Tomcat Java permission issue -- cannot write to file from a webapp.

[vivri <vi...@gmail.com>]

Hi,

I'm new to this forum, and to developing for/using Tomcat in general (and a
bit of a novice in programming in general). I tried various websites and
tutorials to rectify my problem, with no results.


My Apache Tomcat version is 5.5, installed on Ubuntu 8.04 through the
aptitude package manager.
My Java version (the one $JAVA_HOME points to) is OpenJDK 6, also installed
through aptitude. I am logged in as root user.


PROBLEM DESCRIPTION:


Please note that on my development machine (a manual install of Tomcat 6 on
Ubuntu 9.10), the problem does not exist. I imagine this is an issue between
versions.


I am attempting to log survey responses in a file called "records.txt",
which I keep in the directory of my webapp
(".../webapps/MyWebApp/records.txt"). To this end, I pass parameters to a
JSP file through the "post" method, and write it to a file thus:


RecordKeep.CreateRecord (record, outfile);


This routine is stored in a JAR file in the directory of my webapp (compiled
as v.1.5).  Here is the code for it:



	public static synchronized boolean CreateRecord (String record, String
filename)
	{
		boolean success = true;
		try 
		{
			File file = new File(filename);
	        BufferedWriter out = new BufferedWriter(new FileWriter(file,
true));
	        out.write(RECORD_START + record + '\n');
	        out.close();
	    } 
		catch (IOException e) 
		{
	    	success = false;
	    }

		return success;
	}
}


When I attempt to execute the code through a browser, I get the following
exception from the line where I try to write to the file (the entire trace
is too long to include):


java.security.AccessControlException: access denied (java.io.FilePermission
/usr/share/tomcat5.5/webapps/MyWebapp/records.txt write)


ATTEMPTED SOLUTIONS:

From
http://www.mkyong.com/tomcat/tomcat-javasecurityaccesscontrolexception-access-denied-loggingproperties-read/
I tried two solutions:


1) Change the grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar"
category of permissions in 03catalina.policy to: grant codeBase
"file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.security.AllPermission;
};


2) Add an additional permission to the same permission clause: permission
java.io.FilePermission
"$${catalina.base}${file.separator}webapps${file.separator}*", "read,
write";


I don't know whether these options are used by default, so I tried running
both ./catalina.sh start and ./catalina.sh start -security to see whether
the security manager might have something to do with it. By this time I was
just groping around in the dark...

Also, I unfortunately can't see whether accessing the server from localhost
might bring different results.


Help would be most welcome, as I'm completely lost, and I need to get this
up and running in a matter of days. Thanks for your time in advance!


Sincerely,

Victor.
-- 
View this message in context: http://old.nabble.com/Tomcat-Java-permission-issue----cannot-write-to-file-from-a-webapp.-tp27871316p27871316.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

RE: Tomcat Java permission issue -- cannot write to file from a webapp.

[vivri <vi...@gmail.com>]

Right now this issue is just a curiosity, as I've got the website up and
running properly on the other installation, but still...


n828cl wrote:
> 
>> On the deployment machine, on the other hand, I am able to load 
>> the page while Tomcat isn't running, and even make changes to the 
>> website and see them on a browser.
> 
> Not possible.  Either you're not really stopping Tomcat, or Tomcat is not
> the web server you're accessing.  Is Tomcat being front-ended by httpd,
> and is it configured to deliver the content you're changing?
> 

I'm not sure what you mean by 'front-ended', but in fact I've found an old
installation of httpd on this system. Quite possibly it's interfering with
Tomcat. As to being configured to deliver the content, what I'm changing is
in the proper place in the webapp directory, and afaik httpd isn't capable
of delivering JSP pages -- which leaves me quite puzzled...

Vic.
-- 
View this message in context: http://old.nabble.com/Tomcat-Java-permission-issue----cannot-write-to-file-from-a-webapp.-tp27871316p27873758.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Java permission issue -- cannot write to file from a webapp.

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: vivri [mailto:victor.ivri@gmail.com]
> Subject: RE: Tomcat Java permission issue -- cannot write to file from
> a webapp.
> 
> I restarted Tomcat (just to be sure), cleared the cache of my 
> browser and tried again - only to find the results unchanged.

I didn't say that moving the file to an acceptable location would fix the problem, just that what you were doing was not really supported.  You may have a permissions problem with the userid Tomcat is running under, or you may have a security manager enabled, which will interfere with many things not part of standard servlet behavior.

> On the deployment machine, on the other hand, I am able to load 
> the page while Tomcat isn't running, and even make changes to the 
> website and see them on a browser.

Not possible.  Either you're not really stopping Tomcat, or Tomcat is not the web server you're accessing.  Is Tomcat being front-ended by httpd, and is it configured to deliver the content you're changing?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: [SOLVED] RE: Tomcat Java permission issue -- cannot write to file from a webapp.

[vivri <vi...@gmail.com>]

I got it from the official site
(http://apache.skazkaforyou.com/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz).
I don't believe Ubuntu has 6.0.26 in any of their package repositories. This
is exactly the same version as on my dev machine, and exhibits the same
behavior (with none of the aforementioned problems...).

Victor.



n828cl wrote:
> 
>> From: vivri [mailto:victor.ivri@gmail.com]
>> Subject: [SOLVED] RE: Tomcat Java permission issue -- cannot write to
>> file from a webapp.
>> 
>> I have installed Tomcat 6, and the problem(s) went away.
> 
> From where?  I believe that the Ubuntu distribution of Tomcat comes with a
> security manager enabled by default, whereas the real Tomcat from
> tomcat.apache.org does not.  Since Ubuntu likes to repackage Tomcat with
> many files shuffled around to non-standard locations and also changes some
> of the default configuration settings, it's not a version that can be
> properly supported on this mailing list.
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-Java-permission-issue----cannot-write-to-file-from-a-webapp.-tp27871316p27873720.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: [SOLVED] RE: Tomcat Java permission issue -- cannot write to file from a webapp.

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: vivri [mailto:victor.ivri@gmail.com]
> Subject: [SOLVED] RE: Tomcat Java permission issue -- cannot write to
> file from a webapp.
> 
> I have installed Tomcat 6, and the problem(s) went away.

>From where?  I believe that the Ubuntu distribution of Tomcat comes with a security manager enabled by default, whereas the real Tomcat from tomcat.apache.org does not.  Since Ubuntu likes to repackage Tomcat with many files shuffled around to non-standard locations and also changes some of the default configuration settings, it's not a version that can be properly supported on this mailing list.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[SOLVED] RE: Tomcat Java permission issue -- cannot write to file from a webapp.

[vivri <vi...@gmail.com>]

I have installed Tomcat 6, and the problem(s) went away. Thanks for the time
and for the help, Chuck.

Victor.


vivri wrote:
> 
> Thanks for the quick reply, Chuck. 
> 
> As a quick hack, I moved the records.txt file to my home directory
> (/root/records.txt) and changed the path in my java code as well. Then I
> restarted Tomcat (just to be sure), cleared the cache of my browser and
> tried again - only to find the results unchanged. Did I not understand
> what you meant, or is it something else?
> 
> An unrelated, but curiously unsettling phenomenon is that on my dev
> machine, if I quit Tomcat (either by running "catalina.sh stop" or
> "shutdown.sh"), then obviously the page fails to load. On the deployment
> machine, on the other hand, I am able to load the page while Tomcat isn't
> running, and even make changes to the website and see them on a browser. I
> can only guess that this isn't the expected normal behavior... perhaps I
> should reinstall Tomcat? (And upgrade to the newest version, as you've
> recommended.)
> 
> 
> Victor.
> 
> 
> 
> 
> n828cl wrote:
>> 
>>> From: vivri [mailto:victor.ivri@gmail.com]
>>> Subject: Tomcat Java permission issue -- cannot write to file from a
>>> webapp.
>>> 
>>> My Apache Tomcat version is 5.5, installed on Ubuntu 8.04 through the
>>> aptitude package manager.
>> 
>> If you're just starting with Tomcat, then start with the current version
>> - 6.0.26.
>> 
>>> I am attempting to log survey responses in a file called "records.txt",
>>> which I keep in the directory of my webapp
>> 
>> This is a very bad idea.  It's not quite forbidden by the servlet spec,
>> but the container (Tomcat) is not required to provide a webapp with *any*
>> access to the underlying file system (if there is one), other than a
>> scratch area.  You should be treating the deployment space of the webapp
>> as read-only, and locate this writable file somewhere outside of the
>> Tomcat directory space.  The location can be specified via Java system
>> property, an environment variable, or environment or parameter entries in
>> the webapp deployment descriptor.
>> 
>>  - Chuck
>> 
>> 
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-Java-permission-issue----cannot-write-to-file-from-a-webapp.-tp27871316p27873616.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Java permission issue -- cannot write to file from a webapp.

[vivri <vi...@gmail.com>]

Thanks for the quick reply, Chuck. 

As a quick hack, I moved the records.txt file to my home directory
(/root/records.txt) and changed the path in my java code as well. Then I
restarted Tomcat (just to be sure), cleared the cache of my browser and
tried again - only to find the results unchanged. Did I not understand what
you meant, or is it something else?

An unrelated, but curiously unsettling phenomenon is that on my dev machine,
if I quit Tomcat (either by running "catalina.sh stop" or "shutdown.sh"),
then obviously the page fails to load. On the deployment machine, on the
other hand, I am able to load the page while Tomcat isn't running, and even
make changes to the website and see them on a browser. I can only guess that
this isn't the expected normal behavior... perhaps I should reinstall
Tomcat? (And upgrade to the newest version, as you've recommended.)


Victor.




n828cl wrote:
> 
>> From: vivri [mailto:victor.ivri@gmail.com]
>> Subject: Tomcat Java permission issue -- cannot write to file from a
>> webapp.
>> 
>> My Apache Tomcat version is 5.5, installed on Ubuntu 8.04 through the
>> aptitude package manager.
> 
> If you're just starting with Tomcat, then start with the current version -
> 6.0.26.
> 
>> I am attempting to log survey responses in a file called "records.txt",
>> which I keep in the directory of my webapp
> 
> This is a very bad idea.  It's not quite forbidden by the servlet spec,
> but the container (Tomcat) is not required to provide a webapp with *any*
> access to the underlying file system (if there is one), other than a
> scratch area.  You should be treating the deployment space of the webapp
> as read-only, and locate this writable file somewhere outside of the
> Tomcat directory space.  The location can be specified via Java system
> property, an environment variable, or environment or parameter entries in
> the webapp deployment descriptor.
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-Java-permission-issue----cannot-write-to-file-from-a-webapp.-tp27871316p27873601.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Java permission issue -- cannot write to file from a webapp.

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: vivri [mailto:victor.ivri@gmail.com]
> Subject: Tomcat Java permission issue -- cannot write to file from a
> webapp.
> 
> My Apache Tomcat version is 5.5, installed on Ubuntu 8.04 through the
> aptitude package manager.

If you're just starting with Tomcat, then start with the current version - 6.0.26.

> I am attempting to log survey responses in a file called "records.txt",
> which I keep in the directory of my webapp

This is a very bad idea.  It's not quite forbidden by the servlet spec, but the container (Tomcat) is not required to provide a webapp with *any* access to the underlying file system (if there is one), other than a scratch area.  You should be treating the deployment space of the webapp as read-only, and locate this writable file somewhere outside of the Tomcat directory space.  The location can be specified via Java system property, an environment variable, or environment or parameter entries in the webapp deployment descriptor.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org