Expand|Select|Wrap|Line Numbers
- <%@ page import="java.io.*" %>
- <HTML>
- <BODY>
- <%
- Runtime rt = Runtime.getRuntime();
- Process p = rt.exec("/bin/ls");
- // for reading the output of the program
- // (out of the program is in for us)
- BufferedReader sOut = new BufferedReader(new
- InputStreamReader(p.getInputStream()));
- // read the output
- String line;
- while ((line = sOut.readLine()) != null)
- {
- out.println("line<BR/>");
- }
- %>
- </BODY>
- </HTML>
However, when I run this, I get the following:
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Exception in JSP: /research/test.jsp:7
4: <%
5: Runtime rt = Runtime.getRuntime();
6:
7: Process p = rt.exec("/bin/ls");
8:
9: // for reading the output of the program
10: // (out of the program is in for us)
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handle JspException(JspServletWrapper.java:451)
org.apache.jasper.servlet.JspServletWrapper.servic e(JspServletWrapper.java:373)
org.apache.jasper.servlet.JspServlet.serviceJspFil e(JspServlet.java:329)
org.apache.jasper.servlet.JspServlet.service(JspSe rvlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
sun.reflect.GeneratedMethodAccessor63.invoke(Unkno wn Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(Se curityUtil.java:244)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject .java:517)
org.apache.catalina.security.SecurityUtil.execute( SecurityUtil.java:276)
org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:162)
root cause
java.security.AccessControlException: access denied (java.io.FilePermission /bin/ls execute)
java.security.AccessControlContext.checkPermission (AccessControlContext.java:323)
java.security.AccessController.checkPermission(Acc essController.java:546)
java.lang.SecurityManager.checkPermission(Security Manager.java:532)
java.lang.SecurityManager.checkExec(SecurityManage r.java:779)
java.lang.ProcessBuilder.start(ProcessBuilder.java :447)
java.lang.Runtime.exec(Runtime.java:593)
java.lang.Runtime.exec(Runtime.java:431)
java.lang.Runtime.exec(Runtime.java:328)
org.apache.jsp.research.test_jsp._jspService(test_ jsp.java:49)
org.apache.jasper.runtime.HttpJspBase.service(Http JspBase.java:98)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
org.apache.jasper.servlet.JspServletWrapper.servic e(JspServletWrapper.java:331)
org.apache.jasper.servlet.JspServlet.serviceJspFil e(JspServlet.java:329)
org.apache.jasper.servlet.JspServlet.service(JspSe rvlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
sun.reflect.GeneratedMethodAccessor63.invoke(Unkno wn Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(Se curityUtil.java:244)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject .java:517)
org.apache.catalina.security.SecurityUtil.execute( SecurityUtil.java:276)
org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:162)
Seems like it has something to do with the permissions granted to the JVM? I have googled high and low and still haven't found a way to solve it. I've also tried adding
Expand|Select|Wrap|Line Numbers
- grant { permission java.io.FilePermission "file:/bin/ls", "execute"; }