0

Im facing this strange issue of not being able to execute a simple "whoami" unix command on a AIX server. I have a webapplication that is deployed on an AIX server. Now I want to see under which WAS user my webapplication is currently running. So I added the below code:

    public String whoami() throws Exception {
        Process p = Runtime.getRuntime().exec("whoami");
        BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
        String line;
        String output = "";

        while ((line = in.readLine()) != null) {
            //System.out.println(line);
            output += line;
        }
        in.close();
        p.destroy();
        return output;
    }
}

The above code is added in a jar file which is referred by a JSP. The JSP has to receive the output of the code above and it displays the WAS User name. But when i deploy the webapplication on the server and try to observe the output, im getting an error message like

Error 500: access denied (java.io.FilePermission <> execute)

However, When I remove the above code and run my webapplication, everything runs fine. What wron am i doing here. Did I miss doing anything? Please help. This is the first time im working on UNIX

Improve this question

4 Answers 4

Reset to default
3

It looks like your web server has been configured with a Java security policy that prohibits executing external applications.

See http://java.sun.com/developer/onlineTraining/Programming/JDCBook/appA.html for information about Java Security Policies, and the documentation for your web server.

You will need to supply (or edit) a policy file to contain something like:

grant {
  permission java.io.FilePermission 
    "/usr/bin/whoami", "execute";
};
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I guess this might be the actual issue. Will check this and see. Thanks for your answer
@SuryaChandra the error message you posted is completely consistent with a restricted security policy.
I see the following entries in the was.policy file grant codeBase "file:${application}" { }; grant codeBase "file:${jars}" { }; grant codeBase "file:${connectorComponent}" { }; grant codeBase "file:${webComponent}" { }; grant codeBase "file:${ejbComponent}" { }; Does the above imply that currently there are no access permissions for anything?
@SuryaChandra That seems to be the WebSphere default. See pic.dhe.ibm.com/infocenter/wasinfo/v6r0/… for info on which one of the five might be most appropriate to add the required permission. Looks like either file:${application} or file:${webComponent} to me.
I think you were right. I will make the changes and see. Unfortunately, the server im working is down, I will update my observations soon
|
2

Just out of curiosity Have you considered to use:

user.name

System property in Java?

Improve this answer

Comments

0

AFAIK whoami is a shell command and Runtime#exec() executes programs only.

you can try Runtime.getRuntime().exec(new String[]{"sh","-c","whoami"}) to call sh and let it execute whoami

another thing: do you need to destroy the process after reading?

Improve this answer

1 Comment

Well, it is an actual program, it is located in /usr/bin. Martijn-Pro:~ martijncourteaux$ which whoami returns /usr/bin/whoami
0

You can use the ProcessBuilder class instead of getRuntime().exec("whoami").

Here is sample code

import java.io.*;
import java.util.*;

public class DoProcessBuilder {

    public static void main(String args[]) throws IOException {
        if (args.length <= 0) {
            System.err.println("Need command to run");
            System.exit(-1);
        }
        Process process = new ProcessBuilder(args).start();
        InputStream is = process.getInputStream();
        InputStreamReader isr = new InputStreamReader(is);
        BufferedReader br = new BufferedReader(isr);
        String line;
        System.out.printf("Output of running &#37;s is:", Arrays.toString(args));
        while ((line = br.readLine()) != null) {
            System.out.println(line);
        }
    }
}
Improve this answer

1 Comment

a ProcessBuilder should be restricted to the same security policies as Runtime.exec

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.