File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Oh my!  Did I do a bad thing (security issue). Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Oh my!  Did I do a bad thing (security issue)." Watch "Oh my!  Did I do a bad thing (security issue)." New topic

Oh my! Did I do a bad thing (security issue).

Darrin Smith
Ranch Hand

Joined: Aug 04, 2003
Posts: 276
I have a servlet that reads images from a database. When the image isn't there, I want to read a default image.

Now, I know that I can have a default image on disk, but since there is already a default image inside of the resource of my web app, I thought that it would be best to read it from there. When I try that though I get this:

access denied (org.apache.naming.JndiPermission jndi:/server/myapp/resources/noimage.JPG)|#]

[#|2005-06-20T15:13:50.917-0500|WARNING|sun-appserver-pe8.0.0_01||_ThreadID=16;| access denied (org.apache.naming.JndiPermission jndi:/server/myapp/resources/noimage.JPG)
at java.lang.SecurityManager.checkPermission(
at sun.awt.SunToolkit.getImageFromHash(
at sun.awt.SunToolkit.getImage(
at javax.swing.ImageIcon.<init>(

The code I'm using looks like this:

I think that you should be able to set the permission in the server.policy file up to allow this, but the bigger issue is should this even be done to begin with? In other words, is this really a "bad thing" to do (read the image that the servlet needs from the resources)?

If not, any pointers on what the permission should look like?

My guess is:

but that is just a guess!

I agree. Here's the link:
subject: Oh my! Did I do a bad thing (security issue).
It's not a secret anymore!