Inside Jenkins Jobs & Builds folder, I am creating a text file and writing some content through Java program. As I am part of corporate network, I am inside firewall with many security rules where I have been restricted to write/update the program files directory under C: drive. Although I am administrator in my local machine, however the company policies are still applied which is denying me access to write/delete any files from the Jenkins directory. I see Jenkins is nicely reading/modifying/writing any files/folders without any issues which is believed to the typical behavior of Jenkins's USER.
Question 1: Is there any way I can use this Jenkins's user through my code so I can avail access on to these directories?
Question 2: Are there ways to solve this issue through Java code? (Note: I have tried writing a file with Run as Administration java code as well)
Kindly let me know if I am missing any details,.any help is highly appreciated.
It's about the user who launched the jenkins server, who might have the permissions to access the directories.
You can use the same user for your operations if available.
Question 1: Is there any way I can use this Jenkins's user through my code so I can avail access on to these directories?
Jenkins users - Jenkins server can have its own users and privileges can be set for each users differently. You cannot use these users outside of Jenkins server.
You can use the user who launched the Jenkins server, must be a user at OS level.
Question 2: Are there ways to solve this issue through Java code? (Note: I have tried writing a file with Run as Administration java code as well)
Again, only OS level users can be used and not the Jenkins users(users created inside Jenkins server)
If you want your application to run with same credentials as Jenkins user, then hold Shift+Right Click your application, select "Run as different user", provide Jenkins's user credentials and press OK.
If you are launching your Java application from command line, do the Shift+Right Click on the cmd.exe first, and once again select "Run as different user"
If you want to impersonate a Windows user from within code, then you should really reword your question body and title (and remove Jenkins references as it has nothing to do with this). But even in this case, you need to know the credentials of the user you are trying to impersonate
Related
I want my program to start before the user logs into the computer. This means that I would like to start my program before the user logs into the computer by entering the password.
In fact my program is one which senses the person in front of the computer and get him logged into the computer using the password which would have already been provided by the user before. For this I would have to put up a screen during the log in process.
Also please help me out about how use the user password to get him logged in.
You need to install your program in such a way that it run as a service on operating system.
Using a third party tool like advanced installed, you could easily do this. Its as simple as a creating a wizard. Check here - http://www.advancedinstaller.com/user-guide/tutorial-java-service.html#preparing
Regarding your second goal, you perhaps want to build something like a 'Fingerprint login' which is common on laptop PC now-a-days.
In the same manner, you need to have some way to capture an identifying data of the user. say a face recognition through a webcam. Your service should get input from the webcam and able to identify the person. Then using the logon service of the operating system, it may supply the pre-input password to automatically login into the system.
My selenium and java based application needs to frequently read/upload a small-size file from a shared folder (\\some-server-ip\SharedfolderName).
When I run the application on multiple client machine (both server and clients can see their IPs) I am prompted to provide username and password to connect to server IP before the application can access the shared folder.
I have shared folder given full control privileges to everyone, anonymous logon group.
I also added \\some-server-ip\SharedfolderName to local security policy's
Network access: Shares that can be accessed anonymously
But, it is not working.
Interestingly, if I enter the username/password manually first time, it works fine in subsequent runs on that particular client. I cannot manually enter username/passwords on all 700+ of the client machines.
I have been trying to get this to work from past three days, without much success.
Any help/suggestion would be greatly appreciated.
P.S. I have been trying different OS (2008, 2003, Win7) for hosting the shared folder, in a desperate hope to get it to work somehow.
try mapping network drive on your client ?
I have a java app that is running as a service on a server.
The service is running as the local system user. Which does not have access to folder XYZ
However, let's say there is a user, who does have access to folder XYZ. Is it possible for this user to somehow login through the java app, thus giving the app permission to access the folder?
The network revolves around active directory.
not really... the app while its running has only the privilege of the user account that started it..
now if you want to do some activity as a different user (when you have his/her credentials) you can start a new process & do the activity in it.
on windows you can say runas /user:<<username>> <<command to run>>. again this requires sufficient privilege to execute the runas command & the runas service must be running.
you could also try to start another instance of your app (but I wouldn't recommend this)
If you can install the server as a Windows service then you can chose the user that will be used to run the server. If you chose the user to be one that has access to the required folder,
then your app will also have access to the folder.
On the run command or command prompt, run services.msc. Look at the 'Log On As' column of the services. 'Log On As' is set to 'Local system' by default. If you right-click the service and go to its properties, the Log On tab will have an option to start the service under any user that you desire.
As for install a new windows service to automatically start your server with, try http://wsinnovations.com/softeng/support/manualservice.html
One of my requirements is, on load of page, a file is to be created dynamically and downloaded at a particular location on the client's machine.
In case the file is already present, it has to be over written.
is there any way where we can access the client's system and store the file at the required folder?
I feel one cannot access the client machine when the code is being executed on the server..
Senorio:
1-User click on generate document then it took template stream data ,req. data file and then save two file into client machine.
2-After that template open and it fetch the data file from same directory.
Please help me on this. This is an SOS!!
There are probably other solutions, I use a signed applet for this purpose.
As always, there are a few caveats though:
You can't "force" anything against the will of the user. Applets may be disabled in the client's browser, or they may not even have Java installed. Or the target directory might not be writeable by the user.Your server should handle cases where the client doesn't have the correct version of the file gracefully.
You can't do this from the server side obviously but you also really can't do this from a client script either. Browser security will prevent a page script from modifying contents of the file system.
Your only options will be to run a third-party browser plugin software that has elevated permissions.
Examples of such are
Java Applets
Java WebStart
Microsoft Silverlight
ActiveX
Each one is different and most require some level of user interaction to confirm that they allow plugins to run with elevated security.
I've a production env and test env. Production has win2k3+tomcat 6.0+ and network drive mapped to a drive letter for easy access (z:\app instead of \symba\files\app). My test env has windows xp (all the software is same including the source code for servlet) and test also has the same drive letter mapping to the network drive.
Tomcat is running with the same user id in both the systems and am able to access the file via windows explorer in the test m/c and production m/c.
Now the servlet in the windows xp m/c (test m/c) throws a file not found exception if try to access an existing file (reachable via windows explorer). The servlet in production is same as in test env and production servlet happily gives the file when i request it and does not throw any error what so ever.
I've see some posts that using drive letter is not a good idea and should use UNC paths instead and i've not tried this yet. I want to know the reason why test servlet fails to get file whereas production servlet works fine.
Thank you very much for your time and help
Bo
Are you running the application server as a service? Drive letter assignments are reliable only if you use interactive programs not services.
A couple of years ago, I tried to resolve a quite identical problem but, at last, I gave up and I used JCIFS to access the files.
If you run Tomcat with a security manager, the web app code is according to the default configuration only allowed file access to its deployment directory. If you want to change the application policies, you can do that in conf/catalina.policy or you can disable the security manager, if you want your web app code to gain all privileges.
You might want to consider running the Tomcat service as the user who has access to the mapped drive.
As pointed out by andcoz, the mappings will not apply for the SYSTEM user in Windows that I presume is being utilized for running Tomcat. You could change the service configuration to run as the user owning the drive mapping and verify if the failure continues to occur.
Related:
FileNotFoundException thrown when the file does exists.