Servlet IO issues

 

  • Servlets are run by the container and ususally are owned by the user "nobody" on a Unix machine.
  • This means that you can only read file and write files to directories that are accessible in this fashion by this user.
  • If you do not specify the path where you want to open a file from, it will usually be in some default path on the server that this user owns. In our case, it is /usr/local/tomcat/logs. We do not want to write files here, although there is currently nothing in the container specs that prevent this possibility.

 

What does this mean for an Enterprise organization.

  • they set aside some portion of the server filesystem for reading/writting and make it accesible by this user so any servlet can read and write into it.
  • As developers trust each other this is no problem.

 

What this means for you for your account ...and what is best to make your account the most secure we can.

  • we are not so trusting on a machine shared by students (unfortunately)
  • so, what you should do is the following:
    • under your public_html directory make a comments directory, give it your own unique name and make the mode 707. This means that any other owner not in your student group can read and write to it including the servlet you are making.
    • Optional but, for extra security: make your public_html directory filemod 701. This means that others can't read what is in it, nor can any group.

Example:

Servlet Writing a file called g.txt

Code

 

Example 2:

Servlet Checking listing of directory wrote previous file into

Tip: Uses File class in java.io

import java.io.File;

File dir = new File("/etc");
String [] files = dir.list();
for ( int i=0; i < files.length; i++ ) { System.out.println(files[i]); }

 

Example 3:

Servlet Checking listing of directory wrote previous file into

Note: May not work due to security issues...restricted access to Runtime.

Tip: Use the Runtime class to invoke operating system commands

like "ls" on Unix and then retrieve the results through the created

Process object (using the inputstream).

© Lynne Grewe