Creating a new file without using a ServletContext - servlets

Assume I want to write to a new file created within the space of my webapp.
One way would be use getServletContext().getRealPath("/") and use that String to create a new file on the server. However, often I come across advice like not using getServletContext().getRealPath("/").
Can someone please let me know of another way to write a new file within my webapp?
Many thanks.

Have some configuration property containing the absolute path of a directory outside of the webapp and web server path, read this path from the configuration property, and write to this directory.
To serve files from this directory, write a servlet that takes the name or ID of this file as parameter, reads the file from the directory, and sends its content to the response.
This will
work even if the app is deployed as a war file and never unzipped to the file system
allow you to redeploy the next version of the app or server without deleting all the uploaded/created files
allow you to add whatever control you want on the uploaded/created files, instead of making them available to everyone
In short, treat these files as data, stored in a database which happens to be the file system instead of a SQL database.

Related

When people mention storing files on the File System, is that referring to a folder within the app?

I need to store pdf files that will keep increasing with time on a folder for my app. But I'm not sure which method is consider 'good practice' between if I should store it in a folder within the project architecture (i.e. inside Content folder) or in a folder outside the app. I tried searching online but most people just mention 'File System' and don't give examples on where do they store it.
So my question is, when people mention storing files on the File System, do they usually mean storing it in a folder inside the app (like Content folder) or do they mean storing it in a folder outside the app?
For example: let's say my apps folders/files are within the container folder: /Container/AppFolder/. Should I store the pdf files on the apps Content folder (i.e. /Container/AppFolder/Content) or should I create a new folder OUTSIDE the apps folders to hold these pdf files? (i.e. /Container/PDFFiles, so basically two folders within the container folder - one folder for the pdf files and the other folder for the app)? Which one is consider a good practice? I have considered just putting these files on the Content folder but as the amount of files keep increasing I'm not sure if is bad practice.
Thanks in advance.
You can put it where ever you want on the server, the program will just need proper permissions to that location (I use the IO namespace). However you should put thought into how to organize the files and folders. Is each file to be tied to a specific ID or just all in 1 folder? Think of things you'll need to handle like invalid file names (special characters), duplicate file names etc. Is the location strictly 1 way (upload only)? Or are you enabling download functionality? If you have download functionality stress security, probably creating a download.aspx page specifically for handling download requests and authentication.

ASP.Net web application cannot read a file within folder

In my asp.net web application, I read the xml file for obtaining a key. If file is not present I show a form to enter the key details and then create the file.
First problem: My app does not recognize the file even if its there.
Second problem: I am running application on the server. When writing, rather overwriting the file, browser shows the username, password prompt before writing the file. If I enter admin credentials it allows to create a file.
I have checked all possible combinations of permissions on the file / folders, but could not resolve the problem.
Any ideas, what I could be missing here?
You read the xml file but is it as a part of your solution? If yes, are you reading it through relative path i.e. are you using Server.MapPath to read it like Server.MapPath("~/Files.test.xml")? Once you use relative path, I don't think it will ask you credentials as it still is in your project directory.
It should work. I am also reading and writing files in my web application.
If it still does not work, please tell me the way you are reading file.
Thanks,

How to get exact path of servlet where it is running?

I have an application that I use in a servlet. The application assumes the text database residing in the same directory where it is being executed. When I am trying to use it in servlet and even after placing the text database files in /WebContent, /DataProject and also src folders. The application cannot find the database. I need to know exactly where the servlet file is being executed so I can place the database files in the same directory. I have already /.metadata/.plugin......../tmp0/wtpwebapps directory. Any help will be greatly appreciated.
Usually when we access files in java we give the absolute path. Dont use the relative path. We use relative paths for jsp/html/css etc. For accessing normal files use the complete path. So put the files in /home/tomcat/.../../directoryDatabase

Reading/writing a text file in a servlet, where should this file be stored in JBoss?

I have servlet deployed in JBoss. I want to read/write data into a text file based on the client input. Where should this text file be put in the JBoss directory structure?
There the /data directory is for.
Its absolute path is available by the jboss.server.data.dir system property.
File dataDir = new File(System.getProperty("jboss.server.data.dir"));
File yourFile = new File(dataDir, "filename.ext");
// ...
See also:
JBoss Wiki - JBoss Properties
Note that you're this way tight-coupling the web application code to a specific server. If you ever want to change servers, keep in mind to change the above code as well to whatever the new server supports (or not).

ASP.NET Web.config question

The server is IIS7.
Is there a way to disable web.config files in subfolders?
I am asking because, I have a folder on the web server that is for uploads. When someone uploads files, a new folder is created for the user's session and the files they upload go in the folder.
So the path to uploads would be like this:
~/uploads/3F2504E0-4F89-11D3-9A0C-0305E82C3301/somefile.txt
In the ~/uploads/ directory there is a web.config file that removes all http handlers except the static file handler and adds a wildcard mime type. So every file that a user uploads will only ever be served statically.
If a user uploads a web.config file, I want to disallow any of the settings in that file from being applied.
How can I do this?
EDIT
Could I just make the upload folder an application that is a member of an application pool configured to run in Classic mode instead of Integrated Pipeline mode? That way it wouldn't even care about a web.config file.
EDIT 2
Is there another type of webserver I could install for serving all files statically? I could just access the files through a different port. Is there some software that I can be sure wont run any scripts and is safe.
I simply wouldn't allow them to upload a file with that name. In fact, I normally wouldn't trust any filename that the user gave me... makes a great candidate for an injection-style attack.
Ok I have a different angle on this...
What if your uploads folder was not part of the website and instead part of the file system? This way ASP.NET is not processing requests to the folder and thus web.config wouldn't be loaded by the ASP.NET runtime.
You'd have to give your app pool's account read/write access to the file system where these files are stored, but I think it better fits what you're trying to accomplish.
Obviously it could be done in code.
If the folders always exist, you could pre-populate with a web.config with no (significant) content and an ACL to ensure it cannot be overwritten, but looking at the path it I suspect you create the upload folders dynamically which means this would not work.
I don't believe there is a way to tell IIS not to use a web.config (but I could be wrong). Personally, I would add a check to my save code and rename the file.
Why not just check the filename first to prevent the user from uploading a file named web.config? You're probably going to want to check for other things too before allowing the upload - files that are too big, etc.

Resources