File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Why can't I access a file system from EJB? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Why can Watch "Why can New topic

Why can't I access a file system from EJB?

Tejas Gokhale

Joined: Nov 21, 2005
Posts: 24
If i declare an env. variable for a property file(or for that matter any file) name and path and let the deployer fill in the values, why would i not be able to use the file io.?
Is it technically not possible(if so what is the reason?)?
Or is it that the approach would reduce the portability?

Regards, Tejas Gokhale
SCJP 1.4
Ranch Hand

Joined: Aug 18, 2005
Posts: 372
The main reason for disallowing this is that it would endanger security / create a security hole. You can refer to the spec that talks in detail about this
Swati Gupta

Joined: Nov 16, 2005
Posts: 6
Primarily this is against the specifications... reason being

Enterprise beans aren't allowed to access files primarily because files are not transactional resources. Allowing EJBs to access files or directories in the filesystem, or to use file descriptors, would compromise component distributability, and would be a security hazard.

Another reason is deployability. The EJB container can choose to place an enterprise bean in any JVM, on any machine in a cluster. Yet the contents of a filesystem are not part of a deployment, and are therefore outside of the EJB container's control. File systems, directories, files, and especially file descriptors tend to be machine-local resources. If an enterprise bean running in a JVM on a particular machine is using or holding an open file descriptor to a file in the filesystem, that enterprise bean cannot easily be moved from one JVM or machine to another, without losing its reference to the file.

Furthermore, giving EJBs access to the filesystem is a security hazard, since the enterprise bean could potentially read and broadcast the contents of sensitive files, or even upload and overwrite the JVM runtime binary for malicious purposes.

Files are not an appropriate mechanism for storing business data for use by components, because they tend to be unstructured, are not under the control of the server environment, and typically don't provide distributed transactional access or fine-grained locking. Business data is better managed using a persistence interface such as JDBC, whose implementations usually provide these benefits. Read-only data can, however, be stored in files in a deployment JAR, and accessed with the getResource() or getResourceAsStream() methods of java.lang.Class.

You can check this out from sun site....

Ranch Hand

Joined: Aug 18, 2005
Posts: 372
That was a very good post..thanks
Valentin Crettaz
Gold Digger

Joined: Aug 26, 2001
Posts: 7610
foofoo barbar,

Please change your displayed name to conform to JavaRanch's Naming Policy.

In your case please use a first name (or initial) followed by a family name which are not obviously fictional.

You may change your displayed name here.

Thank you

[Blog] [Blogroll] [My Reviews] My Linked In
Vish Shukla
Ranch Hand

Joined: Oct 12, 2008
Posts: 111
Agreed with mentioned reasons and that we should not attempt to use IO for accessing files from enterprise beans. However, in my existing application, if I am not using clustered environment and client wants me to have configurable stuff from some properties file only, which may also be modified through code & I have to use file-system. In such cases, is there anything in EJB environment that stops me from doing that?

One argument for security thing is that, provided that access to file system(through code) is under control of bean provider & deployment environment is protected, is there still any security hole in the system?

Thanks & Regards,
Vishal S Shukla (SCJP 93%, SCWCD 94%, SCBCD 100%)
seb tetris

Joined: Jan 07, 2011
Posts: 4
You can access files and you are allowed to do so , you can use an JCA adapter for this, i do this daily.

I agree. Here's the link:
subject: Why can't I access a file system from EJB?
It's not a secret anymore!