I am developing a web application (deployed on Jboss6) which reads files from base/ro1 and base/ro2, but also creates new files into base/rw. Files can also be deleted from base/rw.
Is there a way to apply a global security policy for this application which can define these restrictions, on the lines of http://docs.oracle.com/javase/7/docs/technotes/guides/security/spec/security-spec.doc3.html?
The application also exposes API to access/manipulate files in these directories. For eg. if I provide an API with a url api/delete?name=file1, I want the delete api to only be able to delete a file under base/rw/. And a url similar to api/delete?name='../ro/*' should be restricted.
Related
I have a rather simple question. I have a controller with two endpoints
/newFile
/downloadFile/{fileName}
/newFile endpoint creates a simple .txt file under resources
and my expectation would be to hit /downloadFile/{fileName} and download the newly created resource.
Resource res = new ClassPathResource(fileName);
so as it turned out classpath resource looks under build/resources and the file is not yet there (because I haven't restarted/rebuild the app, once I do it - I can download the file) but the whole idea is to dynamically generate files and access them immediately - is there a quick way to bypass this without having to rebuild?
I too had the same problem when I was working on FACE Recognition API which has the same process of creating a file and and uploading it to analysis.
What java does is It abstracts project to JVM and runs on it, So your newly created file won't be in the JVM, What you need to do is to use a Database or any cloud storage or NFS.
According to my perspective Using Database is the best option. Code Java How to upload files to database with Servlet, JSP and MySQL and Javatpoint store file in Oracle database are some documents you can refer for using a database.
you can refer to this document for implementing your project.
I have a Play application that creates files in the public folder when a user is in session. These files are like working files.
Now, with multiple users working at the same time, I want to restrict a user to his working files and not someone else's.
How do I achieve this ?
What I thought of :
Have uuid based file name
Store the files in the root of Application and send files to javascript using Java controller
Authenticating before using any file
You can use some authentication framework(like SecureSocial or Silhouette) and then manage files from controller. Once you are in SecuredAction or UserAwareAction you can get user identity and access the right file based on some propery of defined identity
Would it work to setup some filters using Spring 3 MVC where the paths for javascript files and css files are modified when streamed to the client, by embedding some timestamp in the filename. And then when those resources are later requested another filter then strips those timestamps out?
This would be an attempt to prevent problems of cached js/css files when an application is redeployed
What would I need to do to set this up? How do I setup the filter to replace the paths with a timestamp and then how to I setup the filter to later strp the timestamps out?
I just need info on the Spring 3 MVC configuration for it in the web.xml, I am ok with what the actual code in the filter will need to do
It may be simpler to use Spring's resource mapping <mvc:resources>, that maps a virtual path to the real location of your CSS and Javascript files. The virtual path can contain the version of your application. This means that when you deploy a new version of your application, the path of the CSS and Javascript that gets sent to the browser is different than before and this fools the browser into thinking that they're new resources - and so it reloads them.
For example to map CSS and Javascript files in /resources:
<mvc:resources location="/resources" mapping="/resources-1.2.0/**"/>
This says that any request that comes in with the URL pattern /resources-1.2.0 followed by anything (e.g. /resources-1.2.0/css/styles.css), look for the file in the folder named resources in the web root.
When you update the application version between deployments the virtual path to the CSS and Javascript resources will change and so browsers will be forced to reload the files - even though the real files are in the same old location.
You can make the application version dynamic too - so you don't need to modify your config file.
There's a more in-depth write up of this whole approach here.
I'm rather new to wsadmin and the administration client available for Websphere. I was wondering if anyone had an example of deploying arbitrary files to every Node in a Cell? Ideally I am looking for a solution that would work with both Websphere ND v7 and v6.1, and would not resort to native file transfer methods (e.g. windows shares / sftp), although if there is configuration that could be discovered through the Deployment Manager as to what native method to take to deploy the file that could be an option.
For some background, I'm trying to script the installation of an application for our clients. As part of that I will need to create a JDBC provider and a shared library along with my Application. IBM's documentation is fairly clear on how to create shared library with a particular classpath, and a JDBC Provider, and Websphere variables. But I am running into the problem of how I should go about ensuring that the resources defined on the classpaths of the configured provider and shared library are available on each Node at runtime?
Arbitrary files can be managed centrally using wsadmin's AdminConfig object. This approach places the files in WAS's configuration repository which is monitored by the node synchronization service, and therefore automatically synchronizes file changes from the master repository with each node repository. There are existing wsadmin commands that enable the files to be added, updated, and deleted centrally and remotely.
Here is some example wsadmin jython code which will upload a local file (/temp/jdbc-driver.jar) to the configuration repository (<WAS_PROFILE_ROOT>/config/test-app/jdbc-driver.jar). The node synchronization may be explicitly invoked as demonstrated in the script, or the synchronization will occur automatically if automatic synchronization is enabled.
file = "/temp/jdbc-driver.jar"
dest = "test-app/jdbc-driver.jar"
AdminConfig.createDocument(dest, file)
AdminNodeManagement.syncActiveNodes()
The following wsadmin jython code demonstrates how to update the file.
file = "/temp/jdbc-driver.jar"
dest = "test-app/jdbc-driver.jar"
digest = AdminConfig.extract(dest, file)
# update the file locally in /temp/jdbc-driver.jar
AdminConfig.checkin(dest, file, digest)
AdminNodeManagement.syncActiveNodes()
I have a web service that provides clients with configuration data. It receives a request containing a version (ex: "v1") of that configuration data and needs to retrieve the data associated with that version. New versions of configuration data can be added while the web service is running.
The directory structure of the configuration data is:
config
v1
...config files...
v2
...config files...
v3
...config files...
I know that web application best practices state I should not use java.io.File and should instead use ClassLoader.getResource(), so how do I go about doing that? I can't compile my config data into a JAR because it can be updated while the service is running, so do I place the data on the filesystem and add that directory to my classpath?
We didn't find any way to do this with Weblogic, so we updated the application to read the data from the filesystem instead of the classpath.