1

I am using itextpdf and trying to write the file by:

public class ScoutTranscript {

//static String filePath = System.getProperty("user.home") + "\\Desktop\\ScoutTranscript.pdf";
static String filePath = "/ScoutTranscript.pdf";
private static String FILE = filePath;

However, in the log I get the error:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/ScoutTranscript.pdf" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
at java.io.FileOutputStream.<init>(FileOutputStream.java:209)
at java.io.FileOutputStream.<init>(FileOutputStream.java:110)
at org.AwardTracker.server.ScoutTranscript.main(ScoutTranscript.java:44)
at org.AwardTracker.server.MySQLConnection.scoutTranscript(MySQLConnection.java:17126)

How should I create the filePath please?

N00b Pr0grammer
  • 4,503
  • 5
  • 32
  • 46
Glyn
  • 1,933
  • 5
  • 37
  • 60
  • You seem not to have permissions to write into the root directory where your file path points. – mkl Nov 28 '16 at 05:40
  • Where is your code deployed? Tomcat or any other server? You need to grant a set of permissions for this to be solved. This is a pointer to such an issue, link [here](https://coderanch.com/t/648429/Tomcat-java-security-AccessControlException-access) – N00b Pr0grammer Nov 28 '16 at 05:46
  • By the way, considering the code and stacktrace you show the issue seems neither related to itext nor to gwt. Thus, I would remove those tags. On the other hand your Web application server (tomcat or whichever) may well be involved. Thus, you may want to add tags accordingly. – mkl Nov 28 '16 at 06:30
  • I can not update the tags. I am using Tomcat. – Glyn Nov 28 '16 at 08:39
  • I have looked at the link and I can not work out where this code goes. I am not a programmer. I am using Eclipse and brought up the project properties; however, I could not find anything there. – Glyn Nov 28 '16 at 09:03
  • By the way, is there a specific reason for your web application to want to store a file in the root folder of the server file system? This usually is considered bad style, both security-wise and maintainability-wise. – mkl Nov 28 '16 at 11:16

1 Answers1

1

If that's a Tomcat you use, then you might have to add the following permission parameters into your catalina.policy to sort out the issue. 

grant codeBase "file:${catalina.home}/webapps/ApplicationName/-" { 
    permission java.security.AllPermission; 
};

Please refer to this for a similar discussion. Consider changing the path as per the path that you use.

@Glyn, @mkl is right in saying that this issue is not related to either GWT or iText and hence dropping these two tags.

Community
  • 1
  • 1
N00b Pr0grammer
  • 4,503
  • 5
  • 32
  • 46
  • This is great. I have found in Eclipse --> Properties --> Java Build Path that my Tomcat is in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf. So, at the end of the catalina.policy I simply add: grant codeBase "file:${catalina.home}/webapps/ScoutTranscript/-" { permission java.security.AllPermission; }; (ScoutTranscript being the class name). Is that correct? This will then compile and be included in the war? I want to be absolutely sure as I can only test this in production and I do not want a gaping great big gap in my security. – Glyn Nov 28 '16 at 22:38
  • The path should be the location where you are trying to write the file – N00b Pr0grammer Nov 29 '16 at 04:45
  • Sorry, this does not make sense to me. There is no path only the application name. Is "ScoutTranscript" the correct value, in this case, to replace "ApplicationName" with? Where is the path please? – Glyn Nov 29 '16 at 06:21
  • @Glyn, it is being used as the parameter `filePath`. Please take a look at the code and let me know if I'm missing anything! – N00b Pr0grammer Nov 29 '16 at 06:26
  • Hi, I very much appreciate your patience. May I ask that you answer each of the following questions please. (1) Why do you mention static String filePath = "/ScoutTranscript.pdf"; is there an issue with it? Yes, this is the pdf file I create and store. (2) So, at the end of the catalina.policy I simply add: grant codeBase "file:${catalina.home}/webapps/ScoutTranscript/-" { permission java.security.AllPermission; }; (ScoutTranscript being the class name). Is that correct? (3) Will this then compile and be included in the war? (4) Will this introduce any security issues? Thank you. – Glyn Nov 29 '16 at 21:09
  • Hi N00b, I have finally worked it out (or at least had an answer provided by Neale at Metawerx) - grant codeBase "file:${catalina.home}/webapps/awardtracker_n/-" { permission java.security.AllPermission; }; and static String filePath = "/cust/glyndwr/home/private-cgi-bin/tomcat/ROOT/ScoutTranscript.pdf"; – Glyn Dec 04 '16 at 22:31