Date: Fri, 21 Feb 1997 12:13:30 -0800
Message-Id: <199702212013.MAA03250@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: kwtung@netrd.iii.org.tw
Subject: Re: about remove directory
A Java application can delete a file, but in general, a Java applet
cannot.
Here's two examples. The first is a Java application. It creates a
directory, and then deletes it.
The second is Java applet that can create a file, or a directory, from
the HotJava browser or the JDK appletviewer, if it has "write"
permission to that directory, as specified in the
~/.hotjava/properties file. That is, if you add this line to your
~/.hotjava/properites file
acl.write=/tmp
then an applet running in HotJava can create a file or a directory
in /tmp. But, applets are not allowed to delete the file or
directory, even if they have write access to the directory it's in.
That properties file is consulted by the HotJava browser and by the
JDK appletviewer, but it is *not* consulted by Netscape's browser or
Microsoft's browser.
All this is slated to get more useful over time, as we move towards
more flexible and configurable security policies.
For more info on Java applets, check out the examples on the Security
FAQ page at http://java.sun.com/sfaq/ (they're towards the bottom of
the page.)
(1) DeleteFile.java, standalone java application
import java.io.*;
import java.lang.*;
public class DeleteFile {
public static void main(String args[]) {
String foo = "/tmp/foo";
File file;
try {
file = new File(foo);
file.mkdir();
if ( (file.exists()) && (file.isDirectory()) )
System.out.println(foo + " exists, and is a directory");
file.delete();
if (! file.exists())
System.out.println(foo + " no longer exists. Deleted it.");
}
catch (Exception e) {
e.printStackTrace();
}
}
}
puffin% javac DeleteFile.java
puffin% java DeleteFile
/tmp/foo exists, and is a directory
/tmp/foo no longer exists. Deleted it.
puffin%
(2) DeleteFileApplet.java and its html file
import java.io.*;
import java.lang.*;
import java.applet.*;
import java.awt.*;
public class DeleteFileApplet extends Applet {
public void paint(Graphics g) {
String foo = "/tmp/foo";
File file;
try {
file = new File(foo);
file.mkdir();
if ( (file.exists()) && (file.isDirectory()) ) {
System.out.println(foo + " exists, and is a directory");
g.drawString(foo + " exists, and is a directory", 10, 10);
}
file.delete();
if (! file.exists())
g.drawString(foo + " no longer exists. Deleted it.", 10, 30);
}
catch (Exception e) {
e.printStackTrace();
}
}
}
acl.write=/tmp/foo
Here's the source.
puffin% javac DeleteFileApplet.java
puffin% grep /tmp ~/.hotjava/properties
acl.write=/tmp
puffin% appletviewer DeleteFileApplet.html
/tmp/foo exists, and is a directory
java.lang.SecurityException
at java.lang.SecurityManager.checkDelete(SecurityManager.java)
at java.io.File.delete(File.java)
at DeleteFileApplet.paint(DeleteFileApplet.java:23)
at java.awt.Component.dispatchEventImpl(Component.java)
at java.awt.Container.dispatchEventImpl(Container.java)
at java.awt.EventDispatchThread.run(EventDispatchThread.java)
puffin%