我試圖以文件上傳程序將臨時文件寫入磁盤的blob形式將文件上載到數據庫。Commons Fileupload安全管理器已啓用
我正在使用Wso2 Stratos應用程序服務器(基於Tomcat)阻止此類臨時文件因安全原因被寫入磁盤。我附上了錯誤的堆棧跟蹤。
我正在使用Apache Commons Fileupload Library。這裏是我的上傳類http://paste.org/47685和錯誤是從57行拋出。我需要避免編寫臨時文件我該如何解決這個問題?
這是我的錯誤日誌
java.security.AccessControlException: access denied (java.io.FilePermission F:\W
SO2ST~1.2\bin\..\tmp\upload_4e2fd9dc_1368bb5a330__7ffa_00000002.tmp write)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:323)
at java.security.AccessController.checkPermission(AccessController.java:
546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
at org.apache.commons.io.output.DeferredFileOutputStream.thresholdReache
d(DeferredFileOutputStream.java:178)
at org.apache.commons.io.output.ThresholdingOutputStream.checkThreshold(
ThresholdingOutputStream.java:224)
at org.apache.commons.io.output.ThresholdingOutputStream.write(Threshold
ingOutputStream.java:128)
at org.apache.commons.fileupload.util.Streams.copy(Streams.java:103)
at org.apache.commons.fileupload.util.Streams.copy(Streams.java:66)
at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadB
ase.java:366)
at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(
ServletFileUpload.java:126)
at controler.UploadDocumentServlet.doPost(UploadDocumentServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273
)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270
)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:3
05)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.
java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:298)
at org.apache.catalina.core.ApplicationFilterChain.access$000(Applicatio
nFilterChain.java:57)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilt
erChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilt
erChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:100)
at org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonS
tuckThreadDetectionValve.java:154)
at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:254)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:399)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcesso
r.java:396)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.pr
ocess(Http11NioProtocol.java:356)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoin
t.java:1534)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec
utor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:908)
at java.lang.Thread.run(Thread.java:705)
不,我沒有權限寫入文件系統的任何目錄。可以使用內存緩衝而不使用臨時文件進行此操作,如果是這樣的話,我怎麼能在第57行這樣做呢http://paste.org/47685 List items = upload.parseRequest(request); – Kasun 2012-04-08 16:06:25