File Sandbox

Hello,

I have an application that needs to use file templates in API ENGINE.
The flow is like this:

    user requests the file; the custom service downloads the template; the custom service replaces placeholders in the template with user specific properties; the custom service uploads the file to storage; the custom service returns the uploaded file URL to the user.
The problem with this approach is that I cannot create a local file from inside the API ENGINE:
java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"demo.docx\" \"write\")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.security.AccessController.checkPermission(AccessController.java:884)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at com.backendless.coderunner.runtime.security.CodeRunnerSecurityManager.checkPermission(CodeRunnerSecurityManager.java:52)
	at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)

The only workaround is to keep the file into memory and then upload it. It’s not a viable solution if multiple users request multiple files using this approach.

I’ve tried new File("<filename>") and File.createTempFile(prefix,suffix). Both fail - security restrictions.
My question is: is there any other way to save a temporary file to disk using API ENGINE - some kind of secure sandbox ?

Code Example:

            BackendlessFile backendlessFile = new BackendlessFile(REQ_TEMPLATE);
            File file = new File("demo.docx");
            downloadFile(backendlessFile, file); //feature 102
            if (file.exists()) {
                DOCXTest docxTest = new DOCXTest(); //uses apache poi for docx processing
                docxTest.openFile(file.getAbsolutePath());
                docxTest.insertAtBookmark(TAG_EMP_NAME, "User name");
                docxTest.insertAtBookmark(TAG_EMP_DEPT, "User dept");
                docxTest.saveAs(file.getAbsolutePath());
                BackendlessFile upload = Backendless.Files.upload(file, "demo/demo");
                System.out.println("OK");
//                file.delete();
            }

Thank you,
Mihai

Hi Mihai,

That is correct, you cannot use the local file system, however you can use the File Upload API to upload files to the file storage assigned to your backend.

Regards,
Mark

Hi Mark,

I understood that. The problem was that I needed a temp location to modify the template before uploading the user specific version to a new location using the File Upload API.

Right now I’m applying the changes in memory. It’s not the best solution, but it works, for now.

Thank you,
Mihai

You could also use Backendless Caching API if you need an intermediate storage:

https://backendless.com/documentation/utilities/android/ut_caching_api_android.htm

That could be a solution. Thanks you.
Sadly the files I’m using are larger than the max size allowed by the cache.