users@glassfish.java.net

Re: symbolic links are inaccessible from docroot

From: <Jan.Luehe_at_Sun.COM>
Date: Mon, 29 Oct 2007 13:32:33 -0700

glassfish_at_javadesktop.org wrote:

>Hi!
>
>Fresh install Glassfish v2 (SJAS9.1) on Sparc Solaris 10, 0807.
>(server runs as root)
>
>We have run into a real show stopper for porting from Iplanet 6.1 stuff.
>
>It seems the new server 9.1 will not access symbolic linked directories.
>
>Directories:
>drwxrwxrwx 2 iplanet web 512 Oct 29 15:45 spool
>lrwxrwxrwx 1 root root 5 Oct 29 15:57 spool2 -> spool
>lrwxrwxrwx 1 root root 5 Oct 29 15:57 images -> /d00/web/images
>lrwxrwxrwx 1 root root 5 Oct 29 15:57 data -> /d00/web/clientdata
>
>We created a dummy.html and a dummy image.gif in all of the above directories.
>
>www.ourdomain.com/dummy.html (or .gif) - works fine
>www.ourdomain.com/spool/dummy.html (or .gif) - works fine
>www.ourdomain.com/spool2/dummy.html (or .gif) - does NOT work
>www.ourdomain.com/images/dummy.html (or .gif) - does NOT work
>www.ourdomain.com/data/dummy.html (or .gif) - does NOT work
>
>Completely different functionality from 6.1 - this definately works in 6.1.
>
>We have centralized image directories and numerous nfs mounted disks with various
>client data directories that can not be direct paths under the docroot. This was the only
>way to implement access to certain data, such as client reports, recordings, etc.
>
>Does anyone know how to get around this limitation ??
>
>

In Glassfish v2 (SJAS9.1), the default value of the "allowLinking" property,
which is responsible for activating symbolic links, has been changed to
"false",
to avoid a JSP source code exposure vulnerability issue on Windows.

To reactivate symbolic links, specify this property in your webapp's
sun-web.xml:

  <sun-web-app>
    <property name="allowLinking" value="true"/>
  </sun-web-app>

Alternatively, you can specify this property at the <virtual-server> level
in domain.xml, in which case it will apply to all webapps deployed on that
virtual server.


Jan


>Thanks for the help!
>Dan
>[Message sent by forum member 'htsguru' (htsguru)]
>
>http://forums.java.net/jive/thread.jspa?messageID=242757
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.