Hi!
I implemented a simple DownloadFileServlet which works fine AS LONG AS JBoss security
manager is turned off. As soon as it is turned on in web.xml via security-constraint
etc.., downloading a file does not work anymore. The error message the file could not
be found shows up. The server log does unfortunately show nothing conspicious.
How can I tell the JBoss Security Manager to allow downloading the files; possibly
limit the permission to a certain server directory?
Any help is highly appreciated.
Thanks,
- Markus
I use JBoss v.3.23.
the (relevant) download servlet code: (i don't think there is an error in there,
because downloading works fine as long as security manager is turned off in web.xml)
String filename=req.getParameter(downloadfileName);
if (filename!=null filename.trim().length()!=0) {
logger.debug(setting mimetype);
mimetype = context.getMimeType( filename );
downloadFile = new File(filename);
if (!downloadFile.exists()) {
logger.error(ERROR @ doPost(): File + filename + does not exist.);
}
URL url = (new File(filename)).toURL();
logger.debug(URL= + url.getFile());
if (url != null) {
URLConnection con = url.openConnection();
resp.setContentType( (mimetype != null) ? mimetype :
application/octet-stream );
resp.setContentLength( (int)downloadFile.length() );
resp.setHeader(Content-Disposition, attachment; filename= +
getFileName(url));
ServletOutputStream out = resp.getOutputStream();
BufferedInputStream in = new
BufferedInputStream(con.getInputStream());
byte[] buf = new byte[5120];
int len;
while ((len = in.read(buf)) 0) {
out.write(buf);
}
in.close();
out.flush();
out.close();
} else {
logger.error(URL IS NULL);
}
} else {
logger.error(ERROR: filename != null filename.trim().length() != 0);
}
private String getFileName(URL url) {
String path = url.getFile();
String result = path.substring(path.lastIndexOf('/')+1);
logger.debug(getFileName( + url + ) = + result);
return result;
}
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3834500#3834500
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834500
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user