#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2002
    Location
    Ohio
    Posts
    0
    Rep Power
    0

    Question Servlet security and finding path to server....


    Hi. I am relatively new to servlets and have a couple of questions. From what I understand a servlet can create files on the server as long as its from the web address at which it originated. Is that correct? Here is the reason that I ask.

    I have some applet/servlet communication. In the applet, users can draw a picture (much like paint). When they are finished, the applet sends the picture to the servlet. I then need the servlet to create a new file in a specified folder and save the picture to it. Originally, I was using Tomcat 4.0.3 on my computer running as a local host to test my code. Using getServletContext.getRealPath("/") I was able to get it to work.

    Now I have a web host that is running Apache JServ. They give you a "servlets" folder to load your servlet into and it should work from there. The servlet is communicating just fine, but getRealPath("/") now returns null. I've also tried getResource("/"), but that pulls a Server 500 error.

    If anyone can tell me if what I'm trying to do is possible and can offer any other suggestions, I'd really appreciate it. Thank you all in advance.
  2. #2
  3. No Profile Picture
    Moderator =(8^(|)
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2002
    Location
    Sacramento, CA
    Posts
    1,710
    Rep Power
    14
    As far as I know, permission to write to the disk is controlled by the operating system, and determined by the user the App server is running as. There's not guarantee in a server environment that the App server user would have access to the disk.

    From the javadoc for ServletContext.getRealPath()
    This method returns null if the servlet container cannot translate the virtual path to a real path for any reason (such as when the content is being made available from a .war archive).
    I don't know if that applies to you or not.

IMN logo majestic logo threadwatch logo seochat tools logo