Re: How to access files in network drive
Tomcat is started under a user account with its own security. Give that user permission to the path. On 1/3/10, WM C wrote: > > Hi - > > This is more like a general java question. > > In my web app, I need to read files from a network drive folder, which has > access restriction (my account is permitted). > > During development time, since I am using Eclipse and Tomcat is integrated > inside, so both were run under my account, everything works fine, but when > deployed onto a testing server, where Tomcat runs using a system account, > file access was denied. > > How to resolve this problem? Is there a way when accessing file, I can pass > in a user identity as parameter, or "log on" first just like access > database? Seems java File API does not have this option. > > Any suggestions are appreciated! > > William > > _ > Hotmail: Powerful Free email with security by Microsoft. > http://clk.atdmt.com/GBL/go/171222986/direct/01/ -- Sent from my mobile device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access files in network drive
2010/1/3 WM C > The problem is that now we have two web apps, each needs to access > different drive, each drive has different user access control list - in this > case, running Tomcat using one user will only make one app work, while fail > another (for security reason, we cannot allow one user to access both > drives). > > So looks like I have to run two Tomcat instances? > > If your security policy insists on that separation, you should run two Tomcat instances, yes. Running one Tomcat instance that can access both drives is *itself* a security risk, as then any user who can control that Tomcat instance can access both drives, which your security policy forbids. The alternative is to review your security policy. Most organisations I've seen will go for the most fantastic, long-winded and often incredibly insecure technical solutions rather than review their existing security policy in the light of new organisational requirements. - Peter
RE: How to access files in network drive
Thanks for the quick reply - That was exactly what I did and it worked. The problem is that now we have two web apps, each needs to access different drive, each drive has different user access control list - in this case, running Tomcat using one user will only make one app work, while fail another (for security reason, we cannot allow one user to access both drives). So looks like I have to run two Tomcat instances? Thanks, William > Date: Sun, 3 Jan 2010 10:48:49 + > Subject: Re: How to access files in network drive > From: peter.crowt...@melandra.com > To: users@tomcat.apache.org > > 2010/1/3 WM C > > > In my web app, I need to read files from a network drive folder, which has > > access restriction (my account is permitted). > > > > During development time, since I am using Eclipse and Tomcat is integrated > > inside, so both were run under my account, everything works fine, but when > > deployed onto a testing server, where Tomcat runs using a system account, > > file access was denied. > > > > How to resolve this problem? Is there a way when accessing file, I can pass > > in a user identity as parameter, or "log on" first just like access > > database? Seems java File API does not have this option. > > > > Java is intended to be portable to different OSs. Some don't allow what > you want, so the File API doesn't provide it. > > You will have to resolve the problem through configuration. Run Tomcat on > the testing server as a user that has access to the network drive folder. > You could do this either by changing the user ID under which Tomcat runs on > the testing server, or by granting the test Tomcat's user ID access to the > network drive folder. > > - Peter _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/
Re: How to access files in network drive
2010/1/3 WM C > In my web app, I need to read files from a network drive folder, which has > access restriction (my account is permitted). > > During development time, since I am using Eclipse and Tomcat is integrated > inside, so both were run under my account, everything works fine, but when > deployed onto a testing server, where Tomcat runs using a system account, > file access was denied. > > How to resolve this problem? Is there a way when accessing file, I can pass > in a user identity as parameter, or "log on" first just like access > database? Seems java File API does not have this option. > > Java is intended to be portable to different OSs. Some don't allow what you want, so the File API doesn't provide it. You will have to resolve the problem through configuration. Run Tomcat on the testing server as a user that has access to the network drive folder. You could do this either by changing the user ID under which Tomcat runs on the testing server, or by granting the test Tomcat's user ID access to the network drive folder. - Peter
