I'm trying to unzip in a directory symlinked in my WebApp and get this error
java.io.FileNotFoundException: /var/lib/tomcat/webapps/MyApp/_Apps/xxxxx.txt (Permission denied)
_Apps is my symlink (owned by tomcat, 777) and refers to a directory owned by tomcat (755)
My tomcat version is 7
I've put allowLinking="true" in my app context tag (plus override="true").
Any idea of what is going wrong?
I see several issues here, some related to your question, some to best practice:
You shouldn't upload any files to your webapp at runtime: They'll get overwritten with the next deployment (and will be lost), plus you open yourself up to uploads like attack.jsp - containing code that might end up running server side, under the account that tomcat is running as
Really, you should write to a different directory
That will make your issue go away.
In order to temporarily check what causes the issue:
Validate which user tomcat is running as
Validate that this user account has write access to the directory - to be more confident: Validate this through the linked directory and through the underlying directory, natively without using the link. (You can sudo -u tomcat /bin/bash to manually try)
Check, which file system the directory is on (it might be mounted read-only)
Once you've finished validating (or even before that, reluctant that you can work on a higher priority - security relevant - issue): Go back to the beginning of the list and change your implementation. Upload to a different folder.
Related
I have Tomcat on Windows 10 with deployed app on it. It runs well except of when application tries to save file in filestore it throws an error.
Filestore is a folder on the disc path to which is defined in context.xml like this:
<Resource name="ххххх/FileStore"
type="org.ххххххх.filestore.FileStoreService"
factory="org.ххххххх.filestore.impl.LocalFileStoreFactory"
baseDir="/E:/files"
domain="ххххх"/>
Tomcat sees this path correctly and directory E:/files/xxxxx really exists. For testing purpose I have ran this app with Tomcat on Ubuntu and this process passed just fine. Also I emulated "Windows" error on Ubuntu by restricting the permission for Tomcat to write in filestore folder.
What i tried so far:
Gave all permission to write in the folder to everyone and to services (as I ran it like user or like a service) and to all other groups just in case.
Disable UAC, firewall, other "protective" soft, ran like administrator from GUI, command line, powershell.
Shared this folder in the network with permissions to write for everyone (password off). Tested it from another PC. Modified context.xml accordingly.
Is there another options that can help to solve this issue?
The problem was not in permissions. I forgot that Windows file system not allows to do several action with the file simultaneously, like in my case.
We have tomcat 7.0.55 in our unix server. We have deployed web applications manually inside webapps folder of tomcat instance. By default the clusterinfo.1200.properties and log4j logs are stored in .businessobjects folder under home directory of the user account in which tomcat runs.
While accessing the InfoView web application we get the below error,
"AccessControlException:"java.io.filePermission:Access Denied \home\<user account of tomcat>\.businessobjects\clusterinfo.properties"
Tomcat 7 has restriction to access the file outside the tomcat directory on the first logon. However on refreshing the page we are able to access the application.
I have tried the following steps.
stopped the tomcat instance
Moved .buisnessobjects from home directory to inside tomcat installed directory.
Created symlink as .businessobjects in home directory to point to the folder inside tomcat directory.
Started the tomcat instance.
It works. But I need to know where the configuration change has to be made in web application to place the clusterinfo property file and log4j file inside tomcat directory.
I am a novice in Java. Please let me know the file and its location to make this changes.
Desperately looking for a solution :-(
Did you try to grant more permissions on this file with chmod.
The exception explicitly says that its java.io.filePermission. So the problem is that jvm can't read your properties file because your OS prevents it from doing so based on the file permissions.
You can see file permissions with ls -l filepath.
I vaguely remember that you had to change owner of the accesed files in order for tomcat to work so chown tomcat7 \home\<user account of tomcat>\.businessobjects\clusterinfo.properties wouldn't hurt, but I don't remember if it was only applicable to deployed artifacts like *.war files or such.
I'm running an application from within the Tomcat container. The user clicks a link and this ultimately causes a method in a helper class to create a file and save it to the file system. When this code is run from a unit test / eclipse it saves the file in the applications root directory but when this is run from the browser / in Tomcat the file is stored in Tomcat's bin directory.
How can I find the applications root so I can choose where the save the file from there?
I need to programatically find the root so this can be deployed onto other environments running tomcat.
Thanks
You should not rely on the position of your Tomcat installation, and your application should not write into the Tomcat installation folder, never. It is quite possible that the Tomcat installation is not even writable for the user running Tomcat in a production environment.
Therefore, use full (absolute) paths only.
To avoid file permission issues you may want to use the user's home directory using System.getProperty("user.home"). That way it will work consistently across environments and operating systems.
Jetty cannot unzip my Wicket application war and extract to the temp directory. It is able to unzip the example wars without issue.
I have two identical installations on 64 bit linux (Centos) using Jetty 6.1.16 and 64 bit java 1.6. One works and one is unable to unjar/zip the war and deploy it. I compile using 1.5 compatibility. I use maven to generate the war file. If I deploy the .war I get a general error - cannot unzip. If I unwar the web app to a file system and deploy that to Jetty it works fine.
To make sure it isn't a permissions problem I ran it as root but saw no difference no difference.
I actually get NoClassDefFound errors when deplopying as war to be extracted.
I can ask Jetty not to extract the war, but when I do I get another error ...
org.apache.wicket.WicketRuntimeException: Unable to load initializers file
Caused by: java.util.zip.ZipException: error in opening zip file
The deployment directory is listed in the output, but when I look in it, it is empty. Odd thing is the example war that comes with Jetty extracts and runs just fine without error, so it seems to be something about the way the war file is being created on my end (war created using eclipse/maven on 32 bit Vista). But again, it works fine on another virtually identical server wich makes that unlikely.
Was hopeing someone had a ready answer before I tear it all down and reinstall everything :-).
Sounds like an issue with file system permissions. Did you make sure that the user under which you run Jetty has write permissions to the directory where the war is supposedly to be extracted to?
The algorithm by which Jetty determines where to unzip a web application can potentially choose a bunch of directories. You should probably also sanity-check the variables that play a role in this algorithm and make sure that the user running Jetty has sufficient read/write permissions on these directories.
We currently have an Java application that can be deployed on clients or run as a shortcut from the server. We have intermittently received ClassNotFound exceptions when running the JAR from the server which looks like Windows dropping the network connection with only part of the classes from the JAR loaded (user opens a different screen then the problem is apparent).
I am currently looking at the Web Start technology to allow us to run a single shortcut.
However the application has several folders it requires to be in the same folder the JAR is launched (for configuration, logs, etc.). These folders will require full access for all users to allow them to write log files. There are lots of configuration files under the configuration folder hierarchy.
The application also requires access to environment user settings (such as getting their user folder). It also requires certain command line parameters (including which folder to use for configuration, log file location, java memory usage, etc.)
Edit
The application also contains a reference to 2 signed JARs. These are:
jh.jar
mail.jar
It looks like these are signed by SUN Microsystems. jh is used for help integration in our application whilst mail is used for email integration.
I have now downloaded the latest versions of these files from java2s.com which do not have the signed equivalents.
end edit
The application is developed in Netbeans which compiles a single JAR file and copies the dependant JARs to the dist/lib folder. I enabled the Web Start functionality in Netbeans for the application and it generates the JNLP file.
Bearing everything in mind is Web Start the way to go for an application like this?
Can you include folders in a Web Start deployment? I could not find anything to do this in the XML structure for a JNLP file.
Cheers,
Andez
Yes, you could use WebStart for this.
Permission:
If you need permission to the file system, you have to sign your jars and put the all-permissions tag in your jnlp.
Arguments:
Arguments can be provided by using the arguments elements in application_desc.
Folders:
I'm don't think you can include folders in the WebStart application, but you could put the config files in a jar and read them from there, or extract them on startup.
ClassNotFoundError:
We have intermittently received
ClassNotFound exceptions when running
the JAR from the server which looks
like Windows dropping the network
connection with only part of the
classes from the JAR loaded
Does not sound plausible to me. per default, all jars will be downloaded before the application starts. If you set "download" to "lazy", the jar will be downloaded when first needed, but I would guess it will be downloaded completly then.
You can provide read-only resources for Java WebStart. Getting the log back is harder. I would suggest looking into a centralized logging solution, using one of the standard appenders in the log framework you use.
For a Java Web Start application it is always advised not to create files or folders in the class path. Recommend user's home directory to store your settings or database files.