 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Tomcat - JSP/Servlet container | | Struts - A MVC web framework | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | JSP - A mailing list about Java Server Pages specification and reference | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | |
Struts & Hibernate
|
|
|
| | | Issue with psql driver | Issue with psql driver 2007-09-06 - By David Smith
Back
Ahh... I see the root cause now. It is indeed caused by the JVM's
security manager:
Caused by: java.security.AccessControlException:
access denied (java.net.SocketPermission localhost
resolve)
Looking at your original post, I see (forgive the recap, but I wanted to
refresh the relevant parts):
> I was told I had a security problem so I added a file called
> chapter1.policy to /etc/policy.d:
> // These permissions apply to the chapter1 web application
> grant codeBase "file:${catalina.home}/webapps/chapter1/WEB-INF/
> classes/-" {
> permission java.security.AllPermission;
>
> };
>
>
> grant codeBase "file:${catalina.home}/webapps/chapter1/WEB-INF/
> lib/-" {
> permission java.security.AllPermission;
>
> };
>
>
> //
> // The permission granted to your JDBC driver
> grant codeBase "file:${catalina.home}/common/lib/postgresql-
> jdbc3-8.1.jar" {
> permission java.net.SocketPermission "localhost:5432",
> "connect";
>
> };
I'm not familiar with "/etc/policy.d" though as the tomcat download
stores policy info in $TOMCAT_HOME/conf/catalina.policy. You'll have to
verify that /etc/policy.d is really the policy file used. I can offer
this bit of policy code based on an example in catalina.policy:
grant codeBase
"jar:file:${catalina.home}/common/lib/postgresql-jdbc3-8.1.jar!/-" {
permission java.net.SocketPermission "localhost", "connect";
}
If you look at the Sun Javadocs for java.net.SocketPermission, you can
get more detail on what's allowed in the permission line.
--David
Chris Baty wrote:
> Hi All,
> I've tried at least 4 drivers, changing the url to
> localhost:test, localhost:5432:test, 127.0.0.1:test
>
> This is my current trace:
> Error occurred: org.postgresql.util.PSQLException:
> Something unusual has occured to cause the driver to
> fail. Please report this exception.
> org.postgresql.util.PSQLException: Something unusual
> has occured to cause the driver to fail. Please report
> this exception.
> at org.postgresql.Driver.connect(Driver.java:276)
> at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> at
> java.sql.DriverManager.getConnection(DriverManager.java:171)
> at
> org.apache.jsp.jdb_jsp._jspService(jdb_jsp.java:69)
> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
:324)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
> at java.security.AccessController.doPrivileged(Native
> Method)
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:245)
> at
> org.apache.catalina.core.ApplicationFilterChain.access$0
(ApplicationFilterChain.java:177)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:156)
> at java.security.AccessController.doPrivileged(Native
> Method)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve
.java:214)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext
.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at
> org.apache.catalina.core.StandardContextValve.invokeInternal
(StandardContextValve.java:198)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve
.java:152)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext
.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext
.java:104)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext
.java:102)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext
.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
> at
> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler
.processConnection(Http11Protocol.java:705)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java
:684)
> at java.lang.Thread.run(Thread.java:534)
> Caused by: java.security.AccessControlException:
> access denied (java.net.SocketPermission localhost
> resolve)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java
:269)
> at
> java.security.AccessController.checkPermission(AccessController.java:401)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at
> java.lang.SecurityManager.checkConnect(SecurityManager.java:1023)
> at
> java.net.InetAddress.getAllByName0(InetAddress.java:1000)
> at
> java.net.InetAddress.getAllByName0(InetAddress.java:981)
> at
> java.net.InetAddress.getAllByName(InetAddress.java:975)
> at
> java.net.InetAddress.getByName(InetAddress.java:889)
> at
> java.net.InetSocketAddress.<init>(InetSocketAddress.java:114)
> at java.net.Socket.<init>(Socket.java:124)
> at
> org.postgresql.core.PGStream.<init>(PGStream.java:59)
> at
> org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl
(ConnectionFactoryImpl.java:77)
> at
> org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java
:66)
> at
> org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection
.java:125)
> at
> org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection
.java:30)
> at
> org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
> at
> org.postgresql.Driver.makeConnection(Driver.java:382)
> at org.postgresql.Driver.connect(Driver.java:260)
> ... 45 more
>
> Thanks.
> Chris
> --- Chris Baty <batymohn@(protected)> wrote:
>
>
>> Hi David,
>> The only trace that I can find is the Catalina log:
>>
>> Error occurred: org.postgresql.util.PSQLException:
>> Something unusual
>> has occured to cause the driver to fail. Please
>> report this exception.
>>
>> This comes right from my catch routine and is what
>> I would expect.
>>
>> Thanks.
>> Chris
>>
>>
>> -- -- Original Message ----
>> From: David Smith <dns4@(protected)>
>> To: Tomcat Users List <users@(protected)>
>> Sent: Wednesday, September 5, 2007 10:58:19 AM
>> Subject: Re: Issue with psql driver
>>
>>
>> Can you post the complete stack trace of your error?
>> That would be
>> extremely helpful in diagnosing the problem.
>>
>> ---David
>>
>>
>> Chris Baty wrote:
>>
>>
>>> Hi Guys,
>>> I'm trying to access psql from Tomcat5. I have the
>>>
>> correct driver
>>
>>> because my command-lind test program works fine.
>>>
>> So I copied the
>>
>>> driver into /usr/share/tomcat5/common/lib, like the
>>>
>> documentation
>>
>>> says. Then I kept getting
>>>
>>>
>>> Error occurred: org.postgresql.util.PSQLException:
>>>
>> Something unusual
>>
>>> has occured to cause the driver to fail. Please
>>>
>> report this exception.
>>
>>> I was told I had a security problem so I added a
>>>
>> file called
>>
>>> chapter1.policy to /etc/policy.d:
>>> // These permissions apply to the chapter1 web
>>>
>> application
>>
>>> grant codeBase
>>>
>> "file:${catalina.home}/webapps/chapter1/WEB-INF/
>>
>>> classes/-" {
>>> permission java.security.AllPermission;
>>>
>>> };
>>>
>>>
>>> grant codeBase
>>>
>> "file:${catalina.home}/webapps/chapter1/WEB-INF/
>>
>>> lib/-" {
>>> permission java.security.AllPermission;
>>>
>>> };
>>>
>>>
>>> //
>>> // The permission granted to your JDBC driver
>>> grant codeBase
>>>
>> "file:${catalina.home}/common/lib/postgresql-
>>
>>> jdbc3-8.1.jar" {
>>> permission java.net.SocketPermission
>>>
>> "localhost:5432",
>>
>>> "connect";
>>>
>>> };
>>>
>>>
>>> I still get the same PSQLException
>>> Could anyone send me an example of a security
>>>
>> policy that works? I
>>
>>> don't understand because 03Catalina.policy
>>>
>> contains:
>>
>>> // These permissions apply to the servlet API
>>>
>> classes
>>
>>> // and those that are shared across all class
>>>
>> loaders
>>
>>> // located in the "common" directory
>>> grant codeBase "file:${catalina.home}/common/-" {
>>> permission java.security.AllPermission;
>>>
>>> };
>>>
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ___
__ _____
>>
>>> Boardwalk for $500? In 2007? Ha! Play Monopoly Here
>>>
>> and Now (it's updated for today's economy) at Yahoo!
>> Games.
>>
>> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
>>
>>
>>>
>>>
>>>
>>
>>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
>
>> To start a new topic, e-mail:
>> users@(protected)
>> To unsubscribe, e-mail:
>> users-unsubscribe@(protected)
>> For additional commands, e-mail:
>> users-help@(protected)
>>
>>
>>
>>
>>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____
__ ____
>
>> Looking for a deal? Find great prices on flights and
>> hotels with Yahoo! FareChase.
>> http://farechase.yahoo.com/
>>
>
>
>
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ___
__ ____ _____
> Shape Yahoo! in your own image. Join our Network Research Panel today!
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
>
>
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
|
