In about 60 seconds at google.com using "server.policy read,write", I found
the below note that sounds relevant.  Notice the "delete" etnry for
permissions and how it adds a "delete" option to the file io permissions.
If that does work for you, I myself would fix the "<<ALL FILES>>" to normal
and see if there was some way to ensure the "delete" option only applied to
my webapp for security reasons.  After all, who would want to potentially
give write(and mofify) or delete permission to every file/class/jar/etc.?

Regards,
David

The below note was found at
http://publib.boulder.ibm.com/infocenter/wpdoc/v510/topic/com.ibm.wp.ent.doc
/wps/wpsdirstr.html#wpsdirstr__was_profile_root
================== begin note ==================

Example 3 Minimum requirement for Struts Portlet Framework:

grant codeBase "file:${application}" {
    permission java.util.PropertyPermission "user.language", "read, write";
    permission java.util.PropertyPermission
"org.apache.commons.logging.LogFactory", "read";
    permission java.lang.RuntimePermission "accessDeclaredMembers";

// The following permission (specifically the delete permission)
// allows the FileUpload example to function, since it must be
// able to delete temporary files.  You should probably comment
// this out if your application does not need it.  At the least,
//consider limiting the permission granted to specific files or
// directories.
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
};

================== end note ==================

Regards,
David

-----Original Message-----
From: zahid mohammed [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 3:38 PM
To: Struts Users Mailing List
Subject: Re: file upload ACCESS DENIED (AccessControlException)


Hi David,
Thanks for the suggestion. I have put the attribute tempDir="/temporary" in
the controller element of the struts-config.xml. Even then it does'nt work.
I have this line in struts-config.xml

<controller processorClass="org.apache.struts.action.RequestProcessor"
tempDir="/temporary" nocache="true" />

The exception now is almost the same except for the "\temporary" directory

java.security.AccessControlException: access denied
(java.io.FilePermission\temporary\upload_00000000.tmp delete)
at java.security.AccessControlContext.checkPermission(
AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:982)
at java.io.File.deleteOnExit(File.java:879)
............................................................................
.....................................................

 PLEASE HELP!!!

Thanks.
Zahid.



On 6/22/06, David Friedman <[EMAIL PROTECTED]> wrote:
>
> Zahid,
>
> I don't use that application server but I have a suggestion: change your
> temp file download directory.  Your stack trace shows Struts is using the
> CommonsMultiPartRequestHandler class and I have read it has ways to change
> the temp directory.  The Javadocs on that class list 3 ways that might
> help
> you change the directory to another directory such as /tmp.  Those ways
> are:
>
> A temp dir explicitly defined either using the tempDir servlet init param,
> or the tempDir attribute of the <controller>  element in the Struts config
> file.
>
> The container-specified temp dir, obtained from the
> javax.servlet.context.tempdir servlet context attribute.
>
> The temp dir specified by the java.io.tmpdir system property.
>
> I hope this helps.
> -David
>
> -----Original Message-----
> From: zahid mohammed [mailto:[EMAIL PROTECTED]
> To: Struts Users Mailing List
> Subject: Re: file upload ACCESS DENIED (AccessControlException)
> > Hi,
> > I am trying to upload a file using File upload. I get the
> > AccessControlException (access denied). We are using Sun One App Server
> > 7.0 and Struts 1.2.9.
> >
> > java.security.AccessControlException: access denied
> (java.io.FilePermission
>
>
C:\Sun\AppServer7\domains\domain1\server1\generated\jsp\j2ee-apps\AppName\Ap
> pName_war\upload_00000000.tmp delete)> >       at
java.security.AccessControlContext.checkPermission
> > (AccessControlContext.java:269)
> >       at
> java.security.AccessController.checkPermission(AccessController.java:401)
> >       at java.lang.SecurityManager.checkPermission(SecurityManager.java
> :524)
> >       at java.lang.SecurityManager.checkDelete
> > (SecurityManager.java:982)
> >       at java.io.File.deleteOnExit(File.java:879)
> >       at
> org.apache.commons.fileupload.DefaultFileItem.getTempFile(
> DefaultFileItem.ja
> va:620)
> >       at org.apache.commons.fileupload.DefaultFileItem.getOutputStream
> > (DefaultFileItem.java:557)
> >       at
> org.apache.commons.fileupload.FileUploadBase.parseRequest(
> FileUploadBase.jav
> a:391)
> >       at
> org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest
> (Common
> sMultipartRequestHandler.java
> > :193)
> >       at org.apache.struts.util.RequestUtils.populate(RequestUtils.java
> :442)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to