the 'switch off' behaviour?
-- Jeanfrancois
Cheers
Simon
