Accessing files using relative/absolute path
I am running my servlet using tomcat on my computer (instead of on the web). It involves accessing a password file. Here's how I put my files:
/myproj/Password/pwd.txt
/myproj/WEB-INF/web,xml
/myproj/WEB-INF/class/myservlet
To access the pwd.txt file, I try to get the absolute path to the file as follows:
String root = getServletConfig().getServletContext().getRealPath("/");
String adminFile = root +"Password/pwd.txt";
With tomcat, I am expecting to get http://localhost:8080/myproj/Password/pwd.txt
as the location for the file.
Instead, I am getting the location of the file in the file system, that is: D://Program Files/Apache Software Foundation/Tomcat 6.0/webapps/myproj/Password/pwd.txt
Yes, as it stands, my servlet can still find the file. But I'm not sure if this is a problem or not. I mean when it comes the time for me to deploy the servlet for real, can it still find the file?
[1079 byte] By [
senore100a] at [2007-11-27 4:30:21]
# 1
That's what getRealPath() does, it gives you the absolute path on the machine the server is running. I'm not completely sure but I think I read somewhere about it having to return null by the specification but it seems to work with Tomcat.
The URL that you've given;
http://localhost:8080/myproj/Password/pwd.txt
that's not the real path. That's the URL that your webserver is going to serve the file on.
And you do realize that the 'web' also consists of 'normal' computers that have the same/similar webservers running? So it's going to work the same.
And lastly, it's a very bad idea to make a folder like you have for your password file because your folder will be accessible. No matter what you do, password protect, encrypt, whatever, your data is potentially available to others. You should put it into the WEB-INF file since that is not made available by the server. Actually, try using Tomcat's DataRealms for authentication.
# 4
Thanks. So that still means I would need to use the absolute file system path instead of the server path?
Basically I am not working on an application that calls for high security. I just want to make changing the password file as easy as possible. Also looked into security realms in tomcat. Looks pretty straightforward. But when it comes to deployment, I cannot be sure it will be a tomcat...
