java getRuntime().exec an exe that requires UAC - java

So we have a java process that runs as a windows service. It needs to execute a command with Runtime.getRuntime().exec(command). The command it executes requires UAC. This is on windows server 2008 and sounds like you cannot disable UAC for a single executable so is there any other way to make this work?

If your Java application runs as a windows service, it most likely runs under one of the system accounts: SYSTEM (most probable), LOCAL SERVICE, or NETWORK SERVICE. Thus if the service runs under SYSTEM account, everything you start from the service will inherit the account. Anyway your service must be allowed to interact with Desktop.
To summarize, if your process run as elevated, then processes started from it will also run elevated.
To elevate, you have to use ShellExecute or ShellExecuteEx functions of Windows API. If the .exe you're starting is marked with level=requireAdministrator in its manifest, the shell will display UAC dialog. If it's not marked, you can use runas verb/operation to force UAC confirmation dialog. Note: runas on Windows XP will show "Run as another user" dialog.
If Runtime.getRuntime().exec(command) is implemented via ShellExecute, then marking the .exe with appropriate manifest will work; if exec uses CreateProcess, the process will be started with current user privileges, i.e. not elevated; moreover the process will not be started at all if .exe has requireAdministrator in its manifest.

Related

.bat file not running when executed by app as windows service

So, I have this client-server app which is written in 4th Dimension Language, that runs as a service so it restarts automatically if something happens to the server. This language has a built in function which allows you to run cmd commands and I have another java app in the same folder, that is in charge of sending emails, something my server side app cant handle. We use a command for running this jar from cmd and send the parameters from there, creating and xml for it to create an html from that and send it via email. The thing is when I run this command with the app running as a service, the command simply does not run, but, if I run the app normally, it works like charm, with no problems whatsoever.
At first I thought it could be the paths, so I got all the paths to be absolute, using the full route, yet it doesnt work still. Also I tried exporting the command as a bat and running it by hand, in the exact same path were the server is, and it works just fine. I thought that maybe the service needs some sort of admin privileges, so I started it as Admin from the service, but it changed nothing.
Is there any chance the service has some sort of limitation which doesnt allow the app to execute external commands? If so, is there anyway to bypass this limitation?
Well, I couldn't make it work when it was running by service, so I made a bat with the command the service uses and pasted it in the Windows Startup Folder, so it "opens manually" when windows starts. It's not the real answer, but is workaround for needing to use the service.

Runtime.exec not showing GUI in JBoss environment

There are many Q & A on Runtime.exec, but still I found a strange behavior. I am running desktop application in which jobs (a kind of javax.resource.spi.work.Work) are submitted and executed in JBoss application server. Following is the code to run some script, which is blocking whenever it needs to launch any GUI. For example, if the script or command is
start notepad
The GUI is not launched, but i can see the notepad.exe in Task Manager. I dont know what is blocking to launch the notepad GUI. Following is the code:
String pathString= "D:\\folder\\abcd.bat";
pro = runtime.exec(new String[] {
pathString
});
Content of abcd.bat file is
start notepad
No error logs or exception found. The above code works very well in normal Java class.
EDIT: Issue found only with .exe files which launch GUI. Some .exe which does not require launching GUI but running some background task is executed very well with my code.
EDIT: Forgot to say that my application is running as service.
Starting from Windows vista, services not allowed interacting with desktop. More details here . It is windows security restriction to not allow services to interact with desktop. I have done changes in regedit and Log On properties of my service, it worked well.

jenkins job not triggering commands and performing ui validations in the targeted machine

I configured a job for doing GUIAutomation(which got developed using java code including running commands and keyboard events) in the targeted machine.
Extra Info:-
I am running a command to launch the installer(installer GUI should come).....but its not happening
When I got any error I am capturing a image using JAVA DefaultToolkit API, but very time its coming as Black, nothing there to watch.
GUIAutomation tool was developed by myself.
Please help me to overcome this problem, since I have to automate it through jenkins.
Usually, problems running GUI programs in Jenkins occur because of the Jenkins service not having privileges to access the display of the slave (or master, you don't mention which) that is running the job. A typical solution is to start the slave via JNLP, which requires logging on to the slave, navigating to the slave's page on the jenkins master (via browser on the slave) and launching the slave process via the button on that page. You can also launch using the javaws command which will be shown on the same page.
On Windows slaves running as a service, you may have success by configuring the service to run as a user with login and desktop privileges for the slave - the default is the Local System user which has no such rights.
I have done the same job as you.
You have to create the jnlp connection. I create one batch file in slave machine such as: jar -jar slave.jar -jnlpurl (your url)/slave-agent.jnlp
If it's remote slave, it's better to use VNC instead of remote desktop when you operate that machine. Because when you close the session, remote desktop will hold the session, so the screenshot would be black.

How to run external application from a Java EE web application?

I have been working on a Web Application for Intranet use only. I work with Apache 7 and Windows Server 2003.
In one of my page, I need to open an external application that we can locate in C:/Program Files/etc... with some parameters already initialized. Of course, the user has to use the web application on the server to make it work (that will be the case).
To open the application, I use the ProcessBuilder object.
The problem:
When I work locally with Eclipse and run the server by hand, it works perfectly. Any application can open itself from a web page.
But when I use the tomcat windows service (and that's what we want to use on the server), it just never launches. Or to be more specific, it launches and stops the application directly. No java errors thrown and process.waitFor() with an exit value of 0. The fact is that we can run processes via the web application (I tried to run simple batch files), but when there is an UI involved, it will never appear.
Again, on the server this time, if I launch tomcat7.exe (that we can find in the %CATALINA_HOME%/bin directory) with a double click or cmd, the UI in the web application will appear. If I launch it with services.msc or tomcat7w.exe or tomcat7 start via cmd, it will not.
I thought of several things:
use another user to start the service
change the way the service is launched (StartMode: jvm, java. I did not succeed with exe)
I read Tomcat 7 Windows Service How-To many times but didn't find out anything to solve my issue.
Have you any idea of what is happening, and how to solve this issue ?
What is the big difference between running tomcat as a service and from the command line?
Option 1
If you open your service's properties window, go to the Log On tab then check the "Allow service to interact with desktop" check box you will get the behavior you want. Also depending on what app you what to run you may need to change the log on account.
see Launching GUI App from Windows Service - Window Does Not Appear
Option 2
Did you try start a cmd and there use
start /c "c:\path to\exe"
in cmd.exe type
help start
Option 3
You will need a daemon service that is not run as a service. windows puts certain restrictions on service apps.
This sleeping app can be started by tomcat or other your self. it can listen on a port or poll a folder for a new file, and when it gets a job to do it starts the app you want. Via port or text file you can send the parameters.

Is it possible, in Java, to authenticate a user over active directory and then perform tasks that user has permissions for?

I have a java app that is running as a service on a server.
The service is running as the local system user. Which does not have access to folder XYZ
However, let's say there is a user, who does have access to folder XYZ. Is it possible for this user to somehow login through the java app, thus giving the app permission to access the folder?
The network revolves around active directory.
not really... the app while its running has only the privilege of the user account that started it..
now if you want to do some activity as a different user (when you have his/her credentials) you can start a new process & do the activity in it.
on windows you can say runas /user:<<username>> <<command to run>>. again this requires sufficient privilege to execute the runas command & the runas service must be running.
you could also try to start another instance of your app (but I wouldn't recommend this)
If you can install the server as a Windows service then you can chose the user that will be used to run the server. If you chose the user to be one that has access to the required folder,
then your app will also have access to the folder.
On the run command or command prompt, run services.msc. Look at the 'Log On As' column of the services. 'Log On As' is set to 'Local system' by default. If you right-click the service and go to its properties, the Log On tab will have an option to start the service under any user that you desire.
As for install a new windows service to automatically start your server with, try http://wsinnovations.com/softeng/support/manualservice.html

Categories