I am developing an application that stores data dynamically and displays it as it is generated or uploaded. But the problem is when I am uploading any image then it should be displayed. It's path is also defined perfectly but until I refresh the whole application in eclipse it remains unchanged.
So to update application, I have to refresh it.
My application is Java based and is useing JSP and Servlet. Is there any code that can be used to update or refresh the application?
Right now I am doing it by right click -> refresh or directly F5 it.
Or suppose I want to create directory then where will I have to create it that will be accesses easily without refresh.
When I'll host my application then which place is better for to store data?
I know it's outside the web app but any specific place? Because there is no drive so how can I create or make directory and access that one in my code.
A solution to this is a design pattern called Observer. You should read about it.
Is there any code that can be used to update or refresh the application?
Right now I am doing it by right click -> refresh or directly F5 it.
I think you need to look into the workspace re-fresh option in Eclipse ( was made available from Eclipse version 3.7.x ). You can enable it in Preferences > General > Workspace and select Refresh on access or as per need you can change to whatever setting you require.
When I ll host my application then which place is better for to store data ? I know it's outside the web app but any specific place ? Because there is no drive so how can I create or make directory and access that one in my code.
The location of static content is best if placed outside of the scope of the project itself. Maybe some other directory on your server ( be it any directory ).
I can share what I have normally seen as a trend in different applications that I have personally worked on. We had a separate tomcat server that just hosted all static content ( all media ) and our web application accessed that static-server (as it was named) within a secured network. All hits to static content could only be made via our application server and thus all direct hits were either rejected or not entertained at all.
Edit
I would suggest using a an absolute path
and on windows environment
you will HAVE to use the drive lletter
and specify the path as X:\some\path
if you want to hide your letter drive
due to obvious security reason
I can suggest another idea
Idea 1 : Make a separate drive (lets call it drive F) and make a folder with the name of "static". Then in your application , you just forward all requests to file uploads using this path ( F:\static......) . I would advise loading the directory name from a property file instead of hard-coding it in your code
Idea 2 : If you cant make a separate drive, then make a directory namely "static" on the root of same drive ( C:\static ) . Make a user group and give him read/write permissions on this drive and revoke writing permissions from this user on all other drives ( just in case someone messes up with this user-group). Next do the same thing as above i.e specify this path into your application. One thing is that you would have to run your application with that specific user-group to ensure that the permissions security you have setup can be implemented.
Best practice is to store such data outside the webapp's tree to avoid issues on redeployment.
You can't serve these files directly though, commonly it's done by creating a servlet mapped to eg. images/*; that parse the request URL (eg ) and based on that url fetches and serves. You need to set the correct MIME type for the output, and streamcopy the requested file to the servlet's output.
A well explained example of such a servlet can be found on BalusC's blog.
Related
I am working on some security alerts on one of our servers whereby a 'file download' JSP file is able to let a user download contents of WEB-INF for the web application (Which is located in the root folder of the site). It is a very crudely simple file, written in 2007, that uses java.io.FileInputStream on unsanitised input to return a file to the user.
The alert actually claimed that this was a directory traversal problem, which it is in one way as the following URI would download the web.xml for the user:
http://domain.com/filedownload.jsp?filename=../../WEB-INF/web.xml&filepath=some/directory/
Now obviously the 'directory traversal' part should be corrected by doing user input sanitising (Which this script does not yet do). However, the following URI also delivers the web.xml to the user, but input sanitisation for directory traversal would not help here, unless the sanitisation checks for 'WEB-INF' and other 'illegal' directories...
http://domain.com/filedownload.jsp?filename=web.xml&filepath=WEB-INF/
Is there a standardised way to prevent this in common servlet containers or does this need to be entirely managed by the developer of the code? I noticed that the Java 'normalize()' function would not strip out this directory from the user input.
I tried searching for an answer for this, but all I could find was information about preventing the 'serving' of WEB-INF directly, but nothing about preventing it from being accessed from a JSP file itself.
Thanks,
Tom...
You say the JSP page is using java.io.FileInputStream to read the file. That is a standard Java class that is not aware of the fact that it is running inside a servlet container.
So java.io.FileInputStream will be able to access any file that can be accessed by the user process the servlet container (JVM) is running under. There's nothing you could configure in the servlet container to prevent that.
You might like to make sure that files in other areas of the filesystem completely unrelated to the servlet container can't be accessed, e.g. like "/etc/passwd".
Assuming you're running on Linux, what does this URL do:
http://domain.com/filedownload.jsp?filename=passwd&filepath=/etc/
If it does return the file, you've got a bigger problem! Perhaps the security software (not sure what you're using?) that created the alerts will prevent download. If not, operating system file permissions can help, as long as the web server isn't running under root or other privileged account, but that's a short-term emergency fix only.
So no, there there no standardised way to prevent this in common servlet containers, and yes, it does need to be entirely managed by the developer of the code.
When using java.io.FileInputStream, it's the responsibility of the writer / maintainer of the JSP page to ensure that only valid paths are accessed.
We have developed a web application using JSP and Servlet. The server we use is Tomcat 7. We have hired a host (Daily Razor) with "private JVM" to launch the application in production level.
Now, in our application, user can visit a particular form, browse for a file in his PC and upload it to the server. But I have a question there; what is the best place to store these files? Mainly there are 3 types of files so we would like to categorize them into, "Office', "Home" and "Other" and create 3 folders for them. But inside which main folder these 3 folders should be made?
The main important this is that these files should not be accessed via a URL (because then anyone can get them ), but a Servlet can. Apart from that, the location (String) should be saved in our MySQL database so the file can be accessed again without an issue.
We have developed the application using Netbeans IDE so the folder structure is like below.
I look forward for your answers.
Use a java property to specify the directory where the files should be stored, and pass it on to tomcat during start up.
Also, it might be a good idea to separate the files per user.
Possible Solution:
-Duser.data.export.dir=D:\users_export\directory
In your java code, read the property
String property = System.getProperty("user.data.export.dir");
Now lets say for user 'A'
String userName = getCurrentUser();
Path userDirHome = Paths.get(property, userName, "Home");<br/>
Now use userDirHome to store the data.
Suggestion: When you store the file location in the DB, ensure that you do not store the complete path, only store the relative path, like "Home/myFile.txt".
This will help you at a later point in time when, there is any change in the directory where the file are stored.
Task: Copy Folder and contents from one vdi to another vdi. This application is internally facing within the company.
Method:
In jsp have user browse for folder
The folder selection is in a text box, the folder path is passed into an action class
The folder path is placed into a teradata table
A script is called to query the table for the source path and target path (pre-determined) and make the copy
Due Dilligence: So far I have tried the <input type="file", which selects a file, not a folder. Also, the file path is not passed through due to security reasons. I have read other possible solutions but none work.
Question: Are sevlets a viable solution, and if so, how do I create one?
I'm going to go with no. There are several reasons for this.
A Java Enterprise Edition application (be it a Servlet or Java Server Page) is not supposed to access the file system directly.
It is inherently unsafe to expose internal infrastructure through an external website.
I think you need to break it up a bit more.
Save a list of shares the server has access to in a data store of some sort, like a new teradata table or for a quick proof of concept plain text file (if you're on Linux you can use the output of something like showmount -e localhost).
Let the user pick the src share from a combobox or something similar.
Continue from your step 2.
This gives you two immediately obviously advantages, which may or may not be relevant.
You can use the system without having access to the physical shares.
You can add metadata (like description or aliases).
I am creating a series of websites that will share a common java code base but will each have a different look and feel, as well as make slightly different calls to a database. Each site will have a unique URL (www.siteA.com, www.siteB.com).
The necessary database information is stored in properties files that appear to be loaded when the applications are deployed (to a JBoss 4.2.3 server). The CSS and images are in static folders.
What I want:
The user enters www.siteA.com
The "unbranded" site is initialized
Java (or whatever needs to) checks the URL to see which files to load
siteA.properties and siteA.css are loaded from the siteA resources folder
siteA's customized site is served to the client
If www.siteB.com is entered, all of its info would be loaded. When I want to add a new Site C, I will just create a siteC resources folder, put the SiteC versions of properties and CSS in it, and the underlying common code should take care of noticing that www.siteC.com was entered and grab from the new folder. All of this should happen without having to redeploy any of the elements common to all the sites.
I think I've mostly figured out how to get the CSS/images side of this working, but I can't get the properties files loaded this way.
Is this even possible? I haven't even been able to find a high-level discussion of the process.
Why don't you look up the HOST http header and output the relevant information for each server using a PHP script. You can output common content using file from an HTML file stored somewhere on the server.
I have developed a command-line (read: no GUI) Java application which crunches through numbers based on a given dataset and a series of parameters; and spits out a series of HTML files as resultant reports. These reports hold a large amount of data in tables, so in order to give the users a easy and quick overview of the results, I utilized the JUNG2 library and created a nice graph.
Here's where it gets interesting; since I would like the graph to be interactive it should be deployed after the application has run and files are generated, whenever the user wants to view the reports. I decided to go with an applet based deployment, however I am not too happy with the current setup due to the following reasons:
I want to make the software as simple to use as possible (my users won't be tech-savvy, and even tech-intimidated in most cases). I would really like to distribute one JAR only, which forced me to put the applet with everything else it needs in a package in the same JAR as the main application.
The applet and the main application need to communicate the results, so I create a xML-based report which is used to hold information. As long as the files are on a local machine and are not moved around it all works fine. Unfortunately I also need the files to be moved around. A user should be able to take the "results" folder to a USB stick, go anywhere plug the stick to another computer and be able to use the report as he/she likes.
For the time being the applets are implemented with the following html code:
<applet code="package.myapp.visualization.GraphApplet.class"
codebase="file:/home/user/myApp"
archive="myApp-0.2.6-r28.jar"
width="750" height="750">
<param name=input value="results/test_name/results.fxml">
</applet>
As you can see this applet will not work if the parent folder is moved to another location.
As far as I know I have a couple of alternatives:
a) Change codebase to point to an URL on our webserver where I could put the jar file. This however creates the problem with permissions, as the applet will not be able to read the results file. Alternative is to upload the results file to the server when the user wants to visualize the graph, although I am not sure if that's a good option due to server security and also if it could be made so that upload happens automatically without bothering the user.
b) I can use a relative path on the codebase attribute, but then the whole folder hierarchy needs to be intact upon copy. This could be a last resort, if I cant come up with a better way to do it.
c) change the deployment method (would like to avoid this alternative to not spend more time on the development phase)
Any ideas? Am I missing something? How could I tackle this problem?
Thanks,
I'm not sure I entirely understand your use-case, but from what I do understand, I would suggest this:
Dump the applet for an application launched using Java Web Start. Have the JNLP file declare a file association for the fxml file type. When the user double clicks an fxml file, it will be passed as an argument to the main(String[]) of the JWS application.
A sand-boxed JWS application can gain access to resources on the local file system using the JNLP API. Here is my demo. of the JNLP API file services.