Java Mailing List Archive

http://www.junlu.com/

Home » users-digest.tomcat »

users Digest 24 Mar 2013 23:24:17 -0000 Issue 11313

users-digest-help

2013-03-24


Author LoginPost Reply

users Digest 24 Mar 2013 23:24:17 -0000 Issue 11313

Topics (messages 240698 through 240709)

Re: runtime.exec "cmd.exe /C net use"
 240698 by: Harris, Jeffrey E.
 240699 by: Serge Fonville
 240700 by: André Warnier
 240701 by: Patrick Flaherty
 240702 by: Harris, Jeffrey E.
 240704 by: Patrick Flaherty
 240706 by: Patrick Flaherty
 240708 by: Howard W. Smith, Jr.
 240709 by: Howard W. Smith, Jr.

Can ClientAbortException be circumvented?
 240703 by: Thad Humphries
 240705 by: Konstantin Kolinko
 240707 by: Mark Thomas

Administrivia:

---------------------------------------------------------------------
To post to the list, e-mail: users@(protected)
To unsubscribe, e-mail: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-digest-help@(protected)

----------------------------------------------------------------------


Attachment: users_240698.eml (zipped)


> -----Original Message-----
> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> Sent: Sunday, March 24, 2013 3:37 PM
> To: Tomcat Users List
> Subject: Re: runtime.exec "cmd.exe /C net use"
>
>
> On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
>
> > Harris, Jeffrey E. wrote:
> >>> -----Original Message-----
> >>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> >>> Sent: Sunday, March 24, 2013 12:18 PM
> >>> To: Tomcat Users List
> >>> Subject: Re: runtime.exec "cmd.exe /C net use"
> >>>
> >>>
> >>> On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
> >>>
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> >>>>> Sent: Sunday, March 24, 2013 10:20 AM
> >>>>> To: Tomcat Users List
> >>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
> >>>>>
> >>>>>
> >>>>> On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
> >>>>>
> > (**) Maybe this is a hint to the OP : what happens if you ignore the
> > result of the first command call, and try the same command a second
> > time ?
> > And I agree : there a bit of hocus-pocus here, but then many things
> > are, in a Windows environment.
> >
> You are not hearing me. The drives are mapped and set to reconnect at
> logon. Therefore if I reboot my machine the network drive mapping are
> in place after logging in. I *do not* try and map a drive from within
> my app. My app has full access to the network shares as soon as my app
> is up. No problem with network shares and my app ! My app needs to read
> and write to those network share to function and has no problems.
>

I think we have a failure to communicate here.

Mappings set to reconnect are NOT the same as having access to a share.
If you have access to the share, it is does not depending on a mapping. The
mapping only assigns a particular drive letter to a UNC.

Within your application, do you actually access the mappings by letter, or by
UNC?

> The problem is after I'm up and running, I try to run "cmd.exe /C net
> use" from within the app it does not return any mapped drives. it
> returns:
> net use
> New connections will be remembered.
>
> There are no entries in the list.
>

We understand that. What we are trying to tell you if you want those mappings
to appear (regardless of whether they are already mapped or not), we think you
need to dynamically map them within your application. Otherwise, we think you
will continue to experience the situation you describe above.

> Again, the return above happen only when running as a service but
> works fine when tomcat starts from startup.bat in a console. Works fine
> means it returns drive letter, unc equivalent etc ... basically what
> you normally see when you have mapped network drives and run "net use"
> from cmd.exe.
>
> It make no sense I know but I'm at a loss.

I think it makes sense (pending further information on how you actually access the
shares from within your application) because the application is not actually using
a mapped drive, but using its access rights from a UNC.

>
> Thanks again
> Pat
>
>
>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@(protected)
> > For additional commands, e-mail: users-help@(protected)
> >


This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.


Attachment: users_240699.eml (zipped)
Hi,

See the second reply on SO
http://stackoverflow.com/questions/182750/map-a-network-drive-to-be-used-by-a-service

HTH

Kind regards/met vriendelijke groet,

Serge Fonville

http://www.sergefonville.nl

Convince Microsoft!
They need to add TRUNCATE PARTITION in SQL Server
https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table


2013/3/24 Harris, Jeffrey E. <Jeffrey.Harris@(protected)>

>
>
> > -----Original Message-----
> > From: Patrick Flaherty [mailto:pflahrty@(protected)]
> > Sent: Sunday, March 24, 2013 3:37 PM
> > To: Tomcat Users List
> > Subject: Re: runtime.exec "cmd.exe /C net use"
> >
> >
> > On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
> >
> > > Harris, Jeffrey E. wrote:
> > >>> -----Original Message-----
> > >>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> > >>> Sent: Sunday, March 24, 2013 12:18 PM
> > >>> To: Tomcat Users List
> > >>> Subject: Re: runtime.exec "cmd.exe /C net use"
> > >>>
> > >>>
> > >>> On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
> > >>>
> > >>>>
> > >>>>> -----Original Message-----
> > >>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> > >>>>> Sent: Sunday, March 24, 2013 10:20 AM
> > >>>>> To: Tomcat Users List
> > >>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
> > >>>>>
> > >>>>>
> > >>>>> On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
> > >>>>>
> > > (**) Maybe this is a hint to the OP : what happens if you ignore the
> > > result of the first command call, and try the same command a second
> > > time ?
> > > And I agree : there a bit of hocus-pocus here, but then many things
> > > are, in a Windows environment.
> > >
> > You are not hearing me. The drives are mapped and set to reconnect at
> > logon. Therefore if I reboot my machine the network drive mapping are
> > in place after logging in. I *do not* try and map a drive from within
> > my app. My app has full access to the network shares as soon as my app
> > is up. No problem with network shares and my app ! My app needs to read
> > and write to those network share to function and has no problems.
> >
>
> I think we have a failure to communicate here.
>
> Mappings set to reconnect are NOT the same as having access to a share.
> If you have access to the share, it is does not depending on a mapping.
> The
> mapping only assigns a particular drive letter to a UNC.
>
> Within your application, do you actually access the mappings by letter, or
> by
> UNC?
>
> > The problem is after I'm up and running, I try to run "cmd.exe /C net
> > use" from within the app it does not return any mapped drives. it
> > returns:
> > net use
> > New connections will be remembered.
> >
> > There are no entries in the list.
> >
>
> We understand that. What we are trying to tell you if you want those
> mappings
> to appear (regardless of whether they are already mapped or not), we think
> you
> need to dynamically map them within your application. Otherwise, we think
> you
> will continue to experience the situation you describe above.
>
> > Again, the return above happen only when running as a service but
> > works fine when tomcat starts from startup.bat in a console. Works fine
> > means it returns drive letter, unc equivalent etc ... basically what
> > you normally see when you have mapped network drives and run "net use"
> > from cmd.exe.
> >
> > It make no sense I know but I'm at a loss.
>
> I think it makes sense (pending further information on how you actually
> access the
> shares from within your application) because the application is not
> actually using
> a mapped drive, but using its access rights from a UNC.
>
> >
> > Thanks again
> > Pat
> >
> >
> >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@(protected)
> > > For additional commands, e-mail: users-help@(protected)
> > >
>
>
> This e-mail and any attachments are intended only for the use of the
> addressee(s) named herein and may contain proprietary information. If you
> are not the intended recipient of this e-mail or believe that you received
> this email in error, please take immediate action to notify the sender of
> the apparent error by reply e-mail; permanently delete the e-mail and any
> attachments from your computer; and do not disseminate, distribute, use, or
> copy this message and any attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>

Attachment: users_240700.eml (zipped)
Patrick Flaherty wrote:
>
> On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
>
>> Harris, Jeffrey E. wrote:
>>>> -----Original Message-----
>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>> Sent: Sunday, March 24, 2013 12:18 PM
>>>> To: Tomcat Users List
>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>
>>>>
>>>> On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>>>> Sent: Sunday, March 24, 2013 10:20 AM
>>>>>> To: Tomcat Users List
>>>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>>>
>>>>>>
>>>>>> On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
>>>>>>
>>>>>>> On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Thanks for all the input. I know about service logins being only
>>>> able
>>>>>> to use UNC paths (not drive letters) to access network shares. I
>>>> know
>>>>>> the service login & password have to have a matching account on the
>>>>>> server with the shares in order for the tomcat app to use (access)
>>>>>> those shares. We do all of this. Out tomcat app depends on network
>>>>>> shares to function and it always has worked as long as the service
>>>>>> login account matches an account on the server with the shares.
>>>>>>
>>>>>> What I'm trying to do in an html interface is make a pulldown menu
>>>>>> list of my mapped drives as a location for our database backup. It's
>>>>>> a preference setup to where an automated scheduled backup will write
>>>>>> the backups. I'm using "net use" to produce what you would expect
>>>> for
>>>>>> output (all the mapped network drives) and parsing the output to
>>>>>> produce the pulldown menu item containing the unc portion gleaned
>>>>>> from the "net use" output. I need the unc portion as this is what a
>>>>>> tomcat app needs. No matter what I do outside the app I cannot
>>>>>> produce the effectively empty list that the app is producing. I'm
>>>>>> logged into Windows as the same account as the service and I open a
>>>>>> command prompt and see all my mapped drives via "net use". I have
>>>>>> tried UAC on and off and it changes nothing. I added a simple "dir"
>>>>>> to the app and I can get that output but not the "net use"
>>>>>> output. I do know it has to do with the service as I said because
>>>>>> when tomcat is started via the startup.bat it works great.
>>>>>>
>>>>>> Maybe it is a Windows question but thought someone may have had some
>>>>>> similar experience.
>>>>>>
>>>>>> Thanks for eveyone's thoughts.
>>>>>>
>>>>>> -Pat
>>>>>>
>>>>> You still have not answered how the mapping are being made in the
>>>>> first place. Is the service account dynamically setting the mapping
>>>>> using net use, or through the Windows API? Are you relying on static
>>>>> mappings in the user account profile?
>>>> Hi Jeffrey,
>>>>
>>>> The drive mapping are happening through the Windows Explorer interface.
>>>> The file server is browsed and the shares on the file server are mapped
>>>> by right-clicking the share, mapping it to a drive letter and I check
>>>> the checkbox "Reconnect at logon". Then I start my app.
>>>> (I'm not using any user profiles.)
>>>>
>>>> -Pat
>>>>
>>>>> Jeffrey Harris
>>>>>
>>> Pat,
>>> I do not think that will work for a service account. The drive
>>> mappings are stored in the user profile,
>>> and since I do not think service accounts access user profiles, the
>>> service account will not remap
>>> the drives when using the account to start a service (it will when
>>> you actually log in interactively with
>>> the account). You can try setting some custom environment variables
>>> in the user profile (not the system profile)
>>> and see if they are accessible by the service account using the set
>>> command as a test to see if mapping
>>> might be accessible.
>>> What you probably need to do is actually set the drive mappings using
>>> the Windows API dynamically when Tomcat starts,
>>> or use UNCs. I know you want to display the drive mappings, but you
>>> could fake the display by doing a net use >myfilemappings.txt from
>>> the command line (when logged into the account), and just calling the
>>> file to display the mappings. Obviously, if the mappings change, you
>>> would have to redo the file.
>>> I think those are your only options. You might want to do a Google
>>> search and see if there is a way for
>>> service accounts to use remembered mapped drives.
>>
>> I routinely use "net use \\hostname\share" from inside programs
>> running as Windows Services (not in Java, though, but it should not
>> matter). "Drive letters" don't work.
>> The exact form I use is :
>> net use \\hostname\sharename <password> /USER:<userid>
>> And then later I can open/read/write/close files as
>> "\\hostname\sharename\filepath".
>>
>> It works, but I have noticed one "quirk" in my programs : after doing
>> the "net use", the very first access to the share doesn't work and
>> returns an error. The second access and all subsequent ones work
>> though. I have no idea why this is, but I have just adapted my
>> programs to work around this issue (by doing a first dummy access and
>> ignoring the result), and never had any problem since. (**)
>>
>> To be able to do this, the Service *cannot* run as the LocalSystem or
>> LocalService user. By design in Windows, these special users do not
>> have access to any "Windows network" functions or resources. Any
>> "normal" user (*) will do, depending on the environment (such as, if
>> the current host is a member of a Windows Domain, and the Windows
>> network resource is defined in that domain, then the user will need to
>> be a Domain user; if the resource is a share on a Linux Samba host
>> e.g., then any user will do, as long as it is known to Samba).
>> This all concerns only "Windows network" resources. Anything accessed
>> via standard TCP/IP protocols (HTTP, NFS, FTP, SSL..) works, even when
>> running as one of these special users.
>>
>> As a not very precise technical definition, "Windows network
>> resources" are all the things like "shares" (network directories),
>> Windows network printers, anything that is accessed via the SMB or
>> CIFS protocol, anything that requires the usage of a "workgroup" or
>> "domain" name, etc.
>>
>>
>> (*) with one additional caveat : the user must be granted the "right
>> to run services".
>>
>> (**) Maybe this is a hint to the OP : what happens if you ignore the
>> result of the first command call, and try the same command a second
>> time ?
>> And I agree : there a bit of hocus-pocus here, but then many things
>> are, in a Windows environment.
>>
> You are not hearing me. The drives are mapped and set to reconnect at
> logon. Therefore if I reboot my machine the network drive mapping are in
> place after
> logging in. I *do not* try and map a drive from within my app. My app
> has full access to the network shares as soon as my app is up. No
> problem with network
> shares and my app !

Well, only if your app is running on your computer though. As soon as your app is moved
somewhere else, it will stop working unless you set up that computer the same way.

My app needs to read and write to those network
> share to function and has no problems.
>
> The problem is after I'm up and running, I try to run "cmd.exe /C net
> use" from within the app it does not return any mapped drives. it returns:
> net use
> New connections will be remembered.
>
> There are no entries in the list.
>
> Again, the return above happen only when running as a service but works
> fine when tomcat starts from startup.bat in a console. Works fine means
> it returns drive letter, unc equivalent etc ... basically what you
> normally see when you have mapped network drives and run "net use" from
> cmd.exe.
>
> It make no sense I know but I'm at a loss.
>
Yes, it does make sense. When something is running as a Service under a given user-id, it
does not have the same environment as when you login to a computer with that same user-id.
The "service environment" is different from the "interactive login" environment.
In how many ways exactly under Windows, I do not know; but many. (One of the ways is that
a Service does not have a console, while your interactive session does; that alone already
make a lot of programs act differently. Another way is the permissions, which are
different between services and interactive users).

The crux of the matter is : if you want your Service (whatever program it runs in whatever
programming language) to have access to certain resources, you should make sure that it is
the service itself which acquires/connect to these resources, and not rely on, for
example, "mappings" that have been made under another environment, to be present in the
service environment.

Think of it as follows : when you - personally - login to the machine, you get a "session"
under your user-id. And then inside that session you run Tomcat, as an application, within
that same session.
When a service starts, it does its own login and it gets a different "session", also under
the same user-id, but a different session anyway.
And there is nothing that says that everything that you have in your interactive user
session is automatically there in that (separate) service session. And if anything is, it
may just be a bug in this particular Windows version, and may go away at the next version.



Attachment: users_240701.eml (zipped)

On Mar 24, 2013, at 3:46 PM, Harris, Jeffrey E. wrote:

>
>
>> -----Original Message-----
>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>> Sent: Sunday, March 24, 2013 3:37 PM
>> To: Tomcat Users List
>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>
>>
>> On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
>>
>>> Harris, Jeffrey E. wrote:
>>>>> -----Original Message-----
>>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>>> Sent: Sunday, March 24, 2013 12:18 PM
>>>>> To: Tomcat Users List
>>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>>
>>>>>
>>>>> On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>>>>> Sent: Sunday, March 24, 2013 10:20 AM
>>>>>>> To: Tomcat Users List
>>>>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>>>>
>>>>>>>
>>>>>>> On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
>>>>>>>
>>> (**) Maybe this is a hint to the OP : what happens if you ignore the
>>> result of the first command call, and try the same command a second
>>> time ?
>>> And I agree : there a bit of hocus-pocus here, but then many things
>>> are, in a Windows environment.
>>>
>> You are not hearing me. The drives are mapped and set to reconnect at
>> logon. Therefore if I reboot my machine the network drive mapping are
>> in place after logging in. I *do not* try and map a drive from within
>> my app. My app has full access to the network shares as soon as my
>> app
>> is up. No problem with network shares and my app ! My app needs to
>> read
>> and write to those network share to function and has no problems.
>>
>
> I think we have a failure to communicate here.
>
> Mappings set to reconnect are NOT the same as having access to a
> share.
> If you have access to the share, it is does not depending on a
> mapping. The
> mapping only assigns a particular drive letter to a UNC.
>
> Within your application, do you actually access the mappings by
> letter, or by
> UNC?
>
>> The problem is after I'm up and running, I try to run "cmd.exe /C net
>> use" from within the app it does not return any mapped drives. it
>> returns:
>> net use
>> New connections will be remembered.
>>
>> There are no entries in the list.
>>
>
> We understand that. What we are trying to tell you if you want
> those mappings
> to appear (regardless of whether they are already mapped or not), we
> think you
> need to dynamically map them within your application. Otherwise, we
> think you
> will continue to experience the situation you describe above.
>
>> Again, the return above happen only when running as a service but
>> works fine when tomcat starts from startup.bat in a console. Works
>> fine
>> means it returns drive letter, unc equivalent etc ... basically what
>> you normally see when you have mapped network drives and run "net
>> use"
>> from cmd.exe.
>>
>> It make no sense I know but I'm at a loss.
>
> I think it makes sense (pending further information on how you
> actually access the
> shares from within your application) because the application is not
> actually using
> a mapped drive, but using its access rights from a UNC.

Hi Jeffrey,

I think I'm getting what you might be saying. Because "net use"
returns a drive letter in its return
then the service cannot deal with it? To answer your question about
how we access shares from
within our app, we *have to* use UNC paths that already have the
proper credentials provided by
a common username & password that the service uses to login (local
account with same username
and password as an account already on the file server) So when the app
accesses the UNC path
for the first time it tries to use it's service login credentials
which we require to exist on the file
server with the shares. Therefore when we do our first network access
the service login account
is used to authenticate with the file server and because we create an
account on the file server
with the same username and password we get clean access to the shares.
I never liked having this
rule (service login name and password must exist on the file server
matching exactly) but it has
work for us for years. But getting back to net use, because drive
letters are not usable by code
running in the service, we don't get anything back from "net use"
because part of its return is
a drive letter? I hope I'm making sense, but is that the gist of what
you are saying? If it is then
it starts to make a lot more sense now.

Thanks for hanging in there with me.
Pat


>
>>
>> Thanks again
>> Pat
>>
>>
>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>>> For additional commands, e-mail: users-help@(protected)
>>>
>
>
> This e-mail and any attachments are intended only for the use of the
> addressee(s) named herein and may contain proprietary information.
> If you are not the intended recipient of this e-mail or believe that
> you received this email in error, please take immediate action to
> notify the sender of the apparent error by reply e-mail; permanently
> delete the e-mail and any attachments from your computer; and do not
> disseminate, distribute, use, or copy this message and any
> attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>



Attachment: users_240702.eml (zipped)


> -----Original Message-----
> From: Patrick Flaherty [mailto:pflahrty@(protected)]
> Sent: Sunday, March 24, 2013 4:15 PM
> To: Tomcat Users List
> Subject: Re: runtime.exec "cmd.exe /C net use"
>
>
> > Within your application, do you actually access the mappings by
> > letter, or by UNC?
> >
> >> The problem is after I'm up and running, I try to run "cmd.exe /C
> net
> >> use" from within the app it does not return any mapped drives. it
> >> returns:
> >> net use
> >> New connections will be remembered.
> >>
> >> There are no entries in the list.
> >>
> >
> > We understand that. What we are trying to tell you if you want those
> > mappings to appear (regardless of whether they are already mapped or
> > not), we think you need to dynamically map them within your
> > application. Otherwise, we think you will continue to experience the
> > situation you describe above.
> >
> >> Again, the return above happen only when running as a service but
> >> works fine when tomcat starts from startup.bat in a console. Works
> >> fine means it returns drive letter, unc equivalent etc ... basically
> >> what you normally see when you have mapped network drives and run
> >> "net use"
> >> from cmd.exe.
> >>
> >> It make no sense I know but I'm at a loss.
> >
> > I think it makes sense (pending further information on how you
> > actually access the shares from within your application) because the
> > application is not actually using a mapped drive, but using its
> access
> > rights from a UNC.
>
> Hi Jeffrey,
>
> I think I'm getting what you might be saying. Because "net use"
> returns a drive letter in its return
> then the service cannot deal with it? To answer your question about how
> we access shares from within our app, we *have to* use UNC paths that
> already have the proper credentials provided by a common username &
> password that the service uses to login (local account with same
> username and password as an account already on the file server) So when
> the app accesses the UNC path for the first time it tries to use it's
> service login credentials which we require to exist on the file server
> with the shares. Therefore when we do our first network access the
> service login account is used to authenticate with the file server and
> because we create an account on the file server with the same username
> and password we get clean access to the shares.
> I never liked having this
> rule (service login name and password must exist on the file server
> matching exactly) but it has work for us for years. But getting back to
> net use, because drive letters are not usable by code running in the
> service, we don't get anything back from "net use"
> because part of its return is
> a drive letter? I hope I'm making sense, but is that the gist of what
> you are saying? If it is then it starts to make a lot more sense now.
>
> Thanks for hanging in there with me.
> Pat

Mappings are strictly a convention for using UNCs with drive letters (a fall back
to the days of Windows 3.1 and 95/98 which did not understand UNCs, and neither
did applications). Based on your description, you are using passthrough authentication because you
are operating in a workgroup environment (if you were in a domain environment,
you would simply assign a domain account, and give that account the right
permissions to the share). Your description above about authentication is
exactly right - matching accounts and passwords means transparent access to the
share.

Andre discussed this point in his last post - a service account logging in interactively
has a different environment than a service account logging in as a service. Windows is
basically ignoring any drive mappings that you specify because they were specified outside
of the service session. You are gaining access because of the UNCs and the passthrough
authentication.

If you want to use drive mappings, you need to map them WITHIN your application (or service
session) to appear. See the link in Serge's post for some ideas how to do this. I think
the best method is to actually map the drives yourself within your application, if you can;
otherwise, set up a service that does the drive mappings, and then calls your Tomcat service.

If all you want to do is make the list of mappings appear in an HTML page (without actually using
them in your application), you can just fake the list as I discussed previously.

The key point is because the mappings are not set within the service session itself, you are NOT
using the mappings, only the UNCs, and they will not appear using the net use command within
the service.

Jeffrey Harris


This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.


Attachment: users_240704.eml (zipped)

On Mar 24, 2013, at 4:01 PM, André Warnier wrote:

> Patrick Flaherty wrote:
>> On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
>>> Harris, Jeffrey E. wrote:
>>>>> -----Original Message-----
>>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>>> Sent: Sunday, March 24, 2013 12:18 PM
>>>>> To: Tomcat Users List
>>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>>
>>>>>
>>>>> On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>>>>>>> Sent: Sunday, March 24, 2013 10:20 AM
>>>>>>> To: Tomcat Users List
>>>>>>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>>>>>>
>>>>>>>
>>>>>>> On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
>>>>>>>
>>>>>>>> On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Thanks for all the input. I know about service logins being only
>>>>> able
>>>>>>> to use UNC paths (not drive letters) to access network shares. I
>>>>> know
>>>>>>> the service login & password have to have a matching account
>>>>>>> on the
>>>>>>> server with the shares in order for the tomcat app to use
>>>>>>> (access)
>>>>>>> those shares. We do all of this. Out tomcat app depends on
>>>>>>> network
>>>>>>> shares to function and it always has worked as long as the
>>>>>>> service
>>>>>>> login account matches an account on the server with the shares.
>>>>>>>
>>>>>>> What I'm trying to do in an html interface is make a pulldown
>>>>>>> menu
>>>>>>> list of my mapped drives as a location for our database
>>>>>>> backup. It's
>>>>>>> a preference setup to where an automated scheduled backup will
>>>>>>> write
>>>>>>> the backups. I'm using "net use" to produce what you would
>>>>>>> expect
>>>>> for
>>>>>>> output (all the mapped network drives) and parsing the output to
>>>>>>> produce the pulldown menu item containing the unc portion
>>>>>>> gleaned
>>>>>>> from the "net use" output. I need the unc portion as this is
>>>>>>> what a
>>>>>>> tomcat app needs. No matter what I do outside the app I cannot
>>>>>>> produce the effectively empty list that the app is producing.
>>>>>>> I'm
>>>>>>> logged into Windows as the same account as the service and I
>>>>>>> open a
>>>>>>> command prompt and see all my mapped drives via "net use". I
>>>>>>> have
>>>>>>> tried UAC on and off and it changes nothing. I added a simple
>>>>>>> "dir"
>>>>>>> to the app and I can get that output but not the "net use"
>>>>>>> output. I do know it has to do with the service as I said
>>>>>>> because
>>>>>>> when tomcat is started via the startup.bat it works great.
>>>>>>>
>>>>>>> Maybe it is a Windows question but thought someone may have
>>>>>>> had some
>>>>>>> similar experience.
>>>>>>>
>>>>>>> Thanks for eveyone's thoughts.
>>>>>>>
>>>>>>> -Pat
>>>>>>>
>>>>>> You still have not answered how the mapping are being made in the
>>>>>> first place. Is the service account dynamically setting the
>>>>>> mapping
>>>>>> using net use, or through the Windows API? Are you relying on
>>>>>> static
>>>>>> mappings in the user account profile?
>>>>> Hi Jeffrey,
>>>>>
>>>>> The drive mapping are happening through the Windows Explorer
>>>>> interface.
>>>>> The file server is browsed and the shares on the file server are
>>>>> mapped
>>>>> by right-clicking the share, mapping it to a drive letter and I
>>>>> check
>>>>> the checkbox "Reconnect at logon". Then I start my app.
>>>>> (I'm not using any user profiles.)
>>>>>
>>>>> -Pat
>>>>>
>>>>>> Jeffrey Harris
>>>>>>
>>>> Pat,
>>>> I do not think that will work for a service account. The drive
>>>> mappings are stored in the user profile,
>>>> and since I do not think service accounts access user profiles,
>>>> the service account will not remap
>>>> the drives when using the account to start a service (it will
>>>> when you actually log in interactively with
>>>> the account). You can try setting some custom environment
>>>> variables in the user profile (not the system profile)
>>>> and see if they are accessible by the service account using the
>>>> set command as a test to see if mapping
>>>> might be accessible.
>>>> What you probably need to do is actually set the drive mappings
>>>> using the Windows API dynamically when Tomcat starts,
>>>> or use UNCs. I know you want to display the drive mappings, but
>>>> you could fake the display by doing a net use >myfilemappings.txt
>>>> from the command line (when logged into the account), and just
>>>> calling the file to display the mappings. Obviously, if the
>>>> mappings change, you would have to redo the file.
>>>> I think those are your only options. You might want to do a
>>>> Google search and see if there is a way for
>>>> service accounts to use remembered mapped drives.
>>>
>>> I routinely use "net use \\hostname\share" from inside programs
>>> running as Windows Services (not in Java, though, but it should
>>> not matter). "Drive letters" don't work.
>>> The exact form I use is :
>>> net use \\hostname\sharename <password> /USER:<userid>
>>> And then later I can open/read/write/close files as "\\hostname
>>> \sharename\filepath".
>>>
>>> It works, but I have noticed one "quirk" in my programs : after
>>> doing the "net use", the very first access to the share doesn't
>>> work and returns an error. The second access and all subsequent
>>> ones work though. I have no idea why this is, but I have just
>>> adapted my programs to work around this issue (by doing a first
>>> dummy access and ignoring the result), and never had any problem
>>> since. (**)
>>>
>>> To be able to do this, the Service *cannot* run as the LocalSystem
>>> or LocalService user. By design in Windows, these special users do
>>> not have access to any "Windows network" functions or resources.  
>>> Any "normal" user (*) will do, depending on the environment (such
>>> as, if the current host is a member of a Windows Domain, and the
>>> Windows network resource is defined in that domain, then the user
>>> will need to be a Domain user; if the resource is a share on a
>>> Linux Samba host e.g., then any user will do, as long as it is
>>> known to Samba).
>>> This all concerns only "Windows network" resources. Anything
>>> accessed via standard TCP/IP protocols (HTTP, NFS, FTP, SSL..)
>>> works, even when running as one of these special users.
>>>
>>> As a not very precise technical definition, "Windows network
>>> resources" are all the things like "shares" (network
>>> directories), Windows network printers, anything that is accessed
>>> via the SMB or CIFS protocol, anything that requires the usage of
>>> a "workgroup" or "domain" name, etc.
>>>
>>>
>>> (*) with one additional caveat : the user must be granted the
>>> "right to run services".
>>>
>>> (**) Maybe this is a hint to the OP : what happens if you ignore
>>> the result of the first command call, and try the same command a
>>> second time ?
>>> And I agree : there a bit of hocus-pocus here, but then many
>>> things are, in a Windows environment.
>>>
>> You are not hearing me. The drives are mapped and set to reconnect
>> at logon. Therefore if I reboot my machine the network drive
>> mapping are in place after
>> logging in. I *do not* try and map a drive from within my app. My
>> app has full access to the network shares as soon as my app is up.
>> No problem with network
>> shares and my app !
>
> Well, only if your app is running on your computer though. As soon
> as your app is moved somewhere else, it will stop working unless you
> set up that computer the same way.
>
> My app needs to read and write to those network
>> share to function and has no problems.
>> The problem is after I'm up and running, I try to run "cmd.exe /C
>> net use" from within the app it does not return any mapped drives.
>> it returns:
>> net use
>> New connections will be remembered.
>> There are no entries in the list.
>> Again, the return above happen only when running as a service but
>> works fine when tomcat starts from startup.bat in a console. Works
>> fine means
>> it returns drive letter, unc equivalent etc ... basically what you
>> normally see when you have mapped network drives and run "net use"
>> from cmd.exe.
>> It make no sense I know but I'm at a loss.
> Yes, it does make sense. When something is running as a Service
> under a given user-id, it does not have the same environment as when
> you login to a computer with that same user-id.
> The "service environment" is different from the "interactive login"
> environment.
> In how many ways exactly under Windows, I do not know; but many.
> (One of the ways is that a Service does not have a console, while
> your interactive session does; that alone already make a lot of
> programs act differently. Another way is the permissions, which are
> different between services and interactive users).
>
> The crux of the matter is : if you want your Service (whatever
> program it runs in whatever programming language) to have access to
> certain resources, you should make sure that it is the service
> itself which acquires/connect to these resources, and not rely on,
> for example, "mappings" that have been made under another
> environment, to be present in the service environment.
>
> Think of it as follows : when you - personally - login to the
> machine, you get a "session" under your user-id. And then inside
> that session you run Tomcat, as an application, within that same
> session.
> When a service starts, it does its own login and it gets a different
> "session", also under the same user-id, but a different session
> anyway.
> And there is nothing that says that everything that you have in your
> interactive user session is automatically there in that (separate)
> service session. And if anything is, it may just be a bug in this
> particular Windows version, and may go away at the next version.

Hi Andre,

I do understand and well said. The bottom line is I cannot expect
"interactive" command calls to work like 'Service" based command calls
So "net use" can execute but not return the same results as an
interactive user. Dang !

Thanks for the WIndows lesson, the place I *thought* I knew well.
Pat

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>



Attachment: users_240706.eml (zipped)

On Mar 24, 2013, at 4:29 PM, Harris, Jeffrey E. wrote:

>
>
>> -----Original Message-----
>> From: Patrick Flaherty [mailto:pflahrty@(protected)]
>> Sent: Sunday, March 24, 2013 4:15 PM
>> To: Tomcat Users List
>> Subject: Re: runtime.exec "cmd.exe /C net use"
>>
>>
>>> Within your application, do you actually access the mappings by
>>> letter, or by UNC?
>>>
>>>> The problem is after I'm up and running, I try to run "cmd.exe /C
>> net
>>>> use" from within the app it does not return any mapped drives. it
>>>> returns:
>>>> net use
>>>> New connections will be remembered.
>>>>
>>>> There are no entries in the list.
>>>>
>>>
>>> We understand that. What we are trying to tell you if you want
>>> those
>>> mappings to appear (regardless of whether they are already mapped or
>>> not), we think you need to dynamically map them within your
>>> application. Otherwise, we think you will continue to experience
>>> the
>>> situation you describe above.
>>>
>>>> Again, the return above happen only when running as a service but
>>>> works fine when tomcat starts from startup.bat in a console. Works
>>>> fine means it returns drive letter, unc equivalent etc ...
>>>> basically
>>>> what you normally see when you have mapped network drives and run
>>>> "net use"
>>>> from cmd.exe.
>>>>
>>>> It make no sense I know but I'm at a loss.
>>>
>>> I think it makes sense (pending further information on how you
>>> actually access the shares from within your application) because the
>>> application is not actually using a mapped drive, but using its
>> access
>>> rights from a UNC.
>>
>> Hi Jeffrey,
>>
>> I think I'm getting what you might be saying. Because "net use"
>> returns a drive letter in its return
>> then the service cannot deal with it? To answer your question about
>> how
>> we access shares from within our app, we *have to* use UNC paths that
>> already have the proper credentials provided by a common username &
>> password that the service uses to login (local account with same
>> username and password as an account already on the file server) So
>> when
>> the app accesses the UNC path for the first time it tries to use it's
>> service login credentials which we require to exist on the file
>> server
>> with the shares. Therefore when we do our first network access the
>> service login account is used to authenticate with the file server
>> and
>> because we create an account on the file server with the same
>> username
>> and password we get clean access to the shares.
>> I never liked having this
>> rule (service login name and password must exist on the file server
>> matching exactly) but it has work for us for years. But getting
>> back to
>> net use, because drive letters are not usable by code running in the
>> service, we don't get anything back from "net use"
>> because part of its return is
>> a drive letter? I hope I'm making sense, but is that the gist of what
>> you are saying? If it is then it starts to make a lot more sense now.
>>
>> Thanks for hanging in there with me.
>> Pat
>
> Mappings are strictly a convention for using UNCs with drive letters
> (a fall back
> to the days of Windows 3.1 and 95/98 which did not understand UNCs,
> and neither
> did applications). Based on your description, you are using
> passthrough authentication because you
> are operating in a workgroup environment (if you were in a domain
> environment,
> you would simply assign a domain account, and give that account the
> right
> permissions to the share). Your description above about
> authentication is
> exactly right - matching accounts and passwords means transparent
> access to the
> share.
>
> Andre discussed this point in his last post - a service account
> logging in interactively
> has a different environment than a service account logging in as a
> service. Windows is
> basically ignoring any drive mappings that you specify because they
> were specified outside
> of the service session. You are gaining access because of the UNCs
> and the passthrough
> authentication.
>
> If you want to use drive mappings, you need to map them WITHIN your
> application (or service
> session) to appear. See the link in Serge's post for some ideas how
> to do this. I think
> the best method is to actually map the drives yourself within your
> application, if you can;
> otherwise, set up a service that does the drive mappings, and then
> calls your Tomcat service.
>
> If all you want to do is make the list of mappings appear in an HTML
> page (without actually using
> them in your application), you can just fake the list as I discussed
> previously.
>
> The key point is because the mappings are not set within the service
> session itself, you are NOT
> using the mappings, only the UNCs, and they will not appear using
> the net use command within
> the service.
>
> Jeffrey Harris

Hi Jeffrey,

Yes, I now get it. Thanks for the lesson on Windows Networking (I
thought I knew well) and thanks to Andre as well.
You also said that if all I wanted to do was make a list of mapping
appear in an html page (without actually using them
in your application), you can just fake it as previously discussed. I
think I missed that part.

Thanks
Pat

>
>
> This e-mail and any attachments are intended only for the use of the
> addressee(s) named herein and may contain proprietary information.
> If you are not the intended recipient of this e-mail or believe that
> you received this email in error, please take immediate action to
> notify the sender of the apparent error by reply e-mail; permanently
> delete the e-mail and any attachments from your computer; and do not
> disseminate, distribute, use, or copy this message and any
> attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>



Attachment: users_240708.eml (zipped)
> Hi Jeffrey,
>
> Yes, I now get it. Thanks for the lesson on Windows Networking (I thought
> I knew well) and thanks to Andre as well.
> You also said that if all I wanted to do was make a list of mapping appear
> in an html page (without actually using them
> in your application), you can just fake it as previously discussed. I
> think I missed that part.
>
> Thanks
> Pat
>
>
>
Glad you understand now. I was about to provide a response similar to
Andre's previous response. This all reminds me of a similar situation
within my TomEE/Tomcat7 web app.

On my development server (Windows 2008 server 64-bit), I am 'always' logged
in and coding/etc, which means I always test the web app via NetBeans
(which provide the infamous 'console' that is mentioned throughout this
thread). I developed this piece of code that uses JODConverter to call
OpenOffice.org at/via port 2002, and this allows my web app to convert
files to PDF after enduser uploads certain documents (Word docs, excel,
etc...). So, that all works on my development server. Why? because I am
logged in everytime while testing and the app is 'never' running as a
Windows 'service' on my development server.

So, i deploy my web app to target/production server (Windows 2003 Server
and/or Windows Server 2008). For many months now, I have wondered 'why' the
code will not work on the 'production' server but it runs/works 'everytime'
on my development server. Finally, recently (after many months of research
and/or multiple attempts of trying to debug/resolve the problem), I either
read somewhere or finally realized that the code will 'not' work because my
web app is running as a service, and for whatever reason (of course a
'Windows' reason), the code will 'not' work while running as a service.

So, I am left to coding another implementation to convert files after
upload, use another library, and ditch the JODConverter/OpenOffice.org
approach.

Attachment: users_240709.eml (zipped)
On Sun, Mar 24, 2013 at 7:14 PM, Howard W. Smith, Jr. <
smithh032772@(protected):

>
>
>> Hi Jeffrey,
>>
>> Yes, I now get it. Thanks for the lesson on Windows Networking (I thought
>> I knew well) and thanks to Andre as well.
>> You also said that if all I wanted to do was make a list of mapping
>> appear in an html page (without actually using them
>> in your application), you can just fake it as previously discussed. I
>> think I missed that part.
>>
>> Thanks
>> Pat
>>
>>
>>
> Glad you understand now. I was about to provide a response similar to
> Andre's previous response. This all reminds me of a similar situation
> within my TomEE/Tomcat7 web app.
>
> On my development server (Windows 2008 server 64-bit), I am 'always'
> logged in and coding/etc, which means I always test the web app via
> NetBeans (which provide the infamous 'console' that is mentioned throughout
> this thread). I developed this piece of code that uses JODConverter to call
> OpenOffice.org at/via port 2002, and this allows my web app to convert
> files to PDF after enduser uploads certain documents (Word docs, excel,
> etc...). So, that all works on my development server. Why? because I am
> logged in everytime while testing and the app is 'never' running as a
> Windows 'service' on my development server.
>
> So, i deploy my web app to target/production server (Windows 2003 Server
> and/or Windows Server 2008). For many months now, I have wondered 'why' the
> code will not work on the 'production' server but it runs/works 'everytime'
> on my development server. Finally, recently (after many months of research
> and/or multiple attempts of trying to debug/resolve the problem), I either
> read somewhere or finally realized that the code will 'not' work because my
> web app is running as a service, and for whatever reason (of course a
> 'Windows' reason), the code will 'not' work while running as a service.
>
> So, I am left to coding another implementation to convert files after
> upload, use another library, and ditch the JODConverter/OpenOffice.org
> approach.
>
>
Forgot to mention... since OpenOffice.org can be installed in the Startup
folder, i was assuming that it would run as a service on production server,
and/but I forgot that Startup folder just automatically starts the app
immediately when/after you login. OpenOffice.org is 'not' running as a
service, and since my web app is running as a service (in a different
'environment'), my web app was unable to access OpenOffice.org, because
clearly/definitely/evidently, it was not/never running as a 'service'..
which means it was never available to my web app. :(

Attachment: users_240703.eml (zipped)
I have a web-app that uses a servlet for downloading files from a
repository--PDF, Office, images, zip, etc. It works with desktop
browsers--IE, Firefox, Chrome, and Safari--on their various platforms. It
also works fine with Firefox from Android (2.3 and 4.x tested). However
when I try with Android's default WebKit browser, the servlet fails
immediately with org.apache.catalina.connector.ClientAbortException (so
says the stderr log).

The servlet is sending proper headers, including the correct MIME type,
Content-Disposition attachment, file size, etc. I even took to adding the
file's name as the last GET parameter. No dice.

Safari on iPad, iPhone, and iPod Touch also fail. Although I don't have one
with me at this moment to test, I suspect their failure is also caused by a
ClientAbortException: Safari is also WebKit and *I've Google'd numerous
complaints about this exception when using mobile WebKit browsers*. While I
can tell Android users to try Firefox, there is no Firefox for iPhone.

I'm expecting a file to open in a local viewer app, like Acrobat Reader,
QuickOffice, Pages, etc. I can open files in these apps via Firefox, an
email client, or via the WebKit browser when viewing a directory listing in
my public_html directories and similar locations.

I suspect this is a problem with mobile WebKit, and that circumventing the
abort might be a "bad thing" even if it's possible. However I thought I'd
inquire here if there is a Tomcat way around it. If not, it seems my
alternatives are (1) use Java Mail to mail the user the file, since mail
apps open their attachments; and (2) write iOS and Android apps file query
and downloading. Neither prospect thrills me.

Thoughts?

--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v, 121-24)

Attachment: users_240705.eml (zipped)
2013/3/25 Thad Humphries <thad.humphries@(protected)>:
> I have a web-app that uses a servlet for downloading files from a
> repository--PDF, Office, images, zip, etc. It works with desktop
> browsers--IE, Firefox, Chrome, and Safari--on their various platforms. It
> also works fine with Firefox from Android (2.3 and 4.x tested). However
> when I try with Android's default WebKit browser, the servlet fails
> immediately with org.apache.catalina.connector.ClientAbortException (so
> says the stderr log).

1. Is this issue specific to some kind of files, or it occurs with all of them?

2. If client aborts a connection, there is nothing much a server can
do. It is issue in your web browser.

> The servlet is sending proper headers, including the correct MIME type,
> Content-Disposition attachment, file size, etc. I even took to adding the
> file's name as the last GET parameter. No dice.

3. Maybe the browser does not like "Content-Disposition attachment"?
Maybe it cannot save the file?

4. Does it depend on file size? How the file is served? (What
connector implementation are you using? Do you use compression, do you
use sendfile?)

> Safari on iPad, iPhone, and iPod Touch also fail. Although I don't have one
> with me at this moment to test, I suspect their failure is also caused by a
> ClientAbortException: Safari is also WebKit and *I've Google'd numerous
> complaints about this exception when using mobile WebKit browsers*. While I
> can tell Android users to try Firefox, there is no Firefox for iPhone.
>
> I'm expecting a file to open in a local viewer app, like Acrobat Reader,
> QuickOffice, Pages, etc. I can open files in these apps via Firefox, an
> email client, or via the WebKit browser when viewing a directory listing in
> my public_html directories and similar locations.
>
> I suspect this is a problem with mobile WebKit, and that circumventing the
> abort might be a "bad thing" even if it's possible. However I thought I'd
> inquire here if there is a Tomcat way around it. If not, it seems my
> alternatives are (1) use Java Mail to mail the user the file, since mail
> apps open their attachments; and (2) write iOS and Android apps file query
> and downloading. Neither prospect thrills me.
>


Attachment: users_240707.eml (zipped)
On 24/03/2013 20:30, Thad Humphries wrote:

> Thoughts?

Grab a copy of Wireshark. Take a look at exactly what is going on and
hopefully use that to figure out what is causing the breakage.

Mark


©2008 junlu.com - Jax Systems, LLC, U.S.A.