Finding Out Directories on current File System!

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

Finding Out Directories on current File System!

Finding Out Directories on current File System!

2005-04-06 - By Joe Sam Shirah

Back

Reply: 1 2 3 4 5

Hi Ben,

> > J2EE apps should not assume that a file system even exists.
>
> Why not? It would be a little strange if there wasn't a filesystem.

I'm technically wrong, so let me clarify:

The J2EE spec states that the minimal security permissions set an app
can expect includes

java.io.FilePermission read,write

I really was thinking of EJB's, although some of the considerations
should be kept in mind. Here's the explanation from

<
http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/ejb
_tier/qanda/restrictions.html
>

"Why can't EJBs read and write files and directories in the filesystem? And
why can't they access file descriptors?

Enterprise beans aren't allowed to access files primarily because files are
not transactional resources. Allowing EJBs to access files or directories in
the filesystem, or to use file descriptors, would compromise component
distributability, and would be a security hazard.

Another reason is deployability. The EJB container can choose to place an
enterprise bean in any JVM, on any machine in a cluster. Yet the contents of
a filesystem are not part of a deployment, and are therefore outside of the
EJB container's control. File systems, directories, files, and especially
file descriptors tend to be machine-local resources. If an enterprise bean
running in a JVM on a particular machine is using or holding an open file
descriptor to a file in the filesystem, that enterprise bean cannot easily
be moved from one JVM or machine to another, without losing its reference to
the file.

Furthermore, giving EJBs access to the filesystem is a security hazard,
since the enterprise bean could potentially read and broadcast the contents
of sensitive files, or even upload and overwrite the JVM runtime binary for
malicious purposes.

Files are not an appropriate mechanism for storing business data for use by
components, because they tend to be unstructured, are not under the control
of the server environment, and typically don't provide distributed
transactional access or fine-grained locking. Business data is better
managed using a persistence interface such as JDBC, whose implementations
usually provide these benefits. Read-only data can, however, be stored in
files in a deployment JAR, and accessed with the getResource() or
getResourceAsStream() methods of java.lang.Class."

Sorry for any confusion.

Joe Sam

Joe Sam Shirah - http://www.conceptgo.com
conceptGO - Consulting/Development/Outsourcing
Java Filter Forum: http://www.ibm.com/developerworks/java/
Just the JDBC FAQs: http://www.jguru.com/faq/JDBC
Going International? http://www.jguru.com/faq/I18N
Que Java400? http://www.jguru.com/faq/Java400

-- -- Original Message -- --
From: "Ben Hill" <ben@(protected)>
To: <J2EE-INTEREST@(protected)>
Sent: Wednesday, April 06, 2005 1:09 PM
Subject: Re: Finding Out Directories on current File System!

> > J2EE apps should not assume that a file system even exists.
>
> Why not? It would be a little strange if there wasn't a filesystem.
>
>

===========================================================================
To unsubscribe, send email to listserv@(protected) and include in the body
of the message "signoff J2EE-INTEREST". For general help, send email to
listserv@(protected) and include in the body of the message "help".