Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Apache Tomcat »

Re: tomcat5.5 and mysql5 permission problem on Ubuntu 7.04 (Fiesty)

David Smith

2007-08-07

Replies:

The problem is most definitely in the security manager configuration.
I'm not familiar with 50user.policy though -- this must be a Ubuntu
thing. Can you verify this is really the security policy config file
tomcat is using?

The policy settings I see toward the bottom looks good on the suface.
Just wondering if that file is really the active tomcat policy file. A
tomcat download binary uses catalina.policy in the tomcat/conf folder.
Admittedly the rpm install may be different.

--David

Stephen Pegg wrote:

>I am having a very bad time trying to get a webapp to connect to a MySQL
>database. I am using tomcat 5.5 and mysql 5 on a Ubuntu Server 7.04 (Fiesty
>Fawn)
>
>As far as i am aware i have set everything up okay and the webapp does
>actually try and connect to the database.
>
>However, it doesn't! See tracestack below.
>
>org.apache.jasper.JasperException: Unable to get connection,
>DataSource invalid: "org.apache.commons.dbcp.SQLNestedException:
>Cannot create PoolableConnectionFactory (Communications link failure
>due to underlying exception:
>
>
>** BEGIN NESTED EXCEPTION **
>
>java.security.AccessControlException
>MESSAGE: access denied (java.net.SocketPermission localhost resolve)
>
>STACKTRACE:
>
>java.security.AccessControlException: access denied (
>java.net.SocketPermission localhost resolve)
>  at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264)
>  at java.security.AccessController.checkPermission (AccessController.java:427)
>  at
>java.lang.SecurityManager.checkPermission (SecurityManager.java:532)
>  at java.lang.SecurityManager.checkConnect (SecurityManager.java:1031)
>  at java.net.InetAddress.getAllByName0 (InetAddress.java:1117)
>  at java.net.InetAddress.getAllByName0
>(InetAddress.java:1098)
>  at java.net.InetAddress.getAllByName (InetAddress.java:1061)
>  at com.mysql.jdbc.StandardSocketFactory.connect (StandardSocketFactory.java:138)
>  at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java
>:277)
>  at com.mysql.jdbc.Connection.createNewIO (Connection.java:2668)
>  at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
>  at com.mysql.jdbc.NonRegisteringDriver.connect (NonRegisteringDriver.java:266)
>
>  at org.apache.commons.dbcp.DriverConnectionFactory.createConnection (DriverConnectionFactory.java:37)
>  at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject (PoolableConnectionFactory.java:290)
>  at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory
>(BasicDataSource.java:877)
>  at org.apache.commons.dbcp.BasicDataSource.createDataSource (BasicDataSource.java:851)
>  at org.apache.commons.dbcp.BasicDataSource.getConnection (BasicDataSource.java:540)
>  at org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.getConnection
>(QueryTagSupport.java:274)
>  at org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.doStartTag (QueryTagSupport.java:159)
>  at org.apache.jsp.index_jsp._jspx_meth_sql_query_0(index_jsp.java:100)
>  at org.apache.jsp.index_jsp._jspService
>(index_jsp.java:58)
>  at org.apache.jasper.runtime.HttpJspBase.service (HttpJspBase.java:97)
>  at javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
>  at org.apache.jasper.servlet.JspServletWrapper.service(
>JspServletWrapper.java:334)
>  at org.apache.jasper.servlet.JspServlet.serviceJspFile (JspServlet.java:314)
>  at org.apache.jasper.servlet.JspServlet.service (JspServlet.java:264)
>  at javax.servlet.http.HttpServlet.service
>(HttpServlet.java:802)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
>  at sun.reflect.DelegatingMethodAccessorImpl.invoke
>(DelegatingMethodAccessorImpl.java:25)
>  at java.lang.reflect.Method.invoke (Method.java:585)
>  at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>  at java.security.AccessController.doPrivileged
>(Native Method)
>  at javax.security.auth.Subject.doAsPrivileged (Subject.java:517)
>  at org.apache.catalina.security.SecurityUtil.execute (SecurityUtil.java:275)
>  at org.apache.catalina.security.SecurityUtil.doAsPrivilege
>(SecurityUtil.java:161)
>  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:245)
>  at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
>
>  at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at org.apache.catalina.core.ApplicationFilterChain.doFilter
>(ApplicationFilterChain.java:152)
>  at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:213)
>  at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:178)
>  at
>org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:126)
>  at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
>  at org.apache.catalina.core.StandardEngineValve.invoke
>(StandardEngineValve.java:107)
>  at org.apache.catalina.connector.CoyoteAdapter.service (CoyoteAdapter.java:148)
>  at org.apache.coyote.http11.Http11Processor.process (Http11Processor.java:869)
>  at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
>(Http11BaseProtocol.java:664)
>  at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket (PoolTcpEndpoint.java:527)
>  at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt (LeaderFollowerWorkerThread.java:80)
>
>  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>  at java.lang.Thread.run (Thread.java:595)
>
>
>** END NESTED EXCEPTION **
>
>
>
>Last packet sent to the server was 6 ms ago.)"
>
>  org.apache.jasper.servlet.JspServletWrapper.handleJspException (JspServletWrapper.java:512)
>  org.apache.jasper.servlet.JspServletWrapper.service (JspServletWrapper.java:377)
>  org.apache.jasper.servlet.JspServlet.serviceJspFile
>(JspServlet.java:314)
>  org.apache.jasper.servlet.JspServlet.service (JspServlet.java:264)
>  javax.servlet.http.HttpServlet.service (HttpServlet.java:802)
>  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>  sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
>  sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
>  java.lang.reflect.Method.invoke (Method.java:585)
>
>  org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>  java.security.AccessController.doPrivileged(Native Method)
>  javax.security.auth.Subject.doAsPrivileged (Subject.java:517)
>  org.apache.catalina.security.SecurityUtil.execute
>(SecurityUtil.java:275)
>  org.apache.catalina.security.SecurityUtil.doAsPrivilege (SecurityUtil.java:161)
>
>I can connect to the database in command line, MySQL admin and query browser
>with the same user and pass that i am using for the webapp. I gave this user
>full permissions from any host. I have read about the security manager
>possible stopping it from working even though i'm working with localhost.
>The webapp itself has the resource in its /META-INF/context.xml (see below)
>as i want to stay away from tomcats server.xml. I have a resource reference
>in the webapps /WEB-INF/web.xml (See below). I have a copy of
>mysql-connector-java-5.0.4.jar in the /common/lib/ directory as suggested.
>There is no mysql jar in the webapps /WEB-INF/lib dir. I created the webapp
>in netbeans5.5 on a windows platform, built it and deployed the
>webapp.jarusing tomcat manager.
>
>---- Context.xml ----
><Context path="/DBTest" docBase="DBTest">
><Resource name="jdbc/time_management" auth="Container" type="
>javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000"
>username="timemanaccess" password="timeman101" driverClassName="
>com.mysql.jdbc.Driver"
>url="jdbc:mysql://localhost:3306/time_management_db"/>
></Context>
>-----------------
>
>---- Web.xml ----
><resource-ref>
><res-ref-name>jdbc/time_management</res-ref-name>
><res-type>javax.sql.DataSource</res-type>
><res-auth>Application</res-auth>
><res-sharing-scope>Shareable</res-sharing-scope>
></resource-ref>
>-----------------
>
>I have been editing the 50user.policy to try and give permissions to
>localhost. See below.
>
>grant codeBase "file:${catalina.home}/webapps/DBTest/-" {
>    //permission java.net.SocketPermission "localhost", "resolve";
>    //permission java.net.SocketPermission "localhost:3306",
>"connect,resolve";
>   permission java.security.AllPermission;
> };
>
> grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql-
>connector-java-5.0.4.jar" {
>   //permission java.net.SocketPermission "localhost", "resolve";
>    //permission java.net.SocketPermission "localhost:3306",
>"connect,resolve";
>   permission java.security.AllPermission ;
>};
>
>I have tried a number of variations of the permissions below. None worked.
>
>Can somebody please help? I can provide more information if needed.
>
>Thanks in advance,
>Stephen
>
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.