[
https://issues.apache.org/jira/browse/HTTPCLIENT-876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12761271#action_12761271
]
Clifford commented on HTTPCLIENT-876:
-------------------------------------
Thanks Ortwin, I thought of that also, however the 'workdir' setting is in
'server.xml' in the (tomcat-home)/conf directory, which I don't have access to.
On a shared server that directory is shared amongst all users, so can't be
allowed to be changed by users.
But I will make another request from GoDaddy support, for them to set that
parameter to /temp, which is one of the only directories on their shared server
that is wide open to every process/user. I'll let you all know what happens.
p.s. On my own Tomcat development server at my house, this all works perfectly
(since I don't secure any directories). So obviously a dedicated server (or
cloud) would solve the problem. But again, that increases my monthly cost by
10x, and I have multiple GoDaddy accounts (not just one).
> Calling httpClient.execute(post) on a shared server causes security error
> (WRITE not allowed to protected area on disk)
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-876
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-876
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.0 Final
> Environment: Java 5.0, Tomcat
> Reporter: Clifford
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> I run my JSP modules on a shared server at GoDaddy.com, one of the largest
> hosting companies in the USA. They have strict security on the servers which
> disallows writing to any disk files unless they are in the /temp directory.
>
> When I first tried to execute a module I wrote using HttpClient, I got a
> security write-not-allowed error. I looked at the stack trace and found out
> that org.apache.http.impl.client.DefaultHttpClient.java (at source line 197)
> calls org.apache.http.util.VersionInfo method loadVersionInfo, and that class
> (at source line 248) tries to do a FILE WRITE after not finding a property
> file containing the version#. That WRITE is disallowed by my hosting, thus
> causing my HttpClient call to fail. I can provide more details if you like.
>
> I worked around the problem by commenting out the call to loadVersionInfo and
> recompiling DefaultHttpClient, but MANY MANY programmers will run into this
> issue, so I would label it an urgent bug that needs to be fixed. Suggestions
> for the fix could be 1) hard-code the version in a new final static variable
> of DefaultHttpClient, or 2) Write the Properties file containing the
> HttpClient version# to a directory within /temp.
> The stack trace (transcribed from a printout) is:
> java.security.AccessControlException: access denied (java.io.FilePermission
> /web/tomcat/work/hosting/dir.dotgreen.org/.../loader/META-INF write) at ... 5
> levels of java.security.* then
> java.io.File.mkdir
> WebappClassLoader.findResourceInternal
> WebappClassLoader.findResource
> WebappClassLoader.getResourceAsStream
> VersionInfo.loadVersionInfo (line 244)
> DefaultHttpClient.createHttpParams (line 197)
> AbstractHttpClient.getParams (line 293)
> DefaultHttpClient.createClient (line 2)
> AbstractHttpClient.getConnectionManager (line 312)
> DefaultHttpClient.createHttpContext (line 254)
> AbstractHttpClient.execute (line 618)
> AbstractHttpClient.execute (line 576)
> AbstractHttpClient.execute (line 554)
> then a dozen JSP/catalina locations that are irrelevant
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
