Re: Tomcat Secuirty Problem

[jamana ramesh <ra...@gmail.com>]

>
> Hi,
>
> I am new to Tomcat server. I have installed Tomcat 6 and deployed a web
> application. This application has to decrypt some files and store in a temp
> folder. I have created a folder with name "temp' in WEB-INF folder of my
> applciation. But When I am running my application, at the time of
> decryption, I am getting "Access Denied" exception. Through Tomcat security
> features, I came to know that we need to grant the permission in
> catalina.policy in conf folder. Below is the line I have added in it. But
> still I am getting the same exception.
>
> grant codeBase "http://localhost:8080/lanwan/-" {
>   permission java.io.FilePermission "C:\\Program Files\\Apache Software
> Foundation\\Tomcat 6.0\\webapps\\lanwan\\WEB-INF\\docs\\temp\\-",
> "read,write,delete";
> }
>
> Please help me how to configure this security settings.
>
> Thanks in advance,
> Ramesh
>
>

Re: Tomcat Secuirty Problem

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jamana,

On 2/17/2011 12:42 AM, jamana ramesh wrote:
>> I am new to Tomcat server.

I agree with /all/ of Chuck's comments.

>> grant codeBase "http://localhost:8080/lanwan/-" {

Your code is in a JAR, not being served from a URL, right? Or, are you
talking about an applet? I think your codeBase is wrong.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1kEH0ACgkQ9CaO5/Lv0PBXEQCfXt/u5K3uaIiH4bj50nHw8NqI
FKwAoMCxwpba42KGgBTcPokl0UcJa4/L
=7/gi
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Secuirty Problem

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: jamana ramesh [mailto:ramesh.jamana@gmail.com] 
> Subject: Re: Tomcat Secuirty Problem

> I am new to Tomcat server.

And unaware of basic etiquette:

1) Don't cross-post.

2) Always provide the exact Tomcat version, JVM level, and OS you're running on.

> This application has to decrypt some files and store 
> in a temp folder. I have created a folder with name 
> "temp' in WEB-INF folder of my applciation.

That's a really, really bad idea - you should never try to write into the webapp's deployment directory.  You have no guarantee that there even is a deployment directory, or even a file system.  The servlet specification requires that the container (Tomcat, in this case) provide a scratch area for just this purpose.  Read section 4.7.1 of the servlet spec, which states, in part:

"A temporary storage directory is required for each servlet context.  Servlet containers must provide a private temporary directory for each servlet context, and make it available via the javax.servlet.context.tempdir context attribute.  The objects associated with the attribute must be of type java.io.File."

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org