I am running a webservice using glassfish server on Ubuntu. The problem is - it is required to access a directory outside of its shared resource. Presently it is giving an error saying "Permission Denied". I set a permission into server.policy too.
grant codeBase "/home/glassfish/glassfish/test/-" {
permission java.security.AllPermission;
};
But it seems not working.
I tried <property name="alternatedocroot_1" value="from=*.* dir=/home/glassfish/glassfish/test"/> , but it seems it is giving only reading permission. I need write permission also. So my question is how can I set the write permission ?
Thanks.
This is not a JavaSecurity problem so you shouldn't need to tweak anything in that regard.
FWIW our web-apps deployed to GF on various flavors of Windows write to directories which are outside of the 'Application' directory using File APIs. alternatedocroot pertains to GF serving static content using the DefaultServlet not to writing outside of the Application deployment directory.
On windows when you run as Service you have to be careful that the 'Run As' user has proper permissions to write to the target directory, on Unix you need to make sure the user set by your rc (init.d) scripts that runs asadmin.sh has permissions to read/write to the target directory.
I would double check the the user that the java process GF is running under has rwx permissions on the directory your are trying to write to. Make sure that user can write to the target folder. To test this you can su to the user and use the 'touch' command like so: touch /tmp/test and verify write permissions that way. Verify read permissions similarly by running 'ls -l /tmp/test' to make sure you can read it.
See what 'ps -ef | grep java' shows to verify the user running the GF java process. Additionally in your code try specifying a full path to the test file, eg. File test = new File("/tmp/test");
Are you running GF from an rc script or are you starting it using asadmin.sh from a shell prompt? If you are running an rc script check that your rc script is really running it as the user you expect it to be.
Related
I have a .app on mac that launches a jar via a sh script. This means that the app itself is just lunching a jar then the app is no longer running as the jar starts.
The Jar requires access to the launching users Desktop, but in Catalina due to new security restrictions the desktop is blocked. Anyway to trigger in java a mac alert that allows the user to grant access? This is the best approach due to if you go to privacy and whitelist to full folder access the user can only add the app, not the jar/java jre which is what i believe the issue is.
So i was able to figure it out. My app launcher was a sh script that ran an exec java ... so basically bc i wanted to use my included framework i launched from java bin folder in the .app using an exec command in a shell script that.
I changed to just running the command line and setting the icon without exec, so in essence java launched like it would have if i executed out of terminal . By doing thus catalina recognized the folder access and prompted for access properly.
With macOS Catalina we are experiencing the following problem: opening Java Web Start applications behaves differently when application starts by double clicking on JNLP file and when it is started by double clicking on a shortcut installed on a desktop.
In the first case (double click on a downloaded JNLP file) application opens without permissions to access file system - trying to get the directory listing in user's Desktop directory in JAVA code always returns null. There are no prompts presented to the user asking for any permissions to access the file system. This is not an expected behaviour.
In the second case (starting it from desktop shortcut) user is first prompted that application is trying to access the file system and asked for a permission. When user allows application to access files - application reads user's Desktop directory properly. This is the expected behaviour.
Is there a workaround for this? How can we make web start application access file system on Catalina if it is started by double clicking on JNLP file (which is how the application must be started at least for the first time)?
I've run into a similar problem running a legacy .jnlp app. I was able to get around it by simply invoking the application from CLI (iTerm/Terminal/etc.) :
# javaws filename.jnlp
The root cause is that macOS 10.15 (Catalina) now requires non-Apple applications to be specifically granted "Full Disk Access" permission. Check out this and this for details. Using the explanation there, I added /usr/bin/javaws (and other java binaries such as java and appletviewer) to "Full Disk Access", but that didn't resolve the issue.
Based on an older thread, it seems that if the path to the application is not under /Applications/ (in this case, java and javaws are under /System/ and not under /Applications/), then Full Disk Access is not honored. So it's very likely that a fix needs to be provided by Apple to allow running these applications from the UI.
We were able to resolve this by granting Full Disk Access to /System/Library/CoreServices/Java Web Start.app
For me the problem was solved by installing a different version of Java.
I had the same issue on OSX Catalina 10.15.7. I was able to launch the jnlp file by first setting JAVA_HOME.
export JAVA_HOME=$(/usr/libexec/java_home)
javaws /path/to/file.jnlp
I am trying to write to a file using a FileOutputStream in java. I am running ubuntu and I think the problem is with the permissions. Even though the error I receive says '(No such file or directory)' I am sure the path I am giving is right, since I can read from the same file with no issues. I am not very familiar with ubuntu write permissions but I think I need to set the mode with chmod -r on the root directory. However I am not sure of the exact command and the option of permission I should set.
i have this problem since a while,
i have a web,that can read files from many server.
when it running from eclipse..all is well.
the problem is that when i've published the web on apache tomcat..i cannot read the file on server(permission issue)
i change the username and password for the apache to give it all privileges.
i noticed that the only time i haven't access to read a file,its when the server machine has password protection sharing.
i cannot turn off this password,how to solve it throw the code.
What do you mean with "i change the username and password for the apache to give it all privileges"?.
If it works from eclipse and from tomcat it doesn't, then it must be the tomcat user that doesn't have read/write permissions for that file you are trying to access.
By default, the tomcat user is "tomcat7", so what you have these options:
1) Change the file locations permissions (not recommended):
chmod 666 "myFile"
or:
chown tomcat7:tomcat7 "myfile"
2) (best option!) Change the tomcat user and group, and run tomcat as your os user or any other which has permissions. If you are using tomcat 7 then the config file must be in /etc/default/tomcat7:
# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat7.
TOMCAT7_USER=tomcat7
# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat7.
TOMCAT7_GROUP=tomcat7
Hope it helps!
I have jdk1.7.0_07 installed on server(linux). The file permission to ~/bin files are executable(755). However when I tried to execute,
$output = exec("/usr/java/jdk1.7.0_07/bin/java -version 2>&1");
echo $output;
It gives permission denied error, I have tried this,
$output = exec("java -version 2>&1");
echo $output;
Which gives command not found error. While checking my environment variables. I have succesfully added JAVA_HOME = /usr/java/jdk1.7.0_07 and for PATH = /usr/java/jdk1.7.0_07/bin
But,
When I run above mentioned PHP script it keeps giving me those permission denied or command not found error. Any personal experience or clue?
If you are running these commands from the command-line, you probably execute them with your own user permissions. However, when you execute these same commands via a PHP script in a web app, they will be executed with the Apach user (typically www-data) permissions. These means that you cannot rely on the command-line output to debug permission errors unless you can log in as the exact same user that runs your PHP script.
If your OS is CentOS it could come from SELinux.
root#ls:~# /usr/sbin/getenforce
Enforcing
root#ls:~# /usr/sbin/setenforce Permissive
root#ls:~# /usr/sbin/getenforce
Permissive
More detail in https://superuser.com/questions/455935/php-script-cant-run-bash-script-sh-permission-denied
It fixed the problem for me.
It seems you have 2 distinct problems:
If it gives you permission denied error when you give the full path to Java executable, then your permissions are probably incorrect. The most common cause is, somewhere along the path, Apache User (usually www-data) does not have read access. For instance, if www-data does not have read permission for jdk1.7.0_07 directory it can't see (or open) it's child directory called bin.
Regarding the path, it will not work unless permissions are correctly set. However, where did you set your environment PATH? Was it in the user profile?