java - 访问被拒绝 ("java.io.FilePermission" "[file path]" "delete")

标签 java tomcat

我在尝试删除上传到本地 Tomcat 7 服务器的文件时遇到问题。

这是我的上传、删除和检查删除方法:

PS : UploadedFile类来自Primefaces框架

private static final String destination=System.getProperty("user.dir")+"\\GED\\documents\\";

public static boolean uploadToServer(UploadedFile file) {

    boolean done = false;
    try {

        byte[] bytes;

        bytes = file.getContents();
        String filename = FilenameUtils.getName(file.getFileName());
        File dossier = new File(destination);
        dossier.setExecutable(true,true);
        dossier.setReadable(true,true);
        dossier.setWritable(true,true);

        if(!dossier.exists())
            dossier.mkdirs();

        if(dossier.exists())
        {
            BufferedOutputStream stream = new BufferedOutputStream(new FileOutputStream(new File(destination+filename)));
            stream.write(bytes);
            stream.close();

            done = true;
        }
    } catch (IOException e) {
        e.printStackTrace();
    }
    return done;
}

public static boolean deleteFromServer(String fileName) {

    boolean done = false;

    File f = new File(destination+fileName);

        if(f.exists() && f.isFile())
        {
            try {
                done = f.delete();

            } catch (SecurityException e) {
                e.printStackTrace();
            }
        }
    return done;
}

public static boolean checkDelete(String fileName)
{
    SecurityManager manager = new SecurityManager();
    try{
        manager.checkDelete(destination+fileName);
    }
    catch(SecurityException e){
        e.printStackTrace();
        return false;
    }
    return true;
}

在调用我的 deleteFromServer 方法之前,我调用了 checkDelete 方法来检查我是否有执行删除之前的权限,我收到以下异常消息:

java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\apache-tomcat-7.0.68\bin\GED\documents\file.txt" "delete")

我读到有关修改 catalina.policy 文件的内容,但我真的不知道该怎么做,我想要一个不会在我的服务器中引起任何安全问题的解决方案。

附言:我的应用程序是一个 JSF 网络应用程序

编辑:完整的堆栈跟踪:

java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\apache-tomcat-7.0.68\bin\GED\documents\pic.jpg" "delete")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:1007)
at Util.FileManaging.checkDelete(FileManaging.java:71)
at ServiceImpl.DocumentServiceImpl.delete(DocumentServiceImpl.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
at com.sun.proxy.$Proxy177.delete(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.el.parser.AstValue.invoke(AstValue.java:279)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:273)
at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:646)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at Util.AuthorizationFilter.doFilter(AuthorizationFilter.java:35)
at org.omnifaces.filter.HttpFilter.doFilter(HttpFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2517)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2506)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

编辑,这是我正在使用的 FilePermission:

java.io.FilePermission "C:/apache-tomcat-7.0.68/bin/GED/documents/-", "delete"; 

最佳答案

因此,我将 checkDelete 方法的代码更改为以下内容:

public static boolean checkDelete(String fileName)
{
    SecurityManager manager = System.getSecurityManager(); //instead of new SecurityManager();
    try{
        if (manager != null)
            manager.checkDelete(destination+fileName);
    }
    catch(SecurityException e){
        e.printStackTrace();
        return false;
    }
    return true;
}

Java 文档:https://docs.oracle.com/javase/7/docs/api/java/lang/SecurityManager.html

此方法返回 true,我的托管文件将从服务器中删除,而无需修改任何 catalina 文件。

关于java - 访问被拒绝 ("java.io.FilePermission" "[file path]" "delete"),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38869649/

相关文章:

java - apache-tomcat-8.0.14 中的内存泄漏

java - 初学者 JAVA 作业中的循环

java 。数组每个值的简单 TimerTask

java - ExoPlayer,MediaSource 创建的视频播放器不播放从 URL 中提取的视频

java - 源服务器没有找到目标资源的当前表示或不愿意透露存在的表示。关于部署到 tomcat

java - 如果存在具有相同包结构的重复类,tomcat 将如何加载该类

java - 使用 HTTP Get 请求来克服 Android 中的 Geocoder 限制

java - 错误: class,接口(interface),或枚举预期导入

java - 重新安装 CA 证书 - Tomcat

java - 在 Java 中动态更改 ResourceBundle Locale