• Post Reply Bookmark Topic Watch Topic
  • New Topic

Creating a directory within a webapp  RSS feed

 
Chris Baty
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,
My ultimate goal is to create a directory for each user of my webapp within Tomcat. So I'd have /ROOT/users/user1. So I made a test jsp within /tomcat/webapps/ROOT:


"pwd" is correct but "success" is false and the catch error doesn't print.

My question is: is this a sys admin problem or a Tomcat/JAVA security problem?

Thanks.
Chris
[ December 03, 2008: Message edited by: Gregg Bolinger ]
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are all sorts of red flags with this approach.

For one, if you put user folders under ROOT like that then I can go to http://yourwebsite/users/user1 and access all their files. You *could* protect this with a filter of sorts but the better approach is to create those kinds of things in a folder that isn't web accessible. At the very least, write them to the WEB-INF folder but preferably they'd be placed completely outside of the Tomcat install.

Secondly, you should really be doing this work in a servlet, not a JSP.

Please use UBB code tags (the word code inside of [ ]) when showing code as to preserver your formatting. Looking at it as is, is very difficult.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My question is: is this a sys admin problem or a Tomcat/JAVA security problem?


Possibly. We don't know enough about your environment to know for sure. But other than the extra ( ) around your new File call that part of the code seems like it should work.

Also, you said pwd is ok, but are you sure? It might help to give us all the details.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Another red flag I see is this:


I'm not exactly sure why you're setting the user.dir property at the system level but I expect you'll see some concurrency issues once you get a few users hitting this at the same time.
 
Chris Baty
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I thought that this would be a convenient approach for saving and accessing non-secure media files, similar to utube, but it's becoming more involved than I expected.

Thanks for the advice.

Chris
 
Chris Baty
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got it going with the following code:


Thanks for pointing me in the proper direction.

Chris
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66207
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eeesh! in a JSP? Factor out the Java to a bean or POJO. Java in a JSP is so 2001!
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!