设置catalina.policy以允许servlet访问文件 [英] Setting catalina.policy to allow file access by servlets

问题描述

我们有一个基于b-tree的本地开发的三元组存储库，我想在一些servlet应用程序中用于持久存储。不是将b-tree索引文件嵌入servlet .war中，我想将它们存储在已知位置，并让servlet直接访问它们。这一切都工作在Jetty，但提出了一个安全异常，当我在Tomcat尝试。我被告知Tomcat的安全模型需要一个servlet的显式权限来访问解压缩.war的目录树之外的文件。如果我正确理解Tomcat（5.5版）文档，则添加到 catalina.policy 中的以下内容应允许servlet访问索引文件所在的目录：

  grant codeBasejar：file：$ {catalina.home} / webapps / mytestapp /  - 
 {
 permission java.io.FilePermission/ var / data / tdb /  - ，read，write，delete;但是，我仍然得到一个安全例外：
 
 
 
 
 
 
 
 
 $ b b 
 
  java.io.FileNotFoundException：
 /var/data/tdb/kb/node2id.idn（权限被拒绝）
在java。 io.RandomAccessFile.open（本地方法）
 ... 
  
哑的错误：我检查了索引文件在正确的位置，正确的权限，并没有损坏。任何关于我在安全设置错误的建议或提示，将不胜感激。 
解决方案
 
  java.io.FileNotFoundException：
 / var / data / tdb /kb/node2id.idn（权限被拒绝）
  
这是您的操作系统拒绝访问，如果是Java安全，你会得到一个 AccessControlException （或其他形式的 SecurityException ）。您运行Tomcat进程的用户可能无法访问该文件。
 
We have a locally-developed triple store based on b-trees which I want to use for persistent storage in a number of servlet applications. Rather than embed the b-tree index files in the servlet .war, I would like to store them at a known location and have the servlets access them directly. This all works in Jetty, but raises a security exception when I try it in Tomcat. I'm told that Tomcat's security model requires explicit permissions for a servlet to access files outside the directory tree where the .war is unpacked. If I've understood the Tomcat (version 5.5) documentation correctly, the following added to catalina.policy should allow the servlet to access the directories where the index files are:
grant codeBase "jar:file:${catalina.home}/webapps/mytestapp/-"
{
  permission java.io.FilePermission "/var/data/tdb/-", "read, write, delete"; 
}
However, I still get a security exception:
java.io.FileNotFoundException: 
                    /var/data/tdb/kb/node2id.idn (Permission denied)
    at java.io.RandomAccessFile.open(Native Method)
    ...
To tick off the obvious dumb errors: I've checked that the index files are at the correct location, with the correct permissions, and are not corrupted. Any suggestions or hints at what I've got wrong in the security settings would be gratefully received. 
解决方案
java.io.FileNotFoundException: 
                /var/data/tdb/kb/node2id.idn (Permission denied)
This is your OS denying access, not Java security. If it was Java security you would get an AccessControlException (or some other form of SecurityException). The user you are running the Tomcat process as presumably does not have access to that file.

                        
这篇关于设置catalina.policy以允许servlet访问文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！