问题描述
我们有一个基于 b 树的本地开发的三元组存储,我想将其用于许多 servlet 应用程序中的持久存储.我不想将 b 树索引文件嵌入到 servlet .war 中,而是希望将它们存储在已知位置并让 servlet 直接访问它们.这一切都适用于 Jetty,但是当我在 Tomcat 中尝试时会引发安全异常.有人告诉我 Tomcat 的安全模型需要 servlet 的显式权限才能访问解压缩 .war 的目录树之外的文件.如果我正确理解了 Tomcat(5.5 版)文档,添加到 catalina.policy
的以下内容应该允许 servlet 访问索引文件所在的目录:
We have a locally-developed triple store based on b-trees which I want to use for persistent storage in a number of servlet applications. Rather than embed the b-tree index files in the servlet .war, I would like to store them at a known location and have the servlets access them directly. This all works in Jetty, but raises a security exception when I try it in Tomcat. I'm told that Tomcat's security model requires explicit permissions for a servlet to access files outside the directory tree where the .war is unpacked. If I've understood the Tomcat (version 5.5) documentation correctly, the following added to catalina.policy
should allow the servlet to access the directories where the index files are:
grant codeBase "jar:file:${catalina.home}/webapps/mytestapp/-"
{
permission java.io.FilePermission "/var/data/tdb/-", "read, write, delete";
}
但是,我仍然收到安全异常:
However, I still get a security exception:
java.io.FileNotFoundException:
/var/data/tdb/kb/node2id.idn (Permission denied)
at java.io.RandomAccessFile.open(Native Method)
...
剔除明显的愚蠢错误:我已检查索引文件是否位于正确的位置,具有正确的权限,并且没有损坏.任何关于我在安全设置中出错的建议或提示将不胜感激.
To tick off the obvious dumb errors: I've checked that the index files are at the correct location, with the correct permissions, and are not corrupted. Any suggestions or hints at what I've got wrong in the security settings would be gratefully received.
推荐答案
java.io.FileNotFoundException:
/var/data/tdb/kb/node2id.idn (Permission denied)
这是您的操作系统拒绝访问,而不是 Java 安全性.如果是 Java 安全性,您将获得 AccessControlException
(或某种其他形式的 SecurityException
).您运行 Tomcat 进程的用户可能无权访问该文件.
This is your OS denying access, not Java security. If it was Java security you would get an AccessControlException
(or some other form of SecurityException
). The user you are running the Tomcat process as presumably does not have access to that file.
这篇关于设置 catalina.policy 以允许 servlet 访问文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!