• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Creating a directory within a webapp

 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,
My ultimate goal is to create a directory for each user of my webapp within Tomcat. So I'd have /ROOT/users/user1. So I made a test jsp within /tomcat/webapps/ROOT:


"pwd" is correct but "success" is false and the catch error doesn't print.

My question is: is this a sys admin problem or a Tomcat/JAVA security problem?

Thanks.
Chris
[ December 03, 2008: Message edited by: Gregg Bolinger ]
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are all sorts of red flags with this approach.

For one, if you put user folders under ROOT like that then I can go to http://yourwebsite/users/user1 and access all their files. You *could* protect this with a filter of sorts but the better approach is to create those kinds of things in a folder that isn't web accessible. At the very least, write them to the WEB-INF folder but preferably they'd be placed completely outside of the Tomcat install.

Secondly, you should really be doing this work in a servlet, not a JSP.

Please use UBB code tags (the word code inside of [ ]) when showing code as to preserver your formatting. Looking at it as is, is very difficult.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

My question is: is this a sys admin problem or a Tomcat/JAVA security problem?



Possibly. We don't know enough about your environment to know for sure. But other than the extra ( ) around your new File call that part of the code seems like it should work.

Also, you said pwd is ok, but are you sure? It might help to give us all the details.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Another red flag I see is this:


I'm not exactly sure why you're setting the user.dir property at the system level but I expect you'll see some concurrency issues once you get a few users hitting this at the same time.
 
Chris Baty
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I thought that this would be a convenient approach for saving and accessing non-secure media files, similar to utube, but it's becoming more involved than I expected.

Thanks for the advice.

Chris
 
Chris Baty
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got it going with the following code:


Thanks for pointing me in the proper direction.

Chris
 
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Eeesh! in a JSP? Factor out the Java to a bean or POJO. Java in a JSP is so 2001!
 
Too many men are afraid of being fools - Henry Ford. Foolish tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic