Hello,
I have an application that needs to use file templates in API ENGINE.
The flow is like this:
- user requests the file;
the custom service downloads the template;
the custom service replaces placeholders in the template with user specific properties;
the custom service uploads the file to storage;
the custom service returns the uploaded file URL to the user.
java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"demo.docx\" \"write\")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.backendless.coderunner.runtime.security.CodeRunnerSecurityManager.checkPermission(CodeRunnerSecurityManager.java:52)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
The only workaround is to keep the file into memory and then upload it. It’s not a viable solution if multiple users request multiple files using this approach.
I’ve tried new File("<filename>") and File.createTempFile(prefix,suffix). Both fail - security restrictions.
My question is: is there any other way to save a temporary file to disk using API ENGINE - some kind of secure sandbox ?
Code Example:
BackendlessFile backendlessFile = new BackendlessFile(REQ_TEMPLATE);
File file = new File("demo.docx");
downloadFile(backendlessFile, file); //feature 102
if (file.exists()) {
DOCXTest docxTest = new DOCXTest(); //uses apache poi for docx processing
docxTest.openFile(file.getAbsolutePath());
docxTest.insertAtBookmark(TAG_EMP_NAME, "User name");
docxTest.insertAtBookmark(TAG_EMP_DEPT, "User dept");
docxTest.saveAs(file.getAbsolutePath());
BackendlessFile upload = Backendless.Files.upload(file, "demo/demo");
System.out.println("OK");
// file.delete();
}
Thank you,
Mihai