1. 首頁
  2. 問答
  3. Commons Fileupload安全管理器已啓用

Commons Fileupload安全管理器已啓用

2012-04-08 134 views
0

我試圖以文件上傳程序將臨時文件寫入磁盤的blob形式將文件上載到數據庫。Commons Fileupload安全管理器已啓用

我正在使用Wso2 Stratos應用程序服務器(基於Tomcat)阻止此類臨時文件因安全原因被寫入磁盤。我附上了錯誤的堆棧跟蹤。

我正在使用Apache Commons Fileupload Library。這裏是我的上傳類http://paste.org/47685和錯誤是從57行拋出。我需要避免編寫臨時文件我該如何解決這個問題?

這是我的錯誤日誌

java.security.AccessControlException: access denied (java.io.FilePermission F:\W 
SO2ST~1.2\bin\..\tmp\upload_4e2fd9dc_1368bb5a330__7ffa_00000002.tmp write) 
    at java.security.AccessControlContext.checkPermission(AccessControlConte 
xt.java:323) 
    at java.security.AccessController.checkPermission(AccessController.java: 
546) 
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) 
    at java.lang.SecurityManager.checkWrite(SecurityManager.java:962) 
    at java.io.FileOutputStream.<init>(FileOutputStream.java:169) 
    at java.io.FileOutputStream.<init>(FileOutputStream.java:131) 
    at org.apache.commons.io.output.DeferredFileOutputStream.thresholdReache 
d(DeferredFileOutputStream.java:178) 
    at org.apache.commons.io.output.ThresholdingOutputStream.checkThreshold(
ThresholdingOutputStream.java:224) 
    at org.apache.commons.io.output.ThresholdingOutputStream.write(Threshold 
ingOutputStream.java:128) 
    at org.apache.commons.fileupload.util.Streams.copy(Streams.java:103) 
    at org.apache.commons.fileupload.util.Streams.copy(Streams.java:66) 
    at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadB 
ase.java:366) 
    at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(
ServletFileUpload.java:126) 
    at controler.UploadDocumentServlet.doPost(UploadDocumentServlet.java:62) 

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) 
    at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces 
sorImpl.java:25) 
    at java.lang.reflect.Method.invoke(Method.java:597) 
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273 
) 
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270 
) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) 
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:3 
05) 
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil. 
java:165) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl 
icationFilterChain.java:298) 
    at org.apache.catalina.core.ApplicationFilterChain.access$000(Applicatio 
nFilterChain.java:57) 
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilt 
erChain.java:193) 
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilt 
erChain.java:189) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF 
ilterChain.java:188) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV 
alve.java:240) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV 
alve.java:164) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica 
torBase.java:462) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j 
ava:164) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j 
ava:100) 
    at org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonS 
tuckThreadDetectionValve.java:154) 
    at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:254) 
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 
563) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal 
ve.java:118) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav 
a:399) 
    at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcesso 
r.java:396) 
    at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.pr 
ocess(Http11NioProtocol.java:356) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoin 
t.java:1534) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec 
utor.java:886) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor 
.java:908) 
    at java.lang.Thread.run(Thread.java:705)

來源

2012-04-08 Kasun

回答

0

我想通了,如何解決這個臨時文件的問題。 默認情況下,DiskFileItemFactory()的大小爲10,240個字節,它是一個超過這個數量的文件,它將創建一個用於存儲文件的臨時文件。所以這是我的文件超過10,240字節大小的錯誤。所以通過增加filefactory對象的大小解決了這個問題。請參閱此鏈接 http://www.techiepark.com/tutorials/file-upload-using-java

來源

2012-04-20 14:50:23 Kasun

1

所以,你沒有權限寫入F:\W SO2ST~1.2\tmp\upload_4e2fd9dc_1368bb5a330__7ffa_00000002.tmp,你有沒有權限寫入到文件系統上的任何目錄? (如果該tmp文件夾不存在,那麼這可能是你的問題)

如果是這樣,你只需要將你的factory的tmp目錄配置成你可以寫入的目錄(應該有一個tmp目錄用戶在這裏你可以存儲文件,如C:\ Documents和Settings \ MYUSER的\ Temp,或類似的東西)

來源

2012-04-08 15:13:52

+0

不,我沒有權限寫入文件系統的任何目錄。可以使用內存緩衝而不使用臨時文件進行此操作,如果是這樣的話,我怎麼能在第57行這樣做呢http://paste.org/47685 List items = upload.parseRequest(request); – Kasun 2012-04-08 16:06:25

相關問題

 相關問題