You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ray Collins <sa...@gmail.com> on 2012/09/26 02:46:06 UTC

Tomcat 7.0 and Runtime.getRuntime()

I am using Tomcat7.0.  The web application I created executes a script from
the command line using Runtime.getRuntime().  This script sends an http:
request to another server that is on the local network.  For Some
reason the script executes as if it has sent the http request but it really
has not.  Its like Tomcat is operating in a sandbox when it comes to
accessing this URL on my local network.  I am using Ubuntu Server 12.04
. If i run the script manually from the command line the script can access
the URL with no problem.   Why cant the script that tomcat has executed
access this resource.  Any help is greatly appreciated.

Ray

Re: Tomcat 7.0 and Runtime.getRuntime()

Posted by Daniel Mikusa <dm...@vmware.com>.

On Sep 25, 2012, at 8:46 PM, Ray Collins wrote:

> I am using Tomcat7.0.  The web application I created executes a script from
> the command line using Runtime.getRuntime().  This script sends an http:
> request to another server that is on the local network.  For Some
> reason the script executes as if it has sent the http request but it really
> has not.  Its like Tomcat is operating in a sandbox when it comes to
> accessing this URL on my local network.  

The JVM, if using a security manager, could prevent you from calling Runtime.getRuntime(), but if that happened you'd see a SecurityException.  Once you start the script, it is executing outside of the JVM.

> I am using Ubuntu Server 12.04. If i run the script manually from the command line the script can access
> the URL with no problem.   Why cant the script that tomcat has executed
> access this resource.  

The first thing that comes to mind would be permissions.  If the script runs from the command line, it would run as your user.  If it is run through the JVM and Tomcat, it'll run as the user that is running Tomcat.  Have you tried logging in as the user that is running Tomcat and executing the script?

Dan

> Any help is greatly appreciated.
> 
> Ray

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 7.0 and Runtime.getRuntime()

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ray,

On 9/25/12 8:46 PM, Ray Collins wrote:
> I am using Tomcat7.0.  The web application I created executes a
> script from the command line using Runtime.getRuntime().  This
> script sends an http: request to another server that is on the
> local network.  For Some reason the script executes as if it has
> sent the http request but it really has not.  Its like Tomcat is
> operating in a sandbox when it comes to accessing this URL on my
> local network.  I am using Ubuntu Server 12.04 . If i run the
> script manually from the command line the script can access the URL
> with no problem.   Why cant the script that tomcat has executed 
> access this resource.  Any help is greatly appreciated.

Using Runtime.exec is fraught with difficulty, and most people don't
do it right. Remember that you basically need 3 threads in order to
run Runtime.exec: one to pump-in data for the sub-process's stdin (or
you can close stdin for the sub-process and save yourself a thread),
one to drain stdout and one to drain stderr. Sadly, there are no
non-blocking options for draining stdout and stderr that I know of --
though I suppose you could go into a busy-wait checking
stdout.available() and stderr.available() and draining them several
bytes at a time.

If you don't drain stdout and stderr, your process will block and if
you are waiting on that Process from a request-dispatch thread, your
thread will stall forever.

Make sure you are properly using Runtime.exec or use a library that
wraps it for you and handles all this complexity for you.

Note that if you expose this capability publicly, you will essentially
allow any remote user to execute an arbitrary number of processes on
your server: you might want to consider using a queue with a
fixed-width "exec pipeline" so that you don't launch 5000 processes on
your app server.

Also be very careful with command-line-building. If you are calling a
shell to parse some stuff and then execute, be very aware of CLI
injection attacks, too.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBjJHMACgkQ9CaO5/Lv0PA9KACgopecKKlBuTK/kVqZjfvoP7BF
5r4AoIgvdJjXjQbUOuIV06BVDaAO1dSl
=2YIW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org