Hi David,
THANKS A LOT........It finally worked after I added "delete" in
FilePermissions in server.policy file. Just wondering if this has to be done
for other app servers too when using the File upload. How do the other app
servers handle this??

Anywayz......THANX once again.

Zahid.


On 6/22/06, David Friedman <[EMAIL PROTECTED]> wrote:

In about 60 seconds at google.com using "server.policy read,write", I
found
the below note that sounds relevant.  Notice the "delete" etnry for
permissions and how it adds a "delete" option to the file io permissions.
If that does work for you, I myself would fix the "<<ALL FILES>>" to
normal
and see if there was some way to ensure the "delete" option only applied
to
my webapp for security reasons.  After all, who would want to potentially
give write(and mofify) or delete permission to every file/class/jar/etc.?

Regards,
David

The below note was found at

http://publib.boulder.ibm.com/infocenter/wpdoc/v510/topic/com.ibm.wp.ent.doc
/wps/wpsdirstr.html#wpsdirstr__was_profile_root
================== begin note ==================

Example 3 Minimum requirement for Struts Portlet Framework:

grant codeBase "file:${application}" {
   permission java.util.PropertyPermission "user.language", "read, write";
   permission java.util.PropertyPermission
"org.apache.commons.logging.LogFactory", "read";
   permission java.lang.RuntimePermission "accessDeclaredMembers";

// The following permission (specifically the delete permission)
// allows the FileUpload example to function, since it must be
// able to delete temporary files.  You should probably comment
// this out if your application does not need it.  At the least,
//consider limiting the permission granted to specific files or
// directories.
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
};

================== end note ==================

Regards,
David

-----Original Message-----
From: zahid mohammed [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 3:38 PM
To: Struts Users Mailing List
Subject: Re: file upload ACCESS DENIED (AccessControlException)


Hi David,
Thanks for the suggestion. I have put the attribute tempDir="/temporary"
in
the controller element of the struts-config.xml. Even then it does'nt
work.
I have this line in struts-config.xml

<controller processorClass="org.apache.struts.action.RequestProcessor"
tempDir="/temporary" nocache="true" />

The exception now is almost the same except for the "\temporary" directory

java.security.AccessControlException: access denied
(java.io.FilePermission\temporary\upload_00000000.tmp delete)
at java.security.AccessControlContext.checkPermission(
AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java
:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:982)
at java.io.File.deleteOnExit(File.java:879)

............................................................................
.....................................................

PLEASE HELP!!!

Thanks.
Zahid.



On 6/22/06, David Friedman <[EMAIL PROTECTED]> wrote:
>
> Zahid,
>
> I don't use that application server but I have a suggestion: change your
> temp file download directory.  Your stack trace shows Struts is using
the
> CommonsMultiPartRequestHandler class and I have read it has ways to
change
> the temp directory.  The Javadocs on that class list 3 ways that might
> help
> you change the directory to another directory such as /tmp.  Those ways
> are:
>
> A temp dir explicitly defined either using the tempDir servlet init
param,
> or the tempDir attribute of the <controller>  element in the Struts
config
> file.
>
> The container-specified temp dir, obtained from the
> javax.servlet.context.tempdir servlet context attribute.
>
> The temp dir specified by the java.io.tmpdir system property.
>
> I hope this helps.
> -David
>
> -----Original Message-----
> From: zahid mohammed [mailto:[EMAIL PROTECTED]
> To: Struts Users Mailing List
> Subject: Re: file upload ACCESS DENIED (AccessControlException)
> > Hi,
> > I am trying to upload a file using File upload. I get the
> > AccessControlException (access denied). We are using Sun One App
Server
> > 7.0 and Struts 1.2.9.
> >
> > java.security.AccessControlException: access denied
> (java.io.FilePermission
>
>

C:\Sun\AppServer7\domains\domain1\server1\generated\jsp\j2ee-apps\AppName\Ap
> pName_war\upload_00000000.tmp delete)> >       at
java.security.AccessControlContext.checkPermission
> > (AccessControlContext.java:269)
> >       at
> java.security.AccessController.checkPermission(AccessController.java
:401)
> >       at java.lang.SecurityManager.checkPermission(
SecurityManager.java
> :524)
> >       at java.lang.SecurityManager.checkDelete
> > (SecurityManager.java:982)
> >       at java.io.File.deleteOnExit(File.java:879)
> >       at
> org.apache.commons.fileupload.DefaultFileItem.getTempFile(
> DefaultFileItem.ja
> va:620)
> >       at org.apache.commons.fileupload.DefaultFileItem.getOutputStream
> > (DefaultFileItem.java:557)
> >       at
> org.apache.commons.fileupload.FileUploadBase.parseRequest(
> FileUploadBase.jav
> a:391)
> >       at
> org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest
> (Common
> sMultipartRequestHandler.java
> > :193)
> >       at org.apache.struts.util.RequestUtils.populate(
RequestUtils.java
> :442)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Reply via email to