Re: why can't I create a file in the pl/java?

On 11/27/21 09:14, 595926716 wrote:
> I tried to create a temporary file in the program, it could not be created,
> my code:
> File.createTempFile("tmp", "txt");
> reported an error when I ran it in the PostgreSQL
>> ERROR: java.sql.SQLDataException: Unable to create temporary file
>
> How do I create temporary files? please help me, thank you!

Hello,

I see from the further details in your GitHub issue that the function
in question looks like this:

@Function
public static String hello(String toWhom) throws Exception {
File f = File.createTempFile("tmp", ".txt");
return "test";
}

When you use @Function without a trust= element[1], that element defaults
to SANDBOXED, and will prevent your function from opening files.

Because this is PL/Java 1.6, you have a variety of options for doing what
you want.

The simplest would be to simply change the annotation to
@Function(trust=UNSANDBOXED), and then PL/Java will not apply any
file-access restrictions. (The underlying OS permissions will continue to
apply.)

The "UNSANDBOXED" setting does not really mean there are no limits applied
to the code. In fact, "SANDBOXED" and "UNSANDBOXED" apply pretty much
exactly the same limits, with the *only* difference being that the
"UNSANDBOXED" policy includes

permission java.io.FilePermission
"<<ALL FILES>>", "read,write,delete,readlink";

and the "SANDBOXED" policy does not.

If you did not want to give your function those broad permissions on all
files, you could also edit the pljava.policy file and add a permission to
the policy for PLPrincipal$Sandboxed *. For example, you could add
something like:

permission java.io.FilePermission
"${java.io.tmpdir}/*", "read,write,delete";

and then you could create functions in the default "SANDBOXED" languge and
they would still be able to use files in the temporary directory, but not
other files.

If you wanted only certain functions to be able to do that, you could go
further and create a new "alias Java language"[2], such as
java_with_tempfiles, and you could edit the policy file to grant the new
permission only to that "language". Then you could use
@Function(language="java_with_tempfiles") on the functions that will need
that permission, and other functions will default to the "SANDBOXED"
language and will not have it.

This page [3] gives the details of configuring permissions in PL/Java.

You will see an important note at the end of that page about Java changes
coming (in versions after Java 17) that will require some of the details to
eventually change.

Regards,
-Chap

[1]
https://tada.github.io/pljava/pljava-api/apidocs/org.postgresql.pljava/org/postgresql/pljava/annotation/Function.html#trust()
[2]
https://tada.github.io/pljava/pljava/apidocs/org.postgresql.pljava.internal/org/postgresql/pljava/management/Commands.html#alias_java_language
[3] https://tada.github.io/pljava/use/policy.html